diff --git a/apis/go.mod b/apis/go.mod index 1b8eabf962d..d34cb8628eb 100644 --- a/apis/go.mod +++ b/apis/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( // go get -u github.com/openshift/api@relase-4.13 - github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c + github.com/openshift/api v0.0.0-20240805151103-d9c2a1dd30d2 github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87 k8s.io/api v0.28.3 k8s.io/apimachinery v0.28.3 diff --git a/apis/go.sum b/apis/go.sum index a461020323a..785cd29389e 100644 --- a/apis/go.sum +++ b/apis/go.sum @@ -116,8 +116,8 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= -github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c h1:8eqzYRuueEQ0Ie17Fm35dssh/YcSjaBaBCvcaalyLSo= -github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= +github.com/openshift/api v0.0.0-20240805151103-d9c2a1dd30d2 h1:ynsHNoyqC6JbNdR6W7HcbBR7bbQ9jKQTVCjKEGMSEHs= +github.com/openshift/api v0.0.0-20240805151103-d9c2a1dd30d2/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87 h1:cHyxR+Y8rAMT6m1jQCaYGRwikqahI0OjjUDhFNf3ySQ= github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87/go.mod h1:DB/Mf2oTeiAmVVX1gN+NEqweonAPY0TKUwADizj8+ZA= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= diff --git a/apis/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/apis/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 0028eaa7b38..b3e5c9dbc12 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -72,6 +72,9 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic baselineCapabilitySet: description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent. @@ -195,6 +198,9 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic knownCapabilities: description: knownCapabilities lists all the capabilities known to the current cluster. @@ -212,6 +218,9 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic conditionalUpdates: description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified. @@ -433,6 +442,9 @@ spec: versionHash: description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only. type: string + x-kubernetes-validations: + - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' + message: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability served: true storage: true subresources: diff --git a/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml b/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml index 74e9b3bd3ba..2f92c36d3bd 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml @@ -646,7 +646,80 @@ spec: region: description: region holds the region for new GCP resources created for the cluster. type: string + resourceLabels: + description: resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + items: + description: GCPResourceLabel is a label to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]{0,62}$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]{1,63}$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' ibmcloud: description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. properties: diff --git a/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index 64a54d5c5fe..e5aa9ad7bf9 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -381,6 +381,13 @@ spec: - SingleReplica - External type: string + cpuPartitioning: + default: None + description: cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API. + enum: + - None + - AllNodes + type: string etcdDiscoveryDomain: description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' type: string diff --git a/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml index 13d0d1f4658..254474e113d 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -646,7 +646,80 @@ spec: region: description: region holds the region for new GCP resources created for the cluster. type: string + resourceLabels: + description: resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + items: + description: GCPResourceLabel is a label to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]{0,62}$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]{1,63}$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' ibmcloud: description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. properties: diff --git a/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/apis/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml similarity index 99% rename from apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml rename to apis/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml index 75166deb7c1..9e80775ffef 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml @@ -3,6 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.openshift.io: https://github.com/openshift/api/pull/470 + capability.openshift.io/name: Build include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" diff --git a/apis/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml b/apis/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml index ab1a123b605..24433f4f75c 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml @@ -1,104 +1,321 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] DNS" -crd: 0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml +name: "[Custom] Infrastructure" +crd: 0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml tests: onCreate: - - name: Should be able to create a minimal DNS + - name: Should be able to create a minimal Infrastructure initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS + kind: Infrastructure + spec: {} # No spec is required for a Infrastructure expected: | apiVersion: config.openshift.io/v1 - kind: DNS + kind: Infrastructure spec: {} - - name: Should be able to specify an AWS role ARN for a private hosted zone + onUpdate: + - name: Should not be able to modify an existing GCP ResourceLabels Label initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Should not be able to specify unsupported platform + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add a Label to an existing GCP ResourceLabels initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: Azure - azure: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'" - - name: Should not be able to specify invalid AWS role ARN + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to remove a Label from an existing GCP ResourceLabels initial: | apiVersion: config.openshift.io/v1 - kind: DNS - metadata: - name: cluster - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo - expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" - - name: Should not be able to specify different type and platform + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" - onUpdate: - - name: Can switch from empty (default), to AWS + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Upgrade case is valid + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "openshift-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS + kind: Infrastructure + spec: {} + status: {} updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - expected: | + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "kubernetes-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not be able to modify an existing GCP ResourceTags Tag + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + - {parentID: "test-project-123", key: "new", value: "tag"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + - {parentID: "test-project-123", key: "key2", value: "value2"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp + initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "test-project-123", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/apis/vendor/github.com/openshift/api/config/v1/feature_gates.go b/apis/vendor/github.com/openshift/api/config/v1/feature_gates.go index 07f03f61841..1aa6b41ce1f 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/feature_gates.go +++ b/apis/vendor/github.com/openshift/api/config/v1/feature_gates.go @@ -23,6 +23,16 @@ var ( ) var ( + FeatureGateValidatingAdmissionPolicy = FeatureGateName("ValidatingAdmissionPolicy") + validatingAdmissionPolicy = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateValidatingAdmissionPolicy, + }, + OwningJiraComponent: "kube-apiserver", + ResponsiblePerson: "benluddy", + OwningProduct: kubernetes, + } + FeatureGateGatewayAPI = FeatureGateName("GatewayAPI") gateGatewayAPI = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -143,16 +153,6 @@ var ( OwningProduct: ocpSpecific, } - FeatureGatePDBUnhealthyPodEvictionPolicy = FeatureGateName("PDBUnhealthyPodEvictionPolicy") - pdbUnhealthyPodEvictionPolicy = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGatePDBUnhealthyPodEvictionPolicy, - }, - OwningJiraComponent: "apps", - ResponsiblePerson: "atiratree", - OwningProduct: kubernetes, - } - FeatureGateDynamicResourceAllocation = FeatureGateName("DynamicResourceAllocation") dynamicResourceAllocation = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -183,16 +183,6 @@ var ( OwningProduct: ocpSpecific, } - FeatureGateAWSSecurityTokenService = FeatureGateName("AWSSecurityTokenService") - awsSecurityTokenService = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateAWSSecurityTokenService, - }, - OwningJiraComponent: "cloud-credential-operator", - ResponsiblePerson: "abutcher", - OwningProduct: ocpSpecific, - } - FeatureGateMaxUnavailableStatefulSet = FeatureGateName("MaxUnavailableStatefulSet") maxUnavailableStatefulSet = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ diff --git a/apis/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml b/apis/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml index cdd8a9b7011..b422ebd2065 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] Build" -crd: 0000_10_config-operator_01_build.crd.yaml +crd: 0000_10_openshift-controller-manager-operator_01_build.crd.yaml tests: onCreate: - name: Should be able to create a minimal Build diff --git a/apis/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml b/apis/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml index b966b29a880..914d06d12fe 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml @@ -98,6 +98,38 @@ tests: version: 4.11.1 image: bar expectedError: "cannot set both Architecture and Image" + - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability onUpdate: - name: Should not allow image to be set if architecture set initial: | @@ -136,3 +168,111 @@ tests: version: 4.11.1 image: bar expectedError: "cannot set both Architecture and Image" + - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability diff --git a/apis/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/apis/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml index 63da9aa4123..18d752f9194 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml @@ -208,6 +208,7 @@ tests: status: controlPlaneTopology: "HighlyAvailable" infrastructureTopology: "HighlyAvailable" + cpuPartitioning: None platform: Azure platformStatus: azure: @@ -340,6 +341,7 @@ tests: type: OpenStack status: controlPlaneTopology: HighlyAvailable + cpuPartitioning: None infrastructureTopology: HighlyAvailable platform: OpenStack platformStatus: @@ -378,6 +380,7 @@ tests: type: OpenStack status: controlPlaneTopology: HighlyAvailable + cpuPartitioning: None infrastructureTopology: HighlyAvailable platform: OpenStack platformStatus: @@ -550,6 +553,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -657,6 +661,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -764,6 +769,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -822,6 +828,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -857,6 +864,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -914,6 +922,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External diff --git a/apis/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/apis/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml index f9829b9a396..7834e1f8414 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml +++ b/apis/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml @@ -211,3 +211,309 @@ tests: type: FooBar type: BareMetal expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" + - name: Should not be able to modify an existing GCP ResourceLabels Label + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add a Label to an existing GCP ResourceLabels + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to remove a Label from an existing GCP ResourceLabels + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "openshift-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "kubernetes-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not be able to modify an existing GCP ResourceTags Tag + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + - {parentID: "test-project-123", key: "new", value: "tag"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + - {parentID: "test-project-123", key: "key2", value: "value2"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "test-project-123", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 234720477b7..3fbe39e4d36 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -13,6 +13,7 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'baremetal' in self.spec.capabilities.additionalEnabledCapabilities ? 'MachineAPI' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'MachineAPI' in self.status.capabilities.enabledCapabilities) : true",message="the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability" type ClusterVersion struct { metav1.TypeMeta `json:",inline"` @@ -247,7 +248,7 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI +// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry type ClusterVersionCapability string const ( @@ -313,6 +314,26 @@ const ( // documentation. This is important part of openshift system // and may cause cluster damage ClusterVersionCapabilityMachineAPI ClusterVersionCapability = "MachineAPI" + + // ClusterVersionCapabilityBuild manages the Build API which is responsible + // for watching the Build API objects and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - builds + // - buildconfigs + ClusterVersionCapabilityBuild ClusterVersionCapability = "Build" + + // ClusterVersionCapabilityDeploymentConfig manages the DeploymentConfig API + // which is responsible for watching the DeploymentConfig API and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - deploymentconfigs + ClusterVersionCapabilityDeploymentConfig ClusterVersionCapability = "DeploymentConfig" + // ClusterVersionCapabilityImageRegistry manages the image registry which + // allows to distribute Docker images + ClusterVersionCapabilityImageRegistry ClusterVersionCapability = "ImageRegistry" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -326,6 +347,9 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. @@ -374,6 +398,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityBaremetal, ClusterVersionCapabilityMarketplace, ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_12: { ClusterVersionCapabilityBaremetal, @@ -383,6 +408,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityStorage, ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_13: { ClusterVersionCapabilityBaremetal, @@ -393,6 +419,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_14: { ClusterVersionCapabilityBaremetal, @@ -404,6 +431,9 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, }, ClusterVersionCapabilitySetCurrent: { ClusterVersionCapabilityBaremetal, @@ -415,6 +445,9 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, }, } diff --git a/apis/vendor/github.com/openshift/api/config/v1/types_feature.go b/apis/vendor/github.com/openshift/api/config/v1/types_feature.go index d2dbc11884a..b5e18f2ee39 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/apis/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -163,19 +163,16 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ Disabled: []FeatureGateDescription{}, }, TechPreviewNoUpgrade: newDefaultFeatures(). + without(validatingAdmissionPolicy). with(externalCloudProvider). with(externalCloudProviderGCP). with(csiDriverSharedResource). - with(buildCSIVolumes). with(nodeSwap). with(machineAPIProviderOpenStack). with(insightsConfigAPI). with(retroactiveDefaultStorageClass). - with(pdbUnhealthyPodEvictionPolicy). with(dynamicResourceAllocation). with(admissionWebhookMatchConditions). - with(awsSecurityTokenService). - with(azureWorkloadIdentity). with(gateGatewayAPI). with(maxUnavailableStatefulSet). without(eventedPleg). @@ -186,6 +183,7 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ with(automatedEtcdBackup). without(machineAPIOperatorDisableMachineHealthCheckController). with(adminNetworkPolicy). + with(openShiftPodSecurityAdmission). toFeatures(defaultFeatures), LatencySensitive: newDefaultFeatures(). toFeatures(defaultFeatures), @@ -193,12 +191,13 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ var defaultFeatures = &FeatureGateEnabledDisabled{ Enabled: []FeatureGateDescription{ - openShiftPodSecurityAdmission, alibabaPlatform, // This is a bug, it should be TechPreviewNoUpgrade. This must be downgraded before 4.14 is shipped. + azureWorkloadIdentity, cloudDualStackNodeIPs, externalCloudProviderAzure, externalCloudProviderExternal, privateHostedZoneAWS, + buildCSIVolumes, }, Disabled: []FeatureGateDescription{ retroactiveDefaultStorageClass, diff --git a/apis/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/apis/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 2c1423dedaf..b9002cf1a29 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/apis/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -114,7 +114,6 @@ type InfrastructureStatus struct { // +kubebuilder:default=None // +default="None" // +kubebuilder:validation:Enum=None;AllNodes - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional CPUPartitioning CPUPartitioningMode `json:"cpuPartitioning,omitempty"` } @@ -580,12 +579,93 @@ const ( type GCPPlatformSpec struct{} // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)",message="resourceLabels may only be configured during installation" +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" type GCPPlatformStatus struct { // resourceGroupName is the Project ID for new GCP resources created for the cluster. ProjectID string `json:"projectID"` // region holds the region for new GCP resources created for the cluster. Region string `json:"region"` + + // resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. + // See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. + // GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, + // allowing 32 labels for user configuration. + // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceLabels are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ResourceLabels []GCPResourceLabel `json:"resourceLabels,omitempty"` + + // resourceTags is a list of additional tags to apply to GCP resources created for the cluster. + // See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on + // tagging GCP resources. GCP supports a maximum of 50 tags per resource. + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceTags are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ResourceTags []GCPResourceTag `json:"resourceTags,omitempty"` +} + +// GCPResourceLabel is a label to apply to GCP resources created for the cluster. +type GCPResourceLabel struct { + // key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. + // Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, + // and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` + // and `openshift-io`. + // +kubebuilder:validation:XValidation:rule="!self.startsWith('openshift-io') && !self.startsWith('kubernetes-io')",message="label keys must not start with either `openshift-io` or `kubernetes-io`" + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][0-9a-z_-]{0,62}$` + Key string `json:"key"` + + // value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. + // Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[0-9a-z_-]{1,63}$` + Value string `json:"value"` +} + +// GCPResourceTag is a tag to apply to GCP resources created for the cluster. +type GCPResourceTag struct { + // parentID is the ID of the hierarchical resource where the tags are defined, + // e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: + // https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + // https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + // An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. + // A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, + // and hyphens, and must start with a letter, and cannot end with a hyphen. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=32 + // +kubebuilder:validation:Pattern=`(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)` + ParentID string `json:"parentID"` + + // key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. + // Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `._-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$` + Key string `json:"key"` + + // value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. + // Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$` + Value string `json:"value"` } // BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform. diff --git a/apis/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/apis/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 57383546056..44d7428e6c7 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/apis/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2137,6 +2137,16 @@ func (in *GCPPlatformSpec) DeepCopy() *GCPPlatformSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = *in + if in.ResourceLabels != nil { + in, out := &in.ResourceLabels, &out.ResourceLabels + *out = make([]GCPResourceLabel, len(*in)) + copy(*out, *in) + } + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]GCPResourceTag, len(*in)) + copy(*out, *in) + } return } @@ -2150,6 +2160,38 @@ func (in *GCPPlatformStatus) DeepCopy() *GCPPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceLabel) DeepCopyInto(out *GCPResourceLabel) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceLabel. +func (in *GCPResourceLabel) DeepCopy() *GCPResourceLabel { + if in == nil { + return nil + } + out := new(GCPResourceLabel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceTag) DeepCopyInto(out *GCPResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceTag. +func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { + if in == nil { + return nil + } + out := new(GCPResourceTag) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { *out = *in @@ -4335,7 +4377,7 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { if in.GCP != nil { in, out := &in.GCP, &out.GCP *out = new(GCPPlatformStatus) - **out = **in + (*in).DeepCopyInto(*out) } if in.BareMetal != nil { in, out := &in.BareMetal, &out.BareMetal diff --git a/apis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/apis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index f84e44573bb..33ec9223755 100644 --- a/apis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/apis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1237,15 +1237,38 @@ func (GCPPlatformSpec) SwaggerDoc() map[string]string { } var map_GCPPlatformStatus = map[string]string{ - "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", - "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "region": "region holds the region for new GCP resources created for the cluster.", + "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", + "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", + "region": "region holds the region for new GCP resources created for the cluster.", + "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", + "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { return map_GCPPlatformStatus } +var map_GCPResourceLabel = map[string]string{ + "": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", + "key": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", + "value": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", +} + +func (GCPResourceLabel) SwaggerDoc() map[string]string { + return map_GCPResourceLabel +} + +var map_GCPResourceTag = map[string]string{ + "": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", + "parentID": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + "key": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + "value": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", +} + +func (GCPResourceTag) SwaggerDoc() map[string]string { + return map_GCPResourceTag +} + var map_IBMCloudPlatformSpec = map[string]string{ "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", } diff --git a/apis/vendor/modules.txt b/apis/vendor/modules.txt index 027f5cd2f47..38ca62443f6 100644 --- a/apis/vendor/modules.txt +++ b/apis/vendor/modules.txt @@ -18,7 +18,7 @@ github.com/modern-go/concurrent # github.com/modern-go/reflect2 v1.0.2 ## explicit; go 1.12 github.com/modern-go/reflect2 -# github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c +# github.com/openshift/api v0.0.0-20240805151103-d9c2a1dd30d2 ## explicit; go 1.20 github.com/openshift/api/config/v1 # github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87 diff --git a/go.mod b/go.mod index f83e59e7a10..89609f2d4ee 100644 --- a/go.mod +++ b/go.mod @@ -7,12 +7,12 @@ require ( github.com/Azure/go-autorest/autorest v0.11.28 github.com/Azure/go-autorest/autorest/azure/auth v0.5.1 github.com/Azure/go-autorest/autorest/to v0.4.0 - github.com/IBM/go-sdk-core/v5 v5.13.2 + github.com/IBM/go-sdk-core/v5 v5.14.1 github.com/IBM/networking-go-sdk v0.42.2 github.com/IBM/platform-services-go-sdk v0.42.0 github.com/IBM/vpc-go-sdk v0.20.0 github.com/aliyun/alibaba-cloud-sdk-go v1.61.1458 - github.com/aws/aws-sdk-go v1.44.215 + github.com/aws/aws-sdk-go v1.49.7 github.com/blang/semver/v4 v4.0.0 github.com/davecgh/go-spew v1.1.1 github.com/davegardnerisme/deephash v0.0.0-20210406090112-6d072427d830 @@ -33,24 +33,23 @@ require ( github.com/modern-go/reflect2 v1.0.2 github.com/onsi/ginkgo v1.16.5 github.com/onsi/gomega v1.27.10 - // go get -u github.com/openshift/api@relase-4.13 - github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c + github.com/openshift/api v0.0.0-20240805151103-d9c2a1dd30d2 github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20220323121149-e3f2850dd519 github.com/openshift/cluster-autoscaler-operator v0.0.0-20211006175002-fe524080b551 github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87 github.com/openshift/generic-admission-server v1.14.1-0.20231020105858-8dcc3c9b298f github.com/openshift/hive/apis v0.0.0 - github.com/openshift/installer v0.9.0-master.0.20230721132804-2c449439afd9 - github.com/openshift/library-go v0.0.0-20230508110756-9b7abe2c9cbf + github.com/openshift/installer v0.9.0-master.0.20240828080122-811a267a59b1 + github.com/openshift/library-go v0.0.0-20230523150659-ab179469ba38 github.com/openshift/machine-api-operator v0.2.1-0.20230613002216-b15f199bf388 github.com/openshift/machine-api-provider-gcp v0.0.0 github.com/openshift/machine-api-provider-ibmcloud v0.0.0-20230124105206-50aa171a52e1 github.com/pkg/errors v0.9.1 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.50.0 - github.com/prometheus/client_golang v1.16.0 - github.com/prometheus/client_model v0.4.0 - github.com/sirupsen/logrus v1.9.0 + github.com/prometheus/client_golang v1.17.0 + github.com/prometheus/client_model v0.5.0 + github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace github.com/stretchr/testify v1.8.4 @@ -58,9 +57,9 @@ require ( github.com/vmware/govmomi v0.30.4 golang.org/x/crypto v0.21.0 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 - golang.org/x/mod v0.10.0 + golang.org/x/mod v0.13.0 golang.org/x/net v0.23.0 // indirect - golang.org/x/oauth2 v0.11.0 + golang.org/x/oauth2 v0.14.0 golang.org/x/time v0.3.0 google.golang.org/api v0.126.0 gopkg.in/ini.v1 v1.67.0 @@ -77,7 +76,7 @@ require ( k8s.io/kubectl v0.28.3 k8s.io/utils v0.0.0-20230505201702-9f6742963106 sigs.k8s.io/controller-runtime v0.16.3 - sigs.k8s.io/controller-tools v0.11.3 + sigs.k8s.io/controller-tools v0.12.0 sigs.k8s.io/yaml v1.3.0 ) @@ -87,6 +86,8 @@ require ( github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect github.com/alingse/asasalint v0.0.11 // indirect github.com/breml/errchkjson v0.3.1 // indirect + github.com/containers/image/v5 v5.29.3 // indirect + github.com/containers/storage v1.51.0 // indirect github.com/curioswitch/go-reassign v0.2.0 // indirect github.com/denis-tingaikin/go-header v0.4.3 // indirect github.com/firefart/nonamedreturns v1.0.4 // indirect @@ -107,7 +108,7 @@ require ( github.com/timonwong/loggercheck v0.9.4 // indirect github.com/yagipy/maintidx v1.0.0 // indirect gitlab.com/bosi/decorder v0.2.3 // indirect - golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect + golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect ) require ( @@ -122,7 +123,7 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/BurntSushi/toml v1.2.1 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect github.com/Djarvur/go-err113 v0.1.0 // indirect github.com/IBM-Cloud/bluemix-go v0.0.0-20211102075456-ffc4e11dfb16 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect @@ -161,11 +162,11 @@ require ( github.com/fzipp/gocyclo v0.6.0 // indirect github.com/go-critic/go-critic v0.7.0 // indirect github.com/go-errors/errors v1.4.2 // indirect - github.com/go-openapi/errors v0.20.3 // indirect + github.com/go-openapi/errors v0.20.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/strfmt v0.21.5 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/strfmt v0.21.7 // indirect + github.com/go-openapi/swag v0.22.4 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-toolsmith/astcast v1.1.0 // indirect @@ -176,7 +177,7 @@ require ( github.com/go-toolsmith/strparse v1.1.0 // indirect github.com/go-toolsmith/typep v1.1.0 // indirect github.com/go-xmlfmt/xmlfmt v1.1.2 // indirect - github.com/gobuffalo/flect v0.3.0 // indirect + github.com/gobuffalo/flect v1.0.2 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -233,7 +234,7 @@ require ( github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.14 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mbilski/exhaustivestruct v1.2.0 // indirect github.com/metal3-io/baremetal-operator/apis v0.2.0 // indirect @@ -244,7 +245,7 @@ require ( github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/spdystream v0.2.0 // indirect - github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect + github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/moricho/tparallel v0.3.1 // indirect @@ -257,7 +258,7 @@ require ( github.com/nxadm/tail v1.4.8 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/olekukonko/tablewriter v0.0.5 // indirect - github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb // indirect + github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb // indirect github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e // indirect github.com/openshift/cluster-api-provider-alibaba v0.0.1-0.20220606091606-a7bf6bf132ca github.com/ovirt/go-ovirt v0.0.0-20210809163552-d4276e35d3db // indirect @@ -266,7 +267,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/polyfloyd/go-errorlint v1.4.0 // indirect github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect + github.com/prometheus/procfs v0.11.1 // indirect github.com/quasilyte/go-ruleguard v0.3.19 // indirect github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect github.com/ryancurrah/gomodguard v1.3.0 // indirect @@ -312,14 +313,14 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.25.0 // indirect - golang.org/x/sync v0.3.0 // indirect + golang.org/x/sync v0.5.0 // indirect golang.org/x/sys v0.20.0 // indirect golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.9.3 // indirect + golang.org/x/tools v0.14.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb // indirect google.golang.org/grpc v1.59.0 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/gcfg.v1 v1.2.3 // indirect @@ -360,7 +361,6 @@ require ( github.com/butuzov/ireturn v0.1.1 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cjlapao/common-go v0.0.29 // indirect - github.com/containers/image v3.0.2+incompatible // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -383,12 +383,12 @@ require ( github.com/microsoftgraph/msgraph-sdk-go v0.47.0 // indirect github.com/microsoftgraph/msgraph-sdk-go-core v0.30.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20231107105652-3110ed81e74c + github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20240806171930-bcb227e2c577 github.com/pelletier/go-toml/v2 v2.0.6 // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/quasilyte/gogrep v0.5.0 // indirect github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect - github.com/rivo/uniseg v0.4.2 // indirect + github.com/rivo/uniseg v0.4.4 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.2.0 // indirect github.com/sivchari/tenv v1.7.1 // indirect @@ -400,7 +400,7 @@ require ( github.com/yosida95/uritemplate/v3 v3.0.2 // indirect golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect k8s.io/kms v0.28.3 // indirect ) diff --git a/go.sum b/go.sum index c341bd7bb89..3ff7759eee0 100644 --- a/go.sum +++ b/go.sum @@ -103,8 +103,8 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 h1:VgSJlZH5u0k2qxSpqyghcFQKmvYckj46uymKK5XzkBM= github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0/go.mod h1:BDJ5qMFKx9DugEg3+uQSDCdbYPr5s9vBTrL9P8TpqOU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Djarvur/go-err113 v0.1.0 h1:uCRZZOdMQ0TZPHYTdYpoC0bLYJKPEHPUJ8MeAa51lNU= github.com/Djarvur/go-err113 v0.1.0/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= @@ -113,8 +113,8 @@ github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0/go.mod h1:b3g59n2Y+T5xmc github.com/IBM-Cloud/bluemix-go v0.0.0-20211102075456-ffc4e11dfb16 h1:kSfKKawp3hYDcjV+d+qcadWfFsCNHDCgklOUnVMle+I= github.com/IBM-Cloud/bluemix-go v0.0.0-20211102075456-ffc4e11dfb16/go.mod h1:q0fXFSbum/16D8Mgn1ROSfSyX4BmvBCm/hHdcXz0wCU= github.com/IBM/go-sdk-core/v5 v5.9.5/go.mod h1:YlOwV9LeuclmT/qi/LAK2AsobbAP42veV0j68/rlZsE= -github.com/IBM/go-sdk-core/v5 v5.13.2 h1:C/JWnEadKzonoHFZdMX8DaSxGVqKRFhcpDXFS5bPDiA= -github.com/IBM/go-sdk-core/v5 v5.13.2/go.mod h1:gKRSB+YyKsGlRQW7v5frlLbue5afulSvrRa4O26o4MM= +github.com/IBM/go-sdk-core/v5 v5.14.1 h1:WR1r0zz+gDW++xzZjF41r9ueY4JyjS2vgZjiYs8lO3c= +github.com/IBM/go-sdk-core/v5 v5.14.1/go.mod h1:MUvIr/1mgGh198ZXL+ByKz9Qs1JoEh80v/96x8jPXNY= github.com/IBM/networking-go-sdk v0.42.2 h1:caqjx4jyFHi10Vlf3skHvlL6K3YJRVstsmCBmvdyqkA= github.com/IBM/networking-go-sdk v0.42.2/go.mod h1:lTUZwtUkMANMnrLHFIgRhHrkBfwASY/Iho1fabaPHxo= github.com/IBM/platform-services-go-sdk v0.42.0 h1:2it30wdvjDRqN8Yc/vqUJpJPVIeTNXpkIOSjwG+P/xc= @@ -179,8 +179,8 @@ github.com/ashanbrown/forbidigo v1.5.1/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1 github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s= github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI= github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= -github.com/aws/aws-sdk-go v1.44.215 h1:K3KERfO6MaV349idub2w1u1H0R0KSkED0LshPnaAn3Q= -github.com/aws/aws-sdk-go v1.44.215/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.49.7 h1:qQAOWYajSCRQQUFt+OZZ4pgDg2Uf3h4bBQmYzPyyka8= +github.com/aws/aws-sdk-go v1.49.7/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= @@ -244,8 +244,10 @@ github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWH github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/containers/image v3.0.2+incompatible h1:B1lqAE8MUPCrsBLE86J0gnXleeRq8zJnQryhiiGQNyE= -github.com/containers/image v3.0.2+incompatible/go.mod h1:8Vtij257IWSanUQKe1tAeNOm2sRVkSqQTVQ1IlwI3+M= +github.com/containers/image/v5 v5.29.3 h1:RJHdxP+ZiC+loIFG2DTmjlVNWTS7o5jrdrRScUrY1VE= +github.com/containers/image/v5 v5.29.3/go.mod h1:kQ7qcDsps424ZAz24thD+x7+dJw1vgur3A9tTDsj97E= +github.com/containers/storage v1.51.0 h1:AowbcpiWXzAjHosKz7MKvPEqpyX+ryZA/ZurytRrFNA= +github.com/containers/storage v1.51.0/go.mod h1:ybl8a3j1PPtpyaEi/5A6TOFs+5TrEyObeKJzVtkUlfc= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -411,9 +413,8 @@ github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQH github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= -github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= +github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWLG6M= +github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= @@ -452,8 +453,8 @@ github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+Z github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= github.com/go-openapi/strfmt v0.20.0/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc= github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.21.5 h1:Z/algjpXIZpbvdN+6KbVTkpO75RuedMrqpn1GN529h4= -github.com/go-openapi/strfmt v0.21.5/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= @@ -461,8 +462,9 @@ github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= @@ -513,8 +515,8 @@ github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= -github.com/gobuffalo/flect v0.3.0 h1:erfPWM+K1rFNIQeRPdeEXxo8yFr/PO17lhRnS8FUrtk= -github.com/gobuffalo/flect v0.3.0/go.mod h1:5pf3aGnsvqvCj50AVni7mJJF8ICxGZ8HomberC3pXLE= +github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA= +github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= @@ -913,8 +915,8 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= -github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= +github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= @@ -961,8 +963,8 @@ github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= -github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= -github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= +github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1057,8 +1059,8 @@ github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3I github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/openshift/api v0.0.0-20210730095913-85e1d547cdee/go.mod h1:ntkQrC1Z6AxxkhDlVpDVjkD+pzdwVUalWyfH40rSyyM= github.com/openshift/api v0.0.0-20210816181336-8ff39b776da3/go.mod h1:x81TFA31x1OMT9SYWukQqJ/KbmeveRN6fo+XeGRK8g0= -github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c h1:8eqzYRuueEQ0Ie17Fm35dssh/YcSjaBaBCvcaalyLSo= -github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= +github.com/openshift/api v0.0.0-20240805151103-d9c2a1dd30d2 h1:ynsHNoyqC6JbNdR6W7HcbBR7bbQ9jKQTVCjKEGMSEHs= +github.com/openshift/api v0.0.0-20240805151103-d9c2a1dd30d2/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= github.com/openshift/baremetal-operator/apis v0.0.0-20230531194024-8dde0991ffdd h1:Ey0/ZXOEPTWeWyypFuLmQVr6ACZFL+88wRIEEigDXwY= github.com/openshift/baremetal-operator/apis v0.0.0-20230531194024-8dde0991ffdd/go.mod h1:yDY2x0vBph8L68TCL7GS/DxBkqoHn5bGO0k0bzVuDXY= github.com/openshift/baremetal-operator/pkg/hardwareutils v0.0.0-20230531194024-8dde0991ffdd h1:PK0kjpBvD0aoREZeRtmVRbA6EF6fFAYbC/UJ/J6YNrc= @@ -1067,29 +1069,29 @@ github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3/go.mo github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 h1:mh3ZYs7kPIIe3UUY6tJcTExmtjnXXUu0MrBuK2W/Qvw= github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20210730113412-1811c1b3fc0e/go.mod h1:P1pjphFOgm/nYjmtouHGaSLGtdP25dQICJnYtcYhfEs= -github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb h1:Nij5OnaECrkmcRQMAE9LMbQXPo95aqFnf+12B7SyFVI= -github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb/go.mod h1:Rhb3moCqeiTuGHAbXBOlwPubUMlOZEkrEWTRjIF3jzs= +github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb h1:laYRaVm1tMdTLkZERvj9muJDvUtYo2HjRoo4Xu55EfM= +github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb/go.mod h1:eCLby3OeidJ9+8GcvvGROU6hsCv2XAPQw8EO7d8NbQA= github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e h1:2gyl9UVyjHSWzdS56KUXxQwIhENbq2x2olqoMQSA/C8= github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e/go.mod h1:iPn+uhIe7nkP5BMHe2QnbLtg5m/AIQ1xvz9s3cig5ss= -github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20230228003353-120496b4efb1 h1:/DdtIDtOGzm7Xs4s6dz4Jox+9ahU58Gw469P32LPvpE= -github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20230228003353-120496b4efb1/go.mod h1:p8CKj6ENJj5euJ3Grs71A9wwzBs9EzC1BcVlHCIPJg8= +github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20230830212214-7c11ddb9aedf h1:hU/hAAs8Cp4Xy4sjmyt1UTDQtGBUdBFu3Qnj5g3Np28= +github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20230830212214-7c11ddb9aedf/go.mod h1:neZwzmR/CzwsuIqn/NKY282iqA+3N+JjLJOLCbAqFUM= github.com/openshift/cluster-api-provider-alibaba v0.0.1-0.20220606091606-a7bf6bf132ca h1:A8F/tfpmSHqap8DG1p1hohDoGYNh7IG/Y4IGyTHHpsY= github.com/openshift/cluster-api-provider-alibaba v0.0.1-0.20220606091606-a7bf6bf132ca/go.mod h1:pP6UXfKxh5KyoFSOWjfE1dpK8sJndLn4IyHGL/qGDLI= github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20220323121149-e3f2850dd519 h1:foU7/s6DQczTFdZ/8H++pUC2Pzygqdz5ZgqUakksR5w= github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20220323121149-e3f2850dd519/go.mod h1:C7unCUThP8eqT4xQfbvg3oIDn2S9TYtb0wbBoH/SR2U= github.com/openshift/cluster-autoscaler-operator v0.0.0-20211006175002-fe524080b551 h1:nGa6igwzG7smZOACUsovgf9XG8vT96Zdyc4H6r2rqS0= github.com/openshift/cluster-autoscaler-operator v0.0.0-20211006175002-fe524080b551/go.mod h1:72ieWchfTx9U7UbQO47vhSXBoCi2IJGZhXoCezan4EM= -github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20231107105652-3110ed81e74c h1:dd4coKpEVRcDA8COls+uS6u7yz5G75Jg7SF7DSgsniQ= -github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20231107105652-3110ed81e74c/go.mod h1:ADJcM82Y+qZmSP5FzeE/v0vZ5o3gmhHF2FMLhNka260= +github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20240806171930-bcb227e2c577 h1:k/XEsH+pWuu1IX6xXmGzdgPzcyZcSINZFfAlThZoTxA= +github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20240806171930-bcb227e2c577/go.mod h1:XdLi/j+XFTUMdWtM8zH1gsNHiAv6/rX32Z0I4IZO7Ws= github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87 h1:cHyxR+Y8rAMT6m1jQCaYGRwikqahI0OjjUDhFNf3ySQ= github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87/go.mod h1:DB/Mf2oTeiAmVVX1gN+NEqweonAPY0TKUwADizj8+ZA= github.com/openshift/generic-admission-server v1.14.1-0.20231020105858-8dcc3c9b298f h1:LzKRLvLJkWW4+4KsuvMmXJQ81ZZJSm2xxu6jwtn5gN0= github.com/openshift/generic-admission-server v1.14.1-0.20231020105858-8dcc3c9b298f/go.mod h1:/CLsleDcQ6AFTGKJe9VL3Y4rB9DqX3fQwQv47q2/ZJc= -github.com/openshift/installer v0.9.0-master.0.20230721132804-2c449439afd9 h1:csdgw8+GQm7TyoDUMcYbl+WKrJPfuXTrbrVp3VmlROo= -github.com/openshift/installer v0.9.0-master.0.20230721132804-2c449439afd9/go.mod h1:X5EY4NHv6lIMnW34+IGG6B9QjGNtUvF+4xczApKTKDA= +github.com/openshift/installer v0.9.0-master.0.20240828080122-811a267a59b1 h1:++bjm3gnrLdWQ0hcdpAnGk+O9Wg9t9aGJ77Q3DnGWQY= +github.com/openshift/installer v0.9.0-master.0.20240828080122-811a267a59b1/go.mod h1:K19w1tgQH7xtGVdNtEoj7uvuvzO2kABm1/qTUpVDdms= github.com/openshift/library-go v0.0.0-20210811133500-5e31383de2a7/go.mod h1:3GagmGg6gikg+hAqma7E7axBzs2pjx4+GrAbdl4OYdY= -github.com/openshift/library-go v0.0.0-20230508110756-9b7abe2c9cbf h1:ZpFAN2qprgp7jEhGPrOAwP8mmuYC9BRYzvDefg+k4GM= -github.com/openshift/library-go v0.0.0-20230508110756-9b7abe2c9cbf/go.mod h1:PJVatR/oS/EaFciwylyAr9hORSqQHrC+5bXf4L0wsBY= +github.com/openshift/library-go v0.0.0-20230523150659-ab179469ba38 h1:rKEpSwRxeQ6eN915GbcuyikwyWu//V61w5zIUWD9b2U= +github.com/openshift/library-go v0.0.0-20230523150659-ab179469ba38/go.mod h1:PJVatR/oS/EaFciwylyAr9hORSqQHrC+5bXf4L0wsBY= github.com/openshift/machine-api-operator v0.2.1-0.20230613002216-b15f199bf388 h1:pIJbM42kse7h87CVIE0FvACFLylgYeTI+e+CNZAwwJI= github.com/openshift/machine-api-operator v0.2.1-0.20230613002216-b15f199bf388/go.mod h1:cYJjVQyNskmxEixGczlLytGF9iacFubTD/UbGvu5EEY= github.com/openshift/machine-api-provider-gcp v0.0.0 h1:IJBYVP5RaxmwaG1fYPDFiR7t634LDpllmzN0atmI//A= @@ -1097,8 +1099,9 @@ github.com/openshift/machine-api-provider-gcp v0.0.0/go.mod h1:lgTHPL+8qZt/bvkrk github.com/openshift/machine-api-provider-ibmcloud v0.0.0-20230124105206-50aa171a52e1 h1:winAA43R7imUj8uzAF7NVs3QWIxheF+rhpRF+O+0/R8= github.com/openshift/machine-api-provider-ibmcloud v0.0.0-20230124105206-50aa171a52e1/go.mod h1:UDA+gKaUSWbZsKbUbzybyaIqdksOQF5iKc+OsYnHL9k= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= +github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= +github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= @@ -1142,14 +1145,14 @@ github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQ github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= +github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= +github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -1168,8 +1171,8 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= +github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-ruleguard v0.3.19 h1:tfMnabXle/HzOb5Xe9CUZYWXKfkS1KwRmZyPmD9nVcc= github.com/quasilyte/go-ruleguard v0.3.19/go.mod h1:lHSn69Scl48I7Gt9cX3VrbsZYvYiBYszZOZW4A+oTEw= @@ -1181,8 +1184,8 @@ github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4l github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8= -github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= +github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -1190,8 +1193,9 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= @@ -1230,8 +1234,8 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sivchari/containedctx v1.0.2 h1:0hLQKpgC53OVF1VT7CeoFHk9YKstur1XOgfYIc1yrHI= github.com/sivchari/containedctx v1.0.2/go.mod h1:PwZOeqm4/DLoJOqMSIJs3aKqXRX4YO+uXww087KZ7Bw= github.com/sivchari/nosnakecase v1.7.0 h1:7QkpWIRMe8x25gckkFd2A5Pi6Ymo0qgr4JrhGt95do8= @@ -1382,8 +1386,8 @@ gitlab.com/bosi/decorder v0.2.3/go.mod h1:9K1RB5+VPNQYtXtTDAzd2OEftsZb1oV0IrJrzC go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= -go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= +go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.9 h1:4wSsluwyTbGGmyjJktOf3wFQoTBIURXHnq9n/G/JQHs= go.etcd.io/etcd/api/v3 v3.5.9/go.mod h1:uyAal843mC8uUVSLWz6eHa/d971iDGnCRpmKd2Z+X8k= @@ -1410,7 +1414,6 @@ go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qL go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.4.3/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc= go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= -go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y= go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -1514,8 +1517,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 h1:J74nGeMgeFnYQJN59eFwh06jX/V8g0lB7LWpjSLxtgU= @@ -1554,8 +1557,9 @@ golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1646,8 +1650,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= -golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= +golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0= +golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1662,8 +1666,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1909,8 +1913,8 @@ golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= -golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= -golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1952,8 +1956,9 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -2000,12 +2005,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= +google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA= +google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q= google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -2249,10 +2254,12 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISX sigs.k8s.io/controller-runtime v0.9.3/go.mod h1:TxzMCHyEUpaeuOiZx/bIdc2T81vfs/aKdvJt9wuu0zk= sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= +sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20230524094249-73949d01fbbe h1:9mPHiHgC6ldWT4ChpUwoxMQgkeSRA5ziCLs/sjJ8K0w= +sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20230524094249-73949d01fbbe/go.mod h1:B6HLcvOy2S1qq2eWOFm9xepiKPMIc8Z9OXSPsnUDaR4= sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE= sigs.k8s.io/controller-tools v0.6.2/go.mod h1:oaeGpjXn6+ZSEIQkUe/+3I40PNiDYp9aeawbt3xTgJ8= -sigs.k8s.io/controller-tools v0.11.3 h1:T1xzLkog9saiyQSLz1XOImu4OcbdXWytc5cmYsBeBiE= -sigs.k8s.io/controller-tools v0.11.3/go.mod h1:qcfX7jfcfYD/b7lAhvqAyTbt/px4GpvN88WKLFFv7p8= +sigs.k8s.io/controller-tools v0.12.0 h1:TY6CGE6+6hzO7hhJFte65ud3cFmmZW947jajXkuDfBw= +sigs.k8s.io/controller-tools v0.12.0/go.mod h1:rXlpTfFHZMpZA8aGq9ejArgZiieHd+fkk/fTatY8A2M= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/pkg/controller/machinepool/awsactuator.go b/pkg/controller/machinepool/awsactuator.go index eb715d8123a..e50c952e8a5 100644 --- a/pkg/controller/machinepool/awsactuator.go +++ b/pkg/controller/machinepool/awsactuator.go @@ -197,13 +197,25 @@ func (a *AWSActuator) GenerateMachineSets(cd *hivev1.ClusterDeployment, pool *hi userTags := map[string]string{} installerMachineSets, err := installaws.MachineSets( - cd.Spec.ClusterMetadata.InfraID, - cd.Spec.Platform.AWS.Region, - subnets, - computePool, - pool.Spec.Name, - workerUserDataName, - userTags, + &installaws.MachineSetInput{ + ClusterID: cd.Spec.ClusterMetadata.InfraID, + InstallConfigPlatformAWS: &installertypesaws.Platform{ + // TODO: This sucks. We're cherry-picking which fields to populate + // based on reading the vendored code to discover what they're using. + // The broader problem is that most of the mset generators expect an + // "install-config", which we don't (reliably) have because this is + // day 2. + Region: cd.Spec.Platform.AWS.Region, + UserTags: userTags, + }, + Subnets: subnets, + // TODO: Zones will be needed here when we add support for edge + // (computePool.Name == "edge"). Apparently these aren't the same as the + // computePool.Platform.AWS.Zones? + Pool: computePool, + Role: pool.Spec.Name, + UserDataSecret: workerUserDataName, + }, ) if err != nil { if strings.Contains(err.Error(), "no subnet for zone") { @@ -576,14 +588,6 @@ func findTag(tags []*ec2.Tag, key string) (string, bool) { return "", false } -func stringDereference(s *string) string { - - if s != nil { - return *s - } - return "" -} - // validateSubnets ensures there's exactly one subnet per availability zone, and returns // the mapping of subnets by availability zone func (a *AWSActuator) validateSubnets(subnets []*ec2.Subnet, pool *hivev1.MachinePool) (icaws.Subnets, error) { @@ -595,12 +599,12 @@ func (a *AWSActuator) validateSubnets(subnets []*ec2.Subnet, pool *hivev1.Machin conflictingSubnets.Insert(oldSubnet.ID) continue } - az := stringDereference(subnet.AvailabilityZone) + az := aws.StringValue(subnet.AvailabilityZone) subnetsByAvailabilityZone[az] = icaws.Subnet{ - ID: stringDereference(subnet.SubnetId), - ARN: stringDereference(subnet.SubnetArn), - Zone: az, - CIDR: stringDereference(subnet.CidrBlock), + ID: aws.StringValue(subnet.SubnetId), + ARN: aws.StringValue(subnet.SubnetArn), + Zone: &icaws.Zone{Name: aws.StringValue(subnet.AvailabilityZone)}, + CIDR: aws.StringValue(subnet.CidrBlock), // TODO: populate local zone fields, Public, ZoneType, ZoneGroupName } } diff --git a/pkg/controller/machinepool/machinepool_controller.go b/pkg/controller/machinepool/machinepool_controller.go index 288db1b977b..97fc5fad000 100644 --- a/pkg/controller/machinepool/machinepool_controller.go +++ b/pkg/controller/machinepool/machinepool_controller.go @@ -47,6 +47,7 @@ import ( hivemetrics "github.com/openshift/hive/pkg/controller/metrics" controllerutils "github.com/openshift/hive/pkg/controller/utils" "github.com/openshift/hive/pkg/remoteclient" + "github.com/openshift/hive/pkg/util/logrus" "github.com/openshift/hive/pkg/util/scheme" ) @@ -544,12 +545,14 @@ func matchFailureDomains(gMS *machineapi.MachineSet, rMS machineapi.MachineSet, } } - rMS_providerconfig, err := cpms.NewProviderConfigFromMachineSpec(rSpec) + // - The provider config funcs take a different kind of logger. Convert. + logr := logrus.NewLogr(logger) + rMS_providerconfig, err := cpms.NewProviderConfigFromMachineSpec(logr, rSpec) if err != nil { logger.WithError(err).Errorf("unable to parse remote MachineSet %v provider config", rMS.Name) return false, err } - gMS_providerconfig, err := cpms.NewProviderConfigFromMachineSpec(gSpec) + gMS_providerconfig, err := cpms.NewProviderConfigFromMachineSpec(logr, gSpec) if err != nil { logger.WithError(err).Errorf("unable to parse generated MachineSet %v provider config", gMS.Name) return false, err diff --git a/vendor/github.com/BurntSushi/toml/decode.go b/vendor/github.com/BurntSushi/toml/decode.go index 0ca1dc4fee5..4d38f3bfcec 100644 --- a/vendor/github.com/BurntSushi/toml/decode.go +++ b/vendor/github.com/BurntSushi/toml/decode.go @@ -91,7 +91,7 @@ const ( // UnmarshalText method. See the Unmarshaler example for a demonstration with // email addresses. // -// ### Key mapping +// # Key mapping // // TOML keys can map to either keys in a Go map or field names in a Go struct. // The special `toml` struct tag can be used to map TOML keys to struct fields @@ -248,7 +248,7 @@ func (md *MetaData) unify(data interface{}, rv reflect.Value) error { case reflect.Bool: return md.unifyBool(data, rv) case reflect.Interface: - if rv.NumMethod() > 0 { // Only support empty interfaces are supported. + if rv.NumMethod() > 0 { /// Only empty interfaces are supported. return md.e("unsupported type %s", rv.Type()) } return md.unifyAnything(data, rv) diff --git a/vendor/github.com/BurntSushi/toml/deprecated.go b/vendor/github.com/BurntSushi/toml/deprecated.go index c6af3f239dd..b9e309717ea 100644 --- a/vendor/github.com/BurntSushi/toml/deprecated.go +++ b/vendor/github.com/BurntSushi/toml/deprecated.go @@ -5,17 +5,25 @@ import ( "io" ) +// TextMarshaler is an alias for encoding.TextMarshaler. +// // Deprecated: use encoding.TextMarshaler type TextMarshaler encoding.TextMarshaler +// TextUnmarshaler is an alias for encoding.TextUnmarshaler. +// // Deprecated: use encoding.TextUnmarshaler type TextUnmarshaler encoding.TextUnmarshaler +// PrimitiveDecode is an alias for MetaData.PrimitiveDecode(). +// // Deprecated: use MetaData.PrimitiveDecode. func PrimitiveDecode(primValue Primitive, v interface{}) error { md := MetaData{decoded: make(map[string]struct{})} return md.unify(primValue.undecoded, rvalue(v)) } +// DecodeReader is an alias for NewDecoder(r).Decode(v). +// // Deprecated: use NewDecoder(reader).Decode(&value). func DecodeReader(r io.Reader, v interface{}) (MetaData, error) { return NewDecoder(r).Decode(v) } diff --git a/vendor/github.com/BurntSushi/toml/encode.go b/vendor/github.com/BurntSushi/toml/encode.go index 930e1d521ac..9cd25d75718 100644 --- a/vendor/github.com/BurntSushi/toml/encode.go +++ b/vendor/github.com/BurntSushi/toml/encode.go @@ -136,7 +136,8 @@ func NewEncoder(w io.Writer) *Encoder { // document. func (enc *Encoder) Encode(v interface{}) error { rv := eindirect(reflect.ValueOf(v)) - if err := enc.safeEncode(Key([]string{}), rv); err != nil { + err := enc.safeEncode(Key([]string{}), rv) + if err != nil { return err } return enc.w.Flush() @@ -457,6 +458,16 @@ func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) { frv := eindirect(rv.Field(i)) + if is32Bit { + // Copy so it works correct on 32bit archs; not clear why this + // is needed. See #314, and https://www.reddit.com/r/golang/comments/pnx8v4 + // This also works fine on 64bit, but 32bit archs are somewhat + // rare and this is a wee bit faster. + copyStart := make([]int, len(start)) + copy(copyStart, start) + start = copyStart + } + // Treat anonymous struct fields with tag names as though they are // not anonymous, like encoding/json does. // @@ -471,17 +482,7 @@ func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) { if typeIsTable(tomlTypeOfGo(frv)) { fieldsSub = append(fieldsSub, append(start, f.Index...)) } else { - // Copy so it works correct on 32bit archs; not clear why this - // is needed. See #314, and https://www.reddit.com/r/golang/comments/pnx8v4 - // This also works fine on 64bit, but 32bit archs are somewhat - // rare and this is a wee bit faster. - if is32Bit { - copyStart := make([]int, len(start)) - copy(copyStart, start) - fieldsDirect = append(fieldsDirect, append(copyStart, f.Index...)) - } else { - fieldsDirect = append(fieldsDirect, append(start, f.Index...)) - } + fieldsDirect = append(fieldsDirect, append(start, f.Index...)) } } } @@ -490,24 +491,27 @@ func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) { writeFields := func(fields [][]int) { for _, fieldIndex := range fields { fieldType := rt.FieldByIndex(fieldIndex) - fieldVal := eindirect(rv.FieldByIndex(fieldIndex)) + fieldVal := rv.FieldByIndex(fieldIndex) - if isNil(fieldVal) { /// Don't write anything for nil fields. + opts := getOptions(fieldType.Tag) + if opts.skip { + continue + } + if opts.omitempty && isEmpty(fieldVal) { continue } - opts := getOptions(fieldType.Tag) - if opts.skip { + fieldVal = eindirect(fieldVal) + + if isNil(fieldVal) { /// Don't write anything for nil fields. continue } + keyName := fieldType.Name if opts.name != "" { keyName = opts.name } - if opts.omitempty && enc.isEmpty(fieldVal) { - continue - } if opts.omitzero && isZero(fieldVal) { continue } @@ -649,7 +653,7 @@ func isZero(rv reflect.Value) bool { return false } -func (enc *Encoder) isEmpty(rv reflect.Value) bool { +func isEmpty(rv reflect.Value) bool { switch rv.Kind() { case reflect.Array, reflect.Slice, reflect.Map, reflect.String: return rv.Len() == 0 @@ -664,13 +668,15 @@ func (enc *Encoder) isEmpty(rv reflect.Value) bool { // type b struct{ s []string } // s := a{field: b{s: []string{"AAA"}}} for i := 0; i < rv.NumField(); i++ { - if !enc.isEmpty(rv.Field(i)) { + if !isEmpty(rv.Field(i)) { return false } } return true case reflect.Bool: return !rv.Bool() + case reflect.Ptr: + return rv.IsNil() } return false } @@ -693,8 +699,11 @@ func (enc *Encoder) newline() { // v v v v vv // key = {k = 1, k2 = 2} func (enc *Encoder) writeKeyValue(key Key, val reflect.Value, inline bool) { + /// Marshaler used on top-level document; call eElement() to just call + /// Marshal{TOML,Text}. if len(key) == 0 { - encPanic(errNoKey) + enc.eElement(val) + return } enc.wf("%s%s = ", enc.indentStr(key), key.maybeQuoted(len(key)-1)) enc.eElement(val) diff --git a/vendor/github.com/BurntSushi/toml/error.go b/vendor/github.com/BurntSushi/toml/error.go index f4f390e647f..efd68865bba 100644 --- a/vendor/github.com/BurntSushi/toml/error.go +++ b/vendor/github.com/BurntSushi/toml/error.go @@ -84,7 +84,7 @@ func (pe ParseError) Error() string { pe.Position.Line, pe.LastKey, msg) } -// ErrorWithUsage() returns the error with detailed location context. +// ErrorWithPosition returns the error with detailed location context. // // See the documentation on [ParseError]. func (pe ParseError) ErrorWithPosition() string { @@ -124,7 +124,7 @@ func (pe ParseError) ErrorWithPosition() string { return b.String() } -// ErrorWithUsage() returns the error with detailed location context and usage +// ErrorWithUsage returns the error with detailed location context and usage // guidance. // // See the documentation on [ParseError]. diff --git a/vendor/github.com/BurntSushi/toml/lex.go b/vendor/github.com/BurntSushi/toml/lex.go index d4d70871d8d..3545a6ad66d 100644 --- a/vendor/github.com/BurntSushi/toml/lex.go +++ b/vendor/github.com/BurntSushi/toml/lex.go @@ -46,12 +46,13 @@ func (p Position) String() string { } type lexer struct { - input string - start int - pos int - line int - state stateFn - items chan item + input string + start int + pos int + line int + state stateFn + items chan item + tomlNext bool // Allow for backing up up to 4 runes. This is necessary because TOML // contains 3-rune tokens (""" and '''). @@ -87,13 +88,14 @@ func (lx *lexer) nextItem() item { } } -func lex(input string) *lexer { +func lex(input string, tomlNext bool) *lexer { lx := &lexer{ - input: input, - state: lexTop, - items: make(chan item, 10), - stack: make([]stateFn, 0, 10), - line: 1, + input: input, + state: lexTop, + items: make(chan item, 10), + stack: make([]stateFn, 0, 10), + line: 1, + tomlNext: tomlNext, } return lx } @@ -408,7 +410,7 @@ func lexTableNameEnd(lx *lexer) stateFn { // Lexes only one part, e.g. only 'a' inside 'a.b'. func lexBareName(lx *lexer) stateFn { r := lx.next() - if isBareKeyChar(r) { + if isBareKeyChar(r, lx.tomlNext) { return lexBareName } lx.backup() @@ -618,6 +620,9 @@ func lexInlineTableValue(lx *lexer) stateFn { case isWhitespace(r): return lexSkip(lx, lexInlineTableValue) case isNL(r): + if lx.tomlNext { + return lexSkip(lx, lexInlineTableValue) + } return lx.errorPrevLine(errLexInlineTableNL{}) case r == '#': lx.push(lexInlineTableValue) @@ -640,6 +645,9 @@ func lexInlineTableValueEnd(lx *lexer) stateFn { case isWhitespace(r): return lexSkip(lx, lexInlineTableValueEnd) case isNL(r): + if lx.tomlNext { + return lexSkip(lx, lexInlineTableValueEnd) + } return lx.errorPrevLine(errLexInlineTableNL{}) case r == '#': lx.push(lexInlineTableValueEnd) @@ -648,6 +656,9 @@ func lexInlineTableValueEnd(lx *lexer) stateFn { lx.ignore() lx.skip(isWhitespace) if lx.peek() == '}' { + if lx.tomlNext { + return lexInlineTableValueEnd + } return lx.errorf("trailing comma not allowed in inline tables") } return lexInlineTableValue @@ -770,8 +781,8 @@ func lexRawString(lx *lexer) stateFn { } } -// lexMultilineRawString consumes a raw string. Nothing can be escaped in such -// a string. It assumes that the beginning ''' has already been consumed and +// lexMultilineRawString consumes a raw string. Nothing can be escaped in such a +// string. It assumes that the beginning triple-' has already been consumed and // ignored. func lexMultilineRawString(lx *lexer) stateFn { r := lx.next() @@ -828,6 +839,11 @@ func lexMultilineStringEscape(lx *lexer) stateFn { func lexStringEscape(lx *lexer) stateFn { r := lx.next() switch r { + case 'e': + if !lx.tomlNext { + return lx.error(errLexEscape{r}) + } + fallthrough case 'b': fallthrough case 't': @@ -846,6 +862,11 @@ func lexStringEscape(lx *lexer) stateFn { fallthrough case '\\': return lx.pop() + case 'x': + if !lx.tomlNext { + return lx.error(errLexEscape{r}) + } + return lexHexEscape case 'u': return lexShortUnicodeEscape case 'U': @@ -854,6 +875,19 @@ func lexStringEscape(lx *lexer) stateFn { return lx.error(errLexEscape{r}) } +func lexHexEscape(lx *lexer) stateFn { + var r rune + for i := 0; i < 2; i++ { + r = lx.next() + if !isHexadecimal(r) { + return lx.errorf( + `expected two hexadecimal digits after '\x', but got %q instead`, + lx.current()) + } + } + return lx.pop() +} + func lexShortUnicodeEscape(lx *lexer) stateFn { var r rune for i := 0; i < 4; i++ { @@ -1225,7 +1259,23 @@ func isOctal(r rune) bool { return r >= '0' && r <= '7' } func isHexadecimal(r rune) bool { return (r >= '0' && r <= '9') || (r >= 'a' && r <= 'f') || (r >= 'A' && r <= 'F') } -func isBareKeyChar(r rune) bool { + +func isBareKeyChar(r rune, tomlNext bool) bool { + if tomlNext { + return (r >= 'A' && r <= 'Z') || + (r >= 'a' && r <= 'z') || + (r >= '0' && r <= '9') || + r == '_' || r == '-' || + r == 0xb2 || r == 0xb3 || r == 0xb9 || (r >= 0xbc && r <= 0xbe) || + (r >= 0xc0 && r <= 0xd6) || (r >= 0xd8 && r <= 0xf6) || (r >= 0xf8 && r <= 0x037d) || + (r >= 0x037f && r <= 0x1fff) || + (r >= 0x200c && r <= 0x200d) || (r >= 0x203f && r <= 0x2040) || + (r >= 0x2070 && r <= 0x218f) || (r >= 0x2460 && r <= 0x24ff) || + (r >= 0x2c00 && r <= 0x2fef) || (r >= 0x3001 && r <= 0xd7ff) || + (r >= 0xf900 && r <= 0xfdcf) || (r >= 0xfdf0 && r <= 0xfffd) || + (r >= 0x10000 && r <= 0xeffff) + } + return (r >= 'A' && r <= 'Z') || (r >= 'a' && r <= 'z') || (r >= '0' && r <= '9') || diff --git a/vendor/github.com/BurntSushi/toml/meta.go b/vendor/github.com/BurntSushi/toml/meta.go index 71847a04158..2e78b24e952 100644 --- a/vendor/github.com/BurntSushi/toml/meta.go +++ b/vendor/github.com/BurntSushi/toml/meta.go @@ -106,7 +106,7 @@ func (k Key) maybeQuoted(i int) string { return `""` } for _, c := range k[i] { - if !isBareKeyChar(c) { + if !isBareKeyChar(c, false) { return `"` + dblQuotedReplacer.Replace(k[i]) + `"` } } diff --git a/vendor/github.com/BurntSushi/toml/parse.go b/vendor/github.com/BurntSushi/toml/parse.go index d2542d6f926..9c191536986 100644 --- a/vendor/github.com/BurntSushi/toml/parse.go +++ b/vendor/github.com/BurntSushi/toml/parse.go @@ -2,6 +2,7 @@ package toml import ( "fmt" + "os" "strconv" "strings" "time" @@ -15,6 +16,7 @@ type parser struct { context Key // Full key for the current hash in scope. currentKey string // Base key name for everything except hashes. pos Position // Current position in the TOML file. + tomlNext bool ordered []Key // List of keys in the order that they appear in the TOML data. @@ -29,6 +31,8 @@ type keyInfo struct { } func parse(data string) (p *parser, err error) { + _, tomlNext := os.LookupEnv("BURNTSUSHI_TOML_110") + defer func() { if r := recover(); r != nil { if pErr, ok := r.(ParseError); ok { @@ -41,9 +45,12 @@ func parse(data string) (p *parser, err error) { }() // Read over BOM; do this here as the lexer calls utf8.DecodeRuneInString() - // which mangles stuff. - if strings.HasPrefix(data, "\xff\xfe") || strings.HasPrefix(data, "\xfe\xff") { + // which mangles stuff. UTF-16 BOM isn't strictly valid, but some tools add + // it anyway. + if strings.HasPrefix(data, "\xff\xfe") || strings.HasPrefix(data, "\xfe\xff") { // UTF-16 data = data[2:] + } else if strings.HasPrefix(data, "\xef\xbb\xbf") { // UTF-8 + data = data[3:] } // Examine first few bytes for NULL bytes; this probably means it's a UTF-16 @@ -65,9 +72,10 @@ func parse(data string) (p *parser, err error) { p = &parser{ keyInfo: make(map[string]keyInfo), mapping: make(map[string]interface{}), - lx: lex(data), + lx: lex(data, tomlNext), ordered: make([]Key, 0), implicits: make(map[string]struct{}), + tomlNext: tomlNext, } for { item := p.next() @@ -194,12 +202,12 @@ func (p *parser) topLevel(item item) { for i := range context { p.addImplicitContext(append(p.context, context[i:i+1]...)) } + p.ordered = append(p.ordered, p.context.add(p.currentKey)) /// Set value. vItem := p.next() val, typ := p.value(vItem, false) p.set(p.currentKey, val, typ, vItem.pos) - p.ordered = append(p.ordered, p.context.add(p.currentKey)) /// Remove the context we added (preserving any context from [tbl] lines). p.context = outerContext @@ -236,7 +244,7 @@ func (p *parser) value(it item, parentIsArray bool) (interface{}, tomlType) { case itemString: return p.replaceEscapes(it, it.val), p.typeOfPrimitive(it) case itemMultilineString: - return p.replaceEscapes(it, stripFirstNewline(p.stripEscapedNewlines(it.val))), p.typeOfPrimitive(it) + return p.replaceEscapes(it, p.stripEscapedNewlines(stripFirstNewline(it.val))), p.typeOfPrimitive(it) case itemRawString: return it.val, p.typeOfPrimitive(it) case itemRawMultilineString: @@ -331,11 +339,17 @@ func (p *parser) valueFloat(it item) (interface{}, tomlType) { var dtTypes = []struct { fmt string zone *time.Location + next bool }{ - {time.RFC3339Nano, time.Local}, - {"2006-01-02T15:04:05.999999999", internal.LocalDatetime}, - {"2006-01-02", internal.LocalDate}, - {"15:04:05.999999999", internal.LocalTime}, + {time.RFC3339Nano, time.Local, false}, + {"2006-01-02T15:04:05.999999999", internal.LocalDatetime, false}, + {"2006-01-02", internal.LocalDate, false}, + {"15:04:05.999999999", internal.LocalTime, false}, + + // tomlNext + {"2006-01-02T15:04Z07:00", time.Local, true}, + {"2006-01-02T15:04", internal.LocalDatetime, true}, + {"15:04", internal.LocalTime, true}, } func (p *parser) valueDatetime(it item) (interface{}, tomlType) { @@ -346,6 +360,9 @@ func (p *parser) valueDatetime(it item) (interface{}, tomlType) { err error ) for _, dt := range dtTypes { + if dt.next && !p.tomlNext { + continue + } t, err = time.ParseInLocation(dt.fmt, it.val, dt.zone) if err == nil { ok = true @@ -384,6 +401,7 @@ func (p *parser) valueArray(it item) (interface{}, tomlType) { // // Not entirely sure how to best store this; could use "key[0]", // "key[1]" notation, or maybe store it on the Array type? + _ = types } return array, tomlArray } @@ -426,11 +444,11 @@ func (p *parser) valueInlineTable(it item, parentIsArray bool) (interface{}, tom for i := range context { p.addImplicitContext(append(p.context, context[i:i+1]...)) } + p.ordered = append(p.ordered, p.context.add(p.currentKey)) /// Set the value. val, typ := p.value(p.next(), false) p.set(p.currentKey, val, typ, it.pos) - p.ordered = append(p.ordered, p.context.add(p.currentKey)) hash[p.currentKey] = val /// Restore context. @@ -551,7 +569,6 @@ func (p *parser) addContext(key Key, array bool) { func (p *parser) set(key string, val interface{}, typ tomlType, pos Position) { p.setValue(key, val) p.setType(key, typ, pos) - } // setValue sets the given key to the given value in the current context. @@ -632,14 +649,11 @@ func (p *parser) setType(key string, typ tomlType, pos Position) { // Implicit keys need to be created when tables are implied in "a.b.c.d = 1" and // "[a.b.c]" (the "a", "b", and "c" hashes are never created explicitly). -func (p *parser) addImplicit(key Key) { p.implicits[key.String()] = struct{}{} } -func (p *parser) removeImplicit(key Key) { delete(p.implicits, key.String()) } -func (p *parser) isImplicit(key Key) bool { _, ok := p.implicits[key.String()]; return ok } -func (p *parser) isArray(key Key) bool { return p.keyInfo[key.String()].tomlType == tomlArray } -func (p *parser) addImplicitContext(key Key) { - p.addImplicit(key) - p.addContext(key, false) -} +func (p *parser) addImplicit(key Key) { p.implicits[key.String()] = struct{}{} } +func (p *parser) removeImplicit(key Key) { delete(p.implicits, key.String()) } +func (p *parser) isImplicit(key Key) bool { _, ok := p.implicits[key.String()]; return ok } +func (p *parser) isArray(key Key) bool { return p.keyInfo[key.String()].tomlType == tomlArray } +func (p *parser) addImplicitContext(key Key) { p.addImplicit(key); p.addContext(key, false) } // current returns the full key name of the current context. func (p *parser) current() string { @@ -662,49 +676,54 @@ func stripFirstNewline(s string) string { return s } -// Remove newlines inside triple-quoted strings if a line ends with "\". +// stripEscapedNewlines removes whitespace after line-ending backslashes in +// multiline strings. +// +// A line-ending backslash is an unescaped \ followed only by whitespace until +// the next newline. After a line-ending backslash, all whitespace is removed +// until the next non-whitespace character. func (p *parser) stripEscapedNewlines(s string) string { - split := strings.Split(s, "\n") - if len(split) < 1 { - return s - } - - escNL := false // Keep track of the last non-blank line was escaped. - for i, line := range split { - line = strings.TrimRight(line, " \t\r") - - if len(line) == 0 || line[len(line)-1] != '\\' { - split[i] = strings.TrimRight(split[i], "\r") - if !escNL && i != len(split)-1 { - split[i] += "\n" - } - continue + var b strings.Builder + var i int + for { + ix := strings.Index(s[i:], `\`) + if ix < 0 { + b.WriteString(s) + return b.String() } + i += ix - escBS := true - for j := len(line) - 1; j >= 0 && line[j] == '\\'; j-- { - escBS = !escBS + if len(s) > i+1 && s[i+1] == '\\' { + // Escaped backslash. + i += 2 + continue } - if escNL { - line = strings.TrimLeft(line, " \t\r") + // Scan until the next non-whitespace. + j := i + 1 + whitespaceLoop: + for ; j < len(s); j++ { + switch s[j] { + case ' ', '\t', '\r', '\n': + default: + break whitespaceLoop + } } - escNL = !escBS - - if escBS { - split[i] += "\n" + if j == i+1 { + // Not a whitespace escape. + i++ continue } - - if i == len(split)-1 { - p.panicf("invalid escape: '\\ '") - } - - split[i] = line[:len(line)-1] // Remove \ - if len(split)-1 > i { - split[i+1] = strings.TrimLeft(split[i+1], " \t\r") + if !strings.Contains(s[i:j], "\n") { + // This is not a line-ending backslash. + // (It's a bad escape sequence, but we can let + // replaceEscapes catch it.) + i++ + continue } + b.WriteString(s[:i]) + s = s[j:] + i = 0 } - return strings.Join(split, "") } func (p *parser) replaceEscapes(it item, str string) string { @@ -743,12 +762,23 @@ func (p *parser) replaceEscapes(it item, str string) string { case 'r': replaced = append(replaced, rune(0x000D)) r += 1 + case 'e': + if p.tomlNext { + replaced = append(replaced, rune(0x001B)) + r += 1 + } case '"': replaced = append(replaced, rune(0x0022)) r += 1 case '\\': replaced = append(replaced, rune(0x005C)) r += 1 + case 'x': + if p.tomlNext { + escaped := p.asciiEscapeToUnicode(it, s[r+1:r+3]) + replaced = append(replaced, escaped) + r += 3 + } case 'u': // At this point, we know we have a Unicode escape of the form // `uXXXX` at [r, r+5). (Because the lexer guarantees this diff --git a/vendor/github.com/IBM/go-sdk-core/v5/core/constants.go b/vendor/github.com/IBM/go-sdk-core/v5/core/constants.go index 923d1ebcee2..ca4ba8a1335 100644 --- a/vendor/github.com/IBM/go-sdk-core/v5/core/constants.go +++ b/vendor/github.com/IBM/go-sdk-core/v5/core/constants.go @@ -71,7 +71,7 @@ const ( ERRORMSG_AUTHENTICATE_ERROR = "An error occurred while performing the 'authenticate' step: %s" ERRORMSG_READ_RESPONSE_BODY = "An error occurred while reading the response body: %s" ERRORMSG_UNEXPECTED_RESPONSE = "The response contained unexpected content, Content-Type=%s, operation resultType=%s" - ERRORMSG_UNMARSHAL_RESPONSE_BODY = "An error occurred while unmarshalling the response body: %s" + ERRORMSG_UNMARSHAL_RESPONSE_BODY = "An error occurred while processing the HTTP response: %s" ERRORMSG_NIL_SLICE = "The 'slice' parameter cannot be nil" ERRORMSG_PARAM_NOT_SLICE = "The 'slice' parameter must be a slice" ERRORMSG_MARSHAL_SLICE = "An error occurred while marshalling the slice: %s" diff --git a/vendor/github.com/IBM/go-sdk-core/v5/core/container_authenticator.go b/vendor/github.com/IBM/go-sdk-core/v5/core/container_authenticator.go index 932e79efee0..b289881fd22 100644 --- a/vendor/github.com/IBM/go-sdk-core/v5/core/container_authenticator.go +++ b/vendor/github.com/IBM/go-sdk-core/v5/core/container_authenticator.go @@ -1,6 +1,6 @@ package core -// (C) Copyright IBM Corp. 2021. +// (C) Copyright IBM Corp. 2021, 2023.. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -39,7 +39,8 @@ type ContainerAuthenticator struct { // [optional] The name of the file containing the injected CR token value (applies to // IKS-managed compute resources). - // Default value: "/var/run/secrets/tokens/vault-token" + // Default value: (1) "/var/run/secrets/tokens/vault-token" or (2) "/var/run/secrets/tokens/sa-token", + // whichever is found first. CRTokenFilename string // [optional] The name of the linked trusted IAM profile to be used when obtaining the IAM access token. @@ -94,8 +95,9 @@ type ContainerAuthenticator struct { } const ( - defaultCRTokenFilename = "/var/run/secrets/tokens/vault-token" // #nosec G101 - iamGrantTypeCRToken = "urn:ibm:params:oauth:grant-type:cr-token" // #nosec G101 + defaultCRTokenFilename1 = "/var/run/secrets/tokens/vault-token" // #nosec G101 + defaultCRTokenFilename2 = "/var/run/secrets/tokens/sa-token" // #nosec G101 + iamGrantTypeCRToken = "urn:ibm:params:oauth:grant-type:cr-token" // #nosec G101 ) var craRequestTokenMutex sync.Mutex @@ -479,25 +481,41 @@ func (authenticator *ContainerAuthenticator) RequestToken() (*IamTokenServerResp // retrieveCRToken tries to read the CR token value from the local file system. func (authenticator *ContainerAuthenticator) retrieveCRToken() (crToken string, err error) { - // Use the default filename if one wasn't supplied by the user. - crTokenFilename := authenticator.CRTokenFilename - if crTokenFilename == "" { - crTokenFilename = defaultCRTokenFilename + if authenticator.CRTokenFilename != "" { + // Use the file specified by the user. + crToken, err = authenticator.readFile(authenticator.CRTokenFilename) + } else { + // If the user didn't specify a filename, try our two defaults. + crToken, err = authenticator.readFile(defaultCRTokenFilename1) + if err != nil { + crToken, err = authenticator.readFile(defaultCRTokenFilename2) + } + } + + if err != nil { + err = fmt.Errorf(ERRORMSG_UNABLE_RETRIEVE_CRTOKEN, err.Error()) + GetLogger().Debug(err.Error()) + return } - GetLogger().Debug("Attempting to read CR token from file: %s\n", crTokenFilename) + return +} + +// readFile attempts to read the specified cr token file and return its contents as a string. +func (authenticator *ContainerAuthenticator) readFile(filename string) (crToken string, err error) { + GetLogger().Debug("Attempting to read CR token from file: %s\n", filename) // Read the entire file into a byte slice, then convert to string. var bytes []byte - bytes, err = os.ReadFile(crTokenFilename) // #nosec G304 + bytes, err = os.ReadFile(filename) // #nosec G304 if err != nil { - err = fmt.Errorf(ERRORMSG_UNABLE_RETRIEVE_CRTOKEN, err.Error()) GetLogger().Debug(err.Error()) return } + GetLogger().Debug("Successfully read CR token from file: %s\n", filename) + crToken = string(bytes) - GetLogger().Debug("Successfully read CR token from file: %s\n", crTokenFilename) return } diff --git a/vendor/github.com/IBM/go-sdk-core/v5/core/utils.go b/vendor/github.com/IBM/go-sdk-core/v5/core/utils.go index 311d24e465e..070cae669f5 100644 --- a/vendor/github.com/IBM/go-sdk-core/v5/core/utils.go +++ b/vendor/github.com/IBM/go-sdk-core/v5/core/utils.go @@ -316,10 +316,82 @@ func GetQueryParamAsInt(urlStr *string, param string) (value *int64, err error) return } +// keywords that are redacted +var redactedKeywords = []string{ + "apikey", + "api_key", + "passcode", + "password", + "token", + + "aadClientId", + "aadClientSecret", + "auth", + "auth_provider_x509_cert_url", + "auth_uri", + "client_email", + "client_id", + "client_x509_cert_url", + "key", + "project_id", + "secret", + "subscriptionId", + "tenantId", + "thumbprint", + "token_uri", + + // Information from issue: https://github.com/IBM/go-sdk-core/issues/190 + // // Redhat + // "ibm-cos-access-key", + // "ibm-cos-secret-key", + // "iam-api-key", + // "kms-root-key", + // "kms-api-key", + + // // AWS + // "aws-access-key", + // "aws-secret-access-key", + + // // Azure + // "tenantId", + // "subscriptionId", + // "aadClientId", + // "aadClientSecret", + + // // Google + // "project_id", + // "private_key_id", + // "private_key", + // "client_email", + // "client_id", + // "auth_uri", + // "token_uri", + // "auth_provider_x509_cert_url", + // "client_x509_cert_url", + + // // IBM + // "primary-gui-api-user", + // "primary-gui-api-password", + // "owning-gui-api-user", + // "owning-gui-api-password", + // "g2_api_key", + + // // NetApp + // "username", + // "password", + + // // VMware + // "vcenter-username", + // "vcenter-password", + // "thumbprint", +} + +var redactedTokens = strings.Join(redactedKeywords, "|") + // Pre-compiled regular expressions used by RedactSecrets(). var reAuthHeader = regexp.MustCompile(`(?m)^(Authorization|X-Auth\S*): .*`) -var rePassword1 = regexp.MustCompile(`(?i)(password|token|apikey|api_key|passcode)=[^&]*(&|$)`) -var rePassword2 = regexp.MustCompile(`(?i)"([^"]*(password|token|apikey|api_key)[^"_]*)":\s*"[^\,]*"`) +var rePropertySetting = regexp.MustCompile(`(?i)(` + redactedTokens + `)=[^&]*(&|$)`) +var reJsonField = regexp.MustCompile(`(?i)"([^"]*(` + redactedTokens + `)[^"_]*)":\s*"[^\,]*"`) // RedactSecrets() returns the input string with secrets redacted. func RedactSecrets(input string) string { @@ -327,8 +399,8 @@ func RedactSecrets(input string) string { redactedString := input redactedString = reAuthHeader.ReplaceAllString(redactedString, "$1: "+redacted) - redactedString = rePassword1.ReplaceAllString(redactedString, "$1="+redacted+"$2") - redactedString = rePassword2.ReplaceAllString(redactedString, fmt.Sprintf(`"$1":"%s"`, redacted)) + redactedString = rePropertySetting.ReplaceAllString(redactedString, "$1="+redacted+"$2") + redactedString = reJsonField.ReplaceAllString(redactedString, fmt.Sprintf(`"$1":"%s"`, redacted)) return redactedString } diff --git a/vendor/github.com/IBM/go-sdk-core/v5/core/version.go b/vendor/github.com/IBM/go-sdk-core/v5/core/version.go index 59a6a96c295..5be9fefb709 100644 --- a/vendor/github.com/IBM/go-sdk-core/v5/core/version.go +++ b/vendor/github.com/IBM/go-sdk-core/v5/core/version.go @@ -15,4 +15,4 @@ package core // limitations under the License. // Version of the SDK -const __VERSION__ = "5.13.2" +const __VERSION__ = "5.14.1" diff --git a/vendor/github.com/aws/aws-sdk-go/aws/auth/bearer/token.go b/vendor/github.com/aws/aws-sdk-go/aws/auth/bearer/token.go new file mode 100644 index 00000000000..dd950a286fb --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/auth/bearer/token.go @@ -0,0 +1,50 @@ +package bearer + +import ( + "github.com/aws/aws-sdk-go/aws" + "time" +) + +// Token provides a type wrapping a bearer token and expiration metadata. +type Token struct { + Value string + + CanExpire bool + Expires time.Time +} + +// Expired returns if the token's Expires time is before or equal to the time +// provided. If CanExpire is false, Expired will always return false. +func (t Token) Expired(now time.Time) bool { + if !t.CanExpire { + return false + } + now = now.Round(0) + return now.Equal(t.Expires) || now.After(t.Expires) +} + +// TokenProvider provides interface for retrieving bearer tokens. +type TokenProvider interface { + RetrieveBearerToken(aws.Context) (Token, error) +} + +// TokenProviderFunc provides a helper utility to wrap a function as a type +// that implements the TokenProvider interface. +type TokenProviderFunc func(aws.Context) (Token, error) + +// RetrieveBearerToken calls the wrapped function, returning the Token or +// error. +func (fn TokenProviderFunc) RetrieveBearerToken(ctx aws.Context) (Token, error) { + return fn(ctx) +} + +// StaticTokenProvider provides a utility for wrapping a static bearer token +// value within an implementation of a token provider. +type StaticTokenProvider struct { + Token Token +} + +// RetrieveBearerToken returns the static token specified. +func (s StaticTokenProvider) RetrieveBearerToken(aws.Context) (Token, error) { + return s.Token, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go index 4818ea427e3..776e31b21d6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go @@ -20,16 +20,16 @@ type RequestRetryer interface{} // A Config provides service configuration for service clients. By default, // all clients will use the defaults.DefaultConfig structure. // -// // Create Session with MaxRetries configuration to be shared by multiple -// // service clients. -// sess := session.Must(session.NewSession(&aws.Config{ -// MaxRetries: aws.Int(3), -// })) +// // Create Session with MaxRetries configuration to be shared by multiple +// // service clients. +// sess := session.Must(session.NewSession(&aws.Config{ +// MaxRetries: aws.Int(3), +// })) // -// // Create S3 service client with a specific Region. -// svc := s3.New(sess, &aws.Config{ -// Region: aws.String("us-west-2"), -// }) +// // Create S3 service client with a specific Region. +// svc := s3.New(sess, &aws.Config{ +// Region: aws.String("us-west-2"), +// }) type Config struct { // Enables verbose error printing of all credential chain errors. // Should be used when wanting to see all errors while attempting to @@ -192,6 +192,23 @@ type Config struct { // EC2MetadataDisableTimeoutOverride *bool + // Set this to `false` to disable EC2Metadata client from falling back to IMDSv1. + // By default, EC2 role credentials will fall back to IMDSv1 as needed for backwards compatibility. + // You can disable this behavior by explicitly setting this flag to `false`. When false, the EC2Metadata + // client will return any errors encountered from attempting to fetch a token instead of silently + // using the insecure data flow of IMDSv1. + // + // Example: + // sess := session.Must(session.NewSession(aws.NewConfig() + // .WithEC2MetadataEnableFallback(false))) + // + // svc := s3.New(sess) + // + // See [configuring IMDS] for more information. + // + // [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html + EC2MetadataEnableFallback *bool + // Instructs the endpoint to be generated for a service client to // be the dual stack endpoint. The dual stack endpoint will support // both IPv4 and IPv6 addressing. @@ -283,16 +300,16 @@ type Config struct { // NewConfig returns a new Config pointer that can be chained with builder // methods to set multiple configuration values inline without using pointers. // -// // Create Session with MaxRetries configuration to be shared by multiple -// // service clients. -// sess := session.Must(session.NewSession(aws.NewConfig(). -// WithMaxRetries(3), -// )) +// // Create Session with MaxRetries configuration to be shared by multiple +// // service clients. +// sess := session.Must(session.NewSession(aws.NewConfig(). +// WithMaxRetries(3), +// )) // -// // Create S3 service client with a specific Region. -// svc := s3.New(sess, aws.NewConfig(). -// WithRegion("us-west-2"), -// ) +// // Create S3 service client with a specific Region. +// svc := s3.New(sess, aws.NewConfig(). +// WithRegion("us-west-2"), +// ) func NewConfig() *Config { return &Config{} } @@ -432,6 +449,13 @@ func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config { return c } +// WithEC2MetadataEnableFallback sets a config EC2MetadataEnableFallback value +// returning a Config pointer for chaining. +func (c *Config) WithEC2MetadataEnableFallback(v bool) *Config { + c.EC2MetadataEnableFallback = &v + return c +} + // WithSleepDelay overrides the function used to sleep while waiting for the // next retry. Defaults to time.Sleep. func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config { @@ -576,6 +600,10 @@ func mergeInConfig(dst *Config, other *Config) { dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride } + if other.EC2MetadataEnableFallback != nil { + dst.EC2MetadataEnableFallback = other.EC2MetadataEnableFallback + } + if other.SleepDelay != nil { dst.SleepDelay = other.SleepDelay } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go new file mode 100644 index 00000000000..140242dd1b8 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go @@ -0,0 +1,4 @@ +// DO NOT EDIT +package corehandlers + +const isAwsInternal = "" \ No newline at end of file diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go index ab69c7a6f38..ac842c55d89 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go @@ -35,3 +35,13 @@ var AddHostExecEnvUserAgentHander = request.NamedHandler{ request.AddToUserAgent(r, execEnvUAKey+"/"+v) }, } + +var AddAwsInternal = request.NamedHandler{ + Name: "core.AddAwsInternal", + Fn: func(r *request.Request) { + if len(isAwsInternal) == 0 { + return + } + request.AddToUserAgent(r, isAwsInternal) + }, +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go index 785f30d8e6c..329f788a38a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go @@ -31,6 +31,8 @@ package endpointcreds import ( "encoding/json" + "fmt" + "strings" "time" "github.com/aws/aws-sdk-go/aws" @@ -69,7 +71,37 @@ type Provider struct { // Optional authorization token value if set will be used as the value of // the Authorization header of the endpoint credential request. + // + // When constructed from environment, the provider will use the value of + // AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token + // + // Will be overridden if AuthorizationTokenProvider is configured AuthorizationToken string + + // Optional auth provider func to dynamically load the auth token from a file + // everytime a credential is retrieved + // + // When constructed from environment, the provider will read and use the content + // of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable + // as the auth token everytime credentials are retrieved + // + // Will override AuthorizationToken if configured + AuthorizationTokenProvider AuthTokenProvider +} + +// AuthTokenProvider defines an interface to dynamically load a value to be passed +// for the Authorization header of a credentials request. +type AuthTokenProvider interface { + GetToken() (string, error) +} + +// TokenProviderFunc is a func type implementing AuthTokenProvider interface +// and enables customizing token provider behavior +type TokenProviderFunc func() (string, error) + +// GetToken func retrieves auth token according to TokenProviderFunc implementation +func (p TokenProviderFunc) GetToken() (string, error) { + return p() } // NewProviderClient returns a credentials Provider for retrieving AWS credentials @@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error req := p.Client.NewRequest(op, nil, out) req.SetContext(ctx) req.HTTPRequest.Header.Set("Accept", "application/json") - if authToken := p.AuthorizationToken; len(authToken) != 0 { + + authToken := p.AuthorizationToken + var err error + if p.AuthorizationTokenProvider != nil { + authToken, err = p.AuthorizationTokenProvider.GetToken() + if err != nil { + return nil, fmt.Errorf("get authorization token: %v", err) + } + } + + if strings.ContainsAny(authToken, "\r\n") { + return nil, fmt.Errorf("authorization token contains invalid newline sequence") + } + if len(authToken) != 0 { req.HTTPRequest.Header.Set("Authorization", authToken) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go index 6eda2a5557f..4138e725dde 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go @@ -4,13 +4,13 @@ import ( "crypto/sha1" "encoding/hex" "encoding/json" - "fmt" "io/ioutil" "path/filepath" "strings" "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/auth/bearer" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/credentials" @@ -55,6 +55,19 @@ type Provider struct { // The URL that points to the organization's AWS Single Sign-On (AWS SSO) user portal. StartURL string + + // The filepath the cached token will be retrieved from. If unset Provider will + // use the startURL to determine the filepath at. + // + // ~/.aws/sso/cache/.json + // + // If custom cached token filepath is used, the Provider's startUrl + // parameter will be ignored. + CachedTokenFilepath string + + // Used by the SSOCredentialProvider if a token configuration + // profile is used in the shared config + TokenProvider bearer.TokenProvider } // NewCredentials returns a new AWS Single Sign-On (AWS SSO) credential provider. The ConfigProvider is expected to be configured @@ -89,13 +102,31 @@ func (p *Provider) Retrieve() (credentials.Value, error) { // RetrieveWithContext retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal // by exchanging the accessToken present in ~/.aws/sso/cache. func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) { - tokenFile, err := loadTokenFile(p.StartURL) - if err != nil { - return credentials.Value{}, err + var accessToken *string + if p.TokenProvider != nil { + token, err := p.TokenProvider.RetrieveBearerToken(ctx) + if err != nil { + return credentials.Value{}, err + } + accessToken = &token.Value + } else { + if p.CachedTokenFilepath == "" { + cachedTokenFilePath, err := getCachedFilePath(p.StartURL) + if err != nil { + return credentials.Value{}, err + } + p.CachedTokenFilepath = cachedTokenFilePath + } + + tokenFile, err := loadTokenFile(p.CachedTokenFilepath) + if err != nil { + return credentials.Value{}, err + } + accessToken = &tokenFile.AccessToken } output, err := p.Client.GetRoleCredentialsWithContext(ctx, &sso.GetRoleCredentialsInput{ - AccessToken: &tokenFile.AccessToken, + AccessToken: accessToken, AccountId: &p.AccountID, RoleName: &p.RoleName, }) @@ -114,32 +145,13 @@ func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Val }, nil } -func getCacheFileName(url string) (string, error) { +func getCachedFilePath(startUrl string) (string, error) { hash := sha1.New() - _, err := hash.Write([]byte(url)) + _, err := hash.Write([]byte(startUrl)) if err != nil { return "", err } - return strings.ToLower(hex.EncodeToString(hash.Sum(nil))) + ".json", nil -} - -type rfc3339 time.Time - -func (r *rfc3339) UnmarshalJSON(bytes []byte) error { - var value string - - if err := json.Unmarshal(bytes, &value); err != nil { - return err - } - - parse, err := time.Parse(time.RFC3339, value) - if err != nil { - return fmt.Errorf("expected RFC3339 timestamp: %v", err) - } - - *r = rfc3339(parse) - - return nil + return filepath.Join(defaultCacheLocation(), strings.ToLower(hex.EncodeToString(hash.Sum(nil)))+".json"), nil } type token struct { @@ -153,13 +165,8 @@ func (t token) Expired() bool { return nowTime().Round(0).After(time.Time(t.ExpiresAt)) } -func loadTokenFile(startURL string) (t token, err error) { - key, err := getCacheFileName(startURL) - if err != nil { - return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err) - } - - fileBytes, err := ioutil.ReadFile(filepath.Join(defaultCacheLocation(), key)) +func loadTokenFile(cachedTokenPath string) (t token, err error) { + fileBytes, err := ioutil.ReadFile(cachedTokenPath) if err != nil { return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/sso_cached_token.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/sso_cached_token.go new file mode 100644 index 00000000000..f6fa88451af --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/sso_cached_token.go @@ -0,0 +1,237 @@ +package ssocreds + +import ( + "crypto/sha1" + "encoding/hex" + "encoding/json" + "fmt" + "github.com/aws/aws-sdk-go/internal/shareddefaults" + "io/ioutil" + "os" + "path/filepath" + "strconv" + "strings" + "time" +) + +var resolvedOsUserHomeDir = shareddefaults.UserHomeDir + +// StandardCachedTokenFilepath returns the filepath for the cached SSO token file, or +// error if unable get derive the path. Key that will be used to compute a SHA1 +// value that is hex encoded. +// +// Derives the filepath using the Key as: +// +// ~/.aws/sso/cache/.json +func StandardCachedTokenFilepath(key string) (string, error) { + homeDir := resolvedOsUserHomeDir() + if len(homeDir) == 0 { + return "", fmt.Errorf("unable to get USER's home directory for cached token") + } + hash := sha1.New() + if _, err := hash.Write([]byte(key)); err != nil { + return "", fmt.Errorf("unable to compute cached token filepath key SHA1 hash, %v", err) + } + + cacheFilename := strings.ToLower(hex.EncodeToString(hash.Sum(nil))) + ".json" + + return filepath.Join(homeDir, ".aws", "sso", "cache", cacheFilename), nil +} + +type tokenKnownFields struct { + AccessToken string `json:"accessToken,omitempty"` + ExpiresAt *rfc3339 `json:"expiresAt,omitempty"` + + RefreshToken string `json:"refreshToken,omitempty"` + ClientID string `json:"clientId,omitempty"` + ClientSecret string `json:"clientSecret,omitempty"` +} + +type cachedToken struct { + tokenKnownFields + UnknownFields map[string]interface{} `json:"-"` +} + +// MarshalJSON provides custom marshalling because the standard library Go marshaller ignores unknown/unspecified fields +// when marshalling from a struct: https://pkg.go.dev/encoding/json#Marshal +// This function adds some extra validation to the known fields and captures unknown fields. +func (t cachedToken) MarshalJSON() ([]byte, error) { + fields := map[string]interface{}{} + + setTokenFieldString(fields, "accessToken", t.AccessToken) + setTokenFieldRFC3339(fields, "expiresAt", t.ExpiresAt) + + setTokenFieldString(fields, "refreshToken", t.RefreshToken) + setTokenFieldString(fields, "clientId", t.ClientID) + setTokenFieldString(fields, "clientSecret", t.ClientSecret) + + for k, v := range t.UnknownFields { + if _, ok := fields[k]; ok { + return nil, fmt.Errorf("unknown token field %v, duplicates known field", k) + } + fields[k] = v + } + + return json.Marshal(fields) +} + +func setTokenFieldString(fields map[string]interface{}, key, value string) { + if value == "" { + return + } + fields[key] = value +} +func setTokenFieldRFC3339(fields map[string]interface{}, key string, value *rfc3339) { + if value == nil { + return + } + fields[key] = value +} + +// UnmarshalJSON provides custom unmarshalling because the standard library Go unmarshaller ignores unknown/unspecified +// fields when unmarshalling from a struct: https://pkg.go.dev/encoding/json#Unmarshal +// This function adds some extra validation to the known fields and captures unknown fields. +func (t *cachedToken) UnmarshalJSON(b []byte) error { + var fields map[string]interface{} + if err := json.Unmarshal(b, &fields); err != nil { + return nil + } + + t.UnknownFields = map[string]interface{}{} + + for k, v := range fields { + var err error + switch k { + case "accessToken": + err = getTokenFieldString(v, &t.AccessToken) + case "expiresAt": + err = getTokenFieldRFC3339(v, &t.ExpiresAt) + case "refreshToken": + err = getTokenFieldString(v, &t.RefreshToken) + case "clientId": + err = getTokenFieldString(v, &t.ClientID) + case "clientSecret": + err = getTokenFieldString(v, &t.ClientSecret) + default: + t.UnknownFields[k] = v + } + + if err != nil { + return fmt.Errorf("field %q, %v", k, err) + } + } + + return nil +} + +func getTokenFieldString(v interface{}, value *string) error { + var ok bool + *value, ok = v.(string) + if !ok { + return fmt.Errorf("expect value to be string, got %T", v) + } + return nil +} + +func getTokenFieldRFC3339(v interface{}, value **rfc3339) error { + var stringValue string + if err := getTokenFieldString(v, &stringValue); err != nil { + return err + } + + timeValue, err := parseRFC3339(stringValue) + if err != nil { + return err + } + + *value = &timeValue + return nil +} + +func loadCachedToken(filename string) (cachedToken, error) { + fileBytes, err := ioutil.ReadFile(filename) + if err != nil { + return cachedToken{}, fmt.Errorf("failed to read cached SSO token file, %v", err) + } + + var t cachedToken + if err := json.Unmarshal(fileBytes, &t); err != nil { + return cachedToken{}, fmt.Errorf("failed to parse cached SSO token file, %v", err) + } + + if len(t.AccessToken) == 0 || t.ExpiresAt == nil || time.Time(*t.ExpiresAt).IsZero() { + return cachedToken{}, fmt.Errorf( + "cached SSO token must contain accessToken and expiresAt fields") + } + + return t, nil +} + +func storeCachedToken(filename string, t cachedToken, fileMode os.FileMode) (err error) { + tmpFilename := filename + ".tmp-" + strconv.FormatInt(nowTime().UnixNano(), 10) + if err := writeCacheFile(tmpFilename, fileMode, t); err != nil { + return err + } + + if err := os.Rename(tmpFilename, filename); err != nil { + return fmt.Errorf("failed to replace old cached SSO token file, %v", err) + } + + return nil +} + +func writeCacheFile(filename string, fileMode os.FileMode, t cachedToken) (err error) { + var f *os.File + f, err = os.OpenFile(filename, os.O_CREATE|os.O_TRUNC|os.O_RDWR, fileMode) + if err != nil { + return fmt.Errorf("failed to create cached SSO token file %v", err) + } + + defer func() { + closeErr := f.Close() + if err == nil && closeErr != nil { + err = fmt.Errorf("failed to close cached SSO token file, %v", closeErr) + } + }() + + encoder := json.NewEncoder(f) + + if err = encoder.Encode(t); err != nil { + return fmt.Errorf("failed to serialize cached SSO token, %v", err) + } + + return nil +} + +type rfc3339 time.Time + +// UnmarshalJSON decode rfc3339 from JSON format +func (r *rfc3339) UnmarshalJSON(bytes []byte) error { + var value string + var err error + + if err = json.Unmarshal(bytes, &value); err != nil { + return err + } + + *r, err = parseRFC3339(value) + return err +} + +func parseRFC3339(v string) (rfc3339, error) { + parsed, err := time.Parse(time.RFC3339, v) + if err != nil { + return rfc3339{}, fmt.Errorf("expected RFC3339 timestamp: %v", err) + } + + return rfc3339(parsed), nil +} + +// MarshalJSON encode rfc3339 to JSON format time +func (r *rfc3339) MarshalJSON() ([]byte, error) { + value := time.Time(*r).Format(time.RFC3339) + + // Use JSON unmarshal to unescape the quoted value making use of JSON's + // quoting rules. + return json.Marshal(value) +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go new file mode 100644 index 00000000000..3388b78b4f4 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go @@ -0,0 +1,148 @@ +package ssocreds + +import ( + "fmt" + "os" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/auth/bearer" + "github.com/aws/aws-sdk-go/service/ssooidc" +) + +// CreateTokenAPIClient provides the interface for the SSOTokenProvider's API +// client for calling CreateToken operation to refresh the SSO token. +type CreateTokenAPIClient interface { + CreateToken(input *ssooidc.CreateTokenInput) (*ssooidc.CreateTokenOutput, error) +} + +// SSOTokenProviderOptions provides the options for configuring the +// SSOTokenProvider. +type SSOTokenProviderOptions struct { + // Client that can be overridden + Client CreateTokenAPIClient + + // The path the file containing the cached SSO token will be read from. + // Initialized the NewSSOTokenProvider's cachedTokenFilepath parameter. + CachedTokenFilepath string +} + +// SSOTokenProvider provides a utility for refreshing SSO AccessTokens for +// Bearer Authentication. The SSOTokenProvider can only be used to refresh +// already cached SSO Tokens. This utility cannot perform the initial SSO +// create token. +// +// The initial SSO create token should be preformed with the AWS CLI before the +// Go application using the SSOTokenProvider will need to retrieve the SSO +// token. If the AWS CLI has not created the token cache file, this provider +// will return an error when attempting to retrieve the cached token. +// +// This provider will attempt to refresh the cached SSO token periodically if +// needed when RetrieveBearerToken is called. +// +// A utility such as the AWS CLI must be used to initially create the SSO +// session and cached token file. +// https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html +type SSOTokenProvider struct { + options SSOTokenProviderOptions +} + +// NewSSOTokenProvider returns an initialized SSOTokenProvider that will +// periodically refresh the SSO token cached stored in the cachedTokenFilepath. +// The cachedTokenFilepath file's content will be rewritten by the token +// provider when the token is refreshed. +// +// The client must be configured for the AWS region the SSO token was created for. +func NewSSOTokenProvider(client CreateTokenAPIClient, cachedTokenFilepath string, optFns ...func(o *SSOTokenProviderOptions)) *SSOTokenProvider { + options := SSOTokenProviderOptions{ + Client: client, + CachedTokenFilepath: cachedTokenFilepath, + } + for _, fn := range optFns { + fn(&options) + } + + provider := &SSOTokenProvider{ + options: options, + } + + return provider +} + +// RetrieveBearerToken returns the SSO token stored in the cachedTokenFilepath +// the SSOTokenProvider was created with. If the token has expired +// RetrieveBearerToken will attempt to refresh it. If the token cannot be +// refreshed or is not present an error will be returned. +// +// A utility such as the AWS CLI must be used to initially create the SSO +// session and cached token file. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html +func (p *SSOTokenProvider) RetrieveBearerToken(ctx aws.Context) (bearer.Token, error) { + cachedToken, err := loadCachedToken(p.options.CachedTokenFilepath) + if err != nil { + return bearer.Token{}, err + } + + if cachedToken.ExpiresAt != nil && nowTime().After(time.Time(*cachedToken.ExpiresAt)) { + cachedToken, err = p.refreshToken(cachedToken) + if err != nil { + return bearer.Token{}, fmt.Errorf("refresh cached SSO token failed, %v", err) + } + } + + expiresAt := toTime((*time.Time)(cachedToken.ExpiresAt)) + return bearer.Token{ + Value: cachedToken.AccessToken, + CanExpire: !expiresAt.IsZero(), + Expires: expiresAt, + }, nil +} + +func (p *SSOTokenProvider) refreshToken(token cachedToken) (cachedToken, error) { + if token.ClientSecret == "" || token.ClientID == "" || token.RefreshToken == "" { + return cachedToken{}, fmt.Errorf("cached SSO token is expired, or not present, and cannot be refreshed") + } + + createResult, err := p.options.Client.CreateToken(&ssooidc.CreateTokenInput{ + ClientId: &token.ClientID, + ClientSecret: &token.ClientSecret, + RefreshToken: &token.RefreshToken, + GrantType: aws.String("refresh_token"), + }) + if err != nil { + return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err) + } + if createResult.ExpiresIn == nil { + return cachedToken{}, fmt.Errorf("missing required field ExpiresIn") + } + if createResult.AccessToken == nil { + return cachedToken{}, fmt.Errorf("missing required field AccessToken") + } + if createResult.RefreshToken == nil { + return cachedToken{}, fmt.Errorf("missing required field RefreshToken") + } + + expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second) + + token.AccessToken = *createResult.AccessToken + token.ExpiresAt = (*rfc3339)(&expiresAt) + token.RefreshToken = *createResult.RefreshToken + + fileInfo, err := os.Stat(p.options.CachedTokenFilepath) + if err != nil { + return cachedToken{}, fmt.Errorf("failed to stat cached SSO token file %v", err) + } + + if err = storeCachedToken(p.options.CachedTokenFilepath, token, fileInfo.Mode()); err != nil { + return cachedToken{}, fmt.Errorf("unable to cache refreshed SSO token, %v", err) + } + + return token, nil +} + +func toTime(p *time.Time) (v time.Time) { + if p == nil { + return v + } + + return *p +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go index 260a37cbbab..86db488defa 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go @@ -9,7 +9,7 @@ to refresh the credentials will be synchronized. But, the SDK is unable to ensure synchronous usage of the AssumeRoleProvider if the value is shared between multiple Credentials, Sessions or service clients. -Assume Role +# Assume Role To assume an IAM role using STS with the SDK you can create a new Credentials with the SDKs's stscreds package. @@ -27,7 +27,7 @@ with the SDKs's stscreds package. // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) -Assume Role with static MFA Token +# Assume Role with static MFA Token To assume an IAM role with a MFA token you can either specify a MFA token code directly or provide a function to prompt the user each time the credentials @@ -49,7 +49,7 @@ credentials. // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) -Assume Role with MFA Token Provider +# Assume Role with MFA Token Provider To assume an IAM role with MFA for longer running tasks where the credentials may need to be refreshed setting the TokenProvider field of AssumeRoleProvider @@ -74,7 +74,6 @@ single Credentials with an AssumeRoleProvider can be shared safely. // Create service client value configured for credentials // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) - */ package stscreds @@ -199,6 +198,10 @@ type AssumeRoleProvider struct { // or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). SerialNumber *string + // The SourceIdentity which is used to identity a persistent identity through the whole session. + // For more details see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html + SourceIdentity *string + // The value provided by the MFA device, if the trust policy of the role being // assumed requires MFA (that is, if the policy includes a condition that tests // for MFA). If the role being assumed requires MFA and if the TokenCode value @@ -320,6 +323,7 @@ func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (crede Tags: p.Tags, PolicyArns: p.PolicyArns, TransitiveTagKeys: p.TransitiveTagKeys, + SourceIdentity: p.SourceIdentity, } if p.Policy != nil { input.Policy = p.Policy diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go index 23bb639e018..1ba80b57609 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go @@ -9,6 +9,7 @@ package defaults import ( "fmt" + "io/ioutil" "net" "net/http" "net/url" @@ -74,6 +75,7 @@ func Handlers() request.Handlers { handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler) handlers.Validate.AfterEachFn = request.HandlerListStopOnError handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler) + handlers.Build.PushBackNamed(corehandlers.AddAwsInternal) handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander) handlers.Build.AfterEachFn = request.HandlerListStopOnError handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler) @@ -114,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro const ( httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN" + httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE" httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" ) +// direct representation of the IPv4 address for the ECS container +// "169.254.170.2" +var ecsContainerIPv4 net.IP = []byte{ + 169, 254, 170, 2, +} + +// direct representation of the IPv4 address for the EKS container +// "169.254.170.23" +var eksContainerIPv4 net.IP = []byte{ + 169, 254, 170, 23, +} + +// direct representation of the IPv6 address for the EKS container +// "fd00:ec2::23" +var eksContainerIPv6 net.IP = []byte{ + 0xFD, 0, 0xE, 0xC2, + 0, 0, 0, 0, + 0, 0, 0, 0, + 0, 0, 0, 0x23, +} + // RemoteCredProvider returns a credentials provider for the default remote // endpoints such as EC2 or ECS Roles. func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider { @@ -134,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P var lookupHostFn = net.LookupHost -func isLoopbackHost(host string) (bool, error) { - ip := net.ParseIP(host) - if ip != nil { - return ip.IsLoopback(), nil +// isAllowedHost allows host to be loopback or known ECS/EKS container IPs +// +// host can either be an IP address OR an unresolved hostname - resolution will +// be automatically performed in the latter case +func isAllowedHost(host string) (bool, error) { + if ip := net.ParseIP(host); ip != nil { + return isIPAllowed(ip), nil } - // Host is not an ip, perform lookup addrs, err := lookupHostFn(host) if err != nil { return false, err } + for _, addr := range addrs { - if !net.ParseIP(addr).IsLoopback() { + if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) { return false, nil } } @@ -154,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) { return true, nil } +func isIPAllowed(ip net.IP) bool { + return ip.IsLoopback() || + ip.Equal(ecsContainerIPv4) || + ip.Equal(eksContainerIPv4) || + ip.Equal(eksContainerIPv6) +} + func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider { var errMsg string @@ -164,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) host := aws.URLHostname(parsed) if len(host) == 0 { errMsg = "unable to parse host from local HTTP cred provider URL" - } else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil { - errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr) - } else if !isLoopback { - errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host) + } else if parsed.Scheme == "http" { + if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil { + errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr) + } else if !isAllowedHost { + errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host) + } } } @@ -189,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede func(p *endpointcreds.Provider) { p.ExpiryWindow = 5 * time.Minute p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar) + if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" { + p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) { + if contents, err := ioutil.ReadFile(authFilePath); err != nil { + return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err) + } else { + return string(contents), nil + } + }) + } }, ) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index df63bade104..f4cc8751d04 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -57,13 +57,13 @@ type EC2Metadata struct { // New creates a new instance of the EC2Metadata client with a session. // This client is safe to use across multiple goroutines. // -// // Example: -// // Create a EC2Metadata client from just a session. -// svc := ec2metadata.New(mySession) // -// // Create a EC2Metadata client with additional configuration -// svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody)) +// // Create a EC2Metadata client from just a session. +// svc := ec2metadata.New(mySession) +// +// // Create a EC2Metadata client with additional configuration +// svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody)) func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2Metadata { c := p.ClientConfig(ServiceName, cfgs...) return NewClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go index 4b29f190bf9..604aeffdeb4 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go @@ -1,6 +1,7 @@ package ec2metadata import ( + "fmt" "net/http" "sync/atomic" "time" @@ -33,11 +34,15 @@ func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider { return &tokenProvider{client: c, configuredTTL: duration} } +// check if fallback is enabled +func (t *tokenProvider) fallbackEnabled() bool { + return t.client.Config.EC2MetadataEnableFallback == nil || *t.client.Config.EC2MetadataEnableFallback +} + // fetchTokenHandler fetches token for EC2Metadata service client by default. func (t *tokenProvider) fetchTokenHandler(r *request.Request) { - // short-circuits to insecure data flow if tokenProvider is disabled. - if v := atomic.LoadUint32(&t.disabled); v == 1 { + if v := atomic.LoadUint32(&t.disabled); v == 1 && t.fallbackEnabled() { return } @@ -49,23 +54,21 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) { output, err := t.client.getToken(r.Context(), t.configuredTTL) if err != nil { + // only attempt fallback to insecure data flow if IMDSv1 is enabled + if !t.fallbackEnabled() { + r.Error = awserr.New("EC2MetadataError", "failed to get IMDSv2 token and fallback to IMDSv1 is disabled", err) + return + } - // change the disabled flag on token provider to true, - // when error is request timeout error. + // change the disabled flag on token provider to true and fallback if requestFailureError, ok := err.(awserr.RequestFailure); ok { switch requestFailureError.StatusCode() { case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed: atomic.StoreUint32(&t.disabled, 1) + t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError)) case http.StatusBadRequest: r.Error = requestFailureError } - - // Check if request timed out while waiting for response - if e, ok := requestFailureError.OrigErr().(awserr.Error); ok { - if e.Code() == request.ErrCodeRequestError { - atomic.StoreUint32(&t.disabled, 1) - } - } } return } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index ad6cf3696df..fc015bdca47 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -13,6 +13,8 @@ const ( AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition. AwsIsoPartitionID = "aws-iso" // AWS ISO (US) partition. AwsIsoBPartitionID = "aws-iso-b" // AWS ISOB (US) partition. + AwsIsoEPartitionID = "aws-iso-e" // AWS ISOE (Europe) partition. + AwsIsoFPartitionID = "aws-iso-f" // AWS ISOF partition. ) // AWS Standard partition's regions. @@ -29,6 +31,7 @@ const ( ApSoutheast3RegionID = "ap-southeast-3" // Asia Pacific (Jakarta). ApSoutheast4RegionID = "ap-southeast-4" // Asia Pacific (Melbourne). CaCentral1RegionID = "ca-central-1" // Canada (Central). + CaWest1RegionID = "ca-west-1" // Canada West (Calgary). EuCentral1RegionID = "eu-central-1" // Europe (Frankfurt). EuCentral2RegionID = "eu-central-2" // Europe (Zurich). EuNorth1RegionID = "eu-north-1" // Europe (Stockholm). @@ -37,6 +40,7 @@ const ( EuWest1RegionID = "eu-west-1" // Europe (Ireland). EuWest2RegionID = "eu-west-2" // Europe (London). EuWest3RegionID = "eu-west-3" // Europe (Paris). + IlCentral1RegionID = "il-central-1" // Israel (Tel Aviv). MeCentral1RegionID = "me-central-1" // Middle East (UAE). MeSouth1RegionID = "me-south-1" // Middle East (Bahrain). SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). @@ -69,8 +73,14 @@ const ( UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio). ) +// AWS ISOE (Europe) partition's regions. +const () + +// AWS ISOF partition's regions. +const () + // DefaultResolver returns an Endpoint resolver that will be able -// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US). +// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF. // // Use DefaultPartitions() to get the list of the default partitions. func DefaultResolver() Resolver { @@ -78,7 +88,7 @@ func DefaultResolver() Resolver { } // DefaultPartitions returns a list of the partitions the SDK is bundled -// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US). +// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF. // // partitions := endpoints.DefaultPartitions // for _, p := range partitions { @@ -94,6 +104,8 @@ var defaultPartitions = partitions{ awsusgovPartition, awsisoPartition, awsisobPartition, + awsisoePartition, + awsisofPartition, } // AwsPartition returns the Resolver for AWS Standard. @@ -107,7 +119,7 @@ var awsPartition = partition{ DNSSuffix: "amazonaws.com", RegionRegex: regionRegex{ Regexp: func() *regexp.Regexp { - reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$") + reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$") return reg }(), }, @@ -179,6 +191,9 @@ var awsPartition = partition{ "ca-central-1": region{ Description: "Canada (Central)", }, + "ca-west-1": region{ + Description: "Canada West (Calgary)", + }, "eu-central-1": region{ Description: "Europe (Frankfurt)", }, @@ -203,6 +218,9 @@ var awsPartition = partition{ "eu-west-3": region{ Description: "Europe (Paris)", }, + "il-central-1": region{ + Description: "Israel (Tel Aviv)", + }, "me-central-1": region{ Description: "Middle East (UAE)", }, @@ -277,6 +295,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -346,6 +367,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -460,6 +484,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "acm-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -484,6 +526,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -592,6 +637,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -601,6 +649,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -613,12 +664,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -673,6 +730,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -720,6 +780,13 @@ var awsPartition = partition{ }, }, }, + "agreement-marketplace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, "airflow": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -856,6 +923,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -911,6 +981,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -999,6 +1072,21 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -1017,6 +1105,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -1203,6 +1294,14 @@ var awsPartition = partition{ Region: "ca-central-1", }, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "api.ecr.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, endpointKey{ Region: "dkr-us-east-1", }: endpoint{ @@ -1411,6 +1510,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "api.ecr.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-central-1", }: endpoint{ @@ -1766,6 +1873,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -1775,12 +1888,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -1804,6 +1932,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -1837,6 +1968,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -1846,18 +1980,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -1867,6 +2010,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -2047,6 +2193,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -2135,6 +2284,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "apigateway-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -2168,6 +2326,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "apigateway-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -2204,6 +2371,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -2323,6 +2493,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -2348,74 +2521,10 @@ var awsPartition = partition{ Region: "eu-west-3", }: endpoint{}, endpointKey{ - Region: "me-central-1", - }: endpoint{}, - endpointKey{ - Region: "me-south-1", - }: endpoint{}, - endpointKey{ - Region: "sa-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - }, - }, - "appconfigdata": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "af-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-east-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-1", + Region: "il-central-1", }: endpoint{}, endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-3", - }: endpoint{}, - endpointKey{ - Region: "ap-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "ca-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-north-1", - }: endpoint{}, - endpointKey{ - Region: "eu-south-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-2", - }: endpoint{}, - endpointKey{ - Region: "eu-west-3", + Region: "me-central-1", }: endpoint{}, endpointKey{ Region: "me-south-1", @@ -2437,64 +2546,7 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "appflow": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "af-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "ca-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-2", - }: endpoint{}, - endpointKey{ - Region: "eu-west-3", - }: endpoint{}, - endpointKey{ - Region: "sa-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - }, - }, - "application-autoscaling": service{ - Defaults: endpointDefaults{ - defaultKey{}: endpoint{ - Protocols: []string{"http", "https"}, - }, - }, + "appconfigdata": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "af-south-1", @@ -2532,6 +2584,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -2556,6 +2611,217 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "appflow": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "appflow-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "appflow-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "appflow-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "appflow-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-west-2.amazonaws.com", + }, + }, + }, + "application-autoscaling": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -2599,6 +2865,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -2614,12 +2883,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -2629,6 +2904,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -2816,6 +3094,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "appmesh.eu-west-3.api.aws", }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.il-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -2961,6 +3248,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -2973,6 +3263,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -3139,6 +3435,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3154,12 +3453,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -3169,6 +3474,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -3199,6 +3507,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3217,6 +3531,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -3230,9 +3550,27 @@ var awsPartition = partition{ }, "arc-zonal-shift": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3242,21 +3580,57 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -3318,6 +3692,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena.ap-south-1.api.aws", }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-south-2.api.aws", + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3345,6 +3728,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena.ap-southeast-3.api.aws", }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-southeast-4.api.aws", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -3363,6 +3755,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena.eu-central-1.api.aws", }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-central-2.api.aws", + }, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -3381,6 +3782,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena.eu-south-1.api.aws", }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-south-2.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -3444,6 +3854,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.me-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -3477,6 +3905,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, @@ -3492,6 +3926,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-east-2.amazonaws.com", }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-east-2.api.aws", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, @@ -3507,6 +3947,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-west-1.api.aws", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -3522,6 +3968,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-west-2.amazonaws.com", }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-west-2.api.aws", + }, }, }, "auditmanager": service{ @@ -3607,6 +4059,21 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -3631,6 +4098,63 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "autoscaling-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -3643,15 +4167,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", + }, }, }, "autoscaling-plans": service{ @@ -3749,6 +4297,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3758,18 +4309,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -3779,6 +4339,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -3871,15 +4434,84 @@ var awsPartition = partition{ }, "backupstorage": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -3913,6 +4545,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3922,18 +4557,30 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -3979,6 +4626,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4026,6 +4676,137 @@ var awsPartition = partition{ }, }, }, + "bedrock": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "bedrock-ap-northeast-1", + }: endpoint{ + Hostname: "bedrock.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "bedrock-ap-southeast-1", + }: endpoint{ + Hostname: "bedrock.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "bedrock-eu-central-1", + }: endpoint{ + Hostname: "bedrock.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "bedrock-fips-us-east-1", + }: endpoint{ + Hostname: "bedrock-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-fips-us-west-2", + }: endpoint{ + Hostname: "bedrock-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-runtime-ap-northeast-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-ap-southeast-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-eu-central-1", + }: endpoint{ + Hostname: "bedrock-runtime.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-fips-us-east-1", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-fips-us-west-2", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-runtime-us-east-1", + }: endpoint{ + Hostname: "bedrock-runtime.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-us-west-2", + }: endpoint{ + Hostname: "bedrock-runtime.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-us-east-1", + }: endpoint{ + Hostname: "bedrock.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-us-west-2", + }: endpoint{ + Hostname: "bedrock.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "billingconductor": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, @@ -4328,6 +5109,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -4392,6 +5176,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "cloudcontrolapi-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -4425,6 +5218,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -4461,6 +5263,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4577,6 +5382,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -4601,6 +5409,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4733,6 +5544,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -4766,6 +5580,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4861,6 +5678,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -4921,6 +5741,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5101,6 +5924,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -5110,18 +5936,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -5131,6 +5966,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5302,6 +6140,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5423,6 +6264,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -5447,6 +6291,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5566,6 +6413,9 @@ var awsPartition = partition{ }, "codepipeline": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -5575,15 +6425,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -5596,12 +6458,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -5656,6 +6524,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -5766,6 +6643,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -5852,12 +6732,18 @@ var awsPartition = partition{ }, "cognito-identity": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -5867,6 +6753,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -5906,6 +6795,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "cognito-identity-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-west-2", }: endpoint{ @@ -5915,6 +6813,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -5942,6 +6843,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-identity-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -5955,12 +6862,18 @@ var awsPartition = partition{ }, "cognito-idp": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -5970,6 +6883,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -6027,6 +6943,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -6318,6 +7237,14 @@ var awsPartition = partition{ Region: "ap-south-1", }, }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "compute-optimizer.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{ @@ -6334,6 +7261,22 @@ var awsPartition = partition{ Region: "ap-southeast-2", }, }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -6350,6 +7293,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -6366,6 +7317,14 @@ var awsPartition = partition{ Region: "eu-south-1", }, }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -6390,6 +7349,22 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "compute-optimizer.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "compute-optimizer.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -6478,6 +7453,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -6538,6 +7516,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -6611,12 +7592,42 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "connect-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "connect-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect-fips.us-west-2.amazonaws.com", + }, }, }, "connect-campaigns": service{ @@ -6627,6 +7638,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, @@ -6676,6 +7690,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, @@ -6698,21 +7718,39 @@ var awsPartition = partition{ }, "controltower": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -6734,9 +7772,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -6746,6 +7793,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -6785,6 +7841,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "controltower-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -6805,6 +7879,18 @@ var awsPartition = partition{ }, }, }, + "cost-optimization-hub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "cost-optimization-hub.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, "cur": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -7329,6 +8415,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -7338,6 +8427,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "datasync-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -7371,6 +8469,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "datasync-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -7407,6 +8514,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -7454,6 +8564,190 @@ var awsPartition = partition{ }, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "datazone.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "datazone.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "datazone.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "datazone.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "datazone.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "datazone.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "datazone.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "datazone.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "datazone.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "datazone.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "datazone.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "datazone.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "datazone.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "datazone.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "datazone.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "datazone.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "datazone.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "datazone.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "datazone.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "datazone.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "datazone.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "datazone.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "datazone.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "datazone.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "datazone.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "datazone.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "datazone.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "datazone.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "datazone.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-west-2.amazonaws.com", + }, + }, + }, "dax": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -7529,6 +8823,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -7544,6 +8844,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "devops-guru-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -7562,6 +8871,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "devops-guru-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-west-2", }: endpoint{ @@ -7595,6 +8913,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -7644,6 +8968,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -7704,6 +9031,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -7796,6 +9126,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -7811,6 +9144,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -7835,6 +9171,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -7896,6 +9235,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "dms", }: endpoint{ @@ -7947,6 +9289,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -8166,6 +9511,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -8175,18 +9523,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -8196,6 +9553,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -8248,6 +9611,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -8257,6 +9623,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "ds-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -8326,6 +9695,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -8431,6 +9803,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "dynamodb-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -8455,6 +9845,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "local", }: endpoint{ @@ -8591,6 +9984,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "ebs-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ebs-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -8624,6 +10026,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ebs-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -8660,6 +10071,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -8837,6 +10251,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -8946,6 +10363,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -9006,6 +10426,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -9118,9 +10541,15 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -9181,6 +10610,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -9228,6 +10660,166 @@ var awsPartition = partition{ }, }, }, + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "eks-auth.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "eks-auth.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "eks-auth.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "eks-auth.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "eks-auth.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "eks-auth.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "eks-auth.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "eks-auth.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "eks-auth.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "eks-auth.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "eks-auth.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "eks-auth.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "eks-auth.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "eks-auth.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "eks-auth.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "eks-auth.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "eks-auth.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "eks-auth.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "eks-auth.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "eks-auth.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "eks-auth.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "eks-auth.us-west-2.api.aws", + }, + }, + }, "elasticache": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -9266,6 +10858,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -9299,6 +10894,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -9468,6 +11066,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -9604,6 +11205,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com", }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -9775,6 +11385,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -9856,6 +11475,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-me-central-1", }: endpoint{ @@ -9919,6 +11547,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.il-central-1.amazonaws.com", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -10027,6 +11664,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -10087,6 +11727,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -10184,6 +11827,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{ @@ -10219,6 +11871,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "elasticmapreduce-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -10255,6 +11916,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -10279,6 +11943,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2", Variant: fipsVariant, @@ -10362,6 +12032,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -10380,6 +12056,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "email-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -10389,6 +12074,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "email-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "email-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-west-2", }: endpoint{ @@ -10398,6 +12101,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -10416,9 +12122,21 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -10432,12 +12150,21 @@ var awsPartition = partition{ }, "emr-containers": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -10447,6 +12174,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -10462,6 +12192,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -10516,6 +12249,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -10559,12 +12298,21 @@ var awsPartition = partition{ }, "emr-serverless": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -10574,6 +12322,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -10589,6 +12340,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -10643,6 +12397,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -10703,63 +12463,192 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.af-south-1.api.aws", + }, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-east-1.api.aws", + }, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-1.api.aws", + }, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-2.api.aws", + }, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-3.api.aws", + }, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-south-1.api.aws", + }, endpointKey{ Region: "ap-south-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-south-2.api.aws", + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-1.api.aws", + }, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-2.api.aws", + }, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-3.api.aws", + }, endpointKey{ Region: "ap-southeast-4", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-4.api.aws", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ca-west-1.api.aws", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-central-1.api.aws", + }, endpointKey{ Region: "eu-central-2", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-central-2.api.aws", + }, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-north-1.api.aws", + }, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-south-1.api.aws", + }, endpointKey{ Region: "eu-south-2", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-south-2.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-1.api.aws", + }, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-2.api.aws", + }, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-3.api.aws", + }, endpointKey{ Region: "fips", }: endpoint{ @@ -10769,18 +12658,51 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.me-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.me-south-1.api.aws", + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.sa-east-1.api.aws", + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-1", Variant: fipsVariant, @@ -10799,6 +12721,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2", Variant: fipsVariant, @@ -10817,6 +12745,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-west-1.api.aws", + }, endpointKey{ Region: "us-west-1", Variant: fipsVariant, @@ -10835,6 +12769,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-west-2.api.aws", + }, endpointKey{ Region: "us-west-2", Variant: fipsVariant, @@ -10890,6 +12830,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -10950,6 +12893,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -11048,12 +12994,27 @@ var awsPartition = partition{ }, "finspace": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -11116,9 +13077,15 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -11179,6 +13146,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -11281,6 +13251,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "fms-fips.ap-south-1.amazonaws.com", }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -11302,6 +13275,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11320,6 +13296,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "fms-fips.eu-central-1.amazonaws.com", }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -11332,6 +13311,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "fms-fips.eu-south-1.amazonaws.com", }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -11530,6 +13512,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -11789,6 +13774,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -11798,6 +13786,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11810,12 +13801,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -11915,6 +13912,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -12119,16 +14119,6 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "gamesparks": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - }, - }, "geo": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -12342,6 +14332,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -12351,18 +14344,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -12408,6 +14410,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -12565,6 +14570,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -12574,15 +14585,69 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "greengrass-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "greengrass-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "greengrass-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "greengrass-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-west-2.amazonaws.com", + }, }, }, "groundstation": service{ @@ -12708,6 +14773,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -12735,6 +14803,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -12872,6 +14943,9 @@ var awsPartition = partition{ }, }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -12979,6 +15053,9 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -13000,12 +15077,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -13021,6 +15104,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -13030,6 +15122,9 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -13259,6 +15354,9 @@ var awsPartition = partition{ }, "inspector2": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -13268,6 +15366,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -13277,12 +15378,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -13298,6 +15405,42 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "inspector2-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "inspector2-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "inspector2-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "inspector2-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -13307,15 +15450,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-west-2.amazonaws.com", + }, }, }, "internetmonitor": service{ @@ -13332,215 +15499,338 @@ var awsPartition = partition{ }, Endpoints: serviceEndpoints{ endpointKey{ - Region: "ap-northeast-3", + Region: "af-south-1", }: endpoint{ - Hostname: "internetmonitor.ap-northeast-3.api.aws", + Hostname: "internetmonitor.af-south-1.api.aws", }, endpointKey{ - Region: "ap-south-2", + Region: "ap-east-1", }: endpoint{ - Hostname: "internetmonitor.ap-south-2.api.aws", + Hostname: "internetmonitor.ap-east-1.api.aws", }, endpointKey{ - Region: "ap-southeast-3", + Region: "ap-northeast-1", }: endpoint{ - Hostname: "internetmonitor.ap-southeast-3.api.aws", + Hostname: "internetmonitor.ap-northeast-1.api.aws", }, endpointKey{ - Region: "ap-southeast-4", + Region: "ap-northeast-2", }: endpoint{ - Hostname: "internetmonitor.ap-southeast-4.api.aws", + Hostname: "internetmonitor.ap-northeast-2.api.aws", }, endpointKey{ - Region: "eu-central-2", + Region: "ap-northeast-3", }: endpoint{ - Hostname: "internetmonitor.eu-central-2.api.aws", + Hostname: "internetmonitor.ap-northeast-3.api.aws", }, endpointKey{ - Region: "eu-south-2", + Region: "ap-south-1", }: endpoint{ - Hostname: "internetmonitor.eu-south-2.api.aws", + Hostname: "internetmonitor.ap-south-1.api.aws", }, endpointKey{ - Region: "me-central-1", + Region: "ap-south-2", }: endpoint{ - Hostname: "internetmonitor.me-central-1.api.aws", - }, - }, - }, - "iot": service{ - Defaults: endpointDefaults{ - defaultKey{}: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Hostname: "internetmonitor.ap-south-2.api.aws", }, - }, - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ap-east-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-south-1", - }: endpoint{}, endpointKey{ Region: "ap-southeast-1", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-1.api.aws", + }, endpointKey{ Region: "ap-southeast-2", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-4.api.aws", + }, endpointKey{ Region: "ca-central-1", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.ca-central-1.api.aws", + }, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, }: endpoint{ - Hostname: "iot-fips.ca-central-1.amazonaws.com", + Hostname: "internetmonitor-fips.ca-central-1.amazonaws.com", }, endpointKey{ - Region: "eu-central-1", - }: endpoint{}, + Region: "ca-west-1", + }: endpoint{ + Hostname: "internetmonitor.ca-west-1.api.aws", + }, endpointKey{ - Region: "eu-north-1", - }: endpoint{}, + Region: "eu-central-1", + }: endpoint{ + Hostname: "internetmonitor.eu-central-1.api.aws", + }, endpointKey{ - Region: "eu-west-1", - }: endpoint{}, + Region: "eu-central-2", + }: endpoint{ + Hostname: "internetmonitor.eu-central-2.api.aws", + }, endpointKey{ - Region: "eu-west-2", - }: endpoint{}, + Region: "eu-north-1", + }: endpoint{ + Hostname: "internetmonitor.eu-north-1.api.aws", + }, endpointKey{ - Region: "eu-west-3", - }: endpoint{}, + Region: "eu-south-1", + }: endpoint{ + Hostname: "internetmonitor.eu-south-1.api.aws", + }, endpointKey{ - Region: "fips-ca-central-1", + Region: "eu-south-2", }: endpoint{ - Hostname: "iot-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, - Deprecated: boxedTrue, + Hostname: "internetmonitor.eu-south-2.api.aws", }, endpointKey{ - Region: "fips-us-east-1", + Region: "eu-west-1", }: endpoint{ - Hostname: "iot-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, - Deprecated: boxedTrue, + Hostname: "internetmonitor.eu-west-1.api.aws", }, endpointKey{ - Region: "fips-us-east-2", + Region: "eu-west-2", }: endpoint{ - Hostname: "iot-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, - Deprecated: boxedTrue, + Hostname: "internetmonitor.eu-west-2.api.aws", }, endpointKey{ - Region: "fips-us-west-1", + Region: "eu-west-3", }: endpoint{ - Hostname: "iot-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, - Deprecated: boxedTrue, + Hostname: "internetmonitor.eu-west-3.api.aws", }, endpointKey{ - Region: "fips-us-west-2", + Region: "il-central-1", }: endpoint{ - Hostname: "iot-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, - Deprecated: boxedTrue, + Hostname: "internetmonitor.il-central-1.api.aws", }, endpointKey{ Region: "me-central-1", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.me-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.me-south-1.api.aws", + }, endpointKey{ Region: "sa-east-1", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.sa-east-1.api.aws", + }, endpointKey{ Region: "us-east-1", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-1", Variant: fipsVariant, }: endpoint{ - Hostname: "iot-fips.us-east-1.amazonaws.com", + Hostname: "internetmonitor-fips.us-east-1.amazonaws.com", }, endpointKey{ Region: "us-east-2", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2", Variant: fipsVariant, }: endpoint{ - Hostname: "iot-fips.us-east-2.amazonaws.com", + Hostname: "internetmonitor-fips.us-east-2.amazonaws.com", }, endpointKey{ Region: "us-west-1", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.us-west-1.api.aws", + }, endpointKey{ Region: "us-west-1", Variant: fipsVariant, }: endpoint{ - Hostname: "iot-fips.us-west-1.amazonaws.com", + Hostname: "internetmonitor-fips.us-west-1.amazonaws.com", }, endpointKey{ Region: "us-west-2", - }: endpoint{}, + }: endpoint{ + Hostname: "internetmonitor.us-west-2.api.aws", + }, endpointKey{ Region: "us-west-2", Variant: fipsVariant, }: endpoint{ - Hostname: "iot-fips.us-west-2.amazonaws.com", + Hostname: "internetmonitor-fips.us-west-2.amazonaws.com", }, }, }, - "iotanalytics": service{ + "iot": service{ Endpoints: serviceEndpoints{ endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", + Region: "ap-east-1", }: endpoint{}, - }, - }, - "iotevents": service{ - Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "iot-fips.ca-central-1.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "iot-fips.us-east-1.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "iot-fips.us-east-2.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "iot-fips.us-west-1.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "iot-fips.us-west-2.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-west-2.amazonaws.com", + }, + }, + }, + "iotanalytics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "iotevents": service{ + Endpoints: serviceEndpoints{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -14100,24 +16390,239 @@ var awsPartition = partition{ }, "iottwinmaker": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "api-ap-northeast-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "api-ap-northeast-2", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "api-ap-south-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "api-ap-southeast-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "api-ap-southeast-2", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "api-eu-central-1", + }: endpoint{ + Hostname: "api.iottwinmaker.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "api-eu-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "api-us-east-1", + }: endpoint{ + Hostname: "api.iottwinmaker.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "api-us-west-2", + }: endpoint{ + Hostname: "api.iottwinmaker.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "data-ap-northeast-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "data-ap-northeast-2", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "data-ap-south-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "data-ap-southeast-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "data-ap-southeast-2", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "data-eu-central-1", + }: endpoint{ + Hostname: "data.iottwinmaker.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "data-eu-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "data-us-east-1", + }: endpoint{ + Hostname: "data.iottwinmaker.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "data-us-west-2", + }: endpoint{ + Hostname: "data.iottwinmaker.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "fips-api-us-east-1", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-api-us-west-2", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "fips-data-us-east-1", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-data-us-west-2", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com", + }, }, }, "iotwireless": service{ @@ -14214,6 +16719,31 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "ivsrealtime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "kafka": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -14234,6 +16764,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -14243,18 +16776,33 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -14264,6 +16812,57 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "kafka-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "kafka-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "kafka-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "kafka-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "kafka-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -14273,15 +16872,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-west-2.amazonaws.com", + }, }, }, "kafkaconnect": service{ @@ -14356,6 +16979,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -14485,6 +17111,17 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.ca-central-1.api.aws", }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "kendra-ranking.ca-west-1.api.aws", + }, endpointKey{ Region: "eu-central-2", }: endpoint{ @@ -14515,6 +17152,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.eu-west-3.api.aws", }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "kendra-ranking.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{ @@ -14535,11 +17177,23 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.us-east-1.api.aws", }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-2", }: endpoint{ Hostname: "kendra-ranking.us-east-2.api.aws", }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-east-2.api.aws", + }, endpointKey{ Region: "us-west-1", }: endpoint{ @@ -14550,6 +17204,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.us-west-2.api.aws", }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-west-2.api.aws", + }, }, }, "kinesis": service{ @@ -14590,6 +17250,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -14650,6 +17313,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -14717,6 +17383,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -14726,18 +17395,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -14747,6 +17425,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -15049,6 +17730,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "kms-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -15193,6 +17892,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.il-central-1.amazonaws.com", + }, + endpointKey{ + Region: "il-central-1-fips", + }: endpoint{ + Hostname: "kms-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -15341,6 +18058,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -15350,18 +18070,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -15407,6 +18136,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -15561,6 +18296,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "lambda.ca-central-1.api.aws", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ca-west-1.api.aws", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -15669,6 +18413,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -15778,6 +18531,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -15787,18 +18543,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -15844,6 +18609,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -15890,6 +18661,12 @@ var awsPartition = partition{ }, "license-manager-linux-subscriptions": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -15902,21 +18679,42 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -15962,6 +18760,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -16023,24 +18830,39 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -16086,6 +18908,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -16214,6 +19042,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -16274,6 +19105,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -16499,46 +19333,6 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "macie": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "fips-us-east-1", - }: endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-2", - }: endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", - }, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", - }, - }, - }, "macie2": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -16622,6 +19416,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -16688,6 +19485,13 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "managedblockchain-query": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, "marketplacecommerceanalytics": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -16743,6 +19547,9 @@ var awsPartition = partition{ }, "mediaconnect": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -16752,15 +19559,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -16776,6 +19595,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -16804,6 +19626,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -16813,6 +19638,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -17022,6 +19850,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -17031,6 +19862,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -17071,6 +19905,64 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "mediapackagev2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -17080,6 +19972,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -17145,12 +20040,33 @@ var awsPartition = partition{ }, "meetings-chime": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -17349,6 +20265,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -17392,6 +20311,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -17401,24 +20323,39 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -17487,6 +20424,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -17496,18 +20436,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -17553,6 +20502,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -17807,6 +20762,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -17867,6 +20825,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -17934,6 +20895,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -17943,18 +20907,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -18000,6 +20973,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -18228,6 +21204,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -18237,6 +21216,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -18249,12 +21231,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -18309,6 +21297,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -18368,6 +21359,24 @@ var awsPartition = partition{ Region: "us-west-2", }, }, + endpointKey{ + Region: "aws-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "networkmanager-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "fips-aws-global", + }: endpoint{ + Hostname: "networkmanager-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, }, }, "nimble": service{ @@ -18375,18 +21384,33 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -18430,6 +21454,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -18454,6 +21481,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -18567,6 +21597,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "oidc.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -18607,6 +21645,14 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "oidc.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -18657,6 +21703,102 @@ var awsPartition = partition{ }, }, }, + "omics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "omics.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "omics.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "omics.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "omics.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "omics-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "omics-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "omics.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "omics.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "omics-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "omics.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "omics-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, "opsworks": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -18769,6 +21911,49 @@ var awsPartition = partition{ }, }, }, + "osis": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "outposts": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -18870,6 +22055,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -19053,6 +22244,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -19077,6 +22271,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -19259,6 +22456,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -19274,12 +22474,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -19326,6 +22532,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -19523,6 +22732,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "portal.sso.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -19563,6 +22780,14 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "portal.sso.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -19633,18 +22858,63 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "profile-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "profile-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "profile-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.us-west-2.amazonaws.com", + }, }, }, "projects.iot1click": service{ @@ -19709,6 +22979,166 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "qbusiness.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "qbusiness.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "qbusiness.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "qbusiness.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "qbusiness.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "qbusiness.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "qbusiness.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "qbusiness.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "qbusiness.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "qbusiness.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "qbusiness.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "qbusiness.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "qbusiness.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "qbusiness.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "qbusiness.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "qbusiness.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "qbusiness.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "qbusiness.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "qbusiness.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "qbusiness.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "qbusiness.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "qbusiness.us-west-2.api.aws", + }, + }, + }, "qldb": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -19899,6 +23329,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "ram-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -19932,6 +23371,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ram-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -19968,6 +23416,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -20059,6 +23510,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "rbin-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -20092,6 +23552,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "rbin-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -20128,6 +23597,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -20252,6 +23724,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -20623,6 +24098,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "redshift-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -20656,6 +24140,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "redshift-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -20692,6 +24185,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -20747,12 +24243,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -20765,12 +24267,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -20820,6 +24328,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "rekognition-fips.ca-central-1", }: endpoint{ @@ -21151,6 +24662,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.ap-southeast-2.api.aws", }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "resource-explorer-2.ap-southeast-3.api.aws", + }, endpointKey{ Region: "ap-southeast-4", }: endpoint{ @@ -21176,6 +24692,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.eu-north-1.api.aws", }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "resource-explorer-2.eu-south-1.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -21191,6 +24712,21 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.eu-west-3.api.aws", }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "resource-explorer-2.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "resource-explorer-2.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "resource-explorer-2.me-south-1.api.aws", + }, endpointKey{ Region: "sa-east-1", }: endpoint{ @@ -21256,6 +24792,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -21316,6 +24855,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -21438,6 +24980,42 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -21447,15 +25025,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-2.amazonaws.com", + }, }, }, "route53": service{ @@ -21534,6 +25136,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -21543,18 +25148,30 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -21564,6 +25181,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -21759,6 +25379,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -21768,18 +25391,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -21789,6 +25421,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -22039,6 +25674,27 @@ var awsPartition = partition{ }: endpoint{ Hostname: "s3-fips.dualstack.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -22124,6 +25780,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "s3-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -22160,6 +25825,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.il-central-1.amazonaws.com", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -22808,55 +26482,123 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -22887,40 +26629,87 @@ var awsPartition = partition{ Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, "sagemaker-geospatial": service{ @@ -22946,30 +26735,84 @@ var awsPartition = partition{ }, "scheduler": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -22977,6 +26820,9 @@ var awsPartition = partition{ }, "schemas": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -22986,6 +26832,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -22995,15 +26844,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -23013,6 +26874,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -23071,157 +26938,288 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-4", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com", + + Deprecated: boxedTrue, }, endpointKey{ - Region: "ca-central-1-fips", + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-2", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-2", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, + Deprecated: boxedTrue, }, }, @@ -23246,6 +27244,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -23255,18 +27256,30 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -23312,6 +27325,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -23364,21 +27380,51 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -23503,6 +27549,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -23512,18 +27561,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -23533,6 +27591,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -23633,6 +27697,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -23642,6 +27709,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -23651,15 +27721,24 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -23714,6 +27793,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -23770,7 +27852,7 @@ var awsPartition = partition{ Region: "af-south-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.af-south-1.amazonaws.com", + Hostname: "servicediscovery.af-south-1.api.aws", }, endpointKey{ Region: "ap-east-1", @@ -23779,7 +27861,7 @@ var awsPartition = partition{ Region: "ap-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-east-1.amazonaws.com", + Hostname: "servicediscovery.ap-east-1.api.aws", }, endpointKey{ Region: "ap-northeast-1", @@ -23788,7 +27870,7 @@ var awsPartition = partition{ Region: "ap-northeast-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-northeast-1.amazonaws.com", + Hostname: "servicediscovery.ap-northeast-1.api.aws", }, endpointKey{ Region: "ap-northeast-2", @@ -23797,7 +27879,7 @@ var awsPartition = partition{ Region: "ap-northeast-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-northeast-2.amazonaws.com", + Hostname: "servicediscovery.ap-northeast-2.api.aws", }, endpointKey{ Region: "ap-northeast-3", @@ -23806,7 +27888,7 @@ var awsPartition = partition{ Region: "ap-northeast-3", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-northeast-3.amazonaws.com", + Hostname: "servicediscovery.ap-northeast-3.api.aws", }, endpointKey{ Region: "ap-south-1", @@ -23815,7 +27897,7 @@ var awsPartition = partition{ Region: "ap-south-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-south-1.amazonaws.com", + Hostname: "servicediscovery.ap-south-1.api.aws", }, endpointKey{ Region: "ap-south-2", @@ -23824,7 +27906,7 @@ var awsPartition = partition{ Region: "ap-south-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-south-2.amazonaws.com", + Hostname: "servicediscovery.ap-south-2.api.aws", }, endpointKey{ Region: "ap-southeast-1", @@ -23833,7 +27915,7 @@ var awsPartition = partition{ Region: "ap-southeast-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-southeast-1.amazonaws.com", + Hostname: "servicediscovery.ap-southeast-1.api.aws", }, endpointKey{ Region: "ap-southeast-2", @@ -23842,7 +27924,7 @@ var awsPartition = partition{ Region: "ap-southeast-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-southeast-2.amazonaws.com", + Hostname: "servicediscovery.ap-southeast-2.api.aws", }, endpointKey{ Region: "ap-southeast-3", @@ -23851,7 +27933,16 @@ var awsPartition = partition{ Region: "ap-southeast-3", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-southeast-3.amazonaws.com", + Hostname: "servicediscovery.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-4.api.aws", }, endpointKey{ Region: "ca-central-1", @@ -23860,7 +27951,7 @@ var awsPartition = partition{ Region: "ca-central-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ca-central-1.amazonaws.com", + Hostname: "servicediscovery.ca-central-1.api.aws", }, endpointKey{ Region: "ca-central-1", @@ -23868,6 +27959,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.ca-central-1.api.aws", + }, endpointKey{ Region: "ca-central-1-fips", }: endpoint{ @@ -23884,7 +27981,7 @@ var awsPartition = partition{ Region: "eu-central-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-central-1.amazonaws.com", + Hostname: "servicediscovery.eu-central-1.api.aws", }, endpointKey{ Region: "eu-central-2", @@ -23893,7 +27990,7 @@ var awsPartition = partition{ Region: "eu-central-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-central-2.amazonaws.com", + Hostname: "servicediscovery.eu-central-2.api.aws", }, endpointKey{ Region: "eu-north-1", @@ -23902,7 +27999,7 @@ var awsPartition = partition{ Region: "eu-north-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-north-1.amazonaws.com", + Hostname: "servicediscovery.eu-north-1.api.aws", }, endpointKey{ Region: "eu-south-1", @@ -23911,7 +28008,7 @@ var awsPartition = partition{ Region: "eu-south-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-south-1.amazonaws.com", + Hostname: "servicediscovery.eu-south-1.api.aws", }, endpointKey{ Region: "eu-south-2", @@ -23920,7 +28017,7 @@ var awsPartition = partition{ Region: "eu-south-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-south-2.amazonaws.com", + Hostname: "servicediscovery.eu-south-2.api.aws", }, endpointKey{ Region: "eu-west-1", @@ -23929,7 +28026,7 @@ var awsPartition = partition{ Region: "eu-west-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-west-1.amazonaws.com", + Hostname: "servicediscovery.eu-west-1.api.aws", }, endpointKey{ Region: "eu-west-2", @@ -23938,7 +28035,7 @@ var awsPartition = partition{ Region: "eu-west-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-west-2.amazonaws.com", + Hostname: "servicediscovery.eu-west-2.api.aws", }, endpointKey{ Region: "eu-west-3", @@ -23947,7 +28044,16 @@ var awsPartition = partition{ Region: "eu-west-3", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-west-3.amazonaws.com", + Hostname: "servicediscovery.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.il-central-1.api.aws", }, endpointKey{ Region: "me-central-1", @@ -23956,7 +28062,7 @@ var awsPartition = partition{ Region: "me-central-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.me-central-1.amazonaws.com", + Hostname: "servicediscovery.me-central-1.api.aws", }, endpointKey{ Region: "me-south-1", @@ -23965,7 +28071,7 @@ var awsPartition = partition{ Region: "me-south-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.me-south-1.amazonaws.com", + Hostname: "servicediscovery.me-south-1.api.aws", }, endpointKey{ Region: "sa-east-1", @@ -23974,34 +28080,7 @@ var awsPartition = partition{ Region: "sa-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.sa-east-1.amazonaws.com", - }, - endpointKey{ - Region: "servicediscovery", - }: endpoint{ - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "servicediscovery", - Variant: fipsVariant, - }: endpoint{ - Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "servicediscovery-fips", - }: endpoint{ - Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - Deprecated: boxedTrue, + Hostname: "servicediscovery.sa-east-1.api.aws", }, endpointKey{ Region: "us-east-1", @@ -24010,7 +28089,7 @@ var awsPartition = partition{ Region: "us-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-east-1.amazonaws.com", + Hostname: "servicediscovery.us-east-1.api.aws", }, endpointKey{ Region: "us-east-1", @@ -24018,6 +28097,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-1-fips", }: endpoint{ @@ -24034,7 +28119,7 @@ var awsPartition = partition{ Region: "us-east-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-east-2.amazonaws.com", + Hostname: "servicediscovery.us-east-2.api.aws", }, endpointKey{ Region: "us-east-2", @@ -24042,6 +28127,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-east-2.amazonaws.com", }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2-fips", }: endpoint{ @@ -24058,7 +28149,7 @@ var awsPartition = partition{ Region: "us-west-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-west-1.amazonaws.com", + Hostname: "servicediscovery.us-west-1.api.aws", }, endpointKey{ Region: "us-west-1", @@ -24066,6 +28157,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-1.api.aws", + }, endpointKey{ Region: "us-west-1-fips", }: endpoint{ @@ -24082,7 +28179,7 @@ var awsPartition = partition{ Region: "us-west-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-west-2.amazonaws.com", + Hostname: "servicediscovery.us-west-2.api.aws", }, endpointKey{ Region: "us-west-2", @@ -24090,6 +28187,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-west-2.amazonaws.com", }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-2.api.aws", + }, endpointKey{ Region: "us-west-2-fips", }: endpoint{ @@ -24126,6 +28229,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -24135,18 +28241,30 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -24156,6 +28274,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -24299,35 +28420,7 @@ var awsPartition = partition{ }, }, }, - "simspaceweaver": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-north-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - }, - }, - "sms": service{ + "signer": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "af-south-1", @@ -24374,7 +28467,7 @@ var awsPartition = partition{ endpointKey{ Region: "fips-us-east-1", }: endpoint{ - Hostname: "sms-fips.us-east-1.amazonaws.com", + Hostname: "signer-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, @@ -24383,7 +28476,7 @@ var awsPartition = partition{ endpointKey{ Region: "fips-us-east-2", }: endpoint{ - Hostname: "sms-fips.us-east-2.amazonaws.com", + Hostname: "signer-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, @@ -24392,7 +28485,7 @@ var awsPartition = partition{ endpointKey{ Region: "fips-us-west-1", }: endpoint{ - Hostname: "sms-fips.us-west-1.amazonaws.com", + Hostname: "signer-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, @@ -24401,12 +28494,44 @@ var awsPartition = partition{ endpointKey{ Region: "fips-us-west-2", }: endpoint{ - Hostname: "sms-fips.us-west-2.amazonaws.com", + Hostname: "signer-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-verification-us-east-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-verification-us-east-2", + }: endpoint{ + Hostname: "verification.signer-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "fips-verification-us-west-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "fips-verification-us-west-2", + }: endpoint{ + Hostname: "verification.signer-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -24420,7 +28545,7 @@ var awsPartition = partition{ Region: "us-east-1", Variant: fipsVariant, }: endpoint{ - Hostname: "sms-fips.us-east-1.amazonaws.com", + Hostname: "signer-fips.us-east-1.amazonaws.com", }, endpointKey{ Region: "us-east-2", @@ -24429,7 +28554,7 @@ var awsPartition = partition{ Region: "us-east-2", Variant: fipsVariant, }: endpoint{ - Hostname: "sms-fips.us-east-2.amazonaws.com", + Hostname: "signer-fips.us-east-2.amazonaws.com", }, endpointKey{ Region: "us-west-1", @@ -24438,7 +28563,217 @@ var awsPartition = partition{ Region: "us-west-1", Variant: fipsVariant, }: endpoint{ - Hostname: "sms-fips.us-west-1.amazonaws.com", + Hostname: "signer-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "verification-af-south-1", + }: endpoint{ + Hostname: "verification.signer.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "verification-ap-east-1", + }: endpoint{ + Hostname: "verification.signer.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "verification-ap-northeast-1", + }: endpoint{ + Hostname: "verification.signer.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "verification-ap-northeast-2", + }: endpoint{ + Hostname: "verification.signer.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "verification-ap-south-1", + }: endpoint{ + Hostname: "verification.signer.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "verification-ap-southeast-1", + }: endpoint{ + Hostname: "verification.signer.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "verification-ap-southeast-2", + }: endpoint{ + Hostname: "verification.signer.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "verification-ca-central-1", + }: endpoint{ + Hostname: "verification.signer.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "verification-eu-central-1", + }: endpoint{ + Hostname: "verification.signer.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "verification-eu-north-1", + }: endpoint{ + Hostname: "verification.signer.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "verification-eu-south-1", + }: endpoint{ + Hostname: "verification.signer.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "verification-eu-west-1", + }: endpoint{ + Hostname: "verification.signer.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "verification-eu-west-2", + }: endpoint{ + Hostname: "verification.signer.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "verification-eu-west-3", + }: endpoint{ + Hostname: "verification.signer.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "verification-me-south-1", + }: endpoint{ + Hostname: "verification.signer.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "verification-sa-east-1", + }: endpoint{ + Hostname: "verification.signer.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "verification-us-east-1", + }: endpoint{ + Hostname: "verification.signer.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "verification-us-east-2", + }: endpoint{ + Hostname: "verification.signer.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "verification-us-west-1", + }: endpoint{ + Hostname: "verification.signer.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "verification-us-west-2", + }: endpoint{ + Hostname: "verification.signer.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "simspaceweaver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "sms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "sms-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-2", @@ -24790,6 +29125,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -24880,6 +29218,15 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -24904,6 +29251,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "sns-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -24940,6 +29296,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -25031,6 +29390,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25091,6 +29453,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -25185,6 +29550,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "ssm-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25218,6 +29592,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ssm-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -25254,6 +29637,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -25301,6 +29687,118 @@ var awsPartition = partition{ }, }, }, + "ssm-contacts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-contacts-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-contacts-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-contacts-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-contacts-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-contacts-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-contacts-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-contacts-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-contacts-fips.us-west-2.amazonaws.com", + }, + }, + }, "ssm-incidents": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -25321,6 +29819,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25336,21 +29840,90 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-2.amazonaws.com", + }, }, }, "ssm-sap": service{ @@ -25385,6 +29958,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25403,6 +29982,51 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -25412,15 +30036,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-2.amazonaws.com", + }, }, }, "sso": service{ @@ -25458,6 +30106,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -25473,6 +30124,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -25531,6 +30185,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25591,6 +30248,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -25658,6 +30318,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -25667,6 +30330,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -25710,14 +30376,8 @@ var awsPartition = partition{ Region: "eu-west-3", }: endpoint{}, endpointKey{ - Region: "fips", - }: endpoint{ - Hostname: "storagegateway-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - Deprecated: boxedTrue, - }, + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -25847,6 +30507,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25871,6 +30534,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "local", }: endpoint{ @@ -25950,6 +30616,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25974,6 +30643,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -26121,6 +30793,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -26181,6 +30856,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -26266,6 +30944,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -26326,6 +31007,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -26411,6 +31095,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -26435,6 +31122,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -26576,6 +31266,65 @@ var awsPartition = partition{ }, }, }, + "thinclient": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "tnb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "transcribe": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -26725,12 +31474,21 @@ var awsPartition = partition{ }, "transcribestreaming": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, @@ -26888,6 +31646,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -26897,6 +31658,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -26909,12 +31673,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -26969,6 +31739,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -27115,6 +31891,91 @@ var awsPartition = partition{ }, }, }, + "verifiedpermissions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "voice-chime": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -27126,6 +31987,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -27264,6 +32128,43 @@ var awsPartition = partition{ }, }, }, + "vpc-lattice": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "waf": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, @@ -27427,6 +32328,23 @@ var awsPartition = partition{ Region: "ap-south-1", }, }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "waf-regional.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{ @@ -27478,6 +32396,23 @@ var awsPartition = partition{ Region: "ap-southeast-3", }, }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "waf-regional.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -27512,6 +32447,23 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "waf-regional.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -27546,6 +32498,23 @@ var awsPartition = partition{ Region: "eu-south-1", }, }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "waf-regional.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -27651,6 +32620,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-south-2", + }: endpoint{ + Hostname: "waf-regional-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ap-southeast-1", }: endpoint{ @@ -27678,6 +32656,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -27696,6 +32683,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-central-2", + }: endpoint{ + Hostname: "waf-regional-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-north-1", }: endpoint{ @@ -27714,6 +32710,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-south-2", + }: endpoint{ + Hostname: "waf-regional-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-west-1", }: endpoint{ @@ -27741,6 +32746,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "waf-regional-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-me-central-1", }: endpoint{ @@ -27804,6 +32818,23 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "waf-regional.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-central-1", }: endpoint{ @@ -28029,6 +33060,23 @@ var awsPartition = partition{ Region: "ap-south-1", }, }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "wafv2.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{ @@ -28080,6 +33128,23 @@ var awsPartition = partition{ Region: "ap-southeast-3", }, }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "wafv2.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -28114,6 +33179,23 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "wafv2.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -28148,6 +33230,23 @@ var awsPartition = partition{ Region: "eu-south-1", }, }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "wafv2.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -28253,6 +33352,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-south-2", + }: endpoint{ + Hostname: "wafv2-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ap-southeast-1", }: endpoint{ @@ -28280,6 +33388,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -28298,6 +33415,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-central-2", + }: endpoint{ + Hostname: "wafv2-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-north-1", }: endpoint{ @@ -28316,6 +33442,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-south-2", + }: endpoint{ + Hostname: "wafv2-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-west-1", }: endpoint{ @@ -28343,6 +33478,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "wafv2-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-me-central-1", }: endpoint{ @@ -28406,6 +33550,23 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "wafv2.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-central-1", }: endpoint{ @@ -28765,6 +33926,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -28860,6 +34024,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -28920,6 +34087,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -29059,6 +34229,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "airflow": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "api.ecr": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29079,6 +34259,20 @@ var awscnPartition = partition{ }, }, }, + "api.pricing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "pricing", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "api.sagemaker": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29186,6 +34380,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "athena": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29248,6 +34452,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "backupstorage": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "batch": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29437,7 +34651,10 @@ var awscnPartition = partition{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", - }: endpoint{}, + }: endpoint{ + Hostname: "data.ats.iot.cn-north-1.amazonaws.com.cn", + Protocols: []string{"https"}, + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, @@ -29473,6 +34690,31 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "datazone.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "datazone.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "dax": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29600,6 +34842,31 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "eks-auth.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "eks-auth.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "elasticache": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29685,9 +34952,21 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "emr-containers": service{ @@ -29700,14 +34979,36 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "emr-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "es": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "events": service{ @@ -29865,6 +35166,16 @@ var awscnPartition = partition{ }, }, }, + "identitystore": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "internetmonitor": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -29891,13 +35202,6 @@ var awscnPartition = partition{ }, }, "iot": service{ - Defaults: endpointDefaults{ - defaultKey{}: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", - }, - }, - }, Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", @@ -30064,6 +35368,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "logs": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -30151,6 +35465,36 @@ var awscnPartition = partition{ }, }, }, + "oam": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "oidc": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "oidc.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "oidc.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, "organizations": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -30182,6 +35526,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "pipes": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "polly": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -30189,6 +35543,51 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "portal.sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "portal.sso.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "portal.sso.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "qbusiness.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "qbusiness.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "ram": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -30229,6 +35628,13 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "redshift-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, "resource-explorer-2": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -30264,6 +35670,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "route53": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -30395,14 +35811,53 @@ var awscnPartition = partition{ }, }, }, + "savingsplans": service{ + IsRegionalized: boxedTrue, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "savingsplans.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "savingsplans.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "schemas": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "secretsmanager": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{}, }, }, "securityhub": service{ @@ -30453,7 +35908,7 @@ var awscnPartition = partition{ Region: "cn-north-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.cn-north-1.amazonaws.com.cn", + Hostname: "servicediscovery.cn-north-1.api.amazonwebservices.com.cn", }, endpointKey{ Region: "cn-northwest-1", @@ -30462,7 +35917,7 @@ var awscnPartition = partition{ Region: "cn-northwest-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.cn-northwest-1.amazonaws.com.cn", + Hostname: "servicediscovery.cn-northwest-1.api.amazonwebservices.com.cn", }, }, }, @@ -30481,7 +35936,7 @@ var awscnPartition = partition{ }: endpoint{}, }, }, - "sms": service{ + "signer": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", @@ -30489,6 +35944,29 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "verification-cn-north-1", + }: endpoint{ + Hostname: "verification.signer.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "verification-cn-northwest-1", + }: endpoint{ + Hostname: "verification.signer.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "sms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, }, }, "snowball": service{ @@ -30572,14 +36050,36 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "states": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "states.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "states.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "storagegateway": service{ @@ -30905,6 +36405,24 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "access-analyzer.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ @@ -30913,6 +36431,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "access-analyzer.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "acm": service{ @@ -31317,12 +36853,42 @@ var awsusgovPartition = partition{ }, "appconfigdata": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "appconfigdata.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "appconfigdata.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfigdata.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfigdata.us-gov-west-1.amazonaws.com", + }, }, }, "application-autoscaling": service{ @@ -31339,13 +36905,45 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + + Deprecated: boxedTrue, + }, }, }, "applicationinsights": service{ @@ -31387,6 +36985,24 @@ var awsusgovPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -31407,6 +37023,16 @@ var awsusgovPartition = partition{ }, }, }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "athena": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -31442,6 +37068,12 @@ var awsusgovPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -31457,6 +37089,12 @@ var awsusgovPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-gov-west-1.api.aws", + }, }, }, "autoscaling": service{ @@ -31520,6 +37158,16 @@ var awsusgovPartition = partition{ }: endpoint{}, }, }, + "backupstorage": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "batch": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{}, @@ -31578,6 +37226,24 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cassandra.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "cassandra.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ @@ -31586,6 +37252,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cassandra.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "cassandra.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "cloudcontrolapi": service{ @@ -31909,6 +37593,15 @@ var awsusgovPartition = partition{ }, "codepipeline": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "codepipeline-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -31918,6 +37611,15 @@ var awsusgovPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -31929,6 +37631,13 @@ var awsusgovPartition = partition{ }, }, }, + "codestar-connections": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + }, + }, "cognito-identity": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32092,9 +37801,24 @@ var awsusgovPartition = partition{ }, "connect": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "connect.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect.us-gov-west-1.amazonaws.com", + }, }, }, "controltower": service{ @@ -32257,6 +37981,31 @@ var awsusgovPartition = partition{ }, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "datazone.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "datazone.us-gov-west-1.api.aws", + }, + }, + }, "directconnect": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32282,9 +38031,39 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dlm.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "dlm.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dlm.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "dlm.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "dms": service{ @@ -32374,6 +38153,46 @@ var awsusgovPartition = partition{ }, }, }, + "drs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "ds": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32609,6 +38428,31 @@ var awsusgovPartition = partition{ }, }, }, + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "eks-auth.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "eks-auth.us-gov-west-1.api.aws", + }, + }, + }, "elasticache": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{}, @@ -32829,6 +38673,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, @@ -32840,6 +38690,13 @@ var awsusgovPartition = partition{ }: endpoint{ Protocols: []string{"https"}, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-west-1.api.aws", + Protocols: []string{"https"}, + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, @@ -32895,6 +38752,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, @@ -32913,6 +38776,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, @@ -33149,6 +39018,28 @@ var awsusgovPartition = partition{ }, }, }, + "geo": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "geo-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "geo-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "glacier": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -33215,21 +39106,45 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "glue.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{ Hostname: "glue-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "glue.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{ Hostname: "glue-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-west-1.api.aws", + }, }, }, "greengrass": service{ @@ -33347,7 +39262,21 @@ var awsusgovPartition = partition{ }, }, "health": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "health.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "global.health.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -33548,12 +39477,42 @@ var awsusgovPartition = partition{ }, "inspector2": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "inspector2-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "inspector2-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-gov-west-1.amazonaws.com", + }, }, }, "internetmonitor": service{ @@ -33582,30 +39541,19 @@ var awsusgovPartition = partition{ }, }, "iot": service{ - Defaults: endpointDefaults{ - defaultKey{}: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", - }, - }, - }, Endpoints: serviceEndpoints{ endpointKey{ Region: "fips-us-gov-east-1", }: endpoint{ Hostname: "iot-fips.us-gov-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ Hostname: "iot-fips.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ @@ -33750,14 +39698,114 @@ var awsusgovPartition = partition{ }, }, }, + "iottwinmaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "api-us-gov-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "data-us-gov-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-api-us-gov-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-data-us-gov-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "kafka": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-gov-east-1", - }: endpoint{}, + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", - }: endpoint{}, + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "kendra": service{ @@ -33945,21 +39993,45 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lakeformation.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{ Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lakeformation.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{ Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-west-1.api.aws", + }, }, }, "lambda": service{ @@ -34054,6 +40126,16 @@ var awsusgovPartition = partition{ }, }, }, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "logs": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34094,6 +40176,36 @@ var awsusgovPartition = partition{ }, }, }, + "m2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{}, + }, + }, "managedblockchain": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34190,6 +40302,46 @@ var awsusgovPartition = partition{ }: endpoint{}, }, }, + "mgn": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "mgn-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "mgn-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "models.lex": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -34387,6 +40539,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "aws-us-gov-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "networkmanager.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-aws-us-gov-global", + }: endpoint{ + Hostname: "networkmanager.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "oidc": service{ @@ -34484,12 +40654,22 @@ var awsusgovPartition = partition{ "participant.connect": service{ Endpoints: serviceEndpoints{ endpointKey{ - Region: "us-gov-west-1", + Region: "fips-us-gov-west-1", }: endpoint{ Hostname: "participant.connect.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "participant.connect.us-gov-west-1.amazonaws.com", }, }, }, @@ -34582,6 +40762,31 @@ var awsusgovPartition = partition{ }, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-west-1.api.aws", + }, + }, + }, "quicksight": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34823,6 +41028,46 @@ var awsusgovPartition = partition{ }, }, }, + "resiliencehub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "resource-explorer-2": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -34903,6 +41148,46 @@ var awsusgovPartition = partition{ }: endpoint{}, }, }, + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "route53": service{ PartitionEndpoint: "aws-us-gov-global", IsRegionalized: boxedFalse, @@ -34940,9 +41225,35 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "route53resolver.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "route53resolver.us-gov-east-1.amazonaws.com", + + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "route53resolver.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "route53resolver.us-gov-west-1.amazonaws.com", + + Deprecated: boxedTrue, + }, }, }, "runtime.lex": service{ @@ -35237,17 +41548,33 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, "secretsmanager": service{ @@ -35255,37 +41582,43 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-east-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-west-1", - }, + Deprecated: boxedTrue, }, }, @@ -35339,21 +41672,45 @@ var awsusgovPartition = partition{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-gov-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, }: endpoint{ Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com", Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, }: endpoint{ Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com", Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, @@ -35451,7 +41808,7 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-gov-east-1.amazonaws.com", + Hostname: "servicediscovery.us-gov-east-1.api.aws", }, endpointKey{ Region: "us-gov-east-1", @@ -35459,6 +41816,12 @@ var awsusgovPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1-fips", }: endpoint{ @@ -35475,7 +41838,7 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-gov-west-1.amazonaws.com", + Hostname: "servicediscovery.us-gov-west-1.api.aws", }, endpointKey{ Region: "us-gov-west-1", @@ -35483,6 +41846,12 @@ var awsusgovPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1-fips", }: endpoint{ @@ -35545,12 +41914,12 @@ var awsusgovPartition = partition{ }, }, }, - "sms": service{ + "simspaceweaver": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "fips-us-gov-east-1", }: endpoint{ - Hostname: "sms-fips.us-gov-east-1.amazonaws.com", + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, @@ -35559,7 +41928,7 @@ var awsusgovPartition = partition{ endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ - Hostname: "sms-fips.us-gov-west-1.amazonaws.com", + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, @@ -35572,7 +41941,29 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{ - Hostname: "sms-fips.us-gov-east-1.amazonaws.com", + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", + }, + }, + }, + "sms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "sms-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-gov-west-1", @@ -35679,14 +42070,14 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-west-1", }: endpoint{ - Protocols: []string{"http", "https"}, + Protocols: []string{"https"}, }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{ Hostname: "sns.us-gov-west-1.amazonaws.com", - Protocols: []string{"http", "https"}, + Protocols: []string{"https"}, }, }, }, @@ -35778,6 +42169,24 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ @@ -35786,6 +42195,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "states": service{ @@ -36418,6 +42845,15 @@ var awsusgovPartition = partition{ }, "workspaces": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -36427,6 +42863,15 @@ var awsusgovPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -36589,6 +43034,13 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "athena": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, "autoscaling": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36601,6 +43053,16 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, "cloudformation": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36660,6 +43122,28 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + }, + }, + }, "directconnect": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36670,6 +43154,16 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "dlm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, "dms": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{}, @@ -36772,6 +43266,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "ec2": service{ @@ -36804,6 +43301,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "elasticache": service{ @@ -36870,14 +43370,45 @@ var awsisoPartition = partition{ }, "elasticmapreduce": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{ Protocols: []string{"https"}, }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-east-1.c2s.ic.gov", + Protocols: []string{"https"}, + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-west-1.c2s.ic.gov", + }, }, }, "es": service{ @@ -37024,6 +43555,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "logs": service{ @@ -37076,25 +43610,219 @@ var awsisoPartition = partition{ }, "ram": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "ram-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "ram-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-iso-west-1.c2s.ic.gov", + }, + }, + }, + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "rbin-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov", + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-iso-west-1.c2s.ic.gov", + }, }, }, "rds": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds-fips.us-iso-east-1", + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.us-iso-west-1", + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "redshift-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "redshift-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-iso-west-1.c2s.ic.gov", + }, + }, + }, + "resource-groups": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-iso-east-1", @@ -37123,6 +43851,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "runtime.sagemaker": service{ @@ -37139,15 +43870,61 @@ var awsisoPartition = partition{ }, }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "s3-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "s3-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{ Protocols: []string{"http", "https"}, SignatureVersions: []string{"s3v4"}, }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-iso-east-1.c2s.ic.gov", + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-iso-east-1.c2s.ic.gov", + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-iso-west-1.c2s.ic.gov", + }, }, }, "secretsmanager": service{ @@ -37276,6 +44053,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "transcribe": service{ @@ -37370,6 +44150,13 @@ var awsisobPartition = partition{ }, }, }, + "api.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "appconfig": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -37408,6 +44195,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "cloudformation": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -37604,9 +44398,24 @@ var awsisobPartition = partition{ }, "elasticmapreduce": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "es": service{ @@ -37738,25 +44547,126 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "ram": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "ram-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-isob-east-1.sc2s.sgov.gov", + }, + }, + }, + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "rds": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds-fips.us-isob-east-1", + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-isob-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "redshift-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "resource-groups": service{ @@ -37787,6 +44697,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "runtime.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "s3": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -37794,6 +44711,34 @@ var awsisobPartition = partition{ SignatureVersions: []string{"s3v4"}, }, }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "s3-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-isob-east-1.sc2s.sgov.gov", + }, + }, + }, + "secretsmanager": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-isob-east-1", @@ -37911,3 +44856,71 @@ var awsisobPartition = partition{ }, }, } + +// AwsIsoEPartition returns the Resolver for AWS ISOE (Europe). +func AwsIsoEPartition() Partition { + return awsisoePartition.Partition() +} + +var awsisoePartition = partition{ + ID: "aws-iso-e", + Name: "AWS ISOE (Europe)", + DNSSuffix: "cloud.adc-e.uk", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^eu\\-isoe\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "cloud.adc-e.uk", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + Regions: regions{}, + Services: services{}, +} + +// AwsIsoFPartition returns the Resolver for AWS ISOF. +func AwsIsoFPartition() Partition { + return awsisofPartition.Partition() +} + +var awsisofPartition = partition{ + ID: "aws-iso-f", + Name: "AWS ISOF", + DNSSuffix: "csp.hci.ic.gov", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^us\\-isof\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "csp.hci.ic.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + Regions: regions{}, + Services: services{}, +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go index 1d3f4c3adc3..ea8e3537658 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go @@ -14,6 +14,7 @@ import ( "github.com/aws/aws-sdk-go/aws/defaults" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/internal/shareddefaults" + "github.com/aws/aws-sdk-go/service/ssooidc" "github.com/aws/aws-sdk-go/service/sts" ) @@ -23,6 +24,10 @@ type CredentialsProviderOptions struct { // WebIdentityRoleProviderOptions configures a WebIdentityRoleProvider, // such as setting its ExpiryWindow. WebIdentityRoleProviderOptions func(*stscreds.WebIdentityRoleProvider) + + // ProcessProviderOptions configures a ProcessProvider, + // such as setting its Timeout. + ProcessProviderOptions func(*processcreds.ProcessProvider) } func resolveCredentials(cfg *aws.Config, @@ -33,7 +38,7 @@ func resolveCredentials(cfg *aws.Config, switch { case len(sessOpts.Profile) != 0: - // User explicitly provided an Profile in the session's configuration + // User explicitly provided a Profile in the session's configuration // so load that profile from shared config first. // Github(aws/aws-sdk-go#2727) return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) @@ -134,7 +139,11 @@ func resolveCredsFromProfile(cfg *aws.Config, case len(sharedCfg.CredentialProcess) != 0: // Get credentials from CredentialProcess - creds = processcreds.NewCredentials(sharedCfg.CredentialProcess) + var optFns []func(*processcreds.ProcessProvider) + if sessOpts.CredentialsProviderOptions != nil && sessOpts.CredentialsProviderOptions.ProcessProviderOptions != nil { + optFns = append(optFns, sessOpts.CredentialsProviderOptions.ProcessProviderOptions) + } + creds = processcreds.NewCredentials(sharedCfg.CredentialProcess, optFns...) default: // Fallback to default credentials provider, include mock errors for @@ -173,8 +182,28 @@ func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers req return nil, err } + var optFns []func(provider *ssocreds.Provider) cfgCopy := cfg.Copy() - cfgCopy.Region = &sharedCfg.SSORegion + + if sharedCfg.SSOSession != nil { + cfgCopy.Region = &sharedCfg.SSOSession.SSORegion + cachedPath, err := ssocreds.StandardCachedTokenFilepath(sharedCfg.SSOSession.Name) + if err != nil { + return nil, err + } + // create oidcClient with AnonymousCredentials to avoid recursively resolving credentials + mySession := Must(NewSession(&aws.Config{ + Credentials: credentials.AnonymousCredentials, + })) + oidcClient := ssooidc.New(mySession, cfgCopy) + tokenProvider := ssocreds.NewSSOTokenProvider(oidcClient, cachedPath) + optFns = append(optFns, func(p *ssocreds.Provider) { + p.TokenProvider = tokenProvider + p.CachedTokenFilepath = cachedPath + }) + } else { + cfgCopy.Region = &sharedCfg.SSORegion + } return ssocreds.NewCredentials( &Session{ @@ -184,6 +213,7 @@ func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers req sharedCfg.SSOAccountID, sharedCfg.SSORoleName, sharedCfg.SSOStartURL, + optFns..., ), nil } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index d6fa24776cf..93bb5de6470 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -171,6 +171,12 @@ type envConfig struct { // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState + // Specifies that IMDS clients should not fallback to IMDSv1 if token + // requests fail. + // + // AWS_EC2_METADATA_V1_DISABLED=true + EC2IMDSv1Disabled *bool + // Specifies that SDK clients must resolve a dual-stack endpoint for // services. // @@ -251,6 +257,9 @@ var ( ec2IMDSEndpointModeEnvKey = []string{ "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE", } + ec2MetadataV1DisabledEnvKey = []string{ + "AWS_EC2_METADATA_V1_DISABLED", + } useCABundleKey = []string{ "AWS_CA_BUNDLE", } @@ -393,6 +402,7 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil { return envConfig{}, err } + setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, ec2MetadataV1DisabledEnvKey) if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil { return cfg, err @@ -414,6 +424,24 @@ func setFromEnvVal(dst *string, keys []string) { } } +func setBoolPtrFromEnvVal(dst **bool, keys []string) { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + switch { + case strings.EqualFold(value, "false"): + *dst = new(bool) + **dst = false + case strings.EqualFold(value, "true"): + *dst = new(bool) + **dst = true + } + } +} + func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error { for _, k := range keys { value := os.Getenv(k) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 4293dbe10bd..3c88dee526d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -37,7 +37,7 @@ const ( // ErrSharedConfigSourceCollision will be returned if a section contains both // source_profile and credential_source -var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso", nil) +var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only one credential type may be specified per profile: source profile, credential source, credential process, web identity token", nil) // ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment // variables are empty and Environment was set as the credential source @@ -174,7 +174,6 @@ const ( // Options provides the means to control how a Session is created and what // configuration values will be loaded. -// type Options struct { // Provides config values for the SDK to use when creating service clients // and making API requests to services. Any value set in with this field @@ -224,7 +223,7 @@ type Options struct { // from stdin for the MFA token code. // // This field is only used if the shared configuration is enabled, and - // the config enables assume role wit MFA via the mfa_serial field. + // the config enables assume role with MFA via the mfa_serial field. AssumeRoleTokenProvider func() (string, error) // When the SDK's shared config is configured to assume a role this option @@ -322,24 +321,24 @@ type Options struct { // credentials file. Enabling the Shared Config will also allow the Session // to be built with retrieving credentials with AssumeRole set in the config. // -// // Equivalent to session.New -// sess := session.Must(session.NewSessionWithOptions(session.Options{})) +// // Equivalent to session.New +// sess := session.Must(session.NewSessionWithOptions(session.Options{})) // -// // Specify profile to load for the session's config -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// Profile: "profile_name", -// })) +// // Specify profile to load for the session's config +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// Profile: "profile_name", +// })) // -// // Specify profile for config and region for requests -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// Config: aws.Config{Region: aws.String("us-east-1")}, -// Profile: "profile_name", -// })) +// // Specify profile for config and region for requests +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// Config: aws.Config{Region: aws.String("us-east-1")}, +// Profile: "profile_name", +// })) // -// // Force enable Shared Config support -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// SharedConfigState: session.SharedConfigEnable, -// })) +// // Force enable Shared Config support +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// SharedConfigState: session.SharedConfigEnable, +// })) func NewSessionWithOptions(opts Options) (*Session, error) { var envCfg envConfig var err error @@ -375,7 +374,7 @@ func NewSessionWithOptions(opts Options) (*Session, error) { // This helper is intended to be used in variable initialization to load the // Session and configuration at startup. Such as: // -// var sess = session.Must(session.NewSession()) +// var sess = session.Must(session.NewSession()) func Must(sess *Session, err error) *Session { if err != nil { panic(err) @@ -780,14 +779,12 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode) } - // Configure credentials if not already set by the user when creating the - // Session. - if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { - creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts) - if err != nil { - return err - } - cfg.Credentials = creds + cfg.EC2MetadataEnableFallback = userCfg.EC2MetadataEnableFallback + if cfg.EC2MetadataEnableFallback == nil && envCfg.EC2IMDSv1Disabled != nil { + cfg.EC2MetadataEnableFallback = aws.Bool(!*envCfg.EC2IMDSv1Disabled) + } + if cfg.EC2MetadataEnableFallback == nil && sharedCfg.EC2IMDSv1Disabled != nil { + cfg.EC2MetadataEnableFallback = aws.Bool(!*sharedCfg.EC2IMDSv1Disabled) } cfg.S3UseARNRegion = userCfg.S3UseARNRegion @@ -812,6 +809,17 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, } } + // Configure credentials if not already set by the user when creating the Session. + // Credentials are resolved last such that all _resolved_ config values are propagated to credential providers. + // ticket: P83606045 + if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { + creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts) + if err != nil { + return err + } + cfg.Credentials = creds + } + return nil } @@ -845,8 +853,8 @@ func initHandlers(s *Session) { // and handlers. If any additional configs are provided they will be merged // on top of the Session's copied config. // -// // Create a copy of the current Session, configured for the us-west-2 region. -// sess.Copy(&aws.Config{Region: aws.String("us-west-2")}) +// // Create a copy of the current Session, configured for the us-west-2 region. +// sess.Copy(&aws.Config{Region: aws.String("us-west-2")}) func (s *Session) Copy(cfgs ...*aws.Config) *Session { newSession := &Session{ Config: s.Config.Copy(cfgs...), diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index 424c82b4d34..f3ce8183dd9 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -26,6 +26,13 @@ const ( roleSessionNameKey = `role_session_name` // optional roleDurationSecondsKey = "duration_seconds" // optional + // Prefix to be used for SSO sections. These are supposed to only exist in + // the shared config file, not the credentials file. + ssoSectionPrefix = `sso-session ` + + // AWS Single Sign-On (AWS SSO) group + ssoSessionNameKey = "sso_session" + // AWS Single Sign-On (AWS SSO) group ssoAccountIDKey = "sso_account_id" ssoRegionKey = "sso_region" @@ -73,6 +80,9 @@ const ( // EC2 IMDS Endpoint ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint" + // ECS IMDSv1 disable fallback + ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled" + // Use DualStack Endpoint Resolution useDualStackEndpoint = "use_dualstack_endpoint" @@ -99,6 +109,10 @@ type sharedConfig struct { CredentialProcess string WebIdentityTokenFile string + // SSO session options + SSOSessionName string + SSOSession *ssoSession + SSOAccountID string SSORegion string SSORoleName string @@ -168,6 +182,12 @@ type sharedConfig struct { // ec2_metadata_service_endpoint=http://fd00:ec2::254 EC2IMDSEndpoint string + // Specifies that IMDS clients should not fallback to IMDSv1 if token + // requests fail. + // + // ec2_metadata_v1_disabled=true + EC2IMDSv1Disabled *bool + // Specifies that SDK clients must resolve a dual-stack endpoint for // services. // @@ -186,6 +206,20 @@ type sharedConfigFile struct { IniData ini.Sections } +// SSOSession provides the shared configuration parameters of the sso-session +// section. +type ssoSession struct { + Name string + SSORegion string + SSOStartURL string +} + +func (s *ssoSession) setFromIniSection(section ini.Section) { + updateString(&s.Name, section, ssoSessionNameKey) + updateString(&s.SSORegion, section, ssoRegionKey) + updateString(&s.SSOStartURL, section, ssoStartURL) +} + // loadSharedConfig retrieves the configuration from the list of files using // the profile provided. The order the files are listed will determine // precedence. Values in subsequent files will overwrite values defined in @@ -266,13 +300,13 @@ func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile s // profile only have credential provider options. cfg.clearAssumeRoleOptions() } else { - // First time a profile has been seen, It must either be a assume role - // credentials, or SSO. Assert if the credential type requires a role ARN, - // the ARN is also set, or validate that the SSO configuration is complete. + // First time a profile has been seen. Assert if the credential type + // requires a role ARN, the ARN is also set if err := cfg.validateCredentialsConfig(profile); err != nil { return err } } + profiles[profile] = struct{}{} if err := cfg.validateCredentialType(); err != nil { @@ -308,6 +342,30 @@ func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile s cfg.SourceProfile = srcCfg } + // If the profile contains an SSO session parameter, the session MUST exist + // as a section in the config file. Load the SSO session using the name + // provided. If the session section is not found or incomplete an error + // will be returned. + if cfg.hasSSOTokenProviderConfiguration() { + skippedFiles = 0 + for _, f := range files { + section, ok := f.IniData.GetSection(fmt.Sprintf(ssoSectionPrefix + strings.TrimSpace(cfg.SSOSessionName))) + if ok { + var ssoSession ssoSession + ssoSession.setFromIniSection(section) + ssoSession.Name = cfg.SSOSessionName + cfg.SSOSession = &ssoSession + break + } + skippedFiles++ + } + if skippedFiles == len(files) { + // If all files were skipped because the sso session section is not found, return + // the sso section not found error. + return fmt.Errorf("failed to find SSO session section, %v", cfg.SSOSessionName) + } + } + return nil } @@ -340,8 +398,15 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e updateString(&cfg.Region, section, regionKey) updateString(&cfg.CustomCABundle, section, customCABundleKey) + // we're retaining a behavioral quirk with this field that existed before + // the removal of literal parsing for (aws-sdk-go-v2/#2276): + // - if the key is missing, the config field will not be set + // - if the key is set to a non-numeric, the config field will be set to 0 if section.Has(roleDurationSecondsKey) { - d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second + var d time.Duration + if v, ok := section.Int(roleDurationSecondsKey); ok { + d = time.Duration(v) * time.Second + } cfg.AssumeRoleDuration = &d } @@ -363,6 +428,10 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e cfg.S3UsEast1RegionalEndpoint = sre } + // AWS Single Sign-On (AWS SSO) + // SSO session options + updateString(&cfg.SSOSessionName, section, ssoSessionNameKey) + // AWS Single Sign-On (AWS SSO) updateString(&cfg.SSOAccountID, section, ssoAccountIDKey) updateString(&cfg.SSORegion, section, ssoRegionKey) @@ -374,6 +443,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e ec2MetadataServiceEndpointModeKey, file.Filename, err) } updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey) + updateBoolPtr(&cfg.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey) updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint) @@ -461,32 +531,20 @@ func (cfg *sharedConfig) validateCredentialType() error { } func (cfg *sharedConfig) validateSSOConfiguration() error { - if !cfg.hasSSOConfiguration() { + if cfg.hasSSOTokenProviderConfiguration() { + err := cfg.validateSSOTokenProviderConfiguration() + if err != nil { + return err + } return nil } - var missing []string - if len(cfg.SSOAccountID) == 0 { - missing = append(missing, ssoAccountIDKey) - } - - if len(cfg.SSORegion) == 0 { - missing = append(missing, ssoRegionKey) - } - - if len(cfg.SSORoleName) == 0 { - missing = append(missing, ssoRoleNameKey) - } - - if len(cfg.SSOStartURL) == 0 { - missing = append(missing, ssoStartURL) - } - - if len(missing) > 0 { - return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s", - cfg.Profile, strings.Join(missing, ", ")) + if cfg.hasLegacySSOConfiguration() { + err := cfg.validateLegacySSOConfiguration() + if err != nil { + return err + } } - return nil } @@ -525,15 +583,76 @@ func (cfg *sharedConfig) clearAssumeRoleOptions() { } func (cfg *sharedConfig) hasSSOConfiguration() bool { - switch { - case len(cfg.SSOAccountID) != 0: - case len(cfg.SSORegion) != 0: - case len(cfg.SSORoleName) != 0: - case len(cfg.SSOStartURL) != 0: - default: - return false + return cfg.hasSSOTokenProviderConfiguration() || cfg.hasLegacySSOConfiguration() +} + +func (c *sharedConfig) hasSSOTokenProviderConfiguration() bool { + return len(c.SSOSessionName) > 0 +} + +func (c *sharedConfig) hasLegacySSOConfiguration() bool { + return len(c.SSORegion) > 0 || len(c.SSOAccountID) > 0 || len(c.SSOStartURL) > 0 || len(c.SSORoleName) > 0 +} + +func (c *sharedConfig) validateSSOTokenProviderConfiguration() error { + var missing []string + + if len(c.SSOSessionName) == 0 { + missing = append(missing, ssoSessionNameKey) } - return true + + if c.SSOSession == nil { + missing = append(missing, ssoSectionPrefix) + } else { + if len(c.SSOSession.SSORegion) == 0 { + missing = append(missing, ssoRegionKey) + } + + if len(c.SSOSession.SSOStartURL) == 0 { + missing = append(missing, ssoStartURL) + } + } + + if len(missing) > 0 { + return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s", + c.Profile, strings.Join(missing, ", ")) + } + + if len(c.SSORegion) > 0 && c.SSORegion != c.SSOSession.SSORegion { + return fmt.Errorf("%s in profile %q must match %s in %s", ssoRegionKey, c.Profile, ssoRegionKey, ssoSectionPrefix) + } + + if len(c.SSOStartURL) > 0 && c.SSOStartURL != c.SSOSession.SSOStartURL { + return fmt.Errorf("%s in profile %q must match %s in %s", ssoStartURL, c.Profile, ssoStartURL, ssoSectionPrefix) + } + + return nil +} + +func (c *sharedConfig) validateLegacySSOConfiguration() error { + var missing []string + + if len(c.SSORegion) == 0 { + missing = append(missing, ssoRegionKey) + } + + if len(c.SSOStartURL) == 0 { + missing = append(missing, ssoStartURL) + } + + if len(c.SSOAccountID) == 0 { + missing = append(missing, ssoAccountIDKey) + } + + if len(c.SSORoleName) == 0 { + missing = append(missing, ssoRoleNameKey) + } + + if len(missing) > 0 { + return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s", + c.Profile, strings.Join(missing, ", ")) + } + return nil } func oneOrNone(bs ...bool) bool { @@ -566,7 +685,10 @@ func updateBool(dst *bool, section ini.Section, key string) { if !section.Has(key) { return } - *dst = section.Bool(key) + + // retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false + v, _ := section.Bool(key) + *dst = v } // updateBoolPtr will only update the dst with the value in the section key, @@ -575,8 +697,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) { if !section.Has(key) { return } + + // retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false + v, _ := section.Bool(key) *dst = new(bool) - **dst = section.Bool(key) + **dst = v } // SharedConfigLoadError is an error for the shared config file failed to load. @@ -703,7 +828,8 @@ func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section i return } - if section.Bool(key) { + // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false + if v, _ := section.Bool(key); v { *dst = endpoints.DualStackEndpointStateEnabled } else { *dst = endpoints.DualStackEndpointStateDisabled @@ -719,7 +845,8 @@ func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section return } - if section.Bool(key) { + // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false + if v, _ := section.Bool(key); v { *dst = endpoints.FIPSEndpointStateEnabled } else { *dst = endpoints.FIPSEndpointStateDisabled diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 4d78162c034..b542df93156 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -3,21 +3,21 @@ // Provides request signing for request that need to be signed with // AWS V4 Signatures. // -// Standalone Signer +// # Standalone Signer // // Generally using the signer outside of the SDK should not require any additional // logic when using Go v1.5 or higher. The signer does this by taking advantage // of the URL.EscapedPath method. If your request URI requires additional escaping -// you many need to use the URL.Opaque to define what the raw URI should be sent +// you may need to use the URL.Opaque to define what the raw URI should be sent // to the service as. // // The signer will first check the URL.Opaque field, and use its value if set. // The signer does require the URL.Opaque field to be set in the form of: // -// "///" +// "///" // -// // e.g. -// "//example.com/some/path" +// // e.g. +// "//example.com/some/path" // // The leading "//" and hostname are required or the URL.Opaque escaping will // not work correctly. @@ -125,6 +125,7 @@ var requiredSignedHeaders = rules{ "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, + "X-Amz-Expected-Bucket-Owner": struct{}{}, "X-Amz-Grant-Full-control": struct{}{}, "X-Amz-Grant-Read": struct{}{}, "X-Amz-Grant-Read-Acp": struct{}{}, @@ -135,6 +136,7 @@ var requiredSignedHeaders = rules{ "X-Amz-Request-Payer": struct{}{}, "X-Amz-Server-Side-Encryption": struct{}{}, "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, + "X-Amz-Server-Side-Encryption-Context": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, @@ -695,7 +697,8 @@ func (ctx *signingCtx) buildBodyDigest() error { includeSHA256Header := ctx.unsignedPayload || ctx.ServiceName == "s3" || ctx.ServiceName == "s3-object-lambda" || - ctx.ServiceName == "glacier" + ctx.ServiceName == "glacier" || + ctx.ServiceName == "s3-outposts" s3Presign := ctx.isPresign && (ctx.ServiceName == "s3" || diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index f9289908a77..5edfe433c3d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.215" +const SDKVersion = "1.49.7" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go index 34a481afbd4..b1b686086a9 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go @@ -154,11 +154,11 @@ func (v ValueType) String() string { // ValueType enums const ( NoneType = ValueType(iota) - DecimalType - IntegerType + DecimalType // deprecated + IntegerType // deprecated StringType QuotedStringType - BoolType + BoolType // deprecated ) // Value is a union container @@ -166,9 +166,9 @@ type Value struct { Type ValueType raw []rune - integer int64 - decimal float64 - boolean bool + integer int64 // deprecated + decimal float64 // deprecated + boolean bool // deprecated str string } @@ -253,24 +253,6 @@ func newLitToken(b []rune) (Token, int, error) { } token = newToken(TokenLit, b[:n], QuotedStringType) - } else if isNumberValue(b) { - var base int - base, n, err = getNumericalValue(b) - if err != nil { - return token, 0, err - } - - value := b[:n] - vType := IntegerType - if contains(value, '.') || hasExponent(value) { - vType = DecimalType - } - token = newToken(TokenLit, value, vType) - token.base = base - } else if isBoolValue(b) { - n, err = getBoolValue(b) - - token = newToken(TokenLit, b[:n], BoolType) } else { n, err = getValue(b) token = newToken(TokenLit, b[:n], StringType) @@ -280,18 +262,33 @@ func newLitToken(b []rune) (Token, int, error) { } // IntValue returns an integer value -func (v Value) IntValue() int64 { - return v.integer +func (v Value) IntValue() (int64, bool) { + i, err := strconv.ParseInt(string(v.raw), 0, 64) + if err != nil { + return 0, false + } + return i, true } // FloatValue returns a float value -func (v Value) FloatValue() float64 { - return v.decimal +func (v Value) FloatValue() (float64, bool) { + f, err := strconv.ParseFloat(string(v.raw), 64) + if err != nil { + return 0, false + } + return f, true } // BoolValue returns a bool value -func (v Value) BoolValue() bool { - return v.boolean +func (v Value) BoolValue() (bool, bool) { + // we don't use ParseBool as it recognizes more than what we've + // historically supported + if isCaselessLitValue(runesTrue, v.raw) { + return true, true + } else if isCaselessLitValue(runesFalse, v.raw) { + return false, true + } + return false, false } func isTrimmable(r rune) bool { diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go index 081cf433424..1d08e138aba 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go @@ -145,17 +145,17 @@ func (t Section) ValueType(k string) (ValueType, bool) { } // Bool returns a bool value at k -func (t Section) Bool(k string) bool { +func (t Section) Bool(k string) (bool, bool) { return t.values[k].BoolValue() } // Int returns an integer value at k -func (t Section) Int(k string) int64 { +func (t Section) Int(k string) (int64, bool) { return t.values[k].IntValue() } // Float64 returns a float value at k -func (t Section) Float64(k string) float64 { +func (t Section) Float64(k string) (float64, bool) { return t.values[k].FloatValue() } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go index 1d273ff0ec6..ecc521f88f1 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go @@ -287,6 +287,10 @@ func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error) if tag.Get("location") != "header" || tag.Get("enum") == "" { return "", fmt.Errorf("%T is only supported with location header and enum shapes", value) } + if len(value) == 0 { + return "", errValueNotSet + } + buff := &bytes.Buffer{} for i, sv := range value { if sv == nil || len(*sv) == 0 { diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go index d756d8cc529..5366a646d9c 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go @@ -2,6 +2,7 @@ package restjson import ( "bytes" + "encoding/json" "io" "io/ioutil" "net/http" @@ -40,52 +41,30 @@ func (u *UnmarshalTypedError) UnmarshalError( resp *http.Response, respMeta protocol.ResponseMetadata, ) (error, error) { - - code := resp.Header.Get(errorTypeHeader) - msg := resp.Header.Get(errorMessageHeader) - - body := resp.Body - if len(code) == 0 { - // If unable to get code from HTTP headers have to parse JSON message - // to determine what kind of exception this will be. - var buf bytes.Buffer - var jsonErr jsonErrorResponse - teeReader := io.TeeReader(resp.Body, &buf) - err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader) - if err != nil { - return nil, err - } - - body = ioutil.NopCloser(&buf) - code = jsonErr.Code - msg = jsonErr.Message + code, msg, err := unmarshalErrorInfo(resp) + if err != nil { + return nil, err } - // If code has colon separators remove them so can compare against modeled - // exception names. - code = strings.SplitN(code, ":", 2)[0] - - if fn, ok := u.exceptions[code]; ok { - // If exception code is know, use associated constructor to get a value - // for the exception that the JSON body can be unmarshaled into. - v := fn(respMeta) - if err := jsonutil.UnmarshalJSONCaseInsensitive(v, body); err != nil { - return nil, err - } + fn, ok := u.exceptions[code] + if !ok { + return awserr.NewRequestFailure( + awserr.New(code, msg, nil), + respMeta.StatusCode, + respMeta.RequestID, + ), nil + } - if err := rest.UnmarshalResponse(resp, v, true); err != nil { - return nil, err - } + v := fn(respMeta) + if err := jsonutil.UnmarshalJSONCaseInsensitive(v, resp.Body); err != nil { + return nil, err + } - return v, nil + if err := rest.UnmarshalResponse(resp, v, true); err != nil { + return nil, err } - // fallback to unmodeled generic exceptions - return awserr.NewRequestFailure( - awserr.New(code, msg, nil), - respMeta.StatusCode, - respMeta.RequestID, - ), nil + return v, nil } // UnmarshalErrorHandler is a named request handler for unmarshaling restjson @@ -99,36 +78,80 @@ var UnmarshalErrorHandler = request.NamedHandler{ func UnmarshalError(r *request.Request) { defer r.HTTPResponse.Body.Close() - var jsonErr jsonErrorResponse - err := jsonutil.UnmarshalJSONError(&jsonErr, r.HTTPResponse.Body) + code, msg, err := unmarshalErrorInfo(r.HTTPResponse) if err != nil { r.Error = awserr.NewRequestFailure( - awserr.New(request.ErrCodeSerialization, - "failed to unmarshal response error", err), + awserr.New(request.ErrCodeSerialization, "failed to unmarshal response error", err), r.HTTPResponse.StatusCode, r.RequestID, ) return } - code := r.HTTPResponse.Header.Get(errorTypeHeader) - if code == "" { - code = jsonErr.Code - } - msg := r.HTTPResponse.Header.Get(errorMessageHeader) - if msg == "" { - msg = jsonErr.Message - } - - code = strings.SplitN(code, ":", 2)[0] r.Error = awserr.NewRequestFailure( - awserr.New(code, jsonErr.Message, nil), + awserr.New(code, msg, nil), r.HTTPResponse.StatusCode, r.RequestID, ) } type jsonErrorResponse struct { + Type string `json:"__type"` Code string `json:"code"` Message string `json:"message"` } + +func (j *jsonErrorResponse) SanitizedCode() string { + code := j.Code + if len(j.Type) > 0 { + code = j.Type + } + return sanitizeCode(code) +} + +// Remove superfluous components from a restJson error code. +// - If a : character is present, then take only the contents before the +// first : character in the value. +// - If a # character is present, then take only the contents after the first +// # character in the value. +// +// All of the following error values resolve to FooError: +// - FooError +// - FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/ +// - aws.protocoltests.restjson#FooError +// - aws.protocoltests.restjson#FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/ +func sanitizeCode(code string) string { + noColon := strings.SplitN(code, ":", 2)[0] + hashSplit := strings.SplitN(noColon, "#", 2) + return hashSplit[len(hashSplit)-1] +} + +// attempt to garner error details from the response, preferring header values +// when present +func unmarshalErrorInfo(resp *http.Response) (code string, msg string, err error) { + code = sanitizeCode(resp.Header.Get(errorTypeHeader)) + msg = resp.Header.Get(errorMessageHeader) + if len(code) > 0 && len(msg) > 0 { + return + } + + // a modeled error will have to be re-deserialized later, so the body must + // be preserved + var buf bytes.Buffer + tee := io.TeeReader(resp.Body, &buf) + defer func() { resp.Body = ioutil.NopCloser(&buf) }() + + var jsonErr jsonErrorResponse + if decodeErr := json.NewDecoder(tee).Decode(&jsonErr); decodeErr != nil && decodeErr != io.EOF { + err = awserr.NewUnmarshalError(decodeErr, "failed to decode response body", buf.Bytes()) + return + } + + if len(code) == 0 { + code = jsonErr.SanitizedCode() + } + if len(msg) == 0 { + msg = jsonErr.Message + } + return +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index ae8e2b716ec..ccc59011db5 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -683,15 +683,10 @@ func (c *EC2) AllocateAddressRequest(input *AllocateAddressInput) (req *request. // see Bring Your Own IP Addresses (BYOIP) (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) // in the Amazon Elastic Compute Cloud User Guide. // -// [EC2-VPC] If you release an Elastic IP address, you might be able to recover -// it. You cannot recover an Elastic IP address that you released after it is -// allocated to another Amazon Web Services account. You cannot recover an Elastic -// IP address for EC2-Classic. To attempt to recover an Elastic IP address that -// you released, specify it in this operation. -// -// An Elastic IP address is for use either in the EC2-Classic platform or in -// a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic -// per Region and 5 Elastic IP addresses for EC2-VPC per Region. +// If you release an Elastic IP address, you might be able to recover it. You +// cannot recover an Elastic IP address that you released after it is allocated +// to another Amazon Web Services account. To attempt to recover an Elastic +// IP address that you released, specify it in this operation. // // For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -700,10 +695,6 @@ func (c *EC2) AllocateAddressRequest(input *AllocateAddressInput) (req *request. // telecommunication carrier, to a network interface which resides in a subnet // in a Wavelength Zone (for example an EC2 instance). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -850,11 +841,17 @@ func (c *EC2) AllocateIpamPoolCidrRequest(input *AllocateIpamPoolCidrInput) (req // AllocateIpamPoolCidr API operation for Amazon Elastic Compute Cloud. // -// Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment -// from an IPAM pool to another IPAM pool or to a resource. For more information, -// see Allocate CIDRs (https://docs.aws.amazon.com/vpc/latest/ipam/allocate-cidrs-ipam.html) +// Allocate a CIDR from an IPAM pool. The Region you use should be the IPAM +// pool locale. The locale is the Amazon Web Services Region where this IPAM +// pool is available for allocations. +// +// In IPAM, an allocation is a CIDR assignment from an IPAM pool to another +// IPAM pool or to a resource. For more information, see Allocate CIDRs (https://docs.aws.amazon.com/vpc/latest/ipam/allocate-cidrs-ipam.html) // in the Amazon VPC IPAM User Guide. // +// This action creates an allocation with strong consistency. The returned CIDR +// will not overlap with any other allocations from the same pool. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1190,7 +1187,7 @@ func (c *EC2) AssignPrivateNatGatewayAddressRequest(input *AssignPrivateNatGatew // // Assigns one or more private IPv4 addresses to a private NAT gateway. For // more information, see Work with NAT gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-working-with) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1267,23 +1264,11 @@ func (c *EC2) AssociateAddressRequest(input *AssociateAddressInput) (req *reques // are in subnets in Wavelength Zones) with an instance or a network interface. // Before you can use an Elastic IP address, you must allocate it to your account. // -// An Elastic IP address is for use in either the EC2-Classic platform or in -// a VPC. For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) -// in the Amazon Elastic Compute Cloud User Guide. -// -// [EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is -// already associated with a different instance, it is disassociated from that -// instance and associated with the specified instance. If you associate an -// Elastic IP address with an instance that has an existing Elastic IP address, -// the existing address is disassociated from the instance, but remains allocated -// to your account. -// -// [VPC in an EC2-Classic account] If you don't specify a private IP address, -// the Elastic IP address is associated with the primary IP address. If the -// Elastic IP address is already associated with a different instance or a network -// interface, you get an error unless you allow reassociation. You cannot associate -// an Elastic IP address with an instance or network interface that has an existing -// Elastic IP address. +// If the Elastic IP address is already associated with a different instance, +// it is disassociated from that instance and associated with the specified +// instance. If you associate an Elastic IP address with an instance that has +// an existing Elastic IP address, the existing address is disassociated from +// the instance, but remains allocated to your account. // // [Subnets in Wavelength Zones] You can associate an IP address from the telecommunication // carrier to the instance or network interface. @@ -1296,10 +1281,6 @@ func (c *EC2) AssociateAddressRequest(input *AssociateAddressInput) (req *reques // the Elastic IP address is remapped to the same instance. For more information, // see the Elastic IP Addresses section of Amazon EC2 Pricing (http://aws.amazon.com/ec2/pricing/). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1466,7 +1447,7 @@ func (c *EC2) AssociateDhcpOptionsRequest(input *AssociateDhcpOptionsInput) (req // on the instance. // // For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1739,6 +1720,86 @@ func (c *EC2) AssociateInstanceEventWindowWithContext(ctx aws.Context, input *As return out, req.Send() } +const opAssociateIpamByoasn = "AssociateIpamByoasn" + +// AssociateIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the AssociateIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateIpamByoasn for more information on using the AssociateIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the AssociateIpamByoasnRequest method. +// req, resp := client.AssociateIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateIpamByoasn +func (c *EC2) AssociateIpamByoasnRequest(input *AssociateIpamByoasnInput) (req *request.Request, output *AssociateIpamByoasnOutput) { + op := &request.Operation{ + Name: opAssociateIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AssociateIpamByoasnInput{} + } + + output = &AssociateIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// AssociateIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Associates your Autonomous System Number (ASN) with a BYOIP CIDR that you +// own in the same Amazon Web Services Region. For more information, see Tutorial: +// Bring your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// After the association succeeds, the ASN is eligible for advertisement. You +// can view the association with DescribeByoipCidrs (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeByoipCidrs.html). +// You can advertise the CIDR with AdvertiseByoipCidr (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AdvertiseByoipCidr.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AssociateIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateIpamByoasn +func (c *EC2) AssociateIpamByoasn(input *AssociateIpamByoasnInput) (*AssociateIpamByoasnOutput, error) { + req, out := c.AssociateIpamByoasnRequest(input) + return out, req.Send() +} + +// AssociateIpamByoasnWithContext is the same as AssociateIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AssociateIpamByoasnWithContext(ctx aws.Context, input *AssociateIpamByoasnInput, opts ...request.Option) (*AssociateIpamByoasnOutput, error) { + req, out := c.AssociateIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAssociateIpamResourceDiscovery = "AssociateIpamResourceDiscovery" // AssociateIpamResourceDiscoveryRequest generates a "aws/request.Request" representing the @@ -1859,12 +1920,22 @@ func (c *EC2) AssociateNatGatewayAddressRequest(input *AssociateNatGatewayAddres // // Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a // public NAT gateway. For more information, see Work with NAT gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-working-with) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // By default, you can associate up to 2 Elastic IP addresses per public NAT // gateway. You can increase the limit by requesting a quota adjustment. For // more information, see Elastic IP address quotas (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-eips) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. +// +// When you associate an EIP or secondary EIPs with a public NAT gateway, the +// network border group of the EIPs must match the network border group of the +// Availability Zone (AZ) that the public NAT gateway is in. If it's not the +// same, the EIP will fail to associate. You can see the network border group +// for the subnet's AZ by viewing the details of the subnet. Similarly, you +// can view the network border group of an EIP by viewing the details of the +// EIP address. For more information about network border groups and EIPs, see +// Allocate an Elastic IP address (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#allocate-eip) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1945,7 +2016,7 @@ func (c *EC2) AssociateRouteTableRequest(input *AssociateRouteTableInput) (req * // with multiple subnets. // // For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2019,8 +2090,7 @@ func (c *EC2) AssociateSubnetCidrBlockRequest(input *AssociateSubnetCidrBlockInp // AssociateSubnetCidrBlock API operation for Amazon Elastic Compute Cloud. // // Associates a CIDR block with your subnet. You can only associate a single -// IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length -// of /64. +// IPv6 CIDR block with your subnet. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2319,9 +2389,6 @@ func (c *EC2) AssociateTrunkInterfaceRequest(input *AssociateTrunkInterfaceInput // AssociateTrunkInterface API operation for Amazon Elastic Compute Cloud. // -// This API action is currently in limited preview only. If you are interested -// in using this feature, contact your account manager. -// // Associates a branch network interface with a trunk network interface. // // Before you create the association, run the create-network-interface (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) @@ -2404,14 +2471,13 @@ func (c *EC2) AssociateVpcCidrBlockRequest(input *AssociateVpcCidrBlockInput) (r // CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from // an IPv6 address pool that you provisioned through bring your own IP addresses // (BYOIP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). -// The IPv6 CIDR block size is fixed at /56. // // You must specify one of the following in the request: an IPv4 CIDR block, // an IPv6 pool, or an Amazon-provided IPv6 CIDR block. // // For more information about associating CIDR blocks with your VPC and applicable -// restrictions, see VPC and subnet sizing (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing) -// in the Amazon Virtual Private Cloud User Guide. +// restrictions, see IP addressing for your VPCs and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2484,12 +2550,10 @@ func (c *EC2) AttachClassicLinkVpcRequest(input *AttachClassicLinkVpcInput) (req // AttachClassicLinkVpc API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or -// more of the VPC's security groups. You cannot link an EC2-Classic instance +// more of the VPC security groups. You cannot link an EC2-Classic instance // to more than one VPC at a time. You can only link an instance that's in the // running state. An instance is automatically unlinked from a VPC when it's // stopped - you can link it to the VPC again when you restart it. @@ -2574,9 +2638,9 @@ func (c *EC2) AttachInternetGatewayRequest(input *AttachInternetGatewayInput) (r // AttachInternetGateway API operation for Amazon Elastic Compute Cloud. // // Attaches an internet gateway or a virtual private gateway to a VPC, enabling -// connectivity between the internet and the VPC. For more information about -// your VPC and internet gateway, see the Amazon Virtual Private Cloud User -// Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). +// connectivity between the internet and the VPC. For more information, see +// Internet gateways (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2722,9 +2786,8 @@ func (c *EC2) AttachVerifiedAccessTrustProviderRequest(input *AttachVerifiedAcce // AttachVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. // -// A trust provider is a third-party entity that creates, maintains, and manages -// identity information for users and devices. One or more trust providers can -// be attached to an Amazon Web Services Verified Access instance. +// Attaches the specified Amazon Web Services Verified Access trust provider +// to the specified Amazon Web Services Verified Access instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3047,8 +3110,8 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // AuthorizeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Adds the specified outbound (egress) rules to a security group -// for use with a VPC. +// Adds the specified outbound (egress) rules to a security group for use with +// a VPC. // // An outbound rule permits instances to send traffic to the specified IPv4 // or IPv6 CIDR address ranges, or to the instances that are associated with @@ -3066,6 +3129,11 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // // For information about VPC security group quotas, see Amazon VPC quotas (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // +// If you want to reference a security group across VPCs attached to a transit +// gateway using the security group referencing feature (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw), +// note that you can only reference security groups for ingress rules. You cannot +// reference a security group for egress rules. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3156,10 +3224,6 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup // For more information about VPC security group quotas, see Amazon VPC quotas // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5062,9 +5126,9 @@ func (c *EC2) CreateDefaultSubnetRequest(input *CreateDefaultSubnetInput) (req * // // Creates a default subnet with a size /20 IPv4 CIDR block in the specified // Availability Zone in your default VPC. You can have only one default subnet -// per Availability Zone. For more information, see Creating a default subnet +// per Availability Zone. For more information, see Create a default subnet // (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5139,22 +5203,13 @@ func (c *EC2) CreateDefaultVpcRequest(input *CreateDefaultVpcInput) (req *reques // // Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet // in each Availability Zone. For more information about the components of a -// default VPC, see Default VPC and default subnets (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) -// in the Amazon Virtual Private Cloud User Guide. You cannot specify the components -// of the default VPC yourself. +// default VPC, see Default VPCs (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) +// in the Amazon VPC User Guide. You cannot specify the components of the default +// VPC yourself. // // If you deleted your previous default VPC, you can create a default VPC. You // cannot have more than one default VPC per Region. // -// If your account supports EC2-Classic, you cannot use this action to create -// a default VPC in a Region that supports EC2-Classic. If you want a default -// VPC in a Region that supports EC2-Classic, see "I really want a default VPC -// for my existing EC2 account. Is that possible?" in the Default VPCs FAQ (http://aws.amazon.com/vpc/faqs/#Default_VPCs). -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5264,7 +5319,7 @@ func (c *EC2) CreateDhcpOptionsRequest(input *CreateDhcpOptionsInput) (req *requ // of options, and if your VPC has an internet gateway, make sure to set the // domain-name-servers option either to AmazonProvidedDNS or to a domain name // server of your choice. For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5413,10 +5468,12 @@ func (c *EC2) CreateFleetRequest(input *CreateFleetInput) (req *request.Request, // CreateFleet API operation for Amazon Elastic Compute Cloud. // -// Launches an EC2 Fleet. +// Creates an EC2 Fleet that contains the configuration information for On-Demand +// Instances and Spot Instances. Instances are launched immediately if there +// is available capacity. // -// You can create a single EC2 Fleet that includes multiple launch specifications -// that vary by instance type, AMI, Availability Zone, or subnet. +// A single EC2 Fleet can include multiple launch specifications that vary by +// instance type, AMI, Availability Zone, or subnet. // // For more information, see EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html) // in the Amazon EC2 User Guide. @@ -5664,16 +5721,6 @@ func (c *EC2) CreateImageRequest(input *CreateImageInput) (req *request.Request, // Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that // is either running or stopped. // -// By default, when Amazon EC2 creates the new AMI, it reboots the instance -// so that it can take snapshots of the attached volumes while data is at rest, -// in order to ensure a consistent state. You can set the NoReboot parameter -// to true in the API request, or use the --no-reboot option in the CLI to prevent -// Amazon EC2 from shutting down and rebooting the instance. -// -// If you choose to bypass the shutdown and reboot process by setting the NoReboot -// parameter to true in the API request, or by using the --no-reboot option -// in the CLI, we can't guarantee the file system integrity of the created image. -// // If you customized your instance with instance store volumes or Amazon EBS // volumes in addition to the root device volume, the new AMI contains block // device mapping information for those volumes. When you launch an instance @@ -5711,6 +5758,85 @@ func (c *EC2) CreateImageWithContext(ctx aws.Context, input *CreateImageInput, o return out, req.Send() } +const opCreateInstanceConnectEndpoint = "CreateInstanceConnectEndpoint" + +// CreateInstanceConnectEndpointRequest generates a "aws/request.Request" representing the +// client's request for the CreateInstanceConnectEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateInstanceConnectEndpoint for more information on using the CreateInstanceConnectEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateInstanceConnectEndpointRequest method. +// req, resp := client.CreateInstanceConnectEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInstanceConnectEndpoint +func (c *EC2) CreateInstanceConnectEndpointRequest(input *CreateInstanceConnectEndpointInput) (req *request.Request, output *CreateInstanceConnectEndpointOutput) { + op := &request.Operation{ + Name: opCreateInstanceConnectEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateInstanceConnectEndpointInput{} + } + + output = &CreateInstanceConnectEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateInstanceConnectEndpoint API operation for Amazon Elastic Compute Cloud. +// +// Creates an EC2 Instance Connect Endpoint. +// +// An EC2 Instance Connect Endpoint allows you to connect to an instance, without +// requiring the instance to have a public IPv4 address. For more information, +// see Connect to your instances without requiring a public IPv4 address using +// EC2 Instance Connect Endpoint (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateInstanceConnectEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInstanceConnectEndpoint +func (c *EC2) CreateInstanceConnectEndpoint(input *CreateInstanceConnectEndpointInput) (*CreateInstanceConnectEndpointOutput, error) { + req, out := c.CreateInstanceConnectEndpointRequest(input) + return out, req.Send() +} + +// CreateInstanceConnectEndpointWithContext is the same as CreateInstanceConnectEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See CreateInstanceConnectEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateInstanceConnectEndpointWithContext(ctx aws.Context, input *CreateInstanceConnectEndpointInput, opts ...request.Option) (*CreateInstanceConnectEndpointOutput, error) { + req, out := c.CreateInstanceConnectEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateInstanceEventWindow = "CreateInstanceEventWindow" // CreateInstanceEventWindowRequest generates a "aws/request.Request" representing the @@ -5852,10 +5978,11 @@ func (c *EC2) CreateInstanceExportTaskRequest(input *CreateInstanceExportTaskInp // // Exports a running or stopped instance to an Amazon S3 bucket. // -// For information about the supported operating systems, image formats, and -// known limitations for the types of instances you can export, see Exporting -// an instance as a VM Using VM Import/Export (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) -// in the VM Import/Export User Guide. +// For information about the prerequisites for your Amazon S3 bucket, supported +// operating systems, image formats, and known limitations for the types of +// instances you can export, see Exporting an instance as a VM Using VM Import/Export +// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) in +// the VM Import/Export User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5931,8 +6058,8 @@ func (c *EC2) CreateInternetGatewayRequest(input *CreateInternetGatewayInput) (r // Creates an internet gateway for use with a VPC. After creating the internet // gateway, you attach it to a VPC using AttachInternetGateway. // -// For more information about your VPC and internet gateway, see the Amazon -// Virtual Private Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). +// For more information, see Internet gateways (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6964,7 +7091,17 @@ func (c *EC2) CreateNatGatewayRequest(input *CreateNatGatewayInput) (req *reques // overlapping networks. // // For more information, see NAT gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. +// +// When you create a public NAT gateway and assign it an EIP or secondary EIPs, +// the network border group of the EIPs must match the network border group +// of the Availability Zone (AZ) that the public NAT gateway is in. If it's +// not the same, the NAT gateway will fail to launch. You can see the network +// border group for the subnet's AZ by viewing the details of the subnet. Similarly, +// you can view the network border group of an EIP by viewing the details of +// the EIP address. For more information about network border groups and EIPs, +// see Allocate an Elastic IP address (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#allocate-eip) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7040,8 +7177,8 @@ func (c *EC2) CreateNetworkAclRequest(input *CreateNetworkAclInput) (req *reques // Creates a network ACL in a VPC. Network ACLs provide an optional layer of // security (in addition to security groups) for the instances in your VPC. // -// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7130,8 +7267,8 @@ func (c *EC2) CreateNetworkAclEntryRequest(input *CreateNetworkAclEntryInput) (r // After you add an entry, you can't modify it; you must either replace it, // or create an entry and delete the old one. // -// For more information about network ACLs, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information about network ACLs, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7286,7 +7423,7 @@ func (c *EC2) CreateNetworkInsightsPathRequest(input *CreateNetworkInsightsPathI // // Reachability Analyzer enables you to analyze and debug network reachability // between two resources in your virtual private cloud (VPC). For more information, -// see What is Reachability Analyzer (https://docs.aws.amazon.com/vpc/latest/reachability/). +// see the Reachability Analyzer Guide (https://docs.aws.amazon.com/vpc/latest/reachability/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7952,7 +8089,7 @@ func (c *EC2) CreateRouteRequest(input *CreateRouteInput) (req *request.Request, // more specific, so we use that route to determine where to target the traffic. // // For more information about route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8029,7 +8166,7 @@ func (c *EC2) CreateRouteTableRequest(input *CreateRouteTableInput) (req *reques // you can add routes and associate the table with a subnet. // // For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8112,16 +8249,13 @@ func (c *EC2) CreateSecurityGroupRequest(input *CreateSecurityGroupInput) (req * // in the Amazon Virtual Private Cloud User Guide. // // When you create a security group, you specify a friendly name of your choice. -// You can have a security group for use in EC2-Classic with the same name as -// a security group for use in a VPC. However, you can't have two security groups -// for use in EC2-Classic with the same name or two security groups for use -// in a VPC with the same name. +// You can't have two security groups for the same VPC with the same name. // -// You have a default security group for use in EC2-Classic and a default security -// group for use in your VPC. If you don't specify a security group when you -// launch an instance, the instance is launched into the appropriate default -// security group. A default security group includes a default rule that grants -// instances unrestricted network access to each other. +// You have a default security group for use in your VPC. If you don't specify +// a security group when you launch an instance, the instance is launched into +// the appropriate default security group. A default security group includes +// a default rule that grants instances unrestricted network access to each +// other. // // You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, // AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress. @@ -8129,10 +8263,6 @@ func (c *EC2) CreateSecurityGroupRequest(input *CreateSecurityGroupInput) (req * // For more information about VPC security group limits, see Amazon VPC Limits // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8228,8 +8358,8 @@ func (c *EC2) CreateSnapshotRequest(input *CreateSnapshotInput) (req *request.Re // snapshot. You may remount and use your volume while the snapshot status is // pending. // -// To create a snapshot for Amazon EBS volumes that serve as root devices, you -// should stop the instance before taking the snapshot. +// When you create a snapshot for an EBS volume that serves as a root device, +// we recommend that you stop the instance before taking the snapshot. // // Snapshots that are taken from encrypted volumes are automatically encrypted. // Volumes that are created from encrypted snapshots are also automatically @@ -8571,8 +8701,7 @@ func (c *EC2) CreateSubnetRequest(input *CreateSubnetInput) (req *request.Reques // not available for your use. // // If you've associated an IPv6 CIDR block with your VPC, you can associate -// an IPv6 CIDR block with a subnet when you create it. The allowed block size -// for an IPv6 subnet is a /64 netmask. +// an IPv6 CIDR block with a subnet when you create it. // // If you add more than one subnet to a VPC, they're set up in a star topology // with a logical router in the middle. @@ -8582,7 +8711,7 @@ func (c *EC2) CreateSubnetRequest(input *CreateSubnetInput) (req *request.Reques // all stopped), but no remaining IP addresses available. // // For more information, see Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8655,9 +8784,11 @@ func (c *EC2) CreateSubnetCidrReservationRequest(input *CreateSubnetCidrReservat // CreateSubnetCidrReservation API operation for Amazon Elastic Compute Cloud. // -// Creates a subnet CIDR reservation. For information about subnet CIDR reservations, -// see Subnet CIDR reservations (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html) -// in the Amazon Virtual Private Cloud User Guide. +// Creates a subnet CIDR reservation. For more information, see Subnet CIDR +// reservations (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html) +// in the Amazon Virtual Private Cloud User Guide and Assign prefixes to network +// interfaces (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) +// in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10067,10 +10198,9 @@ func (c *EC2) CreateVerifiedAccessGroupRequest(input *CreateVerifiedAccessGroupI // // An Amazon Web Services Verified Access group is a collection of Amazon Web // Services Verified Access endpoints who's associated applications have similar -// security requirements. Each instance within an Amazon Web Services Verified -// Access group shares an Amazon Web Services Verified Access policy. For example, -// you can group all Amazon Web Services Verified Access instances associated -// with “sales” applications together and use one common Amazon Web Services +// security requirements. Each instance within a Verified Access group shares +// an Verified Access policy. For example, you can group all Verified Access +// instances associated with "sales" applications together and use one common // Verified Access policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -10221,9 +10351,8 @@ func (c *EC2) CreateVerifiedAccessTrustProviderRequest(input *CreateVerifiedAcce // // A trust provider is a third-party entity that creates, maintains, and manages // identity information for users and devices. When an application request is -// made, the identity information sent by the trust provider will be evaluated -// by Amazon Web Services Verified Access, before allowing or denying the application -// request. +// made, the identity information sent by the trust provider is evaluated by +// Verified Access before allowing or denying the application request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10387,24 +10516,24 @@ func (c *EC2) CreateVpcRequest(input *CreateVpcInput) (req *request.Request, out // CreateVpc API operation for Amazon Elastic Compute Cloud. // -// Creates a VPC with the specified CIDR blocks. For more information, see VPC -// CIDR blocks (https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html#vpc-cidr-blocks) -// in the Amazon Virtual Private Cloud User Guide. +// Creates a VPC with the specified CIDR blocks. For more information, see IP +// addressing for your VPCs and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html) +// in the Amazon VPC User Guide. // // You can optionally request an IPv6 CIDR block for the VPC. You can request -// an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, -// or an IPv6 CIDR block from an IPv6 address pool that you provisioned through +// an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses or +// an IPv6 CIDR block from an IPv6 address pool that you provisioned through // bring your own IP addresses (BYOIP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). // // By default, each instance that you launch in the VPC has the default DHCP // options, which include only a default DNS server that we provide (AmazonProvidedDNS). // For more information, see DHCP option sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // You can specify the instance tenancy value for the VPC when you create it. // You can't change this value for the VPC after you create it. For more information, // see Dedicated Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10477,11 +10606,11 @@ func (c *EC2) CreateVpcEndpointRequest(input *CreateVpcEndpointInput) (req *requ // CreateVpcEndpoint API operation for Amazon Elastic Compute Cloud. // -// Creates a VPC endpoint for a specified service. An endpoint enables you to -// create a private connection between your VPC and the service. The service -// may be provided by Amazon Web Services, an Amazon Web Services Marketplace +// Creates a VPC endpoint. A VPC endpoint provides a private connection between +// the specified VPC and the specified endpoint service. You can use an endpoint +// service provided by Amazon Web Services, an Amazon Web Services Marketplace // Partner, or another Amazon Web Services account. For more information, see -// the Amazon Web Services PrivateLink Guide (https://docs.aws.amazon.com/vpc/latest/privatelink/). +// the Amazon Web Services PrivateLink User Guide (https://docs.aws.amazon.com/vpc/latest/privatelink/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11858,6 +11987,79 @@ func (c *EC2) DeleteFpgaImageWithContext(ctx aws.Context, input *DeleteFpgaImage return out, req.Send() } +const opDeleteInstanceConnectEndpoint = "DeleteInstanceConnectEndpoint" + +// DeleteInstanceConnectEndpointRequest generates a "aws/request.Request" representing the +// client's request for the DeleteInstanceConnectEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteInstanceConnectEndpoint for more information on using the DeleteInstanceConnectEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteInstanceConnectEndpointRequest method. +// req, resp := client.DeleteInstanceConnectEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteInstanceConnectEndpoint +func (c *EC2) DeleteInstanceConnectEndpointRequest(input *DeleteInstanceConnectEndpointInput) (req *request.Request, output *DeleteInstanceConnectEndpointOutput) { + op := &request.Operation{ + Name: opDeleteInstanceConnectEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteInstanceConnectEndpointInput{} + } + + output = &DeleteInstanceConnectEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteInstanceConnectEndpoint API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified EC2 Instance Connect Endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteInstanceConnectEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteInstanceConnectEndpoint +func (c *EC2) DeleteInstanceConnectEndpoint(input *DeleteInstanceConnectEndpointInput) (*DeleteInstanceConnectEndpointOutput, error) { + req, out := c.DeleteInstanceConnectEndpointRequest(input) + return out, req.Send() +} + +// DeleteInstanceConnectEndpointWithContext is the same as DeleteInstanceConnectEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteInstanceConnectEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteInstanceConnectEndpointWithContext(ctx aws.Context, input *DeleteInstanceConnectEndpointInput, opts ...request.Option) (*DeleteInstanceConnectEndpointOutput, error) { + req, out := c.DeleteInstanceConnectEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteInstanceEventWindow = "DeleteInstanceEventWindow" // DeleteInstanceEventWindowRequest generates a "aws/request.Request" representing the @@ -12355,7 +12557,6 @@ func (c *EC2) DeleteKeyPairRequest(input *DeleteKeyPairInput) (req *request.Requ output = &DeleteKeyPairOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -12508,10 +12709,19 @@ func (c *EC2) DeleteLaunchTemplateVersionsRequest(input *DeleteLaunchTemplateVer // DeleteLaunchTemplateVersions API operation for Amazon Elastic Compute Cloud. // -// Deletes one or more versions of a launch template. You cannot delete the -// default version of a launch template; you must first assign a different version -// as the default. If the default version is the only version for the launch -// template, you must delete the entire launch template using DeleteLaunchTemplate. +// Deletes one or more versions of a launch template. +// +// You can't delete the default version of a launch template; you must first +// assign a different version as the default. If the default version is the +// only version for the launch template, you must delete the entire launch template +// using DeleteLaunchTemplate. +// +// You can delete up to 200 launch template versions in a single request. To +// delete more than 200 versions in a single request, use DeleteLaunchTemplate, +// which deletes the launch template and all of its versions. +// +// For more information, see Delete a launch template version (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-launch-template-versions.html#delete-launch-template-version) +// in the EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13998,13 +14208,9 @@ func (c *EC2) DeleteSecurityGroupRequest(input *DeleteSecurityGroupInput) (req * // // Deletes a security group. // -// If you attempt to delete a security group that is associated with an instance, -// or is referenced by another security group, the operation fails with InvalidGroup.InUse -// in EC2-Classic or DependencyViolation in EC2-VPC. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// If you attempt to delete a security group that is associated with an instance +// or network interface or is referenced by another security group, the operation +// fails with DependencyViolation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -15947,7 +16153,9 @@ func (c *EC2) DeleteVpcRequest(input *DeleteVpcInput) (req *request.Request, out // that are associated with the VPC before you can delete it. For example, you // must terminate all instances running in the VPC, delete all security groups // associated with the VPC (except the default one), delete all route tables -// associated with the VPC (except the default one), and so on. +// associated with the VPC (except the default one), and so on. When you delete +// the VPC, it deletes the VPC's default security group, network ACL, and route +// table. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16255,7 +16463,7 @@ func (c *EC2) DeleteVpcPeeringConnectionRequest(input *DeleteVpcPeeringConnectio // the owner of the accepter VPC can delete the VPC peering connection if it's // in the active state. The owner of the requester VPC can delete a VPC peering // connection in the pending-acceptance state. You cannot delete a VPC peering -// connection that's in the failed state. +// connection that's in the failed or rejected state. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16605,6 +16813,84 @@ func (c *EC2) DeprovisionByoipCidrWithContext(ctx aws.Context, input *Deprovisio return out, req.Send() } +const opDeprovisionIpamByoasn = "DeprovisionIpamByoasn" + +// DeprovisionIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the DeprovisionIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeprovisionIpamByoasn for more information on using the DeprovisionIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeprovisionIpamByoasnRequest method. +// req, resp := client.DeprovisionIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeprovisionIpamByoasn +func (c *EC2) DeprovisionIpamByoasnRequest(input *DeprovisionIpamByoasnInput) (req *request.Request, output *DeprovisionIpamByoasnOutput) { + op := &request.Operation{ + Name: opDeprovisionIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeprovisionIpamByoasnInput{} + } + + output = &DeprovisionIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeprovisionIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Deprovisions your Autonomous System Number (ASN) from your Amazon Web Services +// account. This action can only be called after any BYOIP CIDR associations +// are removed from your Amazon Web Services account with DisassociateIpamByoasn +// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIpamByoasn.html). +// For more information, see Tutorial: Bring your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeprovisionIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeprovisionIpamByoasn +func (c *EC2) DeprovisionIpamByoasn(input *DeprovisionIpamByoasnInput) (*DeprovisionIpamByoasnOutput, error) { + req, out := c.DeprovisionIpamByoasnRequest(input) + return out, req.Send() +} + +// DeprovisionIpamByoasnWithContext is the same as DeprovisionIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See DeprovisionIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeprovisionIpamByoasnWithContext(ctx aws.Context, input *DeprovisionIpamByoasnInput, opts ...request.Option) (*DeprovisionIpamByoasnOutput, error) { + req, out := c.DeprovisionIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeprovisionIpamPoolCidr = "DeprovisionIpamPoolCidr" // DeprovisionIpamPoolCidrRequest generates a "aws/request.Request" representing the @@ -17111,9 +17397,6 @@ func (c *EC2) DescribeAccountAttributesRequest(input *DescribeAccountAttributesI // Describes attributes of your Amazon Web Services account. The following are // the supported account attributes: // -// - supported-platforms: Indicates whether your account can launch instances -// into EC2-Classic and EC2-VPC, or only into EC2-VPC. -// // - default-vpc: The ID of the default VPC for your account, or none. // // - max-instances: This attribute is no longer supported. The returned value @@ -17121,19 +17404,16 @@ func (c *EC2) DescribeAccountAttributesRequest(input *DescribeAccountAttributesI // For more information, see On-Demand Instance Limits (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits) // in the Amazon Elastic Compute Cloud User Guide. // -// - vpc-max-security-groups-per-interface: The maximum number of security -// groups that you can assign to a network interface. -// // - max-elastic-ips: The maximum number of Elastic IP addresses that you -// can allocate for use with EC2-Classic. +// can allocate. +// +// - supported-platforms: This attribute is deprecated. // // - vpc-max-elastic-ips: The maximum number of Elastic IP addresses that -// you can allocate for use with EC2-VPC. +// you can allocate. // -// We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate -// from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic -// to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon EC2 User Guide. +// - vpc-max-security-groups-per-interface: The maximum number of security +// groups that you can assign to a network interface. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -17216,6 +17496,15 @@ func (c *EC2) DescribeAddressTransfersRequest(input *DescribeAddressTransfersInp // Elastic IP addresses (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro) // in the Amazon Virtual Private Cloud User Guide. // +// When you transfer an Elastic IP address, there is a two-step handshake between +// the source and transfer Amazon Web Services accounts. When the source account +// starts the transfer, the transfer account has seven days to accept the Elastic +// IP address transfer. During those seven days, the source account can view +// the pending transfer by using this action. After seven days, the transfer +// expires and ownership of the Elastic IP address returns to the source account. +// Accepted transfers are visible to the source account for three days after +// the transfers have been accepted. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -17340,14 +17629,6 @@ func (c *EC2) DescribeAddressesRequest(input *DescribeAddressesInput) (req *requ // // Describes the specified Elastic IP addresses or all of your Elastic IP addresses. // -// An Elastic IP address is for use in either the EC2-Classic platform or in -// a VPC. For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) -// in the Amazon Elastic Compute Cloud User Guide. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -18014,6 +18295,137 @@ func (c *EC2) DescribeByoipCidrsPagesWithContext(ctx aws.Context, input *Describ return p.Err() } +const opDescribeCapacityBlockOfferings = "DescribeCapacityBlockOfferings" + +// DescribeCapacityBlockOfferingsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeCapacityBlockOfferings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeCapacityBlockOfferings for more information on using the DescribeCapacityBlockOfferings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeCapacityBlockOfferingsRequest method. +// req, resp := client.DescribeCapacityBlockOfferingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeCapacityBlockOfferings +func (c *EC2) DescribeCapacityBlockOfferingsRequest(input *DescribeCapacityBlockOfferingsInput) (req *request.Request, output *DescribeCapacityBlockOfferingsOutput) { + op := &request.Operation{ + Name: opDescribeCapacityBlockOfferings, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeCapacityBlockOfferingsInput{} + } + + output = &DescribeCapacityBlockOfferingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeCapacityBlockOfferings API operation for Amazon Elastic Compute Cloud. +// +// Describes Capacity Block offerings available for purchase. With Capacity +// Blocks, you purchase a specific instance type for a period of time. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeCapacityBlockOfferings for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeCapacityBlockOfferings +func (c *EC2) DescribeCapacityBlockOfferings(input *DescribeCapacityBlockOfferingsInput) (*DescribeCapacityBlockOfferingsOutput, error) { + req, out := c.DescribeCapacityBlockOfferingsRequest(input) + return out, req.Send() +} + +// DescribeCapacityBlockOfferingsWithContext is the same as DescribeCapacityBlockOfferings with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeCapacityBlockOfferings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeCapacityBlockOfferingsWithContext(ctx aws.Context, input *DescribeCapacityBlockOfferingsInput, opts ...request.Option) (*DescribeCapacityBlockOfferingsOutput, error) { + req, out := c.DescribeCapacityBlockOfferingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeCapacityBlockOfferingsPages iterates over the pages of a DescribeCapacityBlockOfferings operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeCapacityBlockOfferings method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeCapacityBlockOfferings operation. +// pageNum := 0 +// err := client.DescribeCapacityBlockOfferingsPages(params, +// func(page *ec2.DescribeCapacityBlockOfferingsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeCapacityBlockOfferingsPages(input *DescribeCapacityBlockOfferingsInput, fn func(*DescribeCapacityBlockOfferingsOutput, bool) bool) error { + return c.DescribeCapacityBlockOfferingsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeCapacityBlockOfferingsPagesWithContext same as DescribeCapacityBlockOfferingsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeCapacityBlockOfferingsPagesWithContext(ctx aws.Context, input *DescribeCapacityBlockOfferingsInput, fn func(*DescribeCapacityBlockOfferingsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeCapacityBlockOfferingsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeCapacityBlockOfferingsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeCapacityBlockOfferingsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeCapacityReservationFleets = "DescribeCapacityReservationFleets" // DescribeCapacityReservationFleetsRequest generates a "aws/request.Request" representing the @@ -18455,15 +18867,13 @@ func (c *EC2) DescribeClassicLinkInstancesRequest(input *DescribeClassicLinkInst // DescribeClassicLinkInstances API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Describes one or more of your linked EC2-Classic instances. This request // only returns information about EC2-Classic instances linked to a VPC through // ClassicLink. You cannot use this request to return information about other // instances. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -19530,7 +19940,7 @@ func (c *EC2) DescribeDhcpOptionsRequest(input *DescribeDhcpOptionsInput) (req * // Describes one or more of your DHCP options sets. // // For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -20069,7 +20479,7 @@ func (c *EC2) DescribeFastLaunchImagesRequest(input *DescribeFastLaunchImagesInp // DescribeFastLaunchImages API operation for Amazon Elastic Compute Cloud. // -// Describe details for Windows AMIs that are configured for faster launching. +// Describe details for Windows AMIs that are configured for Windows fast launch. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -22173,6 +22583,137 @@ func (c *EC2) DescribeInstanceAttributeWithContext(ctx aws.Context, input *Descr return out, req.Send() } +const opDescribeInstanceConnectEndpoints = "DescribeInstanceConnectEndpoints" + +// DescribeInstanceConnectEndpointsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeInstanceConnectEndpoints operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeInstanceConnectEndpoints for more information on using the DescribeInstanceConnectEndpoints +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeInstanceConnectEndpointsRequest method. +// req, resp := client.DescribeInstanceConnectEndpointsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceConnectEndpoints +func (c *EC2) DescribeInstanceConnectEndpointsRequest(input *DescribeInstanceConnectEndpointsInput) (req *request.Request, output *DescribeInstanceConnectEndpointsOutput) { + op := &request.Operation{ + Name: opDescribeInstanceConnectEndpoints, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeInstanceConnectEndpointsInput{} + } + + output = &DescribeInstanceConnectEndpointsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeInstanceConnectEndpoints API operation for Amazon Elastic Compute Cloud. +// +// Describes the specified EC2 Instance Connect Endpoints or all EC2 Instance +// Connect Endpoints. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeInstanceConnectEndpoints for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceConnectEndpoints +func (c *EC2) DescribeInstanceConnectEndpoints(input *DescribeInstanceConnectEndpointsInput) (*DescribeInstanceConnectEndpointsOutput, error) { + req, out := c.DescribeInstanceConnectEndpointsRequest(input) + return out, req.Send() +} + +// DescribeInstanceConnectEndpointsWithContext is the same as DescribeInstanceConnectEndpoints with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeInstanceConnectEndpoints for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceConnectEndpointsWithContext(ctx aws.Context, input *DescribeInstanceConnectEndpointsInput, opts ...request.Option) (*DescribeInstanceConnectEndpointsOutput, error) { + req, out := c.DescribeInstanceConnectEndpointsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeInstanceConnectEndpointsPages iterates over the pages of a DescribeInstanceConnectEndpoints operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeInstanceConnectEndpoints method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeInstanceConnectEndpoints operation. +// pageNum := 0 +// err := client.DescribeInstanceConnectEndpointsPages(params, +// func(page *ec2.DescribeInstanceConnectEndpointsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeInstanceConnectEndpointsPages(input *DescribeInstanceConnectEndpointsInput, fn func(*DescribeInstanceConnectEndpointsOutput, bool) bool) error { + return c.DescribeInstanceConnectEndpointsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeInstanceConnectEndpointsPagesWithContext same as DescribeInstanceConnectEndpointsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceConnectEndpointsPagesWithContext(ctx aws.Context, input *DescribeInstanceConnectEndpointsInput, fn func(*DescribeInstanceConnectEndpointsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeInstanceConnectEndpointsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeInstanceConnectEndpointsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeInstanceConnectEndpointsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeInstanceCreditSpecifications = "DescribeInstanceCreditSpecifications" // DescribeInstanceCreditSpecificationsRequest generates a "aws/request.Request" representing the @@ -22691,6 +23232,151 @@ func (c *EC2) DescribeInstanceStatusPagesWithContext(ctx aws.Context, input *Des return p.Err() } +const opDescribeInstanceTopology = "DescribeInstanceTopology" + +// DescribeInstanceTopologyRequest generates a "aws/request.Request" representing the +// client's request for the DescribeInstanceTopology operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeInstanceTopology for more information on using the DescribeInstanceTopology +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeInstanceTopologyRequest method. +// req, resp := client.DescribeInstanceTopologyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceTopology +func (c *EC2) DescribeInstanceTopologyRequest(input *DescribeInstanceTopologyInput) (req *request.Request, output *DescribeInstanceTopologyOutput) { + op := &request.Operation{ + Name: opDescribeInstanceTopology, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeInstanceTopologyInput{} + } + + output = &DescribeInstanceTopologyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeInstanceTopology API operation for Amazon Elastic Compute Cloud. +// +// Describes a tree-based hierarchy that represents the physical host placement +// of your EC2 instances within an Availability Zone or Local Zone. You can +// use this information to determine the relative proximity of your EC2 instances +// within the Amazon Web Services network to support your tightly coupled workloads. +// +// Limitations +// +// - Supported zones Availability Zone Local Zone +// +// - Supported instance types hpc6a.48xlarge | hpc6id.32xlarge | hpc7a.12xlarge +// | hpc7a.24xlarge | hpc7a.48xlarge | hpc7a.96xlarge | hpc7g.4xlarge | hpc7g.8xlarge +// | hpc7g.16xlarge p3dn.24xlarge | p4d.24xlarge | p4de.24xlarge | p5.48xlarge +// trn1.2xlarge | trn1.32xlarge | trn1n.32xlarge +// +// For more information, see Amazon EC2 instance topology (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-topology.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeInstanceTopology for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceTopology +func (c *EC2) DescribeInstanceTopology(input *DescribeInstanceTopologyInput) (*DescribeInstanceTopologyOutput, error) { + req, out := c.DescribeInstanceTopologyRequest(input) + return out, req.Send() +} + +// DescribeInstanceTopologyWithContext is the same as DescribeInstanceTopology with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeInstanceTopology for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceTopologyWithContext(ctx aws.Context, input *DescribeInstanceTopologyInput, opts ...request.Option) (*DescribeInstanceTopologyOutput, error) { + req, out := c.DescribeInstanceTopologyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeInstanceTopologyPages iterates over the pages of a DescribeInstanceTopology operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeInstanceTopology method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeInstanceTopology operation. +// pageNum := 0 +// err := client.DescribeInstanceTopologyPages(params, +// func(page *ec2.DescribeInstanceTopologyOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeInstanceTopologyPages(input *DescribeInstanceTopologyInput, fn func(*DescribeInstanceTopologyOutput, bool) bool) error { + return c.DescribeInstanceTopologyPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeInstanceTopologyPagesWithContext same as DescribeInstanceTopologyPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceTopologyPagesWithContext(ctx aws.Context, input *DescribeInstanceTopologyInput, fn func(*DescribeInstanceTopologyOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeInstanceTopologyInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeInstanceTopologyRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeInstanceTopologyOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeInstanceTypeOfferings = "DescribeInstanceTypeOfferings" // DescribeInstanceTypeOfferingsRequest generates a "aws/request.Request" representing the @@ -23233,6 +23919,82 @@ func (c *EC2) DescribeInternetGatewaysPagesWithContext(ctx aws.Context, input *D return p.Err() } +const opDescribeIpamByoasn = "DescribeIpamByoasn" + +// DescribeIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the DescribeIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeIpamByoasn for more information on using the DescribeIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeIpamByoasnRequest method. +// req, resp := client.DescribeIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIpamByoasn +func (c *EC2) DescribeIpamByoasnRequest(input *DescribeIpamByoasnInput) (req *request.Request, output *DescribeIpamByoasnOutput) { + op := &request.Operation{ + Name: opDescribeIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeIpamByoasnInput{} + } + + output = &DescribeIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Describes your Autonomous System Numbers (ASNs), their provisioning statuses, +// and the BYOIP CIDRs with which they are associated. For more information, +// see Tutorial: Bring your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIpamByoasn +func (c *EC2) DescribeIpamByoasn(input *DescribeIpamByoasnInput) (*DescribeIpamByoasnOutput, error) { + req, out := c.DescribeIpamByoasnRequest(input) + return out, req.Send() +} + +// DescribeIpamByoasnWithContext is the same as DescribeIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeIpamByoasnWithContext(ctx aws.Context, input *DescribeIpamByoasnInput, opts ...request.Option) (*DescribeIpamByoasnOutput, error) { + req, out := c.DescribeIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeIpamPools = "DescribeIpamPools" // DescribeIpamPoolsRequest generates a "aws/request.Request" representing the @@ -25143,6 +25905,79 @@ func (c *EC2) DescribeLocalGatewaysPagesWithContext(ctx aws.Context, input *Desc return p.Err() } +const opDescribeLockedSnapshots = "DescribeLockedSnapshots" + +// DescribeLockedSnapshotsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLockedSnapshots operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeLockedSnapshots for more information on using the DescribeLockedSnapshots +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeLockedSnapshotsRequest method. +// req, resp := client.DescribeLockedSnapshotsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLockedSnapshots +func (c *EC2) DescribeLockedSnapshotsRequest(input *DescribeLockedSnapshotsInput) (req *request.Request, output *DescribeLockedSnapshotsOutput) { + op := &request.Operation{ + Name: opDescribeLockedSnapshots, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeLockedSnapshotsInput{} + } + + output = &DescribeLockedSnapshotsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeLockedSnapshots API operation for Amazon Elastic Compute Cloud. +// +// Describes the lock status for a snapshot. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeLockedSnapshots for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLockedSnapshots +func (c *EC2) DescribeLockedSnapshots(input *DescribeLockedSnapshotsInput) (*DescribeLockedSnapshotsOutput, error) { + req, out := c.DescribeLockedSnapshotsRequest(input) + return out, req.Send() +} + +// DescribeLockedSnapshotsWithContext is the same as DescribeLockedSnapshots with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeLockedSnapshots for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLockedSnapshotsWithContext(ctx aws.Context, input *DescribeLockedSnapshotsInput, opts ...request.Option) (*DescribeLockedSnapshotsOutput, error) { + req, out := c.DescribeLockedSnapshotsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeManagedPrefixLists = "DescribeManagedPrefixLists" // DescribeManagedPrefixListsRequest generates a "aws/request.Request" representing the @@ -25325,9 +26160,11 @@ func (c *EC2) DescribeMovingAddressesRequest(input *DescribeMovingAddressesInput // DescribeMovingAddresses API operation for Amazon Elastic Compute Cloud. // -// Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, -// or that are being restored to the EC2-Classic platform. This request does -// not return information about any other Elastic IP addresses in your account. +// This action is deprecated. +// +// Describes your Elastic IP addresses that are being moved from or being restored +// to the EC2-Classic platform. This request does not return information about +// any other Elastic IP addresses in your account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -25589,8 +26426,8 @@ func (c *EC2) DescribeNetworkAclsRequest(input *DescribeNetworkAclsInput) (req * // // Describes one or more of your network ACLs. // -// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -26446,6 +27283,10 @@ func (c *EC2) DescribeNetworkInterfacesRequest(input *DescribeNetworkInterfacesI // // Describes one or more of your network interfaces. // +// If you have a large number of network interfaces, the operation fails unless +// you use pagination or one of the following filters: group-id, mac-address, +// private-dns-name, private-ip-address, private-dns-name, subnet-id, or vpc-id. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -27724,7 +28565,7 @@ func (c *EC2) DescribeRouteTablesRequest(input *DescribeRouteTablesInput) (req * // implicit associations. // // For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -28116,8 +28957,9 @@ func (c *EC2) DescribeSecurityGroupReferencesRequest(input *DescribeSecurityGrou // DescribeSecurityGroupReferences API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Describes the VPCs on the other side of a VPC peering connection -// that are referencing the security groups you've specified in this request. +// Describes the VPCs on the other side of a VPC peering connection or the VPCs +// attached to a transit gateway that are referencing the security groups you've +// specified in this request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -28328,17 +29170,6 @@ func (c *EC2) DescribeSecurityGroupsRequest(input *DescribeSecurityGroupsInput) // // Describes the specified security groups or all of your security groups. // -// A security group is for use with instances either in the EC2-Classic platform -// or in a specific VPC. For more information, see Amazon EC2 security groups -// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) -// in the Amazon Elastic Compute Cloud User Guide and Security groups for your -// VPC (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) -// in the Amazon Virtual Private Cloud User Guide. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -29496,10 +30327,14 @@ func (c *EC2) DescribeStaleSecurityGroupsRequest(input *DescribeStaleSecurityGro // DescribeStaleSecurityGroups API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Describes the stale security group rules for security groups in -// a specified VPC. Rules are stale when they reference a deleted security group -// in the same VPC or in a peer VPC, or if they reference a security group in -// a peer VPC for which the VPC peering connection has been deleted. +// Describes the stale security group rules for security groups in a specified +// VPC. Rules are stale when they reference a deleted security group in the +// same VPC, peered VPC, or in separate VPCs attached to a transit gateway (with +// security group referencing support (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) +// enabled). Rules can also be stale if they reference a security group in a +// peer VPC for which the VPC peering connection has been deleted or if they +// reference a security group in a VPC that has been detached from a transit +// gateway. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29777,8 +30612,8 @@ func (c *EC2) DescribeSubnetsRequest(input *DescribeSubnetsInput) (req *request. // // Describes one or more of your subnets. // -// For more information, see Your VPC and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information, see Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -31738,9 +32573,6 @@ func (c *EC2) DescribeTrunkInterfaceAssociationsRequest(input *DescribeTrunkInte // DescribeTrunkInterfaceAssociations API operation for Amazon Elastic Compute Cloud. // -// This API action is currently in limited preview only. If you are interested -// in using this feature, contact your account manager. -// // Describes one or more network interface trunk associations. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -31871,7 +32703,7 @@ func (c *EC2) DescribeVerifiedAccessEndpointsRequest(input *DescribeVerifiedAcce // DescribeVerifiedAccessEndpoints API operation for Amazon Elastic Compute Cloud. // -// Describe Amazon Web Services Verified Access endpoints. +// Describes the specified Amazon Web Services Verified Access endpoints. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32001,7 +32833,7 @@ func (c *EC2) DescribeVerifiedAccessGroupsRequest(input *DescribeVerifiedAccessG // DescribeVerifiedAccessGroups API operation for Amazon Elastic Compute Cloud. // -// Describe details of existing Verified Access groups. +// Describes the specified Verified Access groups. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32131,8 +32963,7 @@ func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(input * // DescribeVerifiedAccessInstanceLoggingConfigurations API operation for Amazon Elastic Compute Cloud. // -// Describes the current logging configuration for the Amazon Web Services Verified -// Access instances. +// Describes the specified Amazon Web Services Verified Access instances. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32262,7 +33093,7 @@ func (c *EC2) DescribeVerifiedAccessInstancesRequest(input *DescribeVerifiedAcce // DescribeVerifiedAccessInstances API operation for Amazon Elastic Compute Cloud. // -// Describe Verified Access instances. +// Describes the specified Amazon Web Services Verified Access instances. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32392,7 +33223,7 @@ func (c *EC2) DescribeVerifiedAccessTrustProvidersRequest(input *DescribeVerifie // DescribeVerifiedAccessTrustProviders API operation for Amazon Elastic Compute Cloud. // -// Describe details of existing Verified Access trust providers. +// Describes the specified Amazon Web Services Verified Access trust providers. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -33110,11 +33941,9 @@ func (c *EC2) DescribeVpcClassicLinkRequest(input *DescribeVpcClassicLinkInput) // DescribeVpcClassicLink API operation for Amazon Elastic Compute Cloud. // -// Describes the ClassicLink status of one or more VPCs. +// This action is deprecated. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Describes the ClassicLink status of the specified VPCs. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -33193,17 +34022,13 @@ func (c *EC2) DescribeVpcClassicLinkDnsSupportRequest(input *DescribeVpcClassicL // DescribeVpcClassicLinkDnsSupport API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Describes the ClassicLink DNS support status of one or more VPCs. If enabled, // the DNS hostname of a linked EC2-Classic instance resolves to its private // IP address when addressed from an instance in the VPC to which it's linked. // Similarly, the DNS hostname of an instance in a VPC resolves to its private -// IP address when addressed from a linked EC2-Classic instance. For more information, -// see ClassicLink (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) -// in the Amazon Elastic Compute Cloud User Guide. +// IP address when addressed from a linked EC2-Classic instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -34472,9 +35297,7 @@ func (c *EC2) DetachClassicLinkVpcRequest(input *DetachClassicLinkVpcInput) (req // DetachClassicLinkVpc API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance // has been unlinked, the VPC security groups are no longer associated with @@ -34701,7 +35524,8 @@ func (c *EC2) DetachVerifiedAccessTrustProviderRequest(input *DetachVerifiedAcce // DetachVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. // -// Detach a trust provider from an Amazon Web Services Verified Access instance. +// Detaches the specified Amazon Web Services Verified Access trust provider +// from the specified Amazon Web Services Verified Access instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -35171,12 +35995,13 @@ func (c *EC2) DisableFastLaunchRequest(input *DisableFastLaunchInput) (req *requ // DisableFastLaunch API operation for Amazon Elastic Compute Cloud. // -// Discontinue faster launching for a Windows AMI, and clean up existing pre-provisioned -// snapshots. When you disable faster launching, the AMI uses the standard launch -// process for each instance. All pre-provisioned snapshots must be removed -// before you can enable faster launching again. +// Discontinue Windows fast launch for a Windows AMI, and clean up existing +// pre-provisioned snapshots. After you disable Windows fast launch, the AMI +// uses the standard launch process for each new instance. Amazon EC2 must remove +// all pre-provisioned snapshots before you can enable Windows fast launch again. // -// To change these settings, you must own the AMI. +// You can only change these settings for Windows AMIs that you own or that +// have been shared with you. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -35280,6 +36105,178 @@ func (c *EC2) DisableFastSnapshotRestoresWithContext(ctx aws.Context, input *Dis return out, req.Send() } +const opDisableImage = "DisableImage" + +// DisableImageRequest generates a "aws/request.Request" representing the +// client's request for the DisableImage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableImage for more information on using the DisableImage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableImageRequest method. +// req, resp := client.DisableImageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImage +func (c *EC2) DisableImageRequest(input *DisableImageInput) (req *request.Request, output *DisableImageOutput) { + op := &request.Operation{ + Name: opDisableImage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableImageInput{} + } + + output = &DisableImageOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableImage API operation for Amazon Elastic Compute Cloud. +// +// Sets the AMI state to disabled and removes all launch permissions from the +// AMI. A disabled AMI can't be used for instance launches. +// +// A disabled AMI can't be shared. If an AMI was public or previously shared, +// it is made private. If an AMI was shared with an Amazon Web Services account, +// organization, or Organizational Unit, they lose access to the disabled AMI. +// +// A disabled AMI does not appear in DescribeImages (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html) +// API calls by default. +// +// Only the AMI owner can disable an AMI. +// +// You can re-enable a disabled AMI using EnableImage (http://amazonaws.com/AWSEC2/latest/APIReference/API_EnableImage.html). +// +// For more information, see Disable an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableImage for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImage +func (c *EC2) DisableImage(input *DisableImageInput) (*DisableImageOutput, error) { + req, out := c.DisableImageRequest(input) + return out, req.Send() +} + +// DisableImageWithContext is the same as DisableImage with the addition of +// the ability to pass a context and additional request options. +// +// See DisableImage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableImageWithContext(ctx aws.Context, input *DisableImageInput, opts ...request.Option) (*DisableImageOutput, error) { + req, out := c.DisableImageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDisableImageBlockPublicAccess = "DisableImageBlockPublicAccess" + +// DisableImageBlockPublicAccessRequest generates a "aws/request.Request" representing the +// client's request for the DisableImageBlockPublicAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableImageBlockPublicAccess for more information on using the DisableImageBlockPublicAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableImageBlockPublicAccessRequest method. +// req, resp := client.DisableImageBlockPublicAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImageBlockPublicAccess +func (c *EC2) DisableImageBlockPublicAccessRequest(input *DisableImageBlockPublicAccessInput) (req *request.Request, output *DisableImageBlockPublicAccessOutput) { + op := &request.Operation{ + Name: opDisableImageBlockPublicAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableImageBlockPublicAccessInput{} + } + + output = &DisableImageBlockPublicAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableImageBlockPublicAccess API operation for Amazon Elastic Compute Cloud. +// +// Disables block public access for AMIs at the account level in the specified +// Amazon Web Services Region. This removes the block public access restriction +// from your account. With the restriction removed, you can publicly share your +// AMIs in the specified Amazon Web Services Region. +// +// The API can take up to 10 minutes to configure this setting. During this +// time, if you run GetImageBlockPublicAccessState (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetImageBlockPublicAccessState.html), +// the response will be block-new-sharing. When the API has completed the configuration, +// the response will be unblocked. +// +// For more information, see Block public access to your AMIs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html#block-public-access-to-amis) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableImageBlockPublicAccess for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImageBlockPublicAccess +func (c *EC2) DisableImageBlockPublicAccess(input *DisableImageBlockPublicAccessInput) (*DisableImageBlockPublicAccessOutput, error) { + req, out := c.DisableImageBlockPublicAccessRequest(input) + return out, req.Send() +} + +// DisableImageBlockPublicAccessWithContext is the same as DisableImageBlockPublicAccess with the addition of +// the ability to pass a context and additional request options. +// +// See DisableImageBlockPublicAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableImageBlockPublicAccessWithContext(ctx aws.Context, input *DisableImageBlockPublicAccessInput, opts ...request.Option) (*DisableImageBlockPublicAccessOutput, error) { + req, out := c.DisableImageBlockPublicAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableImageDeprecation = "DisableImageDeprecation" // DisableImageDeprecationRequest generates a "aws/request.Request" representing the @@ -35508,6 +36505,89 @@ func (c *EC2) DisableSerialConsoleAccessWithContext(ctx aws.Context, input *Disa return out, req.Send() } +const opDisableSnapshotBlockPublicAccess = "DisableSnapshotBlockPublicAccess" + +// DisableSnapshotBlockPublicAccessRequest generates a "aws/request.Request" representing the +// client's request for the DisableSnapshotBlockPublicAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableSnapshotBlockPublicAccess for more information on using the DisableSnapshotBlockPublicAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableSnapshotBlockPublicAccessRequest method. +// req, resp := client.DisableSnapshotBlockPublicAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableSnapshotBlockPublicAccess +func (c *EC2) DisableSnapshotBlockPublicAccessRequest(input *DisableSnapshotBlockPublicAccessInput) (req *request.Request, output *DisableSnapshotBlockPublicAccessOutput) { + op := &request.Operation{ + Name: opDisableSnapshotBlockPublicAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableSnapshotBlockPublicAccessInput{} + } + + output = &DisableSnapshotBlockPublicAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableSnapshotBlockPublicAccess API operation for Amazon Elastic Compute Cloud. +// +// Disables the block public access for snapshots setting at the account level +// for the specified Amazon Web Services Region. After you disable block public +// access for snapshots in a Region, users can publicly share snapshots in that +// Region. +// +// If block public access is enabled in block-all-sharing mode, and you disable +// block public access, all snapshots that were previously publicly shared are +// no longer treated as private and they become publicly accessible again. +// +// For more information, see Block public access for snapshots (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-snapshots.html) +// in the Amazon Elastic Compute Cloud User Guide . +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableSnapshotBlockPublicAccess for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableSnapshotBlockPublicAccess +func (c *EC2) DisableSnapshotBlockPublicAccess(input *DisableSnapshotBlockPublicAccessInput) (*DisableSnapshotBlockPublicAccessOutput, error) { + req, out := c.DisableSnapshotBlockPublicAccessRequest(input) + return out, req.Send() +} + +// DisableSnapshotBlockPublicAccessWithContext is the same as DisableSnapshotBlockPublicAccess with the addition of +// the ability to pass a context and additional request options. +// +// See DisableSnapshotBlockPublicAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableSnapshotBlockPublicAccessWithContext(ctx aws.Context, input *DisableSnapshotBlockPublicAccessInput, opts ...request.Option) (*DisableSnapshotBlockPublicAccessOutput, error) { + req, out := c.DisableSnapshotBlockPublicAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableTransitGatewayRouteTablePropagation = "DisableTransitGatewayRouteTablePropagation" // DisableTransitGatewayRouteTablePropagationRequest generates a "aws/request.Request" representing the @@ -35700,13 +36780,11 @@ func (c *EC2) DisableVpcClassicLinkRequest(input *DisableVpcClassicLinkInput) (r // DisableVpcClassicLink API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC // that has EC2-Classic instances linked to it. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -35778,18 +36856,14 @@ func (c *EC2) DisableVpcClassicLinkDnsSupportRequest(input *DisableVpcClassicLin // DisableVpcClassicLinkDnsSupport API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve // to public IP addresses when addressed between a linked EC2-Classic instance -// and instances in the VPC to which it's linked. For more information, see -// ClassicLink (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) -// in the Amazon Elastic Compute Cloud User Guide. +// and instances in the VPC to which it's linked. // // You must specify a VPC ID in the request. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -35865,14 +36939,6 @@ func (c *EC2) DisassociateAddressRequest(input *DisassociateAddressInput) (req * // Disassociates an Elastic IP address from the instance or network interface // it's associated with. // -// An Elastic IP address is for use in either the EC2-Classic platform or in -// a VPC. For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) -// in the Amazon Elastic Compute Cloud User Guide. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // This is an idempotent operation. If you perform the operation more than once, // Amazon EC2 doesn't return an error. // @@ -36216,6 +37282,83 @@ func (c *EC2) DisassociateInstanceEventWindowWithContext(ctx aws.Context, input return out, req.Send() } +const opDisassociateIpamByoasn = "DisassociateIpamByoasn" + +// DisassociateIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateIpamByoasn for more information on using the DisassociateIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisassociateIpamByoasnRequest method. +// req, resp := client.DisassociateIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateIpamByoasn +func (c *EC2) DisassociateIpamByoasnRequest(input *DisassociateIpamByoasnInput) (req *request.Request, output *DisassociateIpamByoasnOutput) { + op := &request.Operation{ + Name: opDisassociateIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisassociateIpamByoasnInput{} + } + + output = &DisassociateIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisassociateIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Remove the association between your Autonomous System Number (ASN) and your +// BYOIP CIDR. You may want to use this action to disassociate an ASN from a +// CIDR or if you want to swap ASNs. For more information, see Tutorial: Bring +// your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisassociateIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateIpamByoasn +func (c *EC2) DisassociateIpamByoasn(input *DisassociateIpamByoasnInput) (*DisassociateIpamByoasnOutput, error) { + req, out := c.DisassociateIpamByoasnRequest(input) + return out, req.Send() +} + +// DisassociateIpamByoasnWithContext is the same as DisassociateIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisassociateIpamByoasnWithContext(ctx aws.Context, input *DisassociateIpamByoasnInput, opts ...request.Option) (*DisassociateIpamByoasnOutput, error) { + req, out := c.DisassociateIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisassociateIpamResourceDiscovery = "DisassociateIpamResourceDiscovery" // DisassociateIpamResourceDiscoveryRequest generates a "aws/request.Request" representing the @@ -36337,17 +37480,17 @@ func (c *EC2) DisassociateNatGatewayAddressRequest(input *DisassociateNatGateway // Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. // You cannot disassociate your primary EIP. For more information, see Edit // secondary IP address associations (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-edit-secondary) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // While disassociating is in progress, you cannot associate/disassociate additional // EIPs while the connections are being drained. You are, however, allowed to // delete the NAT gateway. // -// An EIP will only be released at the end of MaxDrainDurationSeconds. The EIPs -// stay associated and support the existing connections but do not support any -// new connections (new connections are distributed across the remaining associated -// EIPs). As the existing connections drain out, the EIPs (and the corresponding -// private IPs mapped to them) get released. +// An EIP is released only at the end of MaxDrainDurationSeconds. It stays associated +// and supports the existing connections but does not support any new connections +// (new connections are distributed across the remaining associated EIPs). As +// the existing connections drain out, the EIPs (and the corresponding private +// IP addresses mapped to them) are released. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -36426,7 +37569,7 @@ func (c *EC2) DisassociateRouteTableRequest(input *DisassociateRouteTableInput) // After you perform this action, the subnet no longer uses the routes in the // route table. Instead, it uses the routes in the VPC's main route table. For // more information about route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -36793,9 +37936,6 @@ func (c *EC2) DisassociateTrunkInterfaceRequest(input *DisassociateTrunkInterfac // DisassociateTrunkInterface API operation for Amazon Elastic Compute Cloud. // -// This API action is currently in limited preview only. If you are interested -// in using this feature, contact your account manager. -// // Removes an association between a branch network interface with a trunk network // interface. // @@ -37186,14 +38326,15 @@ func (c *EC2) EnableFastLaunchRequest(input *EnableFastLaunchInput) (req *reques // EnableFastLaunch API operation for Amazon Elastic Compute Cloud. // -// When you enable faster launching for a Windows AMI, images are pre-provisioned, +// When you enable Windows fast launch for a Windows AMI, images are pre-provisioned, // using snapshots to launch instances up to 65% faster. To create the optimized // Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, // rebooting as required. Then it creates a set of reserved snapshots that are // used for subsequent launches. The reserved snapshots are automatically replenished // as they are used, depending on your settings for launch frequency. // -// To change these settings, you must own the AMI. +// You can only change these settings for Windows AMIs that you own or that +// have been shared with you. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -37304,6 +38445,171 @@ func (c *EC2) EnableFastSnapshotRestoresWithContext(ctx aws.Context, input *Enab return out, req.Send() } +const opEnableImage = "EnableImage" + +// EnableImageRequest generates a "aws/request.Request" representing the +// client's request for the EnableImage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableImage for more information on using the EnableImage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableImageRequest method. +// req, resp := client.EnableImageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImage +func (c *EC2) EnableImageRequest(input *EnableImageInput) (req *request.Request, output *EnableImageOutput) { + op := &request.Operation{ + Name: opEnableImage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableImageInput{} + } + + output = &EnableImageOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableImage API operation for Amazon Elastic Compute Cloud. +// +// Re-enables a disabled AMI. The re-enabled AMI is marked as available and +// can be used for instance launches, appears in describe operations, and can +// be shared. Amazon Web Services accounts, organizations, and Organizational +// Units that lost access to the AMI when it was disabled do not regain access +// automatically. Once the AMI is available, it can be shared with them again. +// +// Only the AMI owner can re-enable a disabled AMI. +// +// For more information, see Disable an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableImage for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImage +func (c *EC2) EnableImage(input *EnableImageInput) (*EnableImageOutput, error) { + req, out := c.EnableImageRequest(input) + return out, req.Send() +} + +// EnableImageWithContext is the same as EnableImage with the addition of +// the ability to pass a context and additional request options. +// +// See EnableImage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableImageWithContext(ctx aws.Context, input *EnableImageInput, opts ...request.Option) (*EnableImageOutput, error) { + req, out := c.EnableImageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opEnableImageBlockPublicAccess = "EnableImageBlockPublicAccess" + +// EnableImageBlockPublicAccessRequest generates a "aws/request.Request" representing the +// client's request for the EnableImageBlockPublicAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableImageBlockPublicAccess for more information on using the EnableImageBlockPublicAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableImageBlockPublicAccessRequest method. +// req, resp := client.EnableImageBlockPublicAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImageBlockPublicAccess +func (c *EC2) EnableImageBlockPublicAccessRequest(input *EnableImageBlockPublicAccessInput) (req *request.Request, output *EnableImageBlockPublicAccessOutput) { + op := &request.Operation{ + Name: opEnableImageBlockPublicAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableImageBlockPublicAccessInput{} + } + + output = &EnableImageBlockPublicAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableImageBlockPublicAccess API operation for Amazon Elastic Compute Cloud. +// +// Enables block public access for AMIs at the account level in the specified +// Amazon Web Services Region. This prevents the public sharing of your AMIs. +// However, if you already have public AMIs, they will remain publicly available. +// +// The API can take up to 10 minutes to configure this setting. During this +// time, if you run GetImageBlockPublicAccessState (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetImageBlockPublicAccessState.html), +// the response will be unblocked. When the API has completed the configuration, +// the response will be block-new-sharing. +// +// For more information, see Block public access to your AMIs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html#block-public-access-to-amis) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableImageBlockPublicAccess for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImageBlockPublicAccess +func (c *EC2) EnableImageBlockPublicAccess(input *EnableImageBlockPublicAccessInput) (*EnableImageBlockPublicAccessOutput, error) { + req, out := c.EnableImageBlockPublicAccessRequest(input) + return out, req.Send() +} + +// EnableImageBlockPublicAccessWithContext is the same as EnableImageBlockPublicAccess with the addition of +// the ability to pass a context and additional request options. +// +// See EnableImageBlockPublicAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableImageBlockPublicAccessWithContext(ctx aws.Context, input *EnableImageBlockPublicAccessInput, opts ...request.Option) (*EnableImageBlockPublicAccessOutput, error) { + req, out := c.EnableImageBlockPublicAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableImageDeprecation = "EnableImageDeprecation" // EnableImageDeprecationRequest generates a "aws/request.Request" representing the @@ -37611,6 +38917,92 @@ func (c *EC2) EnableSerialConsoleAccessWithContext(ctx aws.Context, input *Enabl return out, req.Send() } +const opEnableSnapshotBlockPublicAccess = "EnableSnapshotBlockPublicAccess" + +// EnableSnapshotBlockPublicAccessRequest generates a "aws/request.Request" representing the +// client's request for the EnableSnapshotBlockPublicAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableSnapshotBlockPublicAccess for more information on using the EnableSnapshotBlockPublicAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableSnapshotBlockPublicAccessRequest method. +// req, resp := client.EnableSnapshotBlockPublicAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableSnapshotBlockPublicAccess +func (c *EC2) EnableSnapshotBlockPublicAccessRequest(input *EnableSnapshotBlockPublicAccessInput) (req *request.Request, output *EnableSnapshotBlockPublicAccessOutput) { + op := &request.Operation{ + Name: opEnableSnapshotBlockPublicAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableSnapshotBlockPublicAccessInput{} + } + + output = &EnableSnapshotBlockPublicAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableSnapshotBlockPublicAccess API operation for Amazon Elastic Compute Cloud. +// +// Enables or modifies the block public access for snapshots setting at the +// account level for the specified Amazon Web Services Region. After you enable +// block public access for snapshots in a Region, users can no longer request +// public sharing for snapshots in that Region. Snapshots that are already publicly +// shared are either treated as private or they remain publicly shared, depending +// on the State that you specify. +// +// If block public access is enabled in block-all-sharing mode, and you change +// the mode to block-new-sharing, all snapshots that were previously publicly +// shared are no longer treated as private and they become publicly accessible +// again. +// +// For more information, see Block public access for snapshots (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-snapshots.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableSnapshotBlockPublicAccess for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableSnapshotBlockPublicAccess +func (c *EC2) EnableSnapshotBlockPublicAccess(input *EnableSnapshotBlockPublicAccessInput) (*EnableSnapshotBlockPublicAccessOutput, error) { + req, out := c.EnableSnapshotBlockPublicAccessRequest(input) + return out, req.Send() +} + +// EnableSnapshotBlockPublicAccessWithContext is the same as EnableSnapshotBlockPublicAccess with the addition of +// the ability to pass a context and additional request options. +// +// See EnableSnapshotBlockPublicAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableSnapshotBlockPublicAccessWithContext(ctx aws.Context, input *EnableSnapshotBlockPublicAccessInput, opts ...request.Option) (*EnableSnapshotBlockPublicAccessOutput, error) { + req, out := c.EnableSnapshotBlockPublicAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableTransitGatewayRouteTablePropagation = "EnableTransitGatewayRouteTablePropagation" // EnableTransitGatewayRouteTablePropagationRequest generates a "aws/request.Request" representing the @@ -37878,17 +39270,14 @@ func (c *EC2) EnableVpcClassicLinkRequest(input *EnableVpcClassicLinkInput) (req // EnableVpcClassicLink API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Enables a VPC for ClassicLink. You can then link EC2-Classic instances to // your ClassicLink-enabled VPC to allow communication over private IP addresses. // You cannot enable your VPC for ClassicLink if any of your VPC route tables // have existing routes for address ranges within the 10.0.0.0/8 IP address // range, excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 -// IP address ranges. For more information, see ClassicLink (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) -// in the Amazon Elastic Compute Cloud User Guide. +// IP address ranges. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -37961,17 +39350,13 @@ func (c *EC2) EnableVpcClassicLinkDnsSupportRequest(input *EnableVpcClassicLinkD // EnableVpcClassicLinkDnsSupport API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, // the DNS hostname of a linked EC2-Classic instance resolves to its private // IP address when addressed from an instance in the VPC to which it's linked. // Similarly, the DNS hostname of an instance in a VPC resolves to its private -// IP address when addressed from a linked EC2-Classic instance. For more information, -// see ClassicLink (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) -// in the Amazon Elastic Compute Cloud User Guide. +// IP address when addressed from a linked EC2-Classic instance. // // You must specify a VPC ID in the request. // @@ -39249,6 +40634,9 @@ func (c *EC2) GetFlowLogsIntegrationTemplateRequest(input *GetFlowLogsIntegratio // - Create a set of named queries in Athena that you can use to get started // quickly // +// GetFlowLogsIntegrationTemplate does not support integration between Amazon +// Web Services Transit Gateway Flow Logs and Amazon Athena. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -39485,6 +40873,83 @@ func (c *EC2) GetHostReservationPurchasePreviewWithContext(ctx aws.Context, inpu return out, req.Send() } +const opGetImageBlockPublicAccessState = "GetImageBlockPublicAccessState" + +// GetImageBlockPublicAccessStateRequest generates a "aws/request.Request" representing the +// client's request for the GetImageBlockPublicAccessState operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetImageBlockPublicAccessState for more information on using the GetImageBlockPublicAccessState +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetImageBlockPublicAccessStateRequest method. +// req, resp := client.GetImageBlockPublicAccessStateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetImageBlockPublicAccessState +func (c *EC2) GetImageBlockPublicAccessStateRequest(input *GetImageBlockPublicAccessStateInput) (req *request.Request, output *GetImageBlockPublicAccessStateOutput) { + op := &request.Operation{ + Name: opGetImageBlockPublicAccessState, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetImageBlockPublicAccessStateInput{} + } + + output = &GetImageBlockPublicAccessStateOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetImageBlockPublicAccessState API operation for Amazon Elastic Compute Cloud. +// +// Gets the current state of block public access for AMIs at the account level +// in the specified Amazon Web Services Region. +// +// For more information, see Block public access to your AMIs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html#block-public-access-to-amis) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetImageBlockPublicAccessState for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetImageBlockPublicAccessState +func (c *EC2) GetImageBlockPublicAccessState(input *GetImageBlockPublicAccessStateInput) (*GetImageBlockPublicAccessStateOutput, error) { + req, out := c.GetImageBlockPublicAccessStateRequest(input) + return out, req.Send() +} + +// GetImageBlockPublicAccessStateWithContext is the same as GetImageBlockPublicAccessState with the addition of +// the ability to pass a context and additional request options. +// +// See GetImageBlockPublicAccessState for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetImageBlockPublicAccessStateWithContext(ctx aws.Context, input *GetImageBlockPublicAccessStateInput, opts ...request.Option) (*GetImageBlockPublicAccessStateOutput, error) { + req, out := c.GetImageBlockPublicAccessStateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetInstanceTypesFromInstanceRequirements = "GetInstanceTypesFromInstanceRequirements" // GetInstanceTypesFromInstanceRequirementsRequest generates a "aws/request.Request" representing the @@ -39982,6 +41447,79 @@ func (c *EC2) GetIpamDiscoveredAccountsPagesWithContext(ctx aws.Context, input * return p.Err() } +const opGetIpamDiscoveredPublicAddresses = "GetIpamDiscoveredPublicAddresses" + +// GetIpamDiscoveredPublicAddressesRequest generates a "aws/request.Request" representing the +// client's request for the GetIpamDiscoveredPublicAddresses operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetIpamDiscoveredPublicAddresses for more information on using the GetIpamDiscoveredPublicAddresses +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetIpamDiscoveredPublicAddressesRequest method. +// req, resp := client.GetIpamDiscoveredPublicAddressesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetIpamDiscoveredPublicAddresses +func (c *EC2) GetIpamDiscoveredPublicAddressesRequest(input *GetIpamDiscoveredPublicAddressesInput) (req *request.Request, output *GetIpamDiscoveredPublicAddressesOutput) { + op := &request.Operation{ + Name: opGetIpamDiscoveredPublicAddresses, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetIpamDiscoveredPublicAddressesInput{} + } + + output = &GetIpamDiscoveredPublicAddressesOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetIpamDiscoveredPublicAddresses API operation for Amazon Elastic Compute Cloud. +// +// Gets the public IP addresses that have been discovered by IPAM. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetIpamDiscoveredPublicAddresses for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetIpamDiscoveredPublicAddresses +func (c *EC2) GetIpamDiscoveredPublicAddresses(input *GetIpamDiscoveredPublicAddressesInput) (*GetIpamDiscoveredPublicAddressesOutput, error) { + req, out := c.GetIpamDiscoveredPublicAddressesRequest(input) + return out, req.Send() +} + +// GetIpamDiscoveredPublicAddressesWithContext is the same as GetIpamDiscoveredPublicAddresses with the addition of +// the ability to pass a context and additional request options. +// +// See GetIpamDiscoveredPublicAddresses for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetIpamDiscoveredPublicAddressesWithContext(ctx aws.Context, input *GetIpamDiscoveredPublicAddressesInput, opts ...request.Option) (*GetIpamDiscoveredPublicAddressesOutput, error) { + req, out := c.GetIpamDiscoveredPublicAddressesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetIpamDiscoveredResourceCidrs = "GetIpamDiscoveredResourceCidrs" // GetIpamDiscoveredResourceCidrsRequest generates a "aws/request.Request" representing the @@ -40164,7 +41702,14 @@ func (c *EC2) GetIpamPoolAllocationsRequest(input *GetIpamPoolAllocationsInput) // GetIpamPoolAllocations API operation for Amazon Elastic Compute Cloud. // -// Get a list of all the CIDR allocations in an IPAM pool. +// Get a list of all the CIDR allocations in an IPAM pool. The Region you use +// should be the IPAM pool locale. The locale is the Amazon Web Services Region +// where this IPAM pool is available for allocations. +// +// If you use this action after AllocateIpamPoolCidr (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateIpamPoolCidr.html) +// or ReleaseIpamPoolAllocation (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html), +// note that all EC2 API actions follow an eventual consistency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/query-api-troubleshooting.html#eventual-consistency) +// model. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -40880,6 +42425,12 @@ func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsRequest(input *GetNet Name: opGetNetworkInsightsAccessScopeAnalysisFindings, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -40923,6 +42474,57 @@ func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsWithContext(ctx aws.C return out, req.Send() } +// GetNetworkInsightsAccessScopeAnalysisFindingsPages iterates over the pages of a GetNetworkInsightsAccessScopeAnalysisFindings operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetNetworkInsightsAccessScopeAnalysisFindings method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetNetworkInsightsAccessScopeAnalysisFindings operation. +// pageNum := 0 +// err := client.GetNetworkInsightsAccessScopeAnalysisFindingsPages(params, +// func(page *ec2.GetNetworkInsightsAccessScopeAnalysisFindingsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsPages(input *GetNetworkInsightsAccessScopeAnalysisFindingsInput, fn func(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, bool) bool) error { + return c.GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext same as GetNetworkInsightsAccessScopeAnalysisFindingsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext(ctx aws.Context, input *GetNetworkInsightsAccessScopeAnalysisFindingsInput, fn func(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetNetworkInsightsAccessScopeAnalysisFindingsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetNetworkInsightsAccessScopeAnalysisFindingsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetNetworkInsightsAccessScopeContent = "GetNetworkInsightsAccessScopeContent" // GetNetworkInsightsAccessScopeContentRequest generates a "aws/request.Request" representing the @@ -41162,6 +42764,137 @@ func (c *EC2) GetReservedInstancesExchangeQuoteWithContext(ctx aws.Context, inpu return out, req.Send() } +const opGetSecurityGroupsForVpc = "GetSecurityGroupsForVpc" + +// GetSecurityGroupsForVpcRequest generates a "aws/request.Request" representing the +// client's request for the GetSecurityGroupsForVpc operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetSecurityGroupsForVpc for more information on using the GetSecurityGroupsForVpc +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetSecurityGroupsForVpcRequest method. +// req, resp := client.GetSecurityGroupsForVpcRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSecurityGroupsForVpc +func (c *EC2) GetSecurityGroupsForVpcRequest(input *GetSecurityGroupsForVpcInput) (req *request.Request, output *GetSecurityGroupsForVpcOutput) { + op := &request.Operation{ + Name: opGetSecurityGroupsForVpc, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &GetSecurityGroupsForVpcInput{} + } + + output = &GetSecurityGroupsForVpcOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSecurityGroupsForVpc API operation for Amazon Elastic Compute Cloud. +// +// Gets security groups that can be associated by the Amazon Web Services account +// making the request with network interfaces in the specified VPC. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetSecurityGroupsForVpc for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSecurityGroupsForVpc +func (c *EC2) GetSecurityGroupsForVpc(input *GetSecurityGroupsForVpcInput) (*GetSecurityGroupsForVpcOutput, error) { + req, out := c.GetSecurityGroupsForVpcRequest(input) + return out, req.Send() +} + +// GetSecurityGroupsForVpcWithContext is the same as GetSecurityGroupsForVpc with the addition of +// the ability to pass a context and additional request options. +// +// See GetSecurityGroupsForVpc for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetSecurityGroupsForVpcWithContext(ctx aws.Context, input *GetSecurityGroupsForVpcInput, opts ...request.Option) (*GetSecurityGroupsForVpcOutput, error) { + req, out := c.GetSecurityGroupsForVpcRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// GetSecurityGroupsForVpcPages iterates over the pages of a GetSecurityGroupsForVpc operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetSecurityGroupsForVpc method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetSecurityGroupsForVpc operation. +// pageNum := 0 +// err := client.GetSecurityGroupsForVpcPages(params, +// func(page *ec2.GetSecurityGroupsForVpcOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) GetSecurityGroupsForVpcPages(input *GetSecurityGroupsForVpcInput, fn func(*GetSecurityGroupsForVpcOutput, bool) bool) error { + return c.GetSecurityGroupsForVpcPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetSecurityGroupsForVpcPagesWithContext same as GetSecurityGroupsForVpcPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetSecurityGroupsForVpcPagesWithContext(ctx aws.Context, input *GetSecurityGroupsForVpcInput, fn func(*GetSecurityGroupsForVpcOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetSecurityGroupsForVpcInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetSecurityGroupsForVpcRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetSecurityGroupsForVpcOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetSerialConsoleAccessStatus = "GetSerialConsoleAccessStatus" // GetSerialConsoleAccessStatusRequest generates a "aws/request.Request" representing the @@ -41239,6 +42972,83 @@ func (c *EC2) GetSerialConsoleAccessStatusWithContext(ctx aws.Context, input *Ge return out, req.Send() } +const opGetSnapshotBlockPublicAccessState = "GetSnapshotBlockPublicAccessState" + +// GetSnapshotBlockPublicAccessStateRequest generates a "aws/request.Request" representing the +// client's request for the GetSnapshotBlockPublicAccessState operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetSnapshotBlockPublicAccessState for more information on using the GetSnapshotBlockPublicAccessState +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetSnapshotBlockPublicAccessStateRequest method. +// req, resp := client.GetSnapshotBlockPublicAccessStateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSnapshotBlockPublicAccessState +func (c *EC2) GetSnapshotBlockPublicAccessStateRequest(input *GetSnapshotBlockPublicAccessStateInput) (req *request.Request, output *GetSnapshotBlockPublicAccessStateOutput) { + op := &request.Operation{ + Name: opGetSnapshotBlockPublicAccessState, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetSnapshotBlockPublicAccessStateInput{} + } + + output = &GetSnapshotBlockPublicAccessStateOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSnapshotBlockPublicAccessState API operation for Amazon Elastic Compute Cloud. +// +// Gets the current state of block public access for snapshots setting for the +// account and Region. +// +// For more information, see Block public access for snapshots (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-snapshots.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetSnapshotBlockPublicAccessState for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSnapshotBlockPublicAccessState +func (c *EC2) GetSnapshotBlockPublicAccessState(input *GetSnapshotBlockPublicAccessStateInput) (*GetSnapshotBlockPublicAccessStateOutput, error) { + req, out := c.GetSnapshotBlockPublicAccessStateRequest(input) + return out, req.Send() +} + +// GetSnapshotBlockPublicAccessStateWithContext is the same as GetSnapshotBlockPublicAccessState with the addition of +// the ability to pass a context and additional request options. +// +// See GetSnapshotBlockPublicAccessState for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetSnapshotBlockPublicAccessStateWithContext(ctx aws.Context, input *GetSnapshotBlockPublicAccessStateInput, opts ...request.Option) (*GetSnapshotBlockPublicAccessStateOutput, error) { + req, out := c.GetSnapshotBlockPublicAccessStateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetSpotPlacementScores = "GetSpotPlacementScores" // GetSpotPlacementScoresRequest generates a "aws/request.Request" representing the @@ -42663,6 +44473,79 @@ func (c *EC2) GetVpnConnectionDeviceTypesPagesWithContext(ctx aws.Context, input return p.Err() } +const opGetVpnTunnelReplacementStatus = "GetVpnTunnelReplacementStatus" + +// GetVpnTunnelReplacementStatusRequest generates a "aws/request.Request" representing the +// client's request for the GetVpnTunnelReplacementStatus operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetVpnTunnelReplacementStatus for more information on using the GetVpnTunnelReplacementStatus +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetVpnTunnelReplacementStatusRequest method. +// req, resp := client.GetVpnTunnelReplacementStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVpnTunnelReplacementStatus +func (c *EC2) GetVpnTunnelReplacementStatusRequest(input *GetVpnTunnelReplacementStatusInput) (req *request.Request, output *GetVpnTunnelReplacementStatusOutput) { + op := &request.Operation{ + Name: opGetVpnTunnelReplacementStatus, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetVpnTunnelReplacementStatusInput{} + } + + output = &GetVpnTunnelReplacementStatusOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetVpnTunnelReplacementStatus API operation for Amazon Elastic Compute Cloud. +// +// Get details of available tunnel endpoint maintenance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetVpnTunnelReplacementStatus for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVpnTunnelReplacementStatus +func (c *EC2) GetVpnTunnelReplacementStatus(input *GetVpnTunnelReplacementStatusInput) (*GetVpnTunnelReplacementStatusOutput, error) { + req, out := c.GetVpnTunnelReplacementStatusRequest(input) + return out, req.Send() +} + +// GetVpnTunnelReplacementStatusWithContext is the same as GetVpnTunnelReplacementStatus with the addition of +// the ability to pass a context and additional request options. +// +// See GetVpnTunnelReplacementStatus for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetVpnTunnelReplacementStatusWithContext(ctx aws.Context, input *GetVpnTunnelReplacementStatusInput, opts ...request.Option) (*GetVpnTunnelReplacementStatusOutput, error) { + req, out := c.GetVpnTunnelReplacementStatusRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opImportClientVpnClientCertificateRevocationList = "ImportClientVpnClientCertificateRevocationList" // ImportClientVpnClientCertificateRevocationListRequest generates a "aws/request.Request" representing the @@ -42871,16 +44754,21 @@ func (c *EC2) ImportInstanceRequest(input *ImportInstanceInput) (req *request.Re // ImportInstance API operation for Amazon Elastic Compute Cloud. // -// Creates an import instance task using metadata from the specified disk image. +// We recommend that you use the ImportImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportImage.html) +// API. For more information, see Importing a VM as an image using VM Import/Export +// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html) +// in the VM Import/Export User Guide. // -// This API action supports only single-volume VMs. To import multi-volume VMs, -// use ImportImage instead. +// Creates an import instance task using metadata from the specified disk image. // // This API action is not supported by the Command Line Interface (CLI). For // information about using the Amazon EC2 CLI, which is deprecated, see Importing // a VM to Amazon EC2 (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2) // in the Amazon EC2 CLI Reference PDF file. // +// This API action supports only single-volume VMs. To import multi-volume VMs, +// use ImportImage instead. +// // For information about the import manifest referenced by this API action, // see VM Import Manifest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). // @@ -43417,6 +45305,96 @@ func (c *EC2) ListSnapshotsInRecycleBinPagesWithContext(ctx aws.Context, input * return p.Err() } +const opLockSnapshot = "LockSnapshot" + +// LockSnapshotRequest generates a "aws/request.Request" representing the +// client's request for the LockSnapshot operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See LockSnapshot for more information on using the LockSnapshot +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the LockSnapshotRequest method. +// req, resp := client.LockSnapshotRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LockSnapshot +func (c *EC2) LockSnapshotRequest(input *LockSnapshotInput) (req *request.Request, output *LockSnapshotOutput) { + op := &request.Operation{ + Name: opLockSnapshot, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &LockSnapshotInput{} + } + + output = &LockSnapshotOutput{} + req = c.newRequest(op, input, output) + return +} + +// LockSnapshot API operation for Amazon Elastic Compute Cloud. +// +// Locks an Amazon EBS snapshot in either governance or compliance mode to protect +// it against accidental or malicious deletions for a specific duration. A locked +// snapshot can't be deleted. +// +// You can also use this action to modify the lock settings for a snapshot that +// is already locked. The allowed modifications depend on the lock mode and +// lock state: +// +// - If the snapshot is locked in governance mode, you can modify the lock +// mode and the lock duration or lock expiration date. +// +// - If the snapshot is locked in compliance mode and it is in the cooling-off +// period, you can modify the lock mode and the lock duration or lock expiration +// date. +// +// - If the snapshot is locked in compliance mode and the cooling-off period +// has lapsed, you can only increase the lock duration or extend the lock +// expiration date. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation LockSnapshot for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LockSnapshot +func (c *EC2) LockSnapshot(input *LockSnapshotInput) (*LockSnapshotOutput, error) { + req, out := c.LockSnapshotRequest(input) + return out, req.Send() +} + +// LockSnapshotWithContext is the same as LockSnapshot with the addition of +// the ability to pass a context and additional request options. +// +// See LockSnapshot for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) LockSnapshotWithContext(ctx aws.Context, input *LockSnapshotInput, opts ...request.Option) (*LockSnapshotOutput, error) { + req, out := c.LockSnapshotRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyAddressAttribute = "ModifyAddressAttribute" // ModifyAddressAttributeRequest generates a "aws/request.Request" representing the @@ -44557,10 +46535,10 @@ func (c *EC2) ModifyInstanceAttributeRequest(input *ModifyInstanceAttributeInput // only one attribute at a time. // // Note: Using this action to change the security groups associated with an -// elastic network interface (ENI) attached to an instance in a VPC can result -// in an error if the instance has more than one ENI. To change the security -// groups associated with an ENI attached to an instance that has multiple ENIs, -// we recommend that you use the ModifyNetworkInterfaceAttribute action. +// elastic network interface (ENI) attached to an instance can result in an +// error if the instance has more than one ENI. To change the security groups +// associated with an ENI attached to an instance that has multiple ENIs, we +// recommend that you use the ModifyNetworkInterfaceAttribute action. // // To modify some attributes, the instance must be stopped. For more information, // see Modify a stopped instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html) @@ -45959,10 +47937,6 @@ func (c *EC2) ModifyReservedInstancesRequest(input *ModifyReservedInstancesInput // For more information, see Modifying Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) // in the Amazon EC2 User Guide. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -46913,7 +48887,8 @@ func (c *EC2) ModifyVerifiedAccessEndpointRequest(input *ModifyVerifiedAccessEnd // ModifyVerifiedAccessEndpoint API operation for Amazon Elastic Compute Cloud. // -// Modifies the configuration of an Amazon Web Services Verified Access endpoint. +// Modifies the configuration of the specified Amazon Web Services Verified +// Access endpoint. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -46986,7 +48961,7 @@ func (c *EC2) ModifyVerifiedAccessEndpointPolicyRequest(input *ModifyVerifiedAcc // ModifyVerifiedAccessEndpointPolicy API operation for Amazon Elastic Compute Cloud. // -// Modifies the specified Verified Access endpoint policy. +// Modifies the specified Amazon Web Services Verified Access endpoint policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -47059,7 +49034,7 @@ func (c *EC2) ModifyVerifiedAccessGroupRequest(input *ModifyVerifiedAccessGroupI // ModifyVerifiedAccessGroup API operation for Amazon Elastic Compute Cloud. // -// Modifies the specified Verified Access group configuration. +// Modifies the specified Amazon Web Services Verified Access group configuration. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -47132,7 +49107,7 @@ func (c *EC2) ModifyVerifiedAccessGroupPolicyRequest(input *ModifyVerifiedAccess // ModifyVerifiedAccessGroupPolicy API operation for Amazon Elastic Compute Cloud. // -// Modifies the specified Verified Access group policy. +// Modifies the specified Amazon Web Services Verified Access group policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -47205,7 +49180,8 @@ func (c *EC2) ModifyVerifiedAccessInstanceRequest(input *ModifyVerifiedAccessIns // ModifyVerifiedAccessInstance API operation for Amazon Elastic Compute Cloud. // -// Modifies the configuration of the specified Verified Access instance. +// Modifies the configuration of the specified Amazon Web Services Verified +// Access instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -48064,22 +50040,8 @@ func (c *EC2) ModifyVpcPeeringConnectionOptionsRequest(input *ModifyVpcPeeringCo // ModifyVpcPeeringConnectionOptions API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Modifies the VPC peering connection options on one side of a VPC peering -// connection. You can do the following: -// -// - Enable/disable communication over the peering connection between an -// EC2-Classic instance that's linked to your VPC (using ClassicLink) and -// instances in the peer VPC. -// -// - Enable/disable communication over the peering connection between instances -// in your VPC and an EC2-Classic instance that's linked to the peer VPC. -// -// - Enable/disable the ability to resolve public DNS hostnames to private -// IP addresses when queried from instances in the peer VPC. +// connection. // // If the peered VPCs are in the same Amazon Web Services account, you can enable // DNS resolution for queries from the local VPC. This ensures that queries @@ -48174,7 +50136,7 @@ func (c *EC2) ModifyVpcTenancyRequest(input *ModifyVpcTenancyInput) (req *reques // launch. The tenancy of any existing instances in the VPC is not affected. // // For more information, see Dedicated Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -48667,6 +50629,8 @@ func (c *EC2) MoveAddressToVpcRequest(input *MoveAddressToVpcInput) (req *reques // MoveAddressToVpc API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC // platform. The Elastic IP address must be allocated to your account for more // than 24 hours, and it must not be associated with an instance. After the @@ -48675,10 +50639,6 @@ func (c *EC2) MoveAddressToVpcRequest(input *MoveAddressToVpcInput) (req *reques // You cannot move an Elastic IP address that was originally allocated for use // in the EC2-VPC platform to the EC2-Classic platform. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -48875,6 +50835,83 @@ func (c *EC2) ProvisionByoipCidrWithContext(ctx aws.Context, input *ProvisionByo return out, req.Send() } +const opProvisionIpamByoasn = "ProvisionIpamByoasn" + +// ProvisionIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the ProvisionIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ProvisionIpamByoasn for more information on using the ProvisionIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ProvisionIpamByoasnRequest method. +// req, resp := client.ProvisionIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ProvisionIpamByoasn +func (c *EC2) ProvisionIpamByoasnRequest(input *ProvisionIpamByoasnInput) (req *request.Request, output *ProvisionIpamByoasnOutput) { + op := &request.Operation{ + Name: opProvisionIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ProvisionIpamByoasnInput{} + } + + output = &ProvisionIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// ProvisionIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Provisions your Autonomous System Number (ASN) for use in your Amazon Web +// Services account. This action requires authorization context for Amazon to +// bring the ASN to an Amazon Web Services account. For more information, see +// Tutorial: Bring your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ProvisionIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ProvisionIpamByoasn +func (c *EC2) ProvisionIpamByoasn(input *ProvisionIpamByoasnInput) (*ProvisionIpamByoasnOutput, error) { + req, out := c.ProvisionIpamByoasnRequest(input) + return out, req.Send() +} + +// ProvisionIpamByoasnWithContext is the same as ProvisionIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See ProvisionIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ProvisionIpamByoasnWithContext(ctx aws.Context, input *ProvisionIpamByoasnInput, opts ...request.Option) (*ProvisionIpamByoasnOutput, error) { + req, out := c.ProvisionIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opProvisionIpamPoolCidr = "ProvisionIpamPoolCidr" // ProvisionIpamPoolCidrRequest generates a "aws/request.Request" representing the @@ -49029,6 +51066,81 @@ func (c *EC2) ProvisionPublicIpv4PoolCidrWithContext(ctx aws.Context, input *Pro return out, req.Send() } +const opPurchaseCapacityBlock = "PurchaseCapacityBlock" + +// PurchaseCapacityBlockRequest generates a "aws/request.Request" representing the +// client's request for the PurchaseCapacityBlock operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PurchaseCapacityBlock for more information on using the PurchaseCapacityBlock +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PurchaseCapacityBlockRequest method. +// req, resp := client.PurchaseCapacityBlockRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseCapacityBlock +func (c *EC2) PurchaseCapacityBlockRequest(input *PurchaseCapacityBlockInput) (req *request.Request, output *PurchaseCapacityBlockOutput) { + op := &request.Operation{ + Name: opPurchaseCapacityBlock, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PurchaseCapacityBlockInput{} + } + + output = &PurchaseCapacityBlockOutput{} + req = c.newRequest(op, input, output) + return +} + +// PurchaseCapacityBlock API operation for Amazon Elastic Compute Cloud. +// +// Purchase the Capacity Block for use with your account. With Capacity Blocks +// you ensure GPU capacity is available for machine learning (ML) workloads. +// You must specify the ID of the Capacity Block offering you are purchasing. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation PurchaseCapacityBlock for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseCapacityBlock +func (c *EC2) PurchaseCapacityBlock(input *PurchaseCapacityBlockInput) (*PurchaseCapacityBlockOutput, error) { + req, out := c.PurchaseCapacityBlockRequest(input) + return out, req.Send() +} + +// PurchaseCapacityBlockWithContext is the same as PurchaseCapacityBlock with the addition of +// the ability to pass a context and additional request options. +// +// See PurchaseCapacityBlock for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) PurchaseCapacityBlockWithContext(ctx aws.Context, input *PurchaseCapacityBlockInput, opts ...request.Option) (*PurchaseCapacityBlockOutput, error) { + req, out := c.PurchaseCapacityBlockRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opPurchaseHostReservation = "PurchaseHostReservation" // PurchaseHostReservationRequest generates a "aws/request.Request" representing the @@ -49162,10 +51274,6 @@ func (c *EC2) PurchaseReservedInstancesOfferingRequest(input *PurchaseReservedIn // and Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) // in the Amazon EC2 User Guide. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -50145,13 +52253,9 @@ func (c *EC2) ReleaseAddressRequest(input *ReleaseAddressInput) (req *request.Re // // Releases the specified Elastic IP address. // -// [EC2-Classic, default VPC] Releasing an Elastic IP address automatically -// disassociates it from any instance that it's associated with. To disassociate -// an Elastic IP address without releasing it, use DisassociateAddress. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// [Default VPC] Releasing an Elastic IP address automatically disassociates +// it from any instance that it's associated with. To disassociate an Elastic +// IP address without releasing it, use DisassociateAddress. // // [Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic // IP address before you can release it. Otherwise, Amazon EC2 returns an error @@ -50163,11 +52267,8 @@ func (c *EC2) ReleaseAddressRequest(input *ReleaseAddressInput) (req *request.Re // already released, you'll get an AuthFailure error if the address is already // allocated to another Amazon Web Services account. // -// [EC2-VPC] After you release an Elastic IP address for use in a VPC, you might -// be able to recover it. For more information, see AllocateAddress. -// -// For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) -// in the Amazon Elastic Compute Cloud User Guide. +// After you release an Elastic IP address, you might be able to recover it. +// For more information, see AllocateAddress. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -50323,13 +52424,18 @@ func (c *EC2) ReleaseIpamPoolAllocationRequest(input *ReleaseIpamPoolAllocationI // ReleaseIpamPoolAllocation API operation for Amazon Elastic Compute Cloud. // -// Release an allocation within an IPAM pool. You can only use this action to -// release manual allocations. To remove an allocation for a resource without -// deleting the resource, set its monitored state to false using ModifyIpamResourceCidr +// Release an allocation within an IPAM pool. The Region you use should be the +// IPAM pool locale. The locale is the Amazon Web Services Region where this +// IPAM pool is available for allocations. You can only use this action to release +// manual allocations. To remove an allocation for a resource without deleting +// the resource, set its monitored state to false using ModifyIpamResourceCidr // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html). -// For more information, see Release an allocation (https://docs.aws.amazon.com/vpc/latest/ipam/release-pool-alloc-ipam.html) +// For more information, see Release an allocation (https://docs.aws.amazon.com/vpc/latest/ipam/release-alloc-ipam.html) // in the Amazon VPC IPAM User Guide. // +// All EC2 API actions follow an eventual consistency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/query-api-troubleshooting.html#eventual-consistency) +// model. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -50481,8 +52587,8 @@ func (c *EC2) ReplaceNetworkAclAssociationRequest(input *ReplaceNetworkAclAssoci // // Changes which network ACL a subnet is associated with. By default when you // create a subnet, it's automatically associated with the default network ACL. -// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // This is an idempotent operation. // @@ -50559,8 +52665,8 @@ func (c *EC2) ReplaceNetworkAclEntryRequest(input *ReplaceNetworkAclEntryInput) // ReplaceNetworkAclEntry API operation for Amazon Elastic Compute Cloud. // // Replaces an entry (rule) in a network ACL. For more information, see Network -// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in -// the Amazon Virtual Private Cloud User Guide. +// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -50641,7 +52747,7 @@ func (c *EC2) ReplaceRouteRequest(input *ReplaceRouteInput) (req *request.Reques // reset the local route to its default target. // // For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -50718,7 +52824,7 @@ func (c *EC2) ReplaceRouteTableAssociationRequest(input *ReplaceRouteTableAssoci // or virtual private gateway in a VPC. After the operation completes, the subnet // or gateway uses the routes in the new route table. For more information about // route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // You can also use this operation to change which table is the main route table // in the VPC. Specify the main route table's association ID and the route table @@ -50825,6 +52931,79 @@ func (c *EC2) ReplaceTransitGatewayRouteWithContext(ctx aws.Context, input *Repl return out, req.Send() } +const opReplaceVpnTunnel = "ReplaceVpnTunnel" + +// ReplaceVpnTunnelRequest generates a "aws/request.Request" representing the +// client's request for the ReplaceVpnTunnel operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ReplaceVpnTunnel for more information on using the ReplaceVpnTunnel +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ReplaceVpnTunnelRequest method. +// req, resp := client.ReplaceVpnTunnelRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceVpnTunnel +func (c *EC2) ReplaceVpnTunnelRequest(input *ReplaceVpnTunnelInput) (req *request.Request, output *ReplaceVpnTunnelOutput) { + op := &request.Operation{ + Name: opReplaceVpnTunnel, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ReplaceVpnTunnelInput{} + } + + output = &ReplaceVpnTunnelOutput{} + req = c.newRequest(op, input, output) + return +} + +// ReplaceVpnTunnel API operation for Amazon Elastic Compute Cloud. +// +// Trigger replacement of specified VPN tunnel. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ReplaceVpnTunnel for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceVpnTunnel +func (c *EC2) ReplaceVpnTunnel(input *ReplaceVpnTunnelInput) (*ReplaceVpnTunnelOutput, error) { + req, out := c.ReplaceVpnTunnelRequest(input) + return out, req.Send() +} + +// ReplaceVpnTunnelWithContext is the same as ReplaceVpnTunnel with the addition of +// the ability to pass a context and additional request options. +// +// See ReplaceVpnTunnel for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ReplaceVpnTunnelWithContext(ctx aws.Context, input *ReplaceVpnTunnelInput, opts ...request.Option) (*ReplaceVpnTunnelOutput, error) { + req, out := c.ReplaceVpnTunnelRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opReportInstanceStatus = "ReportInstanceStatus" // ReportInstanceStatusRequest generates a "aws/request.Request" representing the @@ -51060,10 +53239,6 @@ func (c *EC2) RequestSpotInstancesRequest(input *RequestSpotInstancesInput) (req // see Which is the best Spot request method to use? (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) // in the Amazon EC2 User Guide for Linux Instances. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon EC2 User Guide for Linux Instances. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -51672,15 +53847,13 @@ func (c *EC2) RestoreAddressToClassicRequest(input *RestoreAddressToClassicInput // RestoreAddressToClassic API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Restores an Elastic IP address that was previously moved to the EC2-VPC platform // back to the EC2-Classic platform. You cannot move an Elastic IP address that // was originally allocated for use in EC2-VPC. The Elastic IP address must // not be associated with an instance or network interface. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -52129,9 +54302,8 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI // RevokeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Removes the specified outbound (egress) rules from a security -// group for EC2-VPC. This action does not apply to security groups for use -// in EC2-Classic. +// Removes the specified outbound (egress) rules from the specified security +// group. // // You can specify rules using either rule IDs or security group rule properties. // If you use rule properties, the values that you specify (for example, ports) @@ -52142,7 +54314,7 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI // ICMP type and code. If the security group rule has a description, you do // not need to specify the description to revoke the rule. // -// [Default VPC] If the values you specify do not match the existing rule's +// For a default VPC, if the values you specify do not match the existing rule's // values, no error is returned, and the output describes the security group // rules that were not revoked. // @@ -52234,9 +54406,13 @@ func (c *EC2) RevokeSecurityGroupIngressRequest(input *RevokeSecurityGroupIngres // type and code. If the security group rule has a description, you do not need // to specify the description to revoke the rule. // -// [EC2-Classic, default VPC] If the values you specify do not match the existing -// rule's values, no error is returned, and the output describes the security -// group rules that were not revoked. +// For a default VPC, if the values you specify do not match the existing rule's +// values, no error is returned, and the output describes the security group +// rules that were not revoked. +// +// For a non-default VPC, if the values you specify do not match the existing +// rule's values, an InvalidPermission.NotFound client error is returned, and +// no rules are revoked. // // Amazon Web Services recommends that you describe the security group to verify // that the rules were removed. @@ -52244,10 +54420,6 @@ func (c *EC2) RevokeSecurityGroupIngressRequest(input *RevokeSecurityGroupIngres // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -52325,20 +54497,13 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques // You can specify a number of options, or leave the default options. The following // rules apply: // -// - [EC2-VPC] If you don't specify a subnet ID, we choose a default subnet -// from your default VPC for you. If you don't have a default VPC, you must -// specify a subnet ID in the request. +// - If you don't specify a subnet ID, we choose a default subnet from your +// default VPC for you. If you don't have a default VPC, you must specify +// a subnet ID in the request. // -// - [EC2-Classic] If don't specify an Availability Zone, we choose one for -// you. -// -// - Some instance types must be launched into a VPC. If you do not have -// a default VPC, or if you do not specify a subnet ID, the request fails. -// For more information, see Instance types available only in a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types). -// -// - [EC2-VPC] All instances have a network interface with a primary private -// IPv4 address. If you don't specify this address, we choose one from the -// IPv4 range of your subnet. +// - All instances have a network interface with a primary private IPv4 address. +// If you don't specify this address, we choose one from the IPv4 range of +// your subnet. // // - Not all instance types support IPv6 addresses. For more information, // see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html). @@ -52372,10 +54537,6 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html), // and Troubleshooting connecting to your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon EC2 User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -53283,8 +55444,8 @@ func (c *EC2) StopInstancesRequest(input *StopInstancesInput) (req *request.Requ // in the Amazon EC2 User Guide. // // You can use the Stop action to hibernate an instance if the instance is enabled -// for hibernation (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation) -// and it meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). +// for hibernation (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enabling-hibernation.html) +// and it meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon EC2 User Guide. // @@ -53747,17 +55908,17 @@ func (c *EC2) UnassignPrivateNatGatewayAddressRequest(input *UnassignPrivateNatG // Unassigns secondary private IPv4 addresses from a private NAT gateway. You // cannot unassign your primary private IP. For more information, see Edit secondary // IP address associations (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-edit-secondary) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // While unassigning is in progress, you cannot assign/unassign additional IP // addresses while the connections are being drained. You are, however, allowed // to delete the NAT gateway. // // A private IP address will only be released at the end of MaxDrainDurationSeconds. -// The private IP addresses stay associated and support the existing connections +// The private IP addresses stay associated and support the existing connections, // but do not support any new connections (new connections are distributed across // the remaining assigned private IP address). After the existing connections -// drain out, the private IP addresses get released. +// drain out, the private IP addresses are released. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -53787,6 +55948,81 @@ func (c *EC2) UnassignPrivateNatGatewayAddressWithContext(ctx aws.Context, input return out, req.Send() } +const opUnlockSnapshot = "UnlockSnapshot" + +// UnlockSnapshotRequest generates a "aws/request.Request" representing the +// client's request for the UnlockSnapshot operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UnlockSnapshot for more information on using the UnlockSnapshot +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UnlockSnapshotRequest method. +// req, resp := client.UnlockSnapshotRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnlockSnapshot +func (c *EC2) UnlockSnapshotRequest(input *UnlockSnapshotInput) (req *request.Request, output *UnlockSnapshotOutput) { + op := &request.Operation{ + Name: opUnlockSnapshot, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UnlockSnapshotInput{} + } + + output = &UnlockSnapshotOutput{} + req = c.newRequest(op, input, output) + return +} + +// UnlockSnapshot API operation for Amazon Elastic Compute Cloud. +// +// Unlocks a snapshot that is locked in governance mode or that is locked in +// compliance mode but still in the cooling-off period. You can't unlock a snapshot +// that is locked in compliance mode after the cooling-off period has expired. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation UnlockSnapshot for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnlockSnapshot +func (c *EC2) UnlockSnapshot(input *UnlockSnapshotInput) (*UnlockSnapshotOutput, error) { + req, out := c.UnlockSnapshotRequest(input) + return out, req.Send() +} + +// UnlockSnapshotWithContext is the same as UnlockSnapshot with the addition of +// the ability to pass a context and additional request options. +// +// See UnlockSnapshot for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) UnlockSnapshotWithContext(ctx aws.Context, input *UnlockSnapshotInput, opts ...request.Option) (*UnlockSnapshotOutput, error) { + req, out := c.UnlockSnapshotRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opUnmonitorInstances = "UnmonitorInstances" // UnmonitorInstancesRequest generates a "aws/request.Request" representing the @@ -53905,10 +56141,10 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsEgressRequest(input *UpdateSecu // UpdateSecurityGroupRuleDescriptionsEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Updates the description of an egress (outbound) security group -// rule. You can replace an existing description, or add a description to a -// rule that did not have one previously. You can remove a description for a -// security group rule by omitting the description parameter in the request. +// Updates the description of an egress (outbound) security group rule. You +// can replace an existing description, or add a description to a rule that +// did not have one previously. You can remove a description for a security +// group rule by omitting the description parameter in the request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -55393,15 +57629,34 @@ func (s *AddedPrincipal) SetServicePermissionId(v string) *AddedPrincipal { return s } -// Describes an additional detail for a path analysis. +// Describes an additional detail for a path analysis. For more information, +// see Reachability Analyzer additional detail codes (https://docs.aws.amazon.com/vpc/latest/reachability/additional-detail-codes.html). type AdditionalDetail struct { _ struct{} `type:"structure"` - // The information type. + // The additional detail code. AdditionalDetailType *string `locationName:"additionalDetailType" type:"string"` // The path component. Component *AnalysisComponent `locationName:"component" type:"structure"` + + // The load balancers. + LoadBalancers []*AnalysisComponent `locationName:"loadBalancerSet" locationNameList:"item" type:"list"` + + // The rule options. + RuleGroupRuleOptionsPairs []*RuleGroupRuleOptionsPair `locationName:"ruleGroupRuleOptionsPairSet" locationNameList:"item" type:"list"` + + // The rule group type. + RuleGroupTypePairs []*RuleGroupTypePair `locationName:"ruleGroupTypePairSet" locationNameList:"item" type:"list"` + + // The rule options. + RuleOptions []*RuleOption `locationName:"ruleOptionSet" locationNameList:"item" type:"list"` + + // The name of the VPC endpoint service. + ServiceName *string `locationName:"serviceName" type:"string"` + + // The VPC endpoint service. + VpcEndpointService *AnalysisComponent `locationName:"vpcEndpointService" type:"structure"` } // String returns the string representation. @@ -55434,15 +57689,50 @@ func (s *AdditionalDetail) SetComponent(v *AnalysisComponent) *AdditionalDetail return s } +// SetLoadBalancers sets the LoadBalancers field's value. +func (s *AdditionalDetail) SetLoadBalancers(v []*AnalysisComponent) *AdditionalDetail { + s.LoadBalancers = v + return s +} + +// SetRuleGroupRuleOptionsPairs sets the RuleGroupRuleOptionsPairs field's value. +func (s *AdditionalDetail) SetRuleGroupRuleOptionsPairs(v []*RuleGroupRuleOptionsPair) *AdditionalDetail { + s.RuleGroupRuleOptionsPairs = v + return s +} + +// SetRuleGroupTypePairs sets the RuleGroupTypePairs field's value. +func (s *AdditionalDetail) SetRuleGroupTypePairs(v []*RuleGroupTypePair) *AdditionalDetail { + s.RuleGroupTypePairs = v + return s +} + +// SetRuleOptions sets the RuleOptions field's value. +func (s *AdditionalDetail) SetRuleOptions(v []*RuleOption) *AdditionalDetail { + s.RuleOptions = v + return s +} + +// SetServiceName sets the ServiceName field's value. +func (s *AdditionalDetail) SetServiceName(v string) *AdditionalDetail { + s.ServiceName = &v + return s +} + +// SetVpcEndpointService sets the VpcEndpointService field's value. +func (s *AdditionalDetail) SetVpcEndpointService(v *AnalysisComponent) *AdditionalDetail { + s.VpcEndpointService = v + return s +} + // Describes an Elastic IP address, or a carrier IP address. type Address struct { _ struct{} `type:"structure"` - // The ID representing the allocation of the address for use with EC2-VPC. + // The ID representing the allocation of the address. AllocationId *string `locationName:"allocationId" type:"string"` - // The ID representing the association of the address with an instance in a - // VPC. + // The ID representing the association of the address with an instance. AssociationId *string `locationName:"associationId" type:"string"` // The carrier IP address associated. This option is only available for network @@ -55456,8 +57746,7 @@ type Address struct { // The ID of the customer-owned address pool. CustomerOwnedIpv4Pool *string `locationName:"customerOwnedIpv4Pool" type:"string"` - // Indicates whether this Elastic IP address is for use with instances in EC2-Classic - // (standard) or instances in a VPC (vpc). + // The network (vpc). Domain *string `locationName:"domain" type:"string" enum:"DomainType"` // The ID of the instance that the address is associated with (if any). @@ -55732,6 +58021,9 @@ func (s *AddressTransfer) SetTransferOfferExpirationTimestamp(v time.Time) *Addr type AdvertiseByoipCidrInput struct { _ struct{} `type:"structure"` + // The public 2-byte or 4-byte ASN that you want to advertise. + Asn *string `type:"string"` + // The address range, in CIDR notation. This must be the exact range that you // provisioned. You can't advertise only a portion of the provisioned range. // @@ -55743,6 +58035,25 @@ type AdvertiseByoipCidrInput struct { // the required permissions, the error response is DryRunOperation. Otherwise, // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + + // If you have Local Zones (https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html) + // enabled, you can choose a network border group for Local Zones when you provision + // and advertise a BYOIPv4 CIDR. Choose the network border group carefully as + // the EIP and the Amazon Web Services resource it is associated with must reside + // in the same network border group. + // + // You can provision BYOIP address ranges to and advertise them in the following + // Local Zone network border groups: + // + // * us-east-1-dfw-2 + // + // * us-west-2-lax-1 + // + // * us-west-2-phx-2 + // + // You cannot provision or advertise BYOIPv6 address ranges in Local Zones at + // this time. + NetworkBorderGroup *string `type:"string"` } // String returns the string representation. @@ -55776,6 +58087,12 @@ func (s *AdvertiseByoipCidrInput) Validate() error { return nil } +// SetAsn sets the Asn field's value. +func (s *AdvertiseByoipCidrInput) SetAsn(v string) *AdvertiseByoipCidrInput { + s.Asn = &v + return s +} + // SetCidr sets the Cidr field's value. func (s *AdvertiseByoipCidrInput) SetCidr(v string) *AdvertiseByoipCidrInput { s.Cidr = &v @@ -55788,6 +58105,12 @@ func (s *AdvertiseByoipCidrInput) SetDryRun(v bool) *AdvertiseByoipCidrInput { return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *AdvertiseByoipCidrInput) SetNetworkBorderGroup(v string) *AdvertiseByoipCidrInput { + s.NetworkBorderGroup = &v + return s +} + type AdvertiseByoipCidrOutput struct { _ struct{} `type:"structure"` @@ -55822,8 +58145,7 @@ func (s *AdvertiseByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *AdvertiseByoipCid type AllocateAddressInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address - // pool. + // The Elastic IP address to recover or an IPv4 address from an address pool. Address *string `type:"string"` // The ID of a customer-owned address pool. Use this parameter to let Amazon @@ -55831,11 +58153,7 @@ type AllocateAddressInput struct { // address from the address pool. CustomerOwnedIpv4Pool *string `type:"string"` - // Indicates whether the Elastic IP address is for use with instances in a VPC - // or instances in EC2-Classic. - // - // Default: If the Region supports EC2-Classic, the default is standard. Otherwise, - // the default is vpc. + // The network (vpc). Domain *string `type:"string" enum:"DomainType"` // Checks whether you have the required permissions for the action, without @@ -55851,9 +58169,6 @@ type AllocateAddressInput struct { // // Use DescribeAvailabilityZones (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) // to view the network border groups. - // - // You cannot use a network border group with EC2 Classic. If you attempt this - // operation on EC2 Classic, you receive an InvalidParameterCombination error. NetworkBorderGroup *string `type:"string"` // The ID of an address pool that you own. Use this parameter to let Amazon @@ -55928,12 +58243,11 @@ func (s *AllocateAddressInput) SetTagSpecifications(v []*TagSpecification) *Allo type AllocateAddressOutput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation - // of the Elastic IP address for use with instances in a VPC. + // The ID that represents the allocation of the Elastic IP address. AllocationId *string `locationName:"allocationId" type:"string"` // The carrier IP address. This option is only available for network interfaces - // which reside in a subnet in a Wavelength Zone (for example an EC2 instance). + // that reside in a subnet in a Wavelength Zone. CarrierIp *string `locationName:"carrierIp" type:"string"` // The customer-owned IP address. @@ -55942,8 +58256,7 @@ type AllocateAddressOutput struct { // The ID of the customer-owned address pool. CustomerOwnedIpv4Pool *string `locationName:"customerOwnedIpv4Pool" type:"string"` - // Indicates whether the Elastic IP address is for use with instances in a VPC - // (vpc) or instances in EC2-Classic (standard). + // The network (vpc). Domain *string `locationName:"domain" type:"string" enum:"DomainType"` // The set of Availability Zones, Local Zones, or Wavelength Zones from which @@ -56026,6 +58339,19 @@ func (s *AllocateAddressOutput) SetPublicIpv4Pool(v string) *AllocateAddressOutp type AllocateHostsInput struct { _ struct{} `type:"structure"` + // The IDs of the Outpost hardware assets on which to allocate the Dedicated + // Hosts. Targeting specific hardware assets on an Outpost can help to minimize + // latency between your workloads. This parameter is supported only if you specify + // OutpostArn. If you are allocating the Dedicated Hosts in a Region, omit this + // parameter. + // + // * If you specify this parameter, you can omit Quantity. In this case, + // Amazon EC2 allocates a Dedicated Host on each specified hardware asset. + // + // * If you specify both AssetIds and Quantity, then the value for Quantity + // must be equal to the number of asset IDs specified. + AssetIds []*string `locationName:"AssetId" type:"list"` + // Indicates whether the host accepts any untargeted instance launches that // match its instance type configuration, or if it only accepts Host tenancy // instance launches that specify its unique host ID. For more information, @@ -56076,13 +58402,19 @@ type AllocateHostsInput struct { InstanceType *string `locationName:"instanceType" type:"string"` // The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which - // to allocate the Dedicated Host. + // to allocate the Dedicated Host. If you specify OutpostArn, you can optionally + // specify AssetIds. + // + // If you are allocating the Dedicated Host in a Region, omit this parameter. OutpostArn *string `type:"string"` // The number of Dedicated Hosts to allocate to your account with these parameters. - // - // Quantity is a required field - Quantity *int64 `locationName:"quantity" type:"integer" required:"true"` + // If you are allocating the Dedicated Hosts on an Outpost, and you specify + // AssetIds, you can omit this parameter. In this case, Amazon EC2 allocates + // a Dedicated Host on each specified hardware asset. If you specify both AssetIds + // and Quantity, then the value that you specify for Quantity must be equal + // to the number of asset IDs specified. + Quantity *int64 `locationName:"quantity" type:"integer"` // The tags to apply to the Dedicated Host during creation. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` @@ -56112,9 +58444,6 @@ func (s *AllocateHostsInput) Validate() error { if s.AvailabilityZone == nil { invalidParams.Add(request.NewErrParamRequired("AvailabilityZone")) } - if s.Quantity == nil { - invalidParams.Add(request.NewErrParamRequired("Quantity")) - } if invalidParams.Len() > 0 { return invalidParams @@ -56122,6 +58451,12 @@ func (s *AllocateHostsInput) Validate() error { return nil } +// SetAssetIds sets the AssetIds field's value. +func (s *AllocateHostsInput) SetAssetIds(v []*string) *AllocateHostsInput { + s.AssetIds = v + return s +} + // SetAutoPlacement sets the AutoPlacement field's value. func (s *AllocateHostsInput) SetAutoPlacement(v string) *AllocateHostsInput { s.AutoPlacement = &v @@ -56218,6 +58553,10 @@ func (s *AllocateHostsOutput) SetHostIds(v []*string) *AllocateHostsOutput { type AllocateIpamPoolCidrInput struct { _ struct{} `type:"structure"` + // Include a particular CIDR range that can be returned by the pool. Allowed + // CIDRs are only allowed if using netmask length for allocation. + AllowedCidrs []*string `locationName:"AllowedCidr" locationNameList:"item" type:"list"` + // The CIDR you would like to allocate from the IPAM pool. Note the following: // // * If there is no DefaultNetmaskLength allocation rule set on the pool, @@ -56301,6 +58640,12 @@ func (s *AllocateIpamPoolCidrInput) Validate() error { return nil } +// SetAllowedCidrs sets the AllowedCidrs field's value. +func (s *AllocateIpamPoolCidrInput) SetAllowedCidrs(v []*string) *AllocateIpamPoolCidrInput { + s.AllowedCidrs = v + return s +} + // SetCidr sets the Cidr field's value. func (s *AllocateIpamPoolCidrInput) SetCidr(v string) *AllocateIpamPoolCidrInput { s.Cidr = &v @@ -56790,6 +59135,12 @@ func (s *AnalysisPacketHeader) SetSourcePortRanges(v []*PortRange) *AnalysisPack type AnalysisRouteTableRoute struct { _ struct{} `type:"structure"` + // The ID of a carrier gateway. + CarrierGatewayId *string `locationName:"carrierGatewayId" type:"string"` + + // The Amazon Resource Name (ARN) of a core network. + CoreNetworkArn *string `locationName:"coreNetworkArn" min:"1" type:"string"` + // The destination IPv4 address, in CIDR notation. DestinationCidr *string `locationName:"destinationCidr" type:"string"` @@ -56805,6 +59156,9 @@ type AnalysisRouteTableRoute struct { // The ID of the instance, such as a NAT instance. InstanceId *string `locationName:"instanceId" type:"string"` + // The ID of a local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + // The ID of a NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` @@ -56853,6 +59207,18 @@ func (s AnalysisRouteTableRoute) GoString() string { return s.String() } +// SetCarrierGatewayId sets the CarrierGatewayId field's value. +func (s *AnalysisRouteTableRoute) SetCarrierGatewayId(v string) *AnalysisRouteTableRoute { + s.CarrierGatewayId = &v + return s +} + +// SetCoreNetworkArn sets the CoreNetworkArn field's value. +func (s *AnalysisRouteTableRoute) SetCoreNetworkArn(v string) *AnalysisRouteTableRoute { + s.CoreNetworkArn = &v + return s +} + // SetDestinationCidr sets the DestinationCidr field's value. func (s *AnalysisRouteTableRoute) SetDestinationCidr(v string) *AnalysisRouteTableRoute { s.DestinationCidr = &v @@ -56883,6 +59249,12 @@ func (s *AnalysisRouteTableRoute) SetInstanceId(v string) *AnalysisRouteTableRou return s } +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *AnalysisRouteTableRoute) SetLocalGatewayId(v string) *AnalysisRouteTableRoute { + s.LocalGatewayId = &v + return s +} + // SetNatGatewayId sets the NatGatewayId field's value. func (s *AnalysisRouteTableRoute) SetNatGatewayId(v string) *AnalysisRouteTableRoute { s.NatGatewayId = &v @@ -57118,6 +59490,130 @@ func (s *ApplySecurityGroupsToClientVpnTargetNetworkOutput) SetSecurityGroupIds( return s } +// An Autonomous System Number (ASN) and BYOIP CIDR association. +type AsnAssociation struct { + _ struct{} `type:"structure"` + + // The association's ASN. + Asn *string `locationName:"asn" type:"string"` + + // The association's CIDR. + Cidr *string `locationName:"cidr" type:"string"` + + // The association's state. + State *string `locationName:"state" type:"string" enum:"AsnAssociationState"` + + // The association's status message. + StatusMessage *string `locationName:"statusMessage" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsnAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsnAssociation) GoString() string { + return s.String() +} + +// SetAsn sets the Asn field's value. +func (s *AsnAssociation) SetAsn(v string) *AsnAssociation { + s.Asn = &v + return s +} + +// SetCidr sets the Cidr field's value. +func (s *AsnAssociation) SetCidr(v string) *AsnAssociation { + s.Cidr = &v + return s +} + +// SetState sets the State field's value. +func (s *AsnAssociation) SetState(v string) *AsnAssociation { + s.State = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *AsnAssociation) SetStatusMessage(v string) *AsnAssociation { + s.StatusMessage = &v + return s +} + +// Provides authorization for Amazon to bring an Autonomous System Number (ASN) +// to a specific Amazon Web Services account using bring your own ASN (BYOASN). +// For details on the format of the message and signature, see Tutorial: Bring +// your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +type AsnAuthorizationContext struct { + _ struct{} `type:"structure"` + + // The authorization context's message. + // + // Message is a required field + Message *string `type:"string" required:"true"` + + // The authorization context's signature. + // + // Signature is a required field + Signature *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsnAuthorizationContext) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsnAuthorizationContext) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AsnAuthorizationContext) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AsnAuthorizationContext"} + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) + } + if s.Signature == nil { + invalidParams.Add(request.NewErrParamRequired("Signature")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMessage sets the Message field's value. +func (s *AsnAuthorizationContext) SetMessage(v string) *AsnAuthorizationContext { + s.Message = &v + return s +} + +// SetSignature sets the Signature field's value. +func (s *AsnAuthorizationContext) SetSignature(v string) *AsnAuthorizationContext { + s.Signature = &v + return s +} + type AssignIpv6AddressesInput struct { _ struct{} `type:"structure"` @@ -57418,7 +59914,7 @@ type AssignPrivateNatGatewayAddressInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The NAT gateway ID. + // The ID of the NAT gateway. // // NatGatewayId is a required field NatGatewayId *string `type:"string" required:"true"` @@ -57495,7 +59991,7 @@ type AssignPrivateNatGatewayAddressOutput struct { // NAT gateway IP addresses. NatGatewayAddresses []*NatGatewayAddress `locationName:"natGatewayAddressSet" locationNameList:"item" type:"list"` - // The NAT gateway ID. + // The ID of the NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` } @@ -57564,15 +60060,11 @@ func (s *AssignedPrivateIpAddress) SetPrivateIpAddress(v string) *AssignedPrivat type AssociateAddressInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The allocation ID. This is required for EC2-VPC. + // The allocation ID. This is required. AllocationId *string `type:"string"` - // [EC2-VPC] For a VPC in an EC2-Classic account, specify true to allow an Elastic - // IP address that is already associated with an instance or network interface - // to be reassociated with the specified instance or network interface. Otherwise, - // the operation fails. In a VPC in an EC2-VPC-only account, reassociation is - // automatic, therefore you can specify false to ensure the operation fails - // if the Elastic IP address is already associated with another resource. + // Reassociation is automatic, but you can specify false to ensure the operation + // fails if the Elastic IP address is already associated with another resource. AllowReassociation *bool `locationName:"allowReassociation" type:"boolean"` // Checks whether you have the required permissions for the action, without @@ -57582,25 +60074,23 @@ type AssociateAddressInput struct { DryRun *bool `locationName:"dryRun" type:"boolean"` // The ID of the instance. The instance must have exactly one attached network - // interface. For EC2-VPC, you can specify either the instance ID or the network - // interface ID, but not both. For EC2-Classic, you must specify an instance - // ID and the instance must be in the running state. + // interface. You can specify either the instance ID or the network interface + // ID, but not both. InstanceId *string `type:"string"` - // [EC2-VPC] The ID of the network interface. If the instance has more than - // one network interface, you must specify a network interface ID. + // The ID of the network interface. If the instance has more than one network + // interface, you must specify a network interface ID. // - // For EC2-VPC, you can specify either the instance ID or the network interface - // ID, but not both. + // You can specify either the instance ID or the network interface ID, but not + // both. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` - // [EC2-VPC] The primary or secondary private IP address to associate with the - // Elastic IP address. If no private IP address is specified, the Elastic IP - // address is associated with the primary private IP address. + // The primary or secondary private IP address to associate with the Elastic + // IP address. If no private IP address is specified, the Elastic IP address + // is associated with the primary private IP address. PrivateIpAddress *string `locationName:"privateIpAddress" type:"string"` - // [EC2-Classic] The Elastic IP address to associate with the instance. This - // is required for EC2-Classic. + // Deprecated. PublicIp *string `type:"string"` } @@ -57667,8 +60157,8 @@ func (s *AssociateAddressInput) SetPublicIp(v string) *AssociateAddressInput { type AssociateAddressOutput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The ID that represents the association of the Elastic IP address - // with an instance. + // The ID that represents the association of the Elastic IP address with an + // instance. AssociationId *string `locationName:"associationId" type:"string"` } @@ -58230,6 +60720,109 @@ func (s *AssociateInstanceEventWindowOutput) SetInstanceEventWindow(v *InstanceE return s } +type AssociateIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // A public 2-byte or 4-byte ASN. + // + // Asn is a required field + Asn *string `type:"string" required:"true"` + + // The BYOIP CIDR you want to associate with an ASN. + // + // Cidr is a required field + Cidr *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateIpamByoasnInput"} + if s.Asn == nil { + invalidParams.Add(request.NewErrParamRequired("Asn")) + } + if s.Cidr == nil { + invalidParams.Add(request.NewErrParamRequired("Cidr")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsn sets the Asn field's value. +func (s *AssociateIpamByoasnInput) SetAsn(v string) *AssociateIpamByoasnInput { + s.Asn = &v + return s +} + +// SetCidr sets the Cidr field's value. +func (s *AssociateIpamByoasnInput) SetCidr(v string) *AssociateIpamByoasnInput { + s.Cidr = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *AssociateIpamByoasnInput) SetDryRun(v bool) *AssociateIpamByoasnInput { + s.DryRun = &v + return s +} + +type AssociateIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // The ASN and BYOIP CIDR association. + AsnAssociation *AsnAssociation `locationName:"asnAssociation" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetAsnAssociation sets the AsnAssociation field's value. +func (s *AssociateIpamByoasnOutput) SetAsnAssociation(v *AsnAssociation) *AssociateIpamByoasnOutput { + s.AsnAssociation = v + return s +} + type AssociateIpamResourceDiscoveryInput struct { _ struct{} `type:"structure"` @@ -58366,7 +60959,7 @@ type AssociateNatGatewayAddressInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The NAT gateway ID. + // The ID of the NAT gateway. // // NatGatewayId is a required field NatGatewayId *string `type:"string" required:"true"` @@ -58439,7 +61032,7 @@ type AssociateNatGatewayAddressOutput struct { // The IP addresses. NatGatewayAddresses []*NatGatewayAddress `locationName:"natGatewayAddressSet" locationNameList:"item" type:"list"` - // The NAT gateway ID. + // The ID of the NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` } @@ -58593,10 +61186,14 @@ func (s *AssociateRouteTableOutput) SetAssociationState(v *RouteTableAssociation type AssociateSubnetCidrBlockInput struct { _ struct{} `type:"structure"` - // The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length. - // - // Ipv6CidrBlock is a required field - Ipv6CidrBlock *string `locationName:"ipv6CidrBlock" type:"string" required:"true"` + // The IPv6 CIDR block for your subnet. + Ipv6CidrBlock *string `locationName:"ipv6CidrBlock" type:"string"` + + // An IPv6 IPAM pool ID. + Ipv6IpamPoolId *string `type:"string"` + + // An IPv6 netmask length. + Ipv6NetmaskLength *int64 `type:"integer"` // The ID of your subnet. // @@ -58625,9 +61222,6 @@ func (s AssociateSubnetCidrBlockInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *AssociateSubnetCidrBlockInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "AssociateSubnetCidrBlockInput"} - if s.Ipv6CidrBlock == nil { - invalidParams.Add(request.NewErrParamRequired("Ipv6CidrBlock")) - } if s.SubnetId == nil { invalidParams.Add(request.NewErrParamRequired("SubnetId")) } @@ -58644,6 +61238,18 @@ func (s *AssociateSubnetCidrBlockInput) SetIpv6CidrBlock(v string) *AssociateSub return s } +// SetIpv6IpamPoolId sets the Ipv6IpamPoolId field's value. +func (s *AssociateSubnetCidrBlockInput) SetIpv6IpamPoolId(v string) *AssociateSubnetCidrBlockInput { + s.Ipv6IpamPoolId = &v + return s +} + +// SetIpv6NetmaskLength sets the Ipv6NetmaskLength field's value. +func (s *AssociateSubnetCidrBlockInput) SetIpv6NetmaskLength(v int64) *AssociateSubnetCidrBlockInput { + s.Ipv6NetmaskLength = &v + return s +} + // SetSubnetId sets the SubnetId field's value. func (s *AssociateSubnetCidrBlockInput) SetSubnetId(v string) *AssociateSubnetCidrBlockInput { s.SubnetId = &v @@ -59162,7 +61768,7 @@ type AssociateVpcCidrBlockInput struct { _ struct{} `type:"structure"` // Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for - // the VPC. You cannot specify the range of IPv6 addresses, or the size of the + // the VPC. You cannot specify the range of IPv6 addresses or the size of the // CIDR block. AmazonProvidedIpv6CidrBlock *bool `locationName:"amazonProvidedIpv6CidrBlock" type:"boolean"` @@ -59586,18 +62192,18 @@ type AttachClassicLinkVpcInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The ID of one or more of the VPC's security groups. You cannot specify security - // groups from a different VPC. + // The IDs of the security groups. You cannot specify security groups from a + // different VPC. // // Groups is a required field Groups []*string `locationName:"SecurityGroupId" locationNameList:"groupId" type:"list" required:"true"` - // The ID of an EC2-Classic instance to link to the ClassicLink-enabled VPC. + // The ID of the EC2-Classic instance. // // InstanceId is a required field InstanceId *string `locationName:"instanceId" type:"string" required:"true"` - // The ID of a ClassicLink-enabled VPC. + // The ID of the ClassicLink-enabled VPC. // // VpcId is a required field VpcId *string `locationName:"vpcId" type:"string" required:"true"` @@ -59952,12 +62558,12 @@ type AttachVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field VerifiedAccessTrustProviderId *string `type:"string" required:"true"` @@ -60024,10 +62630,10 @@ func (s *AttachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type AttachVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -60253,16 +62859,25 @@ func (s *AttachVpnGatewayOutput) SetVpcAttachment(v *VpcAttachment) *AttachVpnGa return s } -// Describes the ENA Express configuration for the network interface that's -// attached to the instance. +// ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology +// to increase the maximum bandwidth used per stream and minimize tail latency +// of network traffic between EC2 instances. With ENA Express, you can communicate +// between two EC2 instances in the same subnet within the same account, or +// in different accounts. Both sending and receiving instances must have ENA +// Express enabled. +// +// To improve the reliability of network packet delivery, ENA Express reorders +// network packets on the receiving end by default. However, some UDP-based +// applications are designed to handle network packets that are out of order +// to reduce the overhead for packet delivery at the network layer. When ENA +// Express is enabled, you can specify whether UDP network traffic uses it. type AttachmentEnaSrdSpecification struct { _ struct{} `type:"structure"` - // Indicates whether ENA Express is enabled for the network interface that's - // attached to the instance. + // Indicates whether ENA Express is enabled for the network interface. EnaSrdEnabled *bool `locationName:"enaSrdEnabled" type:"boolean"` - // ENA Express configuration for UDP network traffic. + // Configures ENA Express for UDP network traffic. EnaSrdUdpSpecification *AttachmentEnaSrdUdpSpecification `locationName:"enaSrdUdpSpecification" type:"structure"` } @@ -60296,8 +62911,12 @@ func (s *AttachmentEnaSrdSpecification) SetEnaSrdUdpSpecification(v *AttachmentE return s } -// Describes the ENA Express configuration for UDP traffic on the network interface -// that's attached to the instance. +// ENA Express is compatible with both TCP and UDP transport protocols. When +// it's enabled, TCP traffic automatically uses it. However, some UDP-based +// applications are designed to handle network packets that are out of order, +// without a need for retransmission, such as live video broadcasting or other +// near-real-time applications. For UDP traffic, you can specify whether to +// use ENA Express, based on your application environment needs. type AttachmentEnaSrdUdpSpecification struct { _ struct{} `type:"structure"` @@ -60822,10 +63441,9 @@ type AuthorizeSecurityGroupIngressInput struct { // VPC, you must specify the security group ID. GroupId *string `type:"string"` - // [EC2-Classic, default VPC] The name of the security group. You must specify - // either the security group ID or the security group name in the request. For - // security groups in a nondefault VPC, you must specify the security group - // ID. + // [Default VPC] The name of the security group. You must specify either the + // security group ID or the security group name in the request. For security + // groups in a nondefault VPC, you must specify the security group ID. GroupName *string `type:"string"` // The sets of IP permissions. @@ -60834,24 +63452,23 @@ type AuthorizeSecurityGroupIngressInput struct { // The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). // To specify icmpv6, use a set of IP permissions. // - // [VPC only] Use -1 to specify all protocols. If you specify -1 or a protocol - // other than tcp, udp, or icmp, traffic on all ports is allowed, regardless - // of any ports you specify. + // Use -1 to specify all protocols. If you specify -1 or a protocol other than + // tcp, udp, or icmp, traffic on all ports is allowed, regardless of any ports + // you specify. // // Alternatively, use a set of IP permissions to specify multiple rules and // a description for the rule. IpProtocol *string `type:"string"` - // [EC2-Classic, default VPC] The name of the source security group. You can't - // specify this parameter in combination with the following parameters: the - // CIDR IP address range, the start of the port range, the IP protocol, and - // the end of the port range. Creates rules that grant full ICMP, UDP, and TCP - // access. To create a rule with a specific IP protocol and port range, use - // a set of IP permissions instead. For EC2-VPC, the source security group must - // be in the same VPC. + // [Default VPC] The name of the source security group. You can't specify this + // parameter in combination with the following parameters: the CIDR IP address + // range, the start of the port range, the IP protocol, and the end of the port + // range. Creates rules that grant full ICMP, UDP, and TCP access. To create + // a rule with a specific IP protocol and port range, use a set of IP permissions + // instead. The source security group must be in the same VPC. SourceSecurityGroupName *string `type:"string"` - // [nondefault VPC] The Amazon Web Services account ID for the source security + // [Nondefault VPC] The Amazon Web Services account ID for the source security // group, if the source security group is in a different account. You can't // specify this parameter in combination with the following parameters: the // CIDR IP address range, the IP protocol, the start of the port range, and @@ -61653,17 +64270,98 @@ func (s *BundleTaskError) SetMessage(v string) *BundleTaskError { return s } +// The Autonomous System Number (ASN) and BYOIP CIDR association. +type Byoasn struct { + _ struct{} `type:"structure"` + + // A public 2-byte or 4-byte ASN. + Asn *string `locationName:"asn" type:"string"` + + // An IPAM ID. + IpamId *string `locationName:"ipamId" type:"string"` + + // The provisioning state of the BYOASN. + State *string `locationName:"state" type:"string" enum:"AsnState"` + + // The status message. + StatusMessage *string `locationName:"statusMessage" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Byoasn) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Byoasn) GoString() string { + return s.String() +} + +// SetAsn sets the Asn field's value. +func (s *Byoasn) SetAsn(v string) *Byoasn { + s.Asn = &v + return s +} + +// SetIpamId sets the IpamId field's value. +func (s *Byoasn) SetIpamId(v string) *Byoasn { + s.IpamId = &v + return s +} + +// SetState sets the State field's value. +func (s *Byoasn) SetState(v string) *Byoasn { + s.State = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *Byoasn) SetStatusMessage(v string) *Byoasn { + s.StatusMessage = &v + return s +} + // Information about an address range that is provisioned for use with your // Amazon Web Services resources through bring your own IP addresses (BYOIP). type ByoipCidr struct { _ struct{} `type:"structure"` + // The BYOIP CIDR associations with ASNs. + AsnAssociations []*AsnAssociation `locationName:"asnAssociationSet" locationNameList:"item" type:"list"` + // The address range, in CIDR notation. Cidr *string `locationName:"cidr" type:"string"` // The description of the address range. Description *string `locationName:"description" type:"string"` + // If you have Local Zones (https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html) + // enabled, you can choose a network border group for Local Zones when you provision + // and advertise a BYOIPv4 CIDR. Choose the network border group carefully as + // the EIP and the Amazon Web Services resource it is associated with must reside + // in the same network border group. + // + // You can provision BYOIP address ranges to and advertise them in the following + // Local Zone network border groups: + // + // * us-east-1-dfw-2 + // + // * us-west-2-lax-1 + // + // * us-west-2-phx-2 + // + // You cannot provision or advertise BYOIPv6 address ranges in Local Zones at + // this time. + NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` + // The state of the address pool. State *string `locationName:"state" type:"string" enum:"ByoipCidrState"` @@ -61690,6 +64388,12 @@ func (s ByoipCidr) GoString() string { return s.String() } +// SetAsnAssociations sets the AsnAssociations field's value. +func (s *ByoipCidr) SetAsnAssociations(v []*AsnAssociation) *ByoipCidr { + s.AsnAssociations = v + return s +} + // SetCidr sets the Cidr field's value. func (s *ByoipCidr) SetCidr(v string) *ByoipCidr { s.Cidr = &v @@ -61702,6 +64406,12 @@ func (s *ByoipCidr) SetDescription(v string) *ByoipCidr { return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *ByoipCidr) SetNetworkBorderGroup(v string) *ByoipCidr { + s.NetworkBorderGroup = &v + return s +} + // SetState sets the State field's value. func (s *ByoipCidr) SetState(v string) *ByoipCidr { s.State = &v @@ -62126,7 +64836,8 @@ func (s CancelConversionTaskOutput) GoString() string { type CancelExportTaskInput struct { _ struct{} `type:"structure"` - // The ID of the export task. This is the ID returned by CreateInstanceExportTask. + // The ID of the export task. This is the ID returned by the CreateInstanceExportTask + // and ExportImage operations. // // ExportTaskId is a required field ExportTaskId *string `locationName:"exportTaskId" type:"string" required:"true"` @@ -62720,7 +65431,7 @@ type CancelSpotInstanceRequestsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more Spot Instance request IDs. + // The IDs of the Spot Instance requests. // // SpotInstanceRequestIds is a required field SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list" required:"true"` @@ -62773,7 +65484,7 @@ func (s *CancelSpotInstanceRequestsInput) SetSpotInstanceRequestIds(v []*string) type CancelSpotInstanceRequestsOutput struct { _ struct{} `type:"structure"` - // One or more Spot Instance requests. + // The Spot Instance requests. CancelledSpotInstanceRequests []*CancelledSpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -62886,6 +65597,119 @@ func (s *CapacityAllocation) SetCount(v int64) *CapacityAllocation { return s } +// The recommended Capacity Block that fits your search requirements. +type CapacityBlockOffering struct { + _ struct{} `type:"structure"` + + // The Availability Zone of the Capacity Block offering. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The amount of time of the Capacity Block reservation in hours. + CapacityBlockDurationHours *int64 `locationName:"capacityBlockDurationHours" type:"integer"` + + // The ID of the Capacity Block offering. + CapacityBlockOfferingId *string `locationName:"capacityBlockOfferingId" type:"string"` + + // The currency of the payment for the Capacity Block. + CurrencyCode *string `locationName:"currencyCode" type:"string"` + + // The end date of the Capacity Block offering. + EndDate *time.Time `locationName:"endDate" type:"timestamp"` + + // The number of instances in the Capacity Block offering. + InstanceCount *int64 `locationName:"instanceCount" type:"integer"` + + // The instance type of the Capacity Block offering. + InstanceType *string `locationName:"instanceType" type:"string"` + + // The start date of the Capacity Block offering. + StartDate *time.Time `locationName:"startDate" type:"timestamp"` + + // The tenancy of the Capacity Block. + Tenancy *string `locationName:"tenancy" type:"string" enum:"CapacityReservationTenancy"` + + // The total price to be paid up front. + UpfrontFee *string `locationName:"upfrontFee" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CapacityBlockOffering) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CapacityBlockOffering) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *CapacityBlockOffering) SetAvailabilityZone(v string) *CapacityBlockOffering { + s.AvailabilityZone = &v + return s +} + +// SetCapacityBlockDurationHours sets the CapacityBlockDurationHours field's value. +func (s *CapacityBlockOffering) SetCapacityBlockDurationHours(v int64) *CapacityBlockOffering { + s.CapacityBlockDurationHours = &v + return s +} + +// SetCapacityBlockOfferingId sets the CapacityBlockOfferingId field's value. +func (s *CapacityBlockOffering) SetCapacityBlockOfferingId(v string) *CapacityBlockOffering { + s.CapacityBlockOfferingId = &v + return s +} + +// SetCurrencyCode sets the CurrencyCode field's value. +func (s *CapacityBlockOffering) SetCurrencyCode(v string) *CapacityBlockOffering { + s.CurrencyCode = &v + return s +} + +// SetEndDate sets the EndDate field's value. +func (s *CapacityBlockOffering) SetEndDate(v time.Time) *CapacityBlockOffering { + s.EndDate = &v + return s +} + +// SetInstanceCount sets the InstanceCount field's value. +func (s *CapacityBlockOffering) SetInstanceCount(v int64) *CapacityBlockOffering { + s.InstanceCount = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *CapacityBlockOffering) SetInstanceType(v string) *CapacityBlockOffering { + s.InstanceType = &v + return s +} + +// SetStartDate sets the StartDate field's value. +func (s *CapacityBlockOffering) SetStartDate(v time.Time) *CapacityBlockOffering { + s.StartDate = &v + return s +} + +// SetTenancy sets the Tenancy field's value. +func (s *CapacityBlockOffering) SetTenancy(v string) *CapacityBlockOffering { + s.Tenancy = &v + return s +} + +// SetUpfrontFee sets the UpfrontFee field's value. +func (s *CapacityBlockOffering) SetUpfrontFee(v string) *CapacityBlockOffering { + s.UpfrontFee = &v + return s +} + // Describes a Capacity Reservation. type CapacityReservation struct { _ struct{} `type:"structure"` @@ -62977,6 +65801,9 @@ type CapacityReservation struct { // in the Amazon EC2 User Guide. PlacementGroupArn *string `locationName:"placementGroupArn" type:"string"` + // The type of Capacity Reservation. + ReservationType *string `locationName:"reservationType" type:"string" enum:"CapacityReservationType"` + // The date and time at which the Capacity Reservation was started. StartDate *time.Time `locationName:"startDate" type:"timestamp"` @@ -63145,6 +65972,12 @@ func (s *CapacityReservation) SetPlacementGroupArn(v string) *CapacityReservatio return s } +// SetReservationType sets the ReservationType field's value. +func (s *CapacityReservation) SetReservationType(v string) *CapacityReservation { + s.ReservationType = &v + return s +} + // SetStartDate sets the StartDate field's value. func (s *CapacityReservation) SetStartDate(v time.Time) *CapacityReservation { s.StartDate = &v @@ -63978,6 +66811,8 @@ func (s *CidrBlock) SetCidrBlock(v string) *CidrBlock { return s } +// Deprecated. +// // Describes the ClassicLink DNS support status of a VPC. type ClassicLinkDnsSupport struct { _ struct{} `type:"structure"` @@ -64019,15 +66854,13 @@ func (s *ClassicLinkDnsSupport) SetVpcId(v string) *ClassicLinkDnsSupport { return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Deprecated. // // Describes a linked EC2-Classic instance. type ClassicLinkInstance struct { _ struct{} `type:"structure"` - // A list of security groups. + // The security groups. Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The ID of the instance. @@ -65870,6 +68703,242 @@ func (s *ConnectionNotification) SetVpcEndpointId(v string) *ConnectionNotificat return s } +// A security group connection tracking configuration that enables you to set +// the idle timeout for connection tracking on an Elastic network interface. +// For more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) +// in the Amazon Elastic Compute Cloud User Guide. +type ConnectionTrackingConfiguration struct { + _ struct{} `type:"structure"` + + // Timeout (in seconds) for idle TCP connections in an established state. Min: + // 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: + // Less than 432000 seconds. + TcpEstablishedTimeout *int64 `locationName:"tcpEstablishedTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows classified as streams which have + // seen more than one request-response transaction. Min: 60 seconds. Max: 180 + // seconds (3 minutes). Default: 180 seconds. + UdpStreamTimeout *int64 `locationName:"udpStreamTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows that have seen traffic only in a + // single direction or a single request-response transaction. Min: 30 seconds. + // Max: 60 seconds. Default: 30 seconds. + UdpTimeout *int64 `locationName:"udpTimeout" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingConfiguration) GoString() string { + return s.String() +} + +// SetTcpEstablishedTimeout sets the TcpEstablishedTimeout field's value. +func (s *ConnectionTrackingConfiguration) SetTcpEstablishedTimeout(v int64) *ConnectionTrackingConfiguration { + s.TcpEstablishedTimeout = &v + return s +} + +// SetUdpStreamTimeout sets the UdpStreamTimeout field's value. +func (s *ConnectionTrackingConfiguration) SetUdpStreamTimeout(v int64) *ConnectionTrackingConfiguration { + s.UdpStreamTimeout = &v + return s +} + +// SetUdpTimeout sets the UdpTimeout field's value. +func (s *ConnectionTrackingConfiguration) SetUdpTimeout(v int64) *ConnectionTrackingConfiguration { + s.UdpTimeout = &v + return s +} + +// A security group connection tracking specification that enables you to set +// the idle timeout for connection tracking on an Elastic network interface. +// For more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) +// in the Amazon Elastic Compute Cloud User Guide. +type ConnectionTrackingSpecification struct { + _ struct{} `type:"structure"` + + // Timeout (in seconds) for idle TCP connections in an established state. Min: + // 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: + // Less than 432000 seconds. + TcpEstablishedTimeout *int64 `locationName:"tcpEstablishedTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows classified as streams which have + // seen more than one request-response transaction. Min: 60 seconds. Max: 180 + // seconds (3 minutes). Default: 180 seconds. + UdpStreamTimeout *int64 `locationName:"udpStreamTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows that have seen traffic only in a + // single direction or a single request-response transaction. Min: 30 seconds. + // Max: 60 seconds. Default: 30 seconds. + UdpTimeout *int64 `locationName:"udpTimeout" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecification) GoString() string { + return s.String() +} + +// SetTcpEstablishedTimeout sets the TcpEstablishedTimeout field's value. +func (s *ConnectionTrackingSpecification) SetTcpEstablishedTimeout(v int64) *ConnectionTrackingSpecification { + s.TcpEstablishedTimeout = &v + return s +} + +// SetUdpStreamTimeout sets the UdpStreamTimeout field's value. +func (s *ConnectionTrackingSpecification) SetUdpStreamTimeout(v int64) *ConnectionTrackingSpecification { + s.UdpStreamTimeout = &v + return s +} + +// SetUdpTimeout sets the UdpTimeout field's value. +func (s *ConnectionTrackingSpecification) SetUdpTimeout(v int64) *ConnectionTrackingSpecification { + s.UdpTimeout = &v + return s +} + +// A security group connection tracking specification request that enables you +// to set the idle timeout for connection tracking on an Elastic network interface. +// For more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) +// in the Amazon Elastic Compute Cloud User Guide. +type ConnectionTrackingSpecificationRequest struct { + _ struct{} `type:"structure"` + + // Timeout (in seconds) for idle TCP connections in an established state. Min: + // 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: + // Less than 432000 seconds. + TcpEstablishedTimeout *int64 `type:"integer"` + + // Timeout (in seconds) for idle UDP flows classified as streams which have + // seen more than one request-response transaction. Min: 60 seconds. Max: 180 + // seconds (3 minutes). Default: 180 seconds. + UdpStreamTimeout *int64 `type:"integer"` + + // Timeout (in seconds) for idle UDP flows that have seen traffic only in a + // single direction or a single request-response transaction. Min: 30 seconds. + // Max: 60 seconds. Default: 30 seconds. + UdpTimeout *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecificationRequest) GoString() string { + return s.String() +} + +// SetTcpEstablishedTimeout sets the TcpEstablishedTimeout field's value. +func (s *ConnectionTrackingSpecificationRequest) SetTcpEstablishedTimeout(v int64) *ConnectionTrackingSpecificationRequest { + s.TcpEstablishedTimeout = &v + return s +} + +// SetUdpStreamTimeout sets the UdpStreamTimeout field's value. +func (s *ConnectionTrackingSpecificationRequest) SetUdpStreamTimeout(v int64) *ConnectionTrackingSpecificationRequest { + s.UdpStreamTimeout = &v + return s +} + +// SetUdpTimeout sets the UdpTimeout field's value. +func (s *ConnectionTrackingSpecificationRequest) SetUdpTimeout(v int64) *ConnectionTrackingSpecificationRequest { + s.UdpTimeout = &v + return s +} + +// A security group connection tracking specification response that enables +// you to set the idle timeout for connection tracking on an Elastic network +// interface. For more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) +// in the Amazon Elastic Compute Cloud User Guide. +type ConnectionTrackingSpecificationResponse struct { + _ struct{} `type:"structure"` + + // Timeout (in seconds) for idle TCP connections in an established state. Min: + // 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: + // Less than 432000 seconds. + TcpEstablishedTimeout *int64 `locationName:"tcpEstablishedTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows classified as streams which have + // seen more than one request-response transaction. Min: 60 seconds. Max: 180 + // seconds (3 minutes). Default: 180 seconds. + UdpStreamTimeout *int64 `locationName:"udpStreamTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows that have seen traffic only in a + // single direction or a single request-response transaction. Min: 30 seconds. + // Max: 60 seconds. Default: 30 seconds. + UdpTimeout *int64 `locationName:"udpTimeout" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecificationResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecificationResponse) GoString() string { + return s.String() +} + +// SetTcpEstablishedTimeout sets the TcpEstablishedTimeout field's value. +func (s *ConnectionTrackingSpecificationResponse) SetTcpEstablishedTimeout(v int64) *ConnectionTrackingSpecificationResponse { + s.TcpEstablishedTimeout = &v + return s +} + +// SetUdpStreamTimeout sets the UdpStreamTimeout field's value. +func (s *ConnectionTrackingSpecificationResponse) SetUdpStreamTimeout(v int64) *ConnectionTrackingSpecificationResponse { + s.UdpStreamTimeout = &v + return s +} + +// SetUdpTimeout sets the UdpTimeout field's value. +func (s *ConnectionTrackingSpecificationResponse) SetUdpTimeout(v int64) *ConnectionTrackingSpecificationResponse { + s.UdpTimeout = &v + return s +} + // Describes a conversion task. type ConversionTask struct { _ struct{} `type:"structure"` @@ -66542,6 +69611,10 @@ func (s *CopySnapshotOutput) SetTags(v []*Tag) *CopySnapshotOutput { type CpuOptions struct { _ struct{} `type:"structure"` + // Indicates whether the instance is enabled for AMD SEV-SNP. For more information, + // see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `locationName:"coreCount" type:"integer"` @@ -66567,6 +69640,12 @@ func (s CpuOptions) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *CpuOptions) SetAmdSevSnp(v string) *CpuOptions { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *CpuOptions) SetCoreCount(v int64) *CpuOptions { s.CoreCount = &v @@ -66584,6 +69663,11 @@ func (s *CpuOptions) SetThreadsPerCore(v int64) *CpuOptions { type CpuOptionsRequest struct { _ struct{} `type:"structure"` + // Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is + // supported with M6a, R6a, and C6a instance types only. For more information, + // see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `type:"integer"` @@ -66610,6 +69694,12 @@ func (s CpuOptionsRequest) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *CpuOptionsRequest) SetAmdSevSnp(v string) *CpuOptionsRequest { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *CpuOptionsRequest) SetCoreCount(v int64) *CpuOptionsRequest { s.CoreCount = &v @@ -68595,7 +71685,7 @@ type CreateFleetInput struct { SpotOptions *SpotOptionsRequest `type:"structure"` // The key-value pair for tagging the EC2 Fleet request on creation. For more - // information, see Tagging your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + // information, see Tag your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). // // If the fleet type is instant, specify a resource type of fleet to tag the // fleet or instance to tag the instances at launch. @@ -68953,9 +72043,7 @@ type CreateFlowLogsInput struct { // in the Amazon VPC User Guide or Transit Gateway Flow Log records (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-flow-logs.html#flow-log-records) // in the Amazon Web Services Transit Gateway Guide. // - // Specify the fields using the ${field-id} format, separated by spaces. For - // the CLI, surround this parameter value with single quotes on Linux or double - // quotes on Windows. + // Specify the fields using the ${field-id} format, separated by spaces. LogFormat *string `type:"string"` // The name of a new or existing CloudWatch Logs log group where Amazon EC2 @@ -69315,9 +72403,22 @@ func (s *CreateFpgaImageOutput) SetFpgaImageId(v string) *CreateFpgaImageOutput type CreateImageInput struct { _ struct{} `type:"structure"` - // The block device mappings. This parameter cannot be used to modify the encryption - // status of existing volumes or snapshots. To create an AMI with encrypted - // snapshots, use the CopyImage action. + // The block device mappings. + // + // When using the CreateImage action: + // + // * You can't change the volume size using the VolumeSize parameter. If + // you want a different volume size, you must first change the volume size + // of the source instance. + // + // * You can't modify the encryption status of existing volumes or snapshots. + // To create an AMI with volumes or snapshots that have a different encryption + // status (for example, where the source volume and snapshots are unencrypted, + // and you want to create an AMI with encrypted volumes or snapshots), use + // the CopyImage action. + // + // * The only option that can be changed for existing mappings or snapshots + // is DeleteOnTermination. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // A description for the new image. @@ -69343,17 +72444,20 @@ type CreateImageInput struct { // Name is a required field Name *string `locationName:"name" type:"string" required:"true"` - // By default, when Amazon EC2 creates the new AMI, it reboots the instance - // so that it can take snapshots of the attached volumes while data is at rest, - // in order to ensure a consistent state. You can set the NoReboot parameter - // to true in the API request, or use the --no-reboot option in the CLI to prevent - // Amazon EC2 from shutting down and rebooting the instance. + // Indicates whether or not the instance should be automatically rebooted before + // creating the image. Specify one of the following values: // - // If you choose to bypass the shutdown and reboot process by setting the NoReboot - // parameter to true in the API request, or by using the --no-reboot option - // in the CLI, we can't guarantee the file system integrity of the created image. + // * true - The instance is not rebooted before creating the image. This + // creates crash-consistent snapshots that include only the data that has + // been written to the volumes at the time the snapshots are created. Buffered + // data and data in memory that has not yet been written to the volumes is + // not included in the snapshots. // - // Default: false (follow standard reboot process) + // * false - The instance is rebooted before creating the image. This ensures + // that all buffered data and data in memory is written to the volumes before + // the snapshots are created. + // + // Default: false NoReboot *bool `locationName:"noReboot" type:"boolean"` // The tags to apply to the AMI and snapshots on creation. You can tag the AMI, @@ -69479,6 +72583,152 @@ func (s *CreateImageOutput) SetImageId(v string) *CreateImageOutput { return s } +type CreateInstanceConnectEndpointInput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // Indicates whether your client's IP address is preserved as the source. The + // value is true or false. + // + // * If true, your client's IP address is used when you connect to a resource. + // + // * If false, the elastic network interface IP address is used when you + // connect to a resource. + // + // Default: true + PreserveClientIp *bool `type:"boolean"` + + // One or more security groups to associate with the endpoint. If you don't + // specify a security group, the default security group for your VPC will be + // associated with the endpoint. + SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` + + // The ID of the subnet in which to create the EC2 Instance Connect Endpoint. + // + // SubnetId is a required field + SubnetId *string `type:"string" required:"true"` + + // The tags to apply to the EC2 Instance Connect Endpoint during creation. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateInstanceConnectEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateInstanceConnectEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateInstanceConnectEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateInstanceConnectEndpointInput"} + if s.SubnetId == nil { + invalidParams.Add(request.NewErrParamRequired("SubnetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateInstanceConnectEndpointInput) SetClientToken(v string) *CreateInstanceConnectEndpointInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateInstanceConnectEndpointInput) SetDryRun(v bool) *CreateInstanceConnectEndpointInput { + s.DryRun = &v + return s +} + +// SetPreserveClientIp sets the PreserveClientIp field's value. +func (s *CreateInstanceConnectEndpointInput) SetPreserveClientIp(v bool) *CreateInstanceConnectEndpointInput { + s.PreserveClientIp = &v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *CreateInstanceConnectEndpointInput) SetSecurityGroupIds(v []*string) *CreateInstanceConnectEndpointInput { + s.SecurityGroupIds = v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *CreateInstanceConnectEndpointInput) SetSubnetId(v string) *CreateInstanceConnectEndpointInput { + s.SubnetId = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateInstanceConnectEndpointInput) SetTagSpecifications(v []*TagSpecification) *CreateInstanceConnectEndpointInput { + s.TagSpecifications = v + return s +} + +type CreateInstanceConnectEndpointOutput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive idempotency token provided by the client in the the + // request. + ClientToken *string `locationName:"clientToken" type:"string"` + + // Information about the EC2 Instance Connect Endpoint. + InstanceConnectEndpoint *Ec2InstanceConnectEndpoint `locationName:"instanceConnectEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateInstanceConnectEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateInstanceConnectEndpointOutput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateInstanceConnectEndpointOutput) SetClientToken(v string) *CreateInstanceConnectEndpointOutput { + s.ClientToken = &v + return s +} + +// SetInstanceConnectEndpoint sets the InstanceConnectEndpoint field's value. +func (s *CreateInstanceConnectEndpointOutput) SetInstanceConnectEndpoint(v *Ec2InstanceConnectEndpoint) *CreateInstanceConnectEndpointOutput { + s.InstanceConnectEndpoint = v + return s +} + type CreateInstanceEventWindowInput struct { _ struct{} `type:"structure"` @@ -69830,6 +73080,11 @@ type CreateIpamInput struct { // to find all resources that have a tag with the key Owner and the value TeamA, // specify tag:Owner for the filter name and TeamA for the filter value. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // IPAM is offered in a Free Tier and an Advanced Tier. For more information + // about the features available in each tier and the costs associated with the + // tiers, see Amazon VPC pricing > IPAM tab (http://aws.amazon.com/vpc/pricing/). + Tier *string `type:"string" enum:"IpamTier"` } // String returns the string representation. @@ -69880,6 +73135,12 @@ func (s *CreateIpamInput) SetTagSpecifications(v []*TagSpecification) *CreateIpa return s } +// SetTier sets the Tier field's value. +func (s *CreateIpamInput) SetTier(v string) *CreateIpamInput { + s.Tier = &v + return s +} + type CreateIpamOutput struct { _ struct{} `type:"structure"` @@ -70009,6 +73270,9 @@ type CreateIpamPoolInput struct { // pool must be available in the source pool's CIDR range. SourceIpamPoolId *string `type:"string"` + // The resource used to provision CIDRs to a resource planning pool. + SourceResource *IpamPoolSourceResourceRequest `type:"structure"` + // The key/value combination of a tag assigned to the resource. Use the tag // key in the filter name and the tag value as the filter value. For example, // to find all resources that have a tag with the key Owner and the value TeamA, @@ -70140,6 +73404,12 @@ func (s *CreateIpamPoolInput) SetSourceIpamPoolId(v string) *CreateIpamPoolInput return s } +// SetSourceResource sets the SourceResource field's value. +func (s *CreateIpamPoolInput) SetSourceResource(v *IpamPoolSourceResourceRequest) *CreateIpamPoolInput { + s.SourceResource = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateIpamPoolInput) SetTagSpecifications(v []*TagSpecification) *CreateIpamPoolInput { s.TagSpecifications = v @@ -70586,12 +73856,8 @@ type CreateLaunchTemplateInput struct { // The information for the launch template. // - // LaunchTemplateData is a sensitive parameter and its value will be - // replaced with "sensitive" in string returned by CreateLaunchTemplateInput's - // String and GoString methods. - // // LaunchTemplateData is a required field - LaunchTemplateData *RequestLaunchTemplateData `type:"structure" required:"true" sensitive:"true"` + LaunchTemplateData *RequestLaunchTemplateData `type:"structure" required:"true"` // A name for the launch template. // @@ -70748,12 +74014,8 @@ type CreateLaunchTemplateVersionInput struct { // The information for the launch template. // - // LaunchTemplateData is a sensitive parameter and its value will be - // replaced with "sensitive" in string returned by CreateLaunchTemplateVersionInput's - // String and GoString methods. - // // LaunchTemplateData is a required field - LaunchTemplateData *RequestLaunchTemplateData `type:"structure" required:"true" sensitive:"true"` + LaunchTemplateData *RequestLaunchTemplateData `type:"structure" required:"true"` // The ID of the launch template. // @@ -71565,20 +74827,20 @@ type CreateNatGatewayInput struct { // an address, a private IPv4 address will be automatically assigned. PrivateIpAddress *string `type:"string"` - // Secondary EIP allocation IDs. For more information about secondary addresses, - // see Create a NAT gateway (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) - // in the Amazon Virtual Private Cloud User Guide. + // Secondary EIP allocation IDs. For more information, see Create a NAT gateway + // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) + // in the Amazon VPC User Guide. SecondaryAllocationIds []*string `locationName:"SecondaryAllocationId" locationNameList:"AllocationId" type:"list"` // [Private NAT gateway only] The number of secondary private IPv4 addresses // you want to assign to the NAT gateway. For more information about secondary // addresses, see Create a NAT gateway (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) - // in the Amazon Virtual Private Cloud User Guide. + // in the Amazon VPC User Guide. SecondaryPrivateIpAddressCount *int64 `min:"1" type:"integer"` // Secondary private IPv4 addresses. For more information about secondary addresses, // see Create a NAT gateway (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) - // in the Amazon Virtual Private Cloud User Guide. + // in the Amazon VPC User Guide. SecondaryPrivateIpAddresses []*string `locationName:"SecondaryPrivateIpAddress" locationNameList:"item" type:"list"` // The ID of the subnet in which to create the NAT gateway. @@ -72128,13 +75390,11 @@ type CreateNetworkInsightsPathInput struct { // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // The Amazon Web Services resource that is the destination of the path. - // - // Destination is a required field - Destination *string `type:"string" required:"true"` + // The ID or ARN of the destination. If the resource is in another account, + // you must specify an ARN. + Destination *string `type:"string"` - // The IP address of the Amazon Web Services resource that is the destination - // of the path. + // The IP address of the destination. DestinationIp *string `type:"string"` // The destination port. @@ -72146,18 +75406,28 @@ type CreateNetworkInsightsPathInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // Scopes the analysis to network paths that match specific filters at the destination. + // If you specify this parameter, you can't specify the parameter for the destination + // IP address. + FilterAtDestination *PathRequestFilter `type:"structure"` + + // Scopes the analysis to network paths that match specific filters at the source. + // If you specify this parameter, you can't specify the parameters for the source + // IP address or the destination port. + FilterAtSource *PathRequestFilter `type:"structure"` + // The protocol. // // Protocol is a required field Protocol *string `type:"string" required:"true" enum:"Protocol"` - // The Amazon Web Services resource that is the source of the path. + // The ID or ARN of the source. If the resource is in another account, you must + // specify an ARN. // // Source is a required field Source *string `type:"string" required:"true"` - // The IP address of the Amazon Web Services resource that is the source of - // the path. + // The IP address of the source. SourceIp *string `type:"string"` // The tags to add to the path. @@ -72185,9 +75455,6 @@ func (s CreateNetworkInsightsPathInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateNetworkInsightsPathInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateNetworkInsightsPathInput"} - if s.Destination == nil { - invalidParams.Add(request.NewErrParamRequired("Destination")) - } if s.Protocol == nil { invalidParams.Add(request.NewErrParamRequired("Protocol")) } @@ -72231,6 +75498,18 @@ func (s *CreateNetworkInsightsPathInput) SetDryRun(v bool) *CreateNetworkInsight return s } +// SetFilterAtDestination sets the FilterAtDestination field's value. +func (s *CreateNetworkInsightsPathInput) SetFilterAtDestination(v *PathRequestFilter) *CreateNetworkInsightsPathInput { + s.FilterAtDestination = v + return s +} + +// SetFilterAtSource sets the FilterAtSource field's value. +func (s *CreateNetworkInsightsPathInput) SetFilterAtSource(v *PathRequestFilter) *CreateNetworkInsightsPathInput { + s.FilterAtSource = v + return s +} + // SetProtocol sets the Protocol field's value. func (s *CreateNetworkInsightsPathInput) SetProtocol(v string) *CreateNetworkInsightsPathInput { s.Protocol = &v @@ -72293,6 +75572,9 @@ type CreateNetworkInterfaceInput struct { // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` + // A connection tracking specification for the network interface. + ConnectionTrackingSpecification *ConnectionTrackingSpecificationRequest `type:"structure"` + // A description for the network interface. Description *string `locationName:"description" type:"string"` @@ -72302,12 +75584,27 @@ type CreateNetworkInterfaceInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // If you’re creating a network interface in a dual-stack or IPv6-only subnet, + // you have the option to assign a primary IPv6 IP address. A primary IPv6 address + // is an IPv6 GUA address associated with an ENI that you have enabled to use + // a primary IPv6 address. Use this option if the instance that this ENI will + // be attached to relies on its IPv6 address not changing. Amazon Web Services + // will automatically assign an IPv6 address associated with the ENI attached + // to your instance to be the primary IPv6 address. Once you enable an IPv6 + // GUA address to be a primary IPv6, you cannot disable it. When you enable + // an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made + // the primary IPv6 address until the instance is terminated or the network + // interface is detached. If you have multiple IPv6 addresses associated with + // an ENI attached to your instance and you enable a primary IPv6 address, the + // first IPv6 GUA address associated with the ENI becomes the primary IPv6 address. + EnablePrimaryIpv6 *bool `type:"boolean"` + // The IDs of one or more security groups. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` // The type of network interface. The default is interface. // - // The only supported values are efa and trunk. + // The only supported values are interface, efa, and trunk. InterfaceType *string `type:"string" enum:"NetworkInterfaceCreationType"` // The number of IPv4 prefixes that Amazon Web Services automatically assigns @@ -72427,6 +75724,12 @@ func (s *CreateNetworkInterfaceInput) SetClientToken(v string) *CreateNetworkInt return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *CreateNetworkInterfaceInput) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecificationRequest) *CreateNetworkInterfaceInput { + s.ConnectionTrackingSpecification = v + return s +} + // SetDescription sets the Description field's value. func (s *CreateNetworkInterfaceInput) SetDescription(v string) *CreateNetworkInterfaceInput { s.Description = &v @@ -72439,6 +75742,12 @@ func (s *CreateNetworkInterfaceInput) SetDryRun(v bool) *CreateNetworkInterfaceI return s } +// SetEnablePrimaryIpv6 sets the EnablePrimaryIpv6 field's value. +func (s *CreateNetworkInterfaceInput) SetEnablePrimaryIpv6(v bool) *CreateNetworkInterfaceInput { + s.EnablePrimaryIpv6 = &v + return s +} + // SetGroups sets the Groups field's value. func (s *CreateNetworkInterfaceInput) SetGroups(v []*string) *CreateNetworkInterfaceInput { s.Groups = v @@ -73607,13 +76916,11 @@ func (s *CreateRouteTableOutput) SetRouteTable(v *RouteTable) *CreateRouteTableO type CreateSecurityGroupInput struct { _ struct{} `type:"structure"` - // A description for the security group. This is informational only. + // A description for the security group. // // Constraints: Up to 255 characters in length // - // Constraints for EC2-Classic: ASCII characters - // - // Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + // Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* // // Description is a required field Description *string `locationName:"GroupDescription" type:"string" required:"true"` @@ -73628,9 +76935,7 @@ type CreateSecurityGroupInput struct { // // Constraints: Up to 255 characters in length. Cannot start with sg-. // - // Constraints for EC2-Classic: ASCII characters - // - // Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + // Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* // // GroupName is a required field GroupName *string `type:"string" required:"true"` @@ -73638,7 +76943,7 @@ type CreateSecurityGroupInput struct { // The tags to assign to the security group. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` - // [EC2-VPC] The ID of the VPC. Required for EC2-VPC. + // The ID of the VPC. Required for a nondefault VPC. VpcId *string `type:"string"` } @@ -74228,18 +77533,13 @@ type CreateSubnetCidrReservationInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The type of reservation. - // - // The following are valid values: + // The type of reservation. The reservation type determines how the reserved + // IP addresses are assigned to resources. // - // * prefix: The Amazon EC2 Prefix Delegation feature assigns the IP addresses - // to network interfaces that are associated with an instance. For information - // about Prefix Delegation, see Prefix Delegation for Amazon EC2 network - // interfaces (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-delegation.html) - // in the Amazon Elastic Compute Cloud User Guide. + // * prefix - Amazon Web Services assigns the reserved IP addresses to network + // interfaces. // - // * explicit: You manually assign the IP addresses to resources that reside - // in your subnet. + // * explicit - You assign the reserved IP addresses to network interfaces. // // ReservationType is a required field ReservationType *string `type:"string" required:"true" enum:"SubnetCidrReservationType"` @@ -74368,8 +77668,7 @@ type CreateSubnetInput struct { // // To create a subnet in a Local Zone, set this value to the Local Zone ID, // for example us-west-2-lax-1a. For information about the Regions that support - // Local Zones, see Available Regions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) - // in the Amazon Elastic Compute Cloud User Guide. + // Local Zones, see Local Zones locations (http://aws.amazon.com/about-aws/global-infrastructure/localzones/locations/). // // To create a subnet in an Outpost, set this value to the Availability Zone // for the Outpost and specify the Outpost ARN. @@ -74391,15 +77690,25 @@ type CreateSubnetInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The IPv6 network range for the subnet, in CIDR notation. The subnet size - // must use a /64 prefix length. - // - // This parameter is required for an IPv6 only subnet. + // An IPv4 IPAM pool ID for the subnet. + Ipv4IpamPoolId *string `type:"string"` + + // An IPv4 netmask length for the subnet. + Ipv4NetmaskLength *int64 `type:"integer"` + + // The IPv6 network range for the subnet, in CIDR notation. This parameter is + // required for an IPv6 only subnet. Ipv6CidrBlock *string `type:"string"` + // An IPv6 IPAM pool ID for the subnet. + Ipv6IpamPoolId *string `type:"string"` + // Indicates whether to create an IPv6 only subnet. Ipv6Native *bool `type:"boolean"` + // An IPv6 netmask length for the subnet. + Ipv6NetmaskLength *int64 `type:"integer"` + // The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost // ARN, you must also specify the Availability Zone of the Outpost subnet. OutpostArn *string `type:"string"` @@ -74468,18 +77777,42 @@ func (s *CreateSubnetInput) SetDryRun(v bool) *CreateSubnetInput { return s } +// SetIpv4IpamPoolId sets the Ipv4IpamPoolId field's value. +func (s *CreateSubnetInput) SetIpv4IpamPoolId(v string) *CreateSubnetInput { + s.Ipv4IpamPoolId = &v + return s +} + +// SetIpv4NetmaskLength sets the Ipv4NetmaskLength field's value. +func (s *CreateSubnetInput) SetIpv4NetmaskLength(v int64) *CreateSubnetInput { + s.Ipv4NetmaskLength = &v + return s +} + // SetIpv6CidrBlock sets the Ipv6CidrBlock field's value. func (s *CreateSubnetInput) SetIpv6CidrBlock(v string) *CreateSubnetInput { s.Ipv6CidrBlock = &v return s } +// SetIpv6IpamPoolId sets the Ipv6IpamPoolId field's value. +func (s *CreateSubnetInput) SetIpv6IpamPoolId(v string) *CreateSubnetInput { + s.Ipv6IpamPoolId = &v + return s +} + // SetIpv6Native sets the Ipv6Native field's value. func (s *CreateSubnetInput) SetIpv6Native(v bool) *CreateSubnetInput { s.Ipv6Native = &v return s } +// SetIpv6NetmaskLength sets the Ipv6NetmaskLength field's value. +func (s *CreateSubnetInput) SetIpv6NetmaskLength(v int64) *CreateSubnetInput { + s.Ipv6NetmaskLength = &v + return s +} + // SetOutpostArn sets the OutpostArn field's value. func (s *CreateSubnetInput) SetOutpostArn(v string) *CreateSubnetInput { s.OutpostArn = &v @@ -74980,6 +78313,10 @@ type CreateTrafficMirrorSessionInput struct { // // If you do not want to mirror the entire packet, use the PacketLength parameter // to specify the number of bytes in each packet to mirror. + // + // For sessions with Network Load Balancer (NLB) Traffic Mirror targets the + // default PacketLength will be set to 8500. Valid values are 1-8500. Setting + // a PacketLength greater than 8500 will result in an error response. PacketLength *int64 `type:"integer"` // The session number determines the order in which sessions are evaluated when @@ -76738,6 +80075,24 @@ type CreateTransitGatewayVpcAttachmentRequestOptions struct { // Enable or disable IPv6 support. The default is disable. Ipv6Support *string `type:"string" enum:"Ipv6SupportValue"` + + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // If you don't enable or disable SecurityGroupReferencingSupport in the request, + // the attachment will inherit the security group referencing support setting + // on the transit gateway. + // + // For important information about this feature, see Create a transit gateway + // attachment to a VPC (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `type:"string" enum:"SecurityGroupReferencingSupportValue"` } // String returns the string representation. @@ -76776,7 +80131,14 @@ func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } -// Options for a network interface-type endpoint. +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetSecurityGroupReferencingSupport(v string) *CreateTransitGatewayVpcAttachmentRequestOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + +// Describes the network interface options when creating an Amazon Web Services +// Verified Access endpoint using the network-interface type. type CreateVerifiedAccessEndpointEniOptions struct { _ struct{} `type:"structure"` @@ -76847,7 +80209,7 @@ type CreateVerifiedAccessEndpointInput struct { // ApplicationDomain is a required field ApplicationDomain *string `type:"string" required:"true"` - // The Amazon Web Services network component Verified Access attaches to. + // The type of attachment. // // AttachmentType is a required field AttachmentType *string `type:"string" required:"true" enum:"VerifiedAccessEndpointAttachmentType"` @@ -76857,7 +80219,7 @@ type CreateVerifiedAccessEndpointInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access endpoint. + // A description for the Verified Access endpoint. Description *string `type:"string"` // The ARN of the public TLS/SSL certificate in Amazon Web Services Certificate @@ -76873,33 +80235,36 @@ type CreateVerifiedAccessEndpointInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // A custom identifier that gets prepended to a DNS name that is generated for + // A custom identifier that is prepended to the DNS name that is generated for // the endpoint. // // EndpointDomainPrefix is a required field EndpointDomainPrefix *string `type:"string" required:"true"` - // The type of Amazon Web Services Verified Access endpoint to create. + // The type of Verified Access endpoint to create. // // EndpointType is a required field EndpointType *string `type:"string" required:"true" enum:"VerifiedAccessEndpointType"` - // The load balancer details if creating the Amazon Web Services Verified Access - // endpoint as load-balancertype. + // The load balancer details. This parameter is required if the endpoint type + // is load-balancer. LoadBalancerOptions *CreateVerifiedAccessEndpointLoadBalancerOptions `type:"structure"` - // The network interface details if creating the Amazon Web Services Verified - // Access endpoint as network-interfacetype. + // The network interface details. This parameter is required if the endpoint + // type is network-interface. NetworkInterfaceOptions *CreateVerifiedAccessEndpointEniOptions `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `type:"string"` - // The Amazon EC2 security groups to associate with the Amazon Web Services - // Verified Access endpoint. + // The IDs of the security groups to associate with the Verified Access endpoint. + // Required if AttachmentType is set to vpc. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` - // The tags to assign to the Amazon Web Services Verified Access endpoint. + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + + // The tags to assign to the Verified Access endpoint. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` // The ID of the Verified Access group to associate the endpoint with. @@ -77036,6 +80401,12 @@ func (s *CreateVerifiedAccessEndpointInput) SetSecurityGroupIds(v []*string) *Cr return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *CreateVerifiedAccessEndpointInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *CreateVerifiedAccessEndpointInput { + s.SseSpecification = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVerifiedAccessEndpointInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessEndpointInput { s.TagSpecifications = v @@ -77048,8 +80419,8 @@ func (s *CreateVerifiedAccessEndpointInput) SetVerifiedAccessGroupId(v string) * return s } -// Describes a load balancer when creating an Amazon Web Services Verified Access -// endpoint using the load-balancer type. +// Describes the load balancer options when creating an Amazon Web Services +// Verified Access endpoint using the load-balancer type. type CreateVerifiedAccessEndpointLoadBalancerOptions struct { _ struct{} `type:"structure"` @@ -77124,7 +80495,7 @@ func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*stri type CreateVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access endpoint. + // Details about the Verified Access endpoint. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -77160,7 +80531,7 @@ type CreateVerifiedAccessGroupInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access group. + // A description for the Verified Access group. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -77169,13 +80540,16 @@ type CreateVerifiedAccessGroupInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `type:"string"` - // The tags to assign to the Amazon Web Services Verified Access group. + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + + // The tags to assign to the Verified Access group. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` @@ -77236,6 +80610,12 @@ func (s *CreateVerifiedAccessGroupInput) SetPolicyDocument(v string) *CreateVeri return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *CreateVerifiedAccessGroupInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *CreateVerifiedAccessGroupInput { + s.SseSpecification = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVerifiedAccessGroupInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessGroupInput { s.TagSpecifications = v @@ -77251,7 +80631,7 @@ func (s *CreateVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) * type CreateVerifiedAccessGroupOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access group. + // Details about the Verified Access group. VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` } @@ -77287,7 +80667,7 @@ type CreateVerifiedAccessInstanceInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access instance. + // A description for the Verified Access instance. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -77296,7 +80676,11 @@ type CreateVerifiedAccessInstanceInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The tags to assign to the Amazon Web Services Verified Access instance. + // Enable or disable support for Federal Information Processing Standards (FIPS) + // on the instance. + FIPSEnabled *bool `type:"boolean"` + + // The tags to assign to the Verified Access instance. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } @@ -77336,6 +80720,12 @@ func (s *CreateVerifiedAccessInstanceInput) SetDryRun(v bool) *CreateVerifiedAcc return s } +// SetFIPSEnabled sets the FIPSEnabled field's value. +func (s *CreateVerifiedAccessInstanceInput) SetFIPSEnabled(v bool) *CreateVerifiedAccessInstanceInput { + s.FIPSEnabled = &v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVerifiedAccessInstanceInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessInstanceInput { s.TagSpecifications = v @@ -77345,7 +80735,7 @@ func (s *CreateVerifiedAccessInstanceInput) SetTagSpecifications(v []*TagSpecifi type CreateVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -77373,10 +80763,15 @@ func (s *CreateVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *Verifi return s } -// Options for a device-identity type trust provider. +// Describes the options when creating an Amazon Web Services Verified Access +// trust provider using the device type. type CreateVerifiedAccessTrustProviderDeviceOptions struct { _ struct{} `type:"structure"` + // The URL Amazon Web Services Verified Access will use to verify the authenticity + // of the device tokens. + PublicSigningKeyUrl *string `type:"string"` + // The ID of the tenant application with the device-identity provider. TenantId *string `type:"string"` } @@ -77399,6 +80794,12 @@ func (s CreateVerifiedAccessTrustProviderDeviceOptions) GoString() string { return s.String() } +// SetPublicSigningKeyUrl sets the PublicSigningKeyUrl field's value. +func (s *CreateVerifiedAccessTrustProviderDeviceOptions) SetPublicSigningKeyUrl(v string) *CreateVerifiedAccessTrustProviderDeviceOptions { + s.PublicSigningKeyUrl = &v + return s +} + // SetTenantId sets the TenantId field's value. func (s *CreateVerifiedAccessTrustProviderDeviceOptions) SetTenantId(v string) *CreateVerifiedAccessTrustProviderDeviceOptions { s.TenantId = &v @@ -77413,13 +80814,15 @@ type CreateVerifiedAccessTrustProviderInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access trust provider. + // A description for the Verified Access trust provider. Description *string `type:"string"` - // The options for device identity based trust providers. + // The options for a device-based trust provider. This parameter is required + // when the provider type is device. DeviceOptions *CreateVerifiedAccessTrustProviderDeviceOptions `type:"structure"` - // The type of device-based trust provider. + // The type of device-based trust provider. This parameter is required when + // the provider type is device. DeviceTrustProviderType *string `type:"string" enum:"DeviceTrustProviderType"` // Checks whether you have the required permissions for the action, without @@ -77428,7 +80831,8 @@ type CreateVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The OpenID Connect details for an oidc-type, user-identity based trust provider. + // The options for a OpenID Connect-compatible user-identity trust provider. + // This parameter is required when the provider type is user. OidcOptions *CreateVerifiedAccessTrustProviderOidcOptions `type:"structure"` // The identifier to be used when working with policy rules. @@ -77436,15 +80840,19 @@ type CreateVerifiedAccessTrustProviderInput struct { // PolicyReferenceName is a required field PolicyReferenceName *string `type:"string" required:"true"` - // The tags to assign to the Amazon Web Services Verified Access trust provider. + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + + // The tags to assign to the Verified Access trust provider. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` - // The type of trust provider can be either user or device-based. + // The type of trust provider. // // TrustProviderType is a required field TrustProviderType *string `type:"string" required:"true" enum:"TrustProviderType"` - // The type of user-based trust provider. + // The type of user-based trust provider. This parameter is required when the + // provider type is user. UserTrustProviderType *string `type:"string" enum:"UserTrustProviderType"` } @@ -77524,6 +80932,12 @@ func (s *CreateVerifiedAccessTrustProviderInput) SetPolicyReferenceName(v string return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *CreateVerifiedAccessTrustProviderInput { + s.SseSpecification = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVerifiedAccessTrustProviderInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessTrustProviderInput { s.TagSpecifications = v @@ -77542,7 +80956,8 @@ func (s *CreateVerifiedAccessTrustProviderInput) SetUserTrustProviderType(v stri return s } -// Options for an OIDC-based, user-identity type trust provider. +// Describes the options when creating an Amazon Web Services Verified Access +// trust provider using the user type. type CreateVerifiedAccessTrustProviderOidcOptions struct { _ struct{} `type:"structure"` @@ -77553,7 +80968,11 @@ type CreateVerifiedAccessTrustProviderOidcOptions struct { ClientId *string `type:"string"` // The client secret. - ClientSecret *string `type:"string"` + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateVerifiedAccessTrustProviderOidcOptions's + // String and GoString methods. + ClientSecret *string `type:"string" sensitive:"true"` // The OIDC issuer. Issuer *string `type:"string"` @@ -77633,7 +81052,7 @@ func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetUserInfoEndpoint(v str type CreateVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -77664,7 +81083,8 @@ func (s *CreateVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider type CreateVolumeInput struct { _ struct{} `type:"structure"` - // The Availability Zone in which to create the volume. + // The ID of the Availability Zone in which to create the volume. For example, + // us-east-1a. // // AvailabilityZone is a required field AvailabilityZone *string `type:"string" required:"true"` @@ -77696,15 +81116,15 @@ type CreateVolumeInput struct { // // The following are the supported values for each volume type: // - // * gp3: 3,000-16,000 IOPS + // * gp3: 3,000 - 16,000 IOPS // - // * io1: 100-64,000 IOPS + // * io1: 100 - 64,000 IOPS // - // * io2: 100-64,000 IOPS + // * io2: 100 - 256,000 IOPS // - // io1 and io2 volumes support up to 64,000 IOPS only on Instances built on + // For io2 volumes, you can achieve up to 256,000 IOPS on instances built on // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families support performance up to 32,000 IOPS. + // On other instances, you can achieve performance up to 32,000 IOPS. // // This parameter is required for io1 and io2 volumes. The default for gp3 volumes // is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard @@ -77748,13 +81168,15 @@ type CreateVolumeInput struct { // // The following are the supported volumes sizes for each volume type: // - // * gp2 and gp3: 1-16,384 + // * gp2 and gp3: 1 - 16,384 GiB + // + // * io1: 4 - 16,384 GiB // - // * io1 and io2: 4-16,384 + // * io2: 4 - 65,536 GiB // - // * st1 and sc1: 125-16,384 + // * st1 and sc1: 125 - 16,384 GiB // - // * standard: 1-1,024 + // * standard: 1 - 1024 GiB Size *int64 `type:"integer"` // The snapshot from which to create the volume. You must specify either a snapshot @@ -78171,17 +81593,20 @@ type CreateVpcEndpointInput struct { RouteTableIds []*string `locationName:"RouteTableId" locationNameList:"item" type:"list"` // (Interface endpoint) The IDs of the security groups to associate with the - // endpoint network interface. If this parameter is not specified, we use the + // endpoint network interfaces. If this parameter is not specified, we use the // default security group for the VPC. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` - // The service name. + // The name of the endpoint service. // // ServiceName is a required field ServiceName *string `type:"string" required:"true"` + // The subnet configurations for the endpoint. + SubnetConfigurations []*SubnetConfiguration `locationName:"SubnetConfiguration" locationNameList:"item" type:"list"` + // (Interface and Gateway Load Balancer endpoints) The IDs of the subnets in - // which to create an endpoint network interface. For a Gateway Load Balancer + // which to create endpoint network interfaces. For a Gateway Load Balancer // endpoint, you can specify only one subnet. SubnetIds []*string `locationName:"SubnetId" locationNameList:"item" type:"list"` @@ -78193,7 +81618,7 @@ type CreateVpcEndpointInput struct { // Default: Gateway VpcEndpointType *string `type:"string" enum:"VpcEndpointType"` - // The ID of the VPC for the endpoint. + // The ID of the VPC. // // VpcId is a required field VpcId *string `type:"string" required:"true"` @@ -78287,6 +81712,12 @@ func (s *CreateVpcEndpointInput) SetServiceName(v string) *CreateVpcEndpointInpu return s } +// SetSubnetConfigurations sets the SubnetConfigurations field's value. +func (s *CreateVpcEndpointInput) SetSubnetConfigurations(v []*SubnetConfiguration) *CreateVpcEndpointInput { + s.SubnetConfigurations = v + return s +} + // SetSubnetIds sets the SubnetIds field's value. func (s *CreateVpcEndpointInput) SetSubnetIds(v []*string) *CreateVpcEndpointInput { s.SubnetIds = v @@ -80686,6 +84117,95 @@ func (s *DeleteFpgaImageOutput) SetReturn(v bool) *DeleteFpgaImageOutput { return s } +type DeleteInstanceConnectEndpointInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the EC2 Instance Connect Endpoint to delete. + // + // InstanceConnectEndpointId is a required field + InstanceConnectEndpointId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteInstanceConnectEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteInstanceConnectEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteInstanceConnectEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteInstanceConnectEndpointInput"} + if s.InstanceConnectEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceConnectEndpointId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteInstanceConnectEndpointInput) SetDryRun(v bool) *DeleteInstanceConnectEndpointInput { + s.DryRun = &v + return s +} + +// SetInstanceConnectEndpointId sets the InstanceConnectEndpointId field's value. +func (s *DeleteInstanceConnectEndpointInput) SetInstanceConnectEndpointId(v string) *DeleteInstanceConnectEndpointInput { + s.InstanceConnectEndpointId = &v + return s +} + +type DeleteInstanceConnectEndpointOutput struct { + _ struct{} `type:"structure"` + + // Information about the EC2 Instance Connect Endpoint. + InstanceConnectEndpoint *Ec2InstanceConnectEndpoint `locationName:"instanceConnectEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteInstanceConnectEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteInstanceConnectEndpointOutput) GoString() string { + return s.String() +} + +// SetInstanceConnectEndpoint sets the InstanceConnectEndpoint field's value. +func (s *DeleteInstanceConnectEndpointOutput) SetInstanceConnectEndpoint(v *Ec2InstanceConnectEndpoint) *DeleteInstanceConnectEndpointOutput { + s.InstanceConnectEndpoint = v + return s +} + type DeleteInstanceEventWindowInput struct { _ struct{} `type:"structure"` @@ -80982,6 +84502,14 @@ func (s *DeleteIpamOutput) SetIpam(v *Ipam) *DeleteIpamOutput { type DeleteIpamPoolInput struct { _ struct{} `type:"structure"` + // Enables you to quickly delete an IPAM pool and all resources within that + // pool, including provisioned CIDRs, allocations, and other pools. + // + // You can only use this option to delete pools in the private scope or pools + // in the public scope with a source resource. A source resource is a resource + // used to provision CIDRs to a resource planning pool. + Cascade *bool `type:"boolean"` + // A check for whether you have the required permissions for the action without // actually making the request and provides an error response. If you have the // required permissions, the error response is DryRunOperation. Otherwise, it @@ -81025,6 +84553,12 @@ func (s *DeleteIpamPoolInput) Validate() error { return nil } +// SetCascade sets the Cascade field's value. +func (s *DeleteIpamPoolInput) SetCascade(v bool) *DeleteIpamPoolInput { + s.Cascade = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *DeleteIpamPoolInput) SetDryRun(v bool) *DeleteIpamPoolInput { s.DryRun = &v @@ -81300,6 +84834,12 @@ func (s *DeleteKeyPairInput) SetKeyPairId(v string) *DeleteKeyPairInput { type DeleteKeyPairOutput struct { _ struct{} `type:"structure"` + + // The ID of the key pair. + KeyPairId *string `locationName:"keyPairId" type:"string"` + + // Is true if the request succeeds, and an error otherwise. + Return *bool `locationName:"return" type:"boolean"` } // String returns the string representation. @@ -81320,6 +84860,18 @@ func (s DeleteKeyPairOutput) GoString() string { return s.String() } +// SetKeyPairId sets the KeyPairId field's value. +func (s *DeleteKeyPairOutput) SetKeyPairId(v string) *DeleteKeyPairOutput { + s.KeyPairId = &v + return s +} + +// SetReturn sets the Return field's value. +func (s *DeleteKeyPairOutput) SetReturn(v bool) *DeleteKeyPairOutput { + s.Return = &v + return s +} + type DeleteLaunchTemplateInput struct { _ struct{} `type:"structure"` @@ -81443,7 +84995,8 @@ type DeleteLaunchTemplateVersionsInput struct { // not both. LaunchTemplateName *string `min:"3" type:"string"` - // The version numbers of one or more launch template versions to delete. + // The version numbers of one or more launch template versions to delete. You + // can specify up to 200 launch template version numbers. // // Versions is a required field Versions []*string `locationName:"LaunchTemplateVersion" locationNameList:"item" type:"list" required:"true"` @@ -83445,12 +86998,12 @@ type DeleteSecurityGroupInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The ID of the security group. Required for a nondefault VPC. + // The ID of the security group. GroupId *string `type:"string"` - // [EC2-Classic, default VPC] The name of the security group. You can specify - // either the security group name or the security group ID. For security groups - // in a nondefault VPC, you must specify the security group ID. + // [Default VPC] The name of the security group. You can specify either the + // security group name or the security group ID. For security groups in a nondefault + // VPC, you must specify the security group ID. GroupName *string `type:"string"` } @@ -85297,7 +88850,7 @@ type DeleteVerifiedAccessEndpointInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. // // VerifiedAccessEndpointId is a required field VerifiedAccessEndpointId *string `type:"string" required:"true"` @@ -85355,7 +88908,7 @@ func (s *DeleteVerifiedAccessEndpointInput) SetVerifiedAccessEndpointId(v string type DeleteVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access endpoint. + // Details about the Verified Access endpoint. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -85397,7 +88950,7 @@ type DeleteVerifiedAccessGroupInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. // // VerifiedAccessGroupId is a required field VerifiedAccessGroupId *string `type:"string" required:"true"` @@ -85455,7 +89008,7 @@ func (s *DeleteVerifiedAccessGroupInput) SetVerifiedAccessGroupId(v string) *Del type DeleteVerifiedAccessGroupOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access group. + // Details about the Verified Access group. VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` } @@ -85497,7 +89050,7 @@ type DeleteVerifiedAccessInstanceInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` @@ -85555,7 +89108,7 @@ func (s *DeleteVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string type DeleteVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -85597,7 +89150,7 @@ type DeleteVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field VerifiedAccessTrustProviderId *string `type:"string" required:"true"` @@ -85655,7 +89208,7 @@ func (s *DeleteVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type DeleteVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -86534,6 +90087,109 @@ func (s *DeprovisionByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *DeprovisionByoi return s } +type DeprovisionIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // An ASN. + // + // Asn is a required field + Asn *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IPAM ID. + // + // IpamId is a required field + IpamId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeprovisionIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeprovisionIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeprovisionIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeprovisionIpamByoasnInput"} + if s.Asn == nil { + invalidParams.Add(request.NewErrParamRequired("Asn")) + } + if s.IpamId == nil { + invalidParams.Add(request.NewErrParamRequired("IpamId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsn sets the Asn field's value. +func (s *DeprovisionIpamByoasnInput) SetAsn(v string) *DeprovisionIpamByoasnInput { + s.Asn = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeprovisionIpamByoasnInput) SetDryRun(v bool) *DeprovisionIpamByoasnInput { + s.DryRun = &v + return s +} + +// SetIpamId sets the IpamId field's value. +func (s *DeprovisionIpamByoasnInput) SetIpamId(v string) *DeprovisionIpamByoasnInput { + s.IpamId = &v + return s +} + +type DeprovisionIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // An ASN and BYOIP CIDR association. + Byoasn *Byoasn `locationName:"byoasn" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeprovisionIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeprovisionIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetByoasn sets the Byoasn field's value. +func (s *DeprovisionIpamByoasnOutput) SetByoasn(v *Byoasn) *DeprovisionIpamByoasnOutput { + s.Byoasn = v + return s +} + type DeprovisionIpamPoolCidrInput struct { _ struct{} `type:"structure"` @@ -86838,7 +90494,9 @@ type DeregisterInstanceEventNotificationAttributesInput struct { DryRun *bool `type:"boolean"` // Information about the tag keys to deregister. - InstanceTagAttribute *DeregisterInstanceTagAttributeRequest `type:"structure"` + // + // InstanceTagAttribute is a required field + InstanceTagAttribute *DeregisterInstanceTagAttributeRequest `type:"structure" required:"true"` } // String returns the string representation. @@ -86859,6 +90517,19 @@ func (s DeregisterInstanceEventNotificationAttributesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeregisterInstanceEventNotificationAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeregisterInstanceEventNotificationAttributesInput"} + if s.InstanceTagAttribute == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceTagAttribute")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DeregisterInstanceEventNotificationAttributesInput) SetDryRun(v bool) *DeregisterInstanceEventNotificationAttributesInput { s.DryRun = &v @@ -87449,7 +91120,7 @@ func (s *DescribeAddressesAttributeOutput) SetNextToken(v string) *DescribeAddre type DescribeAddressesInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] Information about the allocation IDs. + // Information about the allocation IDs. AllocationIds []*string `locationName:"AllocationId" locationNameList:"AllocationId" type:"list"` // Checks whether you have the required permissions for the action, without @@ -87460,12 +91131,9 @@ type DescribeAddressesInput struct { // One or more filters. Filter names and values are case-sensitive. // - // * allocation-id - [EC2-VPC] The allocation ID for the address. + // * allocation-id - The allocation ID for the address. // - // * association-id - [EC2-VPC] The association ID for the address. - // - // * domain - Indicates whether the address is for use in EC2-Classic (standard) - // or in a VPC (vpc). + // * association-id - The association ID for the address. // // * instance-id - The ID of the instance the address is associated with, // if any. @@ -87473,14 +91141,14 @@ type DescribeAddressesInput struct { // * network-border-group - A unique set of Availability Zones, Local Zones, // or Wavelength Zones from where Amazon Web Services advertises IP addresses. // - // * network-interface-id - [EC2-VPC] The ID of the network interface that - // the address is associated with, if any. + // * network-interface-id - The ID of the network interface that the address + // is associated with, if any. // // * network-interface-owner-id - The Amazon Web Services account ID of the // owner. // - // * private-ip-address - [EC2-VPC] The private IP address associated with - // the Elastic IP address. + // * private-ip-address - The private IP address associated with the Elastic + // IP address. // // * public-ip - The Elastic IP address, or the carrier IP address. // @@ -88107,6 +91775,175 @@ func (s *DescribeByoipCidrsOutput) SetNextToken(v string) *DescribeByoipCidrsOut return s } +type DescribeCapacityBlockOfferingsInput struct { + _ struct{} `type:"structure"` + + // The number of hours for which to reserve Capacity Block. + // + // CapacityDurationHours is a required field + CapacityDurationHours *int64 `type:"integer" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The latest end date for the Capacity Block offering. + EndDateRange *time.Time `type:"timestamp"` + + // The number of instances for which to reserve capacity. + // + // InstanceCount is a required field + InstanceCount *int64 `type:"integer" required:"true"` + + // The type of instance for which the Capacity Block offering reserves capacity. + // + // InstanceType is a required field + InstanceType *string `type:"string" required:"true"` + + // The maximum number of results to return for the request in a single page. + // The remaining results can be seen by sending another request with the returned + // nextToken value. This value can be between 5 and 500. If maxResults is given + // a larger value than 500, you receive an error. + MaxResults *int64 `min:"1" type:"integer"` + + // The token to use to retrieve the next page of results. + NextToken *string `type:"string"` + + // The earliest start date for the Capacity Block offering. + StartDateRange *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCapacityBlockOfferingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCapacityBlockOfferingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeCapacityBlockOfferingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeCapacityBlockOfferingsInput"} + if s.CapacityDurationHours == nil { + invalidParams.Add(request.NewErrParamRequired("CapacityDurationHours")) + } + if s.InstanceCount == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceCount")) + } + if s.InstanceType == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceType")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCapacityDurationHours sets the CapacityDurationHours field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetCapacityDurationHours(v int64) *DescribeCapacityBlockOfferingsInput { + s.CapacityDurationHours = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetDryRun(v bool) *DescribeCapacityBlockOfferingsInput { + s.DryRun = &v + return s +} + +// SetEndDateRange sets the EndDateRange field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetEndDateRange(v time.Time) *DescribeCapacityBlockOfferingsInput { + s.EndDateRange = &v + return s +} + +// SetInstanceCount sets the InstanceCount field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetInstanceCount(v int64) *DescribeCapacityBlockOfferingsInput { + s.InstanceCount = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetInstanceType(v string) *DescribeCapacityBlockOfferingsInput { + s.InstanceType = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetMaxResults(v int64) *DescribeCapacityBlockOfferingsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetNextToken(v string) *DescribeCapacityBlockOfferingsInput { + s.NextToken = &v + return s +} + +// SetStartDateRange sets the StartDateRange field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetStartDateRange(v time.Time) *DescribeCapacityBlockOfferingsInput { + s.StartDateRange = &v + return s +} + +type DescribeCapacityBlockOfferingsOutput struct { + _ struct{} `type:"structure"` + + // The recommended Capacity Block offering for the dates specified. + CapacityBlockOfferings []*CapacityBlockOffering `locationName:"capacityBlockOfferingSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCapacityBlockOfferingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCapacityBlockOfferingsOutput) GoString() string { + return s.String() +} + +// SetCapacityBlockOfferings sets the CapacityBlockOfferings field's value. +func (s *DescribeCapacityBlockOfferingsOutput) SetCapacityBlockOfferings(v []*CapacityBlockOffering) *DescribeCapacityBlockOfferingsOutput { + s.CapacityBlockOfferings = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeCapacityBlockOfferingsOutput) SetNextToken(v string) *DescribeCapacityBlockOfferingsOutput { + s.NextToken = &v + return s +} + type DescribeCapacityReservationFleetsInput struct { _ struct{} `type:"structure"` @@ -88586,7 +92423,7 @@ type DescribeClassicLinkInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * group-id - The ID of a VPC security group that's associated with the // instance. @@ -88603,11 +92440,10 @@ type DescribeClassicLinkInstancesInput struct { // to find all resources assigned a tag with a specific key, regardless of // the tag value. // - // * vpc-id - The ID of the VPC to which the instance is linked. vpc-id - - // The ID of the VPC that the instance is linked to. + // * vpc-id - The ID of the VPC to which the instance is linked. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more instance IDs. Must be instances linked to a VPC through ClassicLink. + // The instance IDs. Must be instances linked to a VPC through ClassicLink. InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list"` // The maximum number of items to return for this request. To get the next page @@ -89742,7 +93578,7 @@ type DescribeDhcpOptionsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * dhcp-options-id - The ID of a DHCP options set. // @@ -89885,10 +93721,10 @@ type DescribeEgressOnlyInternetGatewaysInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more egress-only internet gateway IDs. + // The IDs of the egress-only internet gateways. EgressOnlyInternetGatewayIds []*string `locationName:"EgressOnlyInternetGatewayId" locationNameList:"item" type:"list"` - // One or more filters. + // The filters. // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -90373,15 +94209,12 @@ type DescribeFastLaunchImagesInput struct { // // * resource-type - The resource type for pre-provisioning. // - // * launch-template - The launch template that is associated with the pre-provisioned - // Windows AMI. - // // * owner-id - The owner ID for the pre-provisioning resource. // // * state - The current state of fast launching for the Windows AMI. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // Details for one or more Windows AMI image IDs. + // Specify one or more Windows AMI image IDs for the request. ImageIds []*string `locationName:"ImageId" locationNameList:"ImageId" type:"list"` // The maximum number of items to return for this request. To get the next page @@ -90484,43 +94317,41 @@ func (s *DescribeFastLaunchImagesOutput) SetNextToken(v string) *DescribeFastLau return s } -// Describe details about a fast-launch enabled Windows image that meets the -// requested criteria. Criteria are defined by the DescribeFastLaunchImages +// Describe details about a Windows image with Windows fast launch enabled that +// meets the requested criteria. Criteria are defined by the DescribeFastLaunchImages // action filters. type DescribeFastLaunchImagesSuccessItem struct { _ struct{} `type:"structure"` - // The image ID that identifies the fast-launch enabled Windows image. + // The image ID that identifies the Windows fast launch enabled image. ImageId *string `locationName:"imageId" type:"string"` - // The launch template that the fast-launch enabled Windows AMI uses when it + // The launch template that the Windows fast launch enabled AMI uses when it // launches Windows instances from pre-provisioned snapshots. LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` // The maximum number of instances that Amazon EC2 can launch at the same time - // to create pre-provisioned snapshots for Windows faster launching. + // to create pre-provisioned snapshots for Windows fast launch. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` - // The owner ID for the fast-launch enabled Windows AMI. + // The owner ID for the Windows fast launch enabled AMI. OwnerId *string `locationName:"ownerId" type:"string"` - // The resource type that is used for pre-provisioning the Windows AMI. Supported - // values include: snapshot. + // The resource type that Amazon EC2 uses for pre-provisioning the Windows AMI. + // Supported values include: snapshot. ResourceType *string `locationName:"resourceType" type:"string" enum:"FastLaunchResourceType"` // A group of parameters that are used for pre-provisioning the associated Windows // AMI using snapshots. SnapshotConfiguration *FastLaunchSnapshotConfigurationResponse `locationName:"snapshotConfiguration" type:"structure"` - // The current state of faster launching for the specified Windows AMI. + // The current state of Windows fast launch for the specified Windows AMI. State *string `locationName:"state" type:"string" enum:"FastLaunchStateCode"` - // The reason that faster launching for the Windows AMI changed to the current - // state. + // The reason that Windows fast launch for the AMI changed to the current state. StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` - // The time that faster launching for the Windows AMI changed to the current - // state. + // The time that Windows fast launch for the AMI changed to the current state. StateTransitionTime *time.Time `locationName:"stateTransitionTime" type:"timestamp"` } @@ -92757,7 +96588,8 @@ type DescribeImagesInput struct { // The filters. // - // * architecture - The image architecture (i386 | x86_64 | arm64). + // * architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac + // | arm64_mac). // // * block-device-mapping.delete-on-termination - A Boolean value that indicates // whether the Amazon EBS volume is deleted on instance termination. @@ -92822,6 +96654,10 @@ type DescribeImagesInput struct { // // * root-device-type - The type of the root device volume (ebs | instance-store). // + // * source-instance-id - The ID of the instance that the AMI was created + // from if the AMI was created using CreateImage. This filter is applicable + // only if the AMI was created using CreateImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html). + // // * state - The state of the image (available | pending | failed). // // * state-reason-code - The reason code for the state change. @@ -92857,6 +96693,11 @@ type DescribeImagesInput struct { // of what you specify for this parameter. IncludeDeprecated *bool `type:"boolean"` + // Specifies whether to include disabled AMIs. + // + // Default: No disabled AMIs are included in the response. + IncludeDisabled *bool `type:"boolean"` + // The maximum number of items to return for this request. To get the next page // of items, make another request with the token returned in the output. For // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). @@ -92921,6 +96762,12 @@ func (s *DescribeImagesInput) SetIncludeDeprecated(v bool) *DescribeImagesInput return s } +// SetIncludeDisabled sets the IncludeDisabled field's value. +func (s *DescribeImagesInput) SetIncludeDisabled(v bool) *DescribeImagesInput { + s.IncludeDisabled = &v + return s +} + // SetMaxResults sets the MaxResults field's value. func (s *DescribeImagesInput) SetMaxResults(v int64) *DescribeImagesInput { s.MaxResults = &v @@ -93466,6 +97313,159 @@ func (s *DescribeInstanceAttributeOutput) SetUserData(v *AttributeValue) *Descri return s } +type DescribeInstanceConnectEndpointsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * instance-connect-endpoint-id - The ID of the EC2 Instance Connect Endpoint. + // + // * state - The state of the EC2 Instance Connect Endpoint (create-in-progress + // | create-complete | create-failed | delete-in-progress | delete-complete + // | delete-failed). + // + // * subnet-id - The ID of the subnet in which the EC2 Instance Connect Endpoint + // was created. + // + // * tag: - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. + // + // * tag-value - The value of a tag assigned to the resource. Use this filter + // to find all resources that have a tag with a specific value, regardless + // of tag key. + // + // * vpc-id - The ID of the VPC in which the EC2 Instance Connect Endpoint + // was created. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // One or more EC2 Instance Connect Endpoint IDs. + InstanceConnectEndpointIds []*string `locationName:"InstanceConnectEndpointId" locationNameList:"item" type:"list"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + MaxResults *int64 `min:"1" type:"integer"` + + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceConnectEndpointsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceConnectEndpointsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeInstanceConnectEndpointsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeInstanceConnectEndpointsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetDryRun(v bool) *DescribeInstanceConnectEndpointsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetFilters(v []*Filter) *DescribeInstanceConnectEndpointsInput { + s.Filters = v + return s +} + +// SetInstanceConnectEndpointIds sets the InstanceConnectEndpointIds field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetInstanceConnectEndpointIds(v []*string) *DescribeInstanceConnectEndpointsInput { + s.InstanceConnectEndpointIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetMaxResults(v int64) *DescribeInstanceConnectEndpointsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetNextToken(v string) *DescribeInstanceConnectEndpointsInput { + s.NextToken = &v + return s +} + +type DescribeInstanceConnectEndpointsOutput struct { + _ struct{} `type:"structure"` + + // Information about the EC2 Instance Connect Endpoints. + InstanceConnectEndpoints []*Ec2InstanceConnectEndpoint `locationName:"instanceConnectEndpointSet" locationNameList:"item" type:"list"` + + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceConnectEndpointsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceConnectEndpointsOutput) GoString() string { + return s.String() +} + +// SetInstanceConnectEndpoints sets the InstanceConnectEndpoints field's value. +func (s *DescribeInstanceConnectEndpointsOutput) SetInstanceConnectEndpoints(v []*Ec2InstanceConnectEndpoint) *DescribeInstanceConnectEndpointsOutput { + s.InstanceConnectEndpoints = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceConnectEndpointsOutput) SetNextToken(v string) *DescribeInstanceConnectEndpointsOutput { + s.NextToken = &v + return s +} + type DescribeInstanceCreditSpecificationsInput struct { _ struct{} `type:"structure"` @@ -94000,6 +98000,164 @@ func (s *DescribeInstanceStatusOutput) SetNextToken(v string) *DescribeInstanceS return s } +type DescribeInstanceTopologyInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. + // + // * availability-zone - The name of the Availability Zone (for example, + // us-west-2a) or Local Zone (for example, us-west-2-lax-1b) that the instance + // is in. + // + // * instance-type - The instance type (for example, p4d.24xlarge) or instance + // family (for example, p4d*). You can use the * wildcard to match zero or + // more characters, or the ? wildcard to match zero or one character. + // + // * zone-id - The ID of the Availability Zone (for example, usw2-az2) or + // Local Zone (for example, usw2-lax1-az1) that the instance is in. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The name of the placement group that each instance is in. + // + // Constraints: Maximum 100 explicitly specified placement group names. + GroupNames []*string `locationName:"GroupName" type:"list"` + + // The instance IDs. + // + // Default: Describes all your instances. + // + // Constraints: Maximum 100 explicitly specified instance IDs. + InstanceIds []*string `locationName:"InstanceId" type:"list"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // + // You can't specify this parameter and the instance IDs parameter in the same + // request. + // + // Default: 20 + MaxResults *int64 `min:"1" type:"integer"` + + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceTopologyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceTopologyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeInstanceTopologyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeInstanceTopologyInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeInstanceTopologyInput) SetDryRun(v bool) *DescribeInstanceTopologyInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeInstanceTopologyInput) SetFilters(v []*Filter) *DescribeInstanceTopologyInput { + s.Filters = v + return s +} + +// SetGroupNames sets the GroupNames field's value. +func (s *DescribeInstanceTopologyInput) SetGroupNames(v []*string) *DescribeInstanceTopologyInput { + s.GroupNames = v + return s +} + +// SetInstanceIds sets the InstanceIds field's value. +func (s *DescribeInstanceTopologyInput) SetInstanceIds(v []*string) *DescribeInstanceTopologyInput { + s.InstanceIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeInstanceTopologyInput) SetMaxResults(v int64) *DescribeInstanceTopologyInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceTopologyInput) SetNextToken(v string) *DescribeInstanceTopologyInput { + s.NextToken = &v + return s +} + +type DescribeInstanceTopologyOutput struct { + _ struct{} `type:"structure"` + + // Information about the topology of each instance. + Instances []*InstanceTopology `locationName:"instanceSet" locationNameList:"item" type:"list"` + + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceTopologyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceTopologyOutput) GoString() string { + return s.String() +} + +// SetInstances sets the Instances field's value. +func (s *DescribeInstanceTopologyOutput) SetInstances(v []*InstanceTopology) *DescribeInstanceTopologyOutput { + s.Instances = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceTopologyOutput) SetNextToken(v string) *DescribeInstanceTopologyOutput { + s.NextToken = &v + return s +} + type DescribeInstanceTypeOfferingsInput struct { _ struct{} `type:"structure"` @@ -94144,14 +98302,14 @@ type DescribeInstanceTypesInput struct { // One or more filters. Filter names and values are case-sensitive. // - // * auto-recovery-supported - Indicates whether auto recovery is supported - // (true | false). + // * auto-recovery-supported - Indicates whether Amazon CloudWatch action + // based recovery is supported (true | false). // // * bare-metal - Indicates whether it is a bare metal instance type (true // | false). // - // * burstable-performance-supported - Indicates whether it is a burstable - // performance instance type (true | false). + // * burstable-performance-supported - Indicates whether the instance type + // is a burstable performance T instance type (true | false). // // * current-generation - Indicates whether this instance type is the latest // generation instance type of an instance family (true | false). @@ -94247,12 +98405,22 @@ type DescribeInstanceTypesInput struct { // * network-info.network-performance - The network performance (for example, // "25 Gigabit"). // + // * nitro-enclaves-support - Indicates whether Nitro Enclaves is supported + // (supported | unsupported). + // + // * nitro-tpm-support - Indicates whether NitroTPM is supported (supported + // | unsupported). + // + // * nitro-tpm-info.supported-versions - The supported NitroTPM version (2.0). + // // * processor-info.supported-architecture - The CPU architecture (arm64 // | i386 | x86_64). // // * processor-info.sustained-clock-speed-in-ghz - The CPU clock speed, in // GHz. // + // * processor-info.supported-features - The supported CPU features (amd-sev-snp). + // // * supported-boot-mode - The boot mode (legacy-bios | uefi). // // * supported-root-device-type - The root device type (ebs | instance-store). @@ -94413,7 +98581,7 @@ type DescribeInstancesInput struct { // * availability-zone - The Availability Zone of the instance. // // * block-device-mapping.attach-time - The attach time for an EBS volume - // mapped to the instance, for example, 2010-09-15T17:15:20.000Z. + // mapped to the instance, for example, 2022-09-15T17:15:20.000Z. // // * block-device-mapping.delete-on-termination - A Boolean that indicates // whether the EBS volume is deleted on instance termination. @@ -94426,19 +98594,37 @@ type DescribeInstancesInput struct { // // * block-device-mapping.volume-id - The volume ID of the EBS volume. // + // * boot-mode - The boot mode that was specified by the AMI (legacy-bios + // | uefi | uefi-preferred). + // // * capacity-reservation-id - The ID of the Capacity Reservation into which // the instance was launched. // + // * capacity-reservation-specification.capacity-reservation-preference - + // The instance's Capacity Reservation preference (open | none). + // + // * capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id + // - The ID of the targeted Capacity Reservation. + // + // * capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn + // - The ARN of the targeted Capacity Reservation group. + // // * client-token - The idempotency token you provided when you launched // the instance. // + // * current-instance-boot-mode - The boot mode that is used to launch the + // instance at launch or start (legacy-bios | uefi). + // // * dns-name - The public DNS name of the instance. // - // * group-id - The ID of the security group for the instance. EC2-Classic - // only. + // * ebs-optimized - A Boolean that indicates whether the instance is optimized + // for Amazon EBS I/O. // - // * group-name - The name of the security group for the instance. EC2-Classic - // only. + // * ena-support - A Boolean that indicates whether the instance is enabled + // for enhanced networking with ENA. + // + // * enclave-options.enabled - A Boolean that indicates whether the instance + // is enabled for Amazon Web Services Nitro Enclaves. // // * hibernation-options.configured - A Boolean that indicates whether the // instance is enabled for hibernation. A value of true means that the instance @@ -94453,12 +98639,18 @@ type DescribeInstancesInput struct { // * iam-instance-profile.arn - The instance profile associated with the // instance. Specified as an ARN. // + // * iam-instance-profile.id - The instance profile associated with the instance. + // Specified as an ID. + // + // * iam-instance-profile.name - The instance profile associated with the + // instance. Specified as an name. + // // * image-id - The ID of the image used to launch the instance. // // * instance-id - The ID of the instance. // - // * instance-lifecycle - Indicates whether this is a Spot Instance or a - // Scheduled Instance (spot | scheduled). + // * instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled + // Instance, or a Capacity Block (spot | scheduled | capacity-block). // // * instance-state-code - The state of the instance, as a 16-bit unsigned // integer. The high byte is used for internal purposes and should be ignored. @@ -94477,6 +98669,8 @@ type DescribeInstancesInput struct { // // * ip-address - The public IPv4 address of the instance. // + // * ipv6-address - The IPv6 address of the instance. + // // * kernel-id - The kernel ID. // // * key-name - The name of the key pair used when the instance was launched. @@ -94489,38 +98683,61 @@ type DescribeInstancesInput struct { // You can use a wildcard (*), for example, 2021-09-29T*, which matches an // entire day. // - // * metadata-options.http-tokens - The metadata request authorization state - // (optional | required) + // * maintenance-options.auto-recovery - The current automatic recovery behavior + // of the instance (disabled | default). + // + // * metadata-options.http-endpoint - The status of access to the HTTP metadata + // endpoint on your instance (enabled | disabled) + // + // * metadata-options.http-protocol-ipv4 - Indicates whether the IPv4 endpoint + // is enabled (disabled | enabled). + // + // * metadata-options.http-protocol-ipv6 - Indicates whether the IPv6 endpoint + // is enabled (disabled | enabled). // // * metadata-options.http-put-response-hop-limit - The HTTP metadata request // put response hop limit (integer, possible values 1 to 64) // - // * metadata-options.http-endpoint - The status of access to the HTTP metadata - // endpoint on your instance (enabled | disabled) + // * metadata-options.http-tokens - The metadata request authorization state + // (optional | required) // // * metadata-options.instance-metadata-tags - The status of access to instance // tags from the instance metadata (enabled | disabled) // + // * metadata-options.state - The state of the metadata option changes (pending + // | applied). + // // * monitoring-state - Indicates whether detailed monitoring is enabled // (disabled | enabled). // - // * network-interface.addresses.private-ip-address - The private IPv4 address - // associated with the network interface. + // * network-interface.addresses.association.allocation-id - The allocation + // ID. // - // * network-interface.addresses.primary - Specifies whether the IPv4 address - // of the network interface is the primary private IPv4 address. + // * network-interface.addresses.association.association-id - The association + // ID. // - // * network-interface.addresses.association.public-ip - The ID of the association - // of an Elastic IP address (IPv4) with a network interface. + // * network-interface.addresses.association.carrier-ip - The carrier IP + // address. + // + // * network-interface.addresses.association.customer-owned-ip - The customer-owned + // IP address. // // * network-interface.addresses.association.ip-owner-id - The owner ID of // the private IPv4 address associated with the network interface. // - // * network-interface.association.public-ip - The address of the Elastic - // IP address (IPv4) bound to the network interface. + // * network-interface.addresses.association.public-dns-name - The public + // DNS name. // - // * network-interface.association.ip-owner-id - The owner of the Elastic - // IP address (IPv4) associated with the network interface. + // * network-interface.addresses.association.public-ip - The ID of the association + // of an Elastic IP address (IPv4) with a network interface. + // + // * network-interface.addresses.primary - Specifies whether the IPv4 address + // of the network interface is the primary private IPv4 address. + // + // * network-interface.addresses.private-dns-name - The private DNS name. + // + // * network-interface.addresses.private-ip-address - The private IPv4 address + // associated with the network interface. // // * network-interface.association.allocation-id - The allocation ID returned // when you allocated the Elastic IP address (IPv4) for your network interface. @@ -94528,30 +98745,50 @@ type DescribeInstancesInput struct { // * network-interface.association.association-id - The association ID returned // when the network interface was associated with an IPv4 address. // + // * network-interface.association.carrier-ip - The customer-owned IP address. + // + // * network-interface.association.customer-owned-ip - The customer-owned + // IP address. + // + // * network-interface.association.ip-owner-id - The owner of the Elastic + // IP address (IPv4) associated with the network interface. + // + // * network-interface.association.public-dns-name - The public DNS name. + // + // * network-interface.association.public-ip - The address of the Elastic + // IP address (IPv4) bound to the network interface. + // + // * network-interface.attachment.attach-time - The time that the network + // interface was attached to an instance. + // // * network-interface.attachment.attachment-id - The ID of the interface // attachment. // + // * network-interface.attachment.delete-on-termination - Specifies whether + // the attachment is deleted when an instance is terminated. + // + // * network-interface.attachment.device-index - The device index to which + // the network interface is attached. + // // * network-interface.attachment.instance-id - The ID of the instance to // which the network interface is attached. // // * network-interface.attachment.instance-owner-id - The owner ID of the // instance to which the network interface is attached. // - // * network-interface.attachment.device-index - The device index to which - // the network interface is attached. + // * network-interface.attachment.network-card-index - The index of the network + // card. // // * network-interface.attachment.status - The status of the attachment (attaching // | attached | detaching | detached). // - // * network-interface.attachment.attach-time - The time that the network - // interface was attached to an instance. - // - // * network-interface.attachment.delete-on-termination - Specifies whether - // the attachment is deleted when an instance is terminated. - // // * network-interface.availability-zone - The Availability Zone for the // network interface. // + // * network-interface.deny-all-igw-traffic - A Boolean that indicates whether + // a network interface with an IPv6 address is unreachable from the public + // internet. + // // * network-interface.description - The description of the network interface. // // * network-interface.group-id - The ID of a security group associated with @@ -94560,18 +98797,39 @@ type DescribeInstancesInput struct { // * network-interface.group-name - The name of a security group associated // with the network interface. // + // * network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that + // are assigned to the network interface. + // + // * network-interface.ipv6-address - The IPv6 address associated with the + // network interface. + // // * network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated // with the network interface. // + // * network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates + // whether this is the primary IPv6 address. + // + // * network-interface.ipv6-native - A Boolean that indicates whether this + // is an IPv6 only network interface. + // + // * network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned + // to the network interface. + // // * network-interface.mac-address - The MAC address of the network interface. // // * network-interface.network-interface-id - The ID of the network interface. // + // * network-interface.outpost-arn - The ARN of the Outpost. + // // * network-interface.owner-id - The ID of the owner of the network interface. // // * network-interface.private-dns-name - The private DNS name of the network // interface. // + // * network-interface.private-ip-address - The private IPv4 address. + // + // * network-interface.public-dns-name - The public DNS name. + // // * network-interface.requester-id - The requester ID for the network interface. // // * network-interface.requester-managed - Indicates whether the network @@ -94588,6 +98846,12 @@ type DescribeInstancesInput struct { // // * network-interface.subnet-id - The ID of the subnet for the network interface. // + // * network-interface.tag-key - The key of a tag assigned to the network + // interface. + // + // * network-interface.tag-value - The value of a tag assigned to the network + // interface. + // // * network-interface.vpc-id - The ID of the VPC for the network interface. // // * outpost-arn - The Amazon Resource Name (ARN) of the Outpost. @@ -94601,8 +98865,29 @@ type DescribeInstancesInput struct { // // * platform - The platform. To list only Windows instances, use windows. // + // * platform-details - The platform (Linux/UNIX | Red Hat BYOL Linux | Red + // Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Red Hat Enterprise + // Linux with SQL Server Standard and HA | Red Hat Enterprise Linux with + // SQL Server Enterprise and HA | Red Hat Enterprise Linux with SQL Server + // Standard | Red Hat Enterprise Linux with SQL Server Web | Red Hat Enterprise + // Linux with SQL Server Enterprise | SQL Server Enterprise | SQL Server + // Standard | SQL Server Web | SUSE Linux | Ubuntu Pro | Windows | Windows + // BYOL | Windows with SQL Server Enterprise | Windows with SQL Server Standard + // | Windows with SQL Server Web). + // // * private-dns-name - The private IPv4 DNS name of the instance. // + // * private-dns-name-options.enable-resource-name-dns-a-record - A Boolean + // that indicates whether to respond to DNS queries for instance hostnames + // with DNS A records. + // + // * private-dns-name-options.enable-resource-name-dns-aaaa-record - A Boolean + // that indicates whether to respond to DNS queries for instance hostnames + // with DNS AAAA records. + // + // * private-dns-name-options.hostname-type - The type of hostname (ip-name + // | resource-name). + // // * private-ip-address - The private IPv4 address of the instance. // // * product-code - The product code associated with the AMI used to launch @@ -94658,6 +98943,19 @@ type DescribeInstancesInput struct { // // * tenancy - The tenancy of an instance (dedicated | default | host). // + // * tpm-support - Indicates if the instance is configured for NitroTPM support + // (v2.0). + // + // * usage-operation - The usage operation value for the instance (RunInstances + // | RunInstances:00g0 | RunInstances:0010 | RunInstances:1010 | RunInstances:1014 + // | RunInstances:1110 | RunInstances:0014 | RunInstances:0210 | RunInstances:0110 + // | RunInstances:0100 | RunInstances:0004 | RunInstances:0200 | RunInstances:000g + // | RunInstances:0g00 | RunInstances:0002 | RunInstances:0800 | RunInstances:0102 + // | RunInstances:0006 | RunInstances:0202). + // + // * usage-operation-update-time - The time that the usage operation was + // last updated, for example, 2022-09-15T17:15:20.000Z. + // // * virtualization-type - The virtualization type of the instance (paravirtual // | hvm). // @@ -94780,7 +99078,7 @@ type DescribeInternetGatewaysInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * attachment.state - The current state of the attachment between the gateway // and the VPC (available). Present only if a VPC is attached. @@ -94803,7 +99101,7 @@ type DescribeInternetGatewaysInput struct { // the tag value. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more internet gateway IDs. + // The IDs of the internet gateways. // // Default: Describes all your internet gateways. InternetGatewayIds []*string `locationName:"internetGatewayId" locationNameList:"item" type:"list"` @@ -94920,6 +99218,113 @@ func (s *DescribeInternetGatewaysOutput) SetNextToken(v string) *DescribeInterne return s } +type DescribeIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"1" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeIpamByoasnInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeIpamByoasnInput) SetDryRun(v bool) *DescribeIpamByoasnInput { + s.DryRun = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeIpamByoasnInput) SetMaxResults(v int64) *DescribeIpamByoasnInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeIpamByoasnInput) SetNextToken(v string) *DescribeIpamByoasnInput { + s.NextToken = &v + return s +} + +type DescribeIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // ASN and BYOIP CIDR associations. + Byoasns []*Byoasn `locationName:"byoasnSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetByoasns sets the Byoasns field's value. +func (s *DescribeIpamByoasnOutput) SetByoasns(v []*Byoasn) *DescribeIpamByoasnOutput { + s.Byoasns = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeIpamByoasnOutput) SetNextToken(v string) *DescribeIpamByoasnOutput { + s.NextToken = &v + return s +} + type DescribeIpamPoolsInput struct { _ struct{} `type:"structure"` @@ -97024,6 +101429,136 @@ func (s *DescribeLocalGatewaysOutput) SetNextToken(v string) *DescribeLocalGatew return s } +type DescribeLockedSnapshotsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. + // + // * lock-state - The state of the snapshot lock (compliance-cooloff | governance + // | compliance | expired). + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + MaxResults *int64 `min:"5" type:"integer"` + + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. + NextToken *string `type:"string"` + + // The IDs of the snapshots for which to view the lock status. + SnapshotIds []*string `locationName:"SnapshotId" locationNameList:"SnapshotId" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLockedSnapshotsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLockedSnapshotsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLockedSnapshotsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLockedSnapshotsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeLockedSnapshotsInput) SetDryRun(v bool) *DescribeLockedSnapshotsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeLockedSnapshotsInput) SetFilters(v []*Filter) *DescribeLockedSnapshotsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeLockedSnapshotsInput) SetMaxResults(v int64) *DescribeLockedSnapshotsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLockedSnapshotsInput) SetNextToken(v string) *DescribeLockedSnapshotsInput { + s.NextToken = &v + return s +} + +// SetSnapshotIds sets the SnapshotIds field's value. +func (s *DescribeLockedSnapshotsInput) SetSnapshotIds(v []*string) *DescribeLockedSnapshotsInput { + s.SnapshotIds = v + return s +} + +type DescribeLockedSnapshotsOutput struct { + _ struct{} `type:"structure"` + + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about the snapshots. + Snapshots []*LockedSnapshotsInfo `locationName:"snapshotSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLockedSnapshotsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLockedSnapshotsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLockedSnapshotsOutput) SetNextToken(v string) *DescribeLockedSnapshotsOutput { + s.NextToken = &v + return s +} + +// SetSnapshots sets the Snapshots field's value. +func (s *DescribeLockedSnapshotsOutput) SetSnapshots(v []*LockedSnapshotsInfo) *DescribeLockedSnapshotsOutput { + s.Snapshots = v + return s +} + type DescribeManagedPrefixListsInput struct { _ struct{} `type:"structure"` @@ -97296,7 +101831,7 @@ type DescribeNatGatewaysInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. // // * nat-gateway-id - The ID of the NAT gateway. // @@ -97323,7 +101858,7 @@ type DescribeNatGatewaysInput struct { // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"5" type:"integer"` - // One or more NAT gateway IDs. + // The IDs of the NAT gateways. NatGatewayIds []*string `locationName:"NatGatewayId" locationNameList:"item" type:"list"` // The token returned from a previous paginated request. Pagination continues @@ -97442,7 +101977,7 @@ type DescribeNetworkAclsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * association.association-id - The ID of an association ID for the ACL. // @@ -97501,7 +102036,7 @@ type DescribeNetworkAclsInput struct { // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"5" type:"integer"` - // One or more network ACL IDs. + // The IDs of the network ACLs. // // Default: Describes all your network ACLs. NetworkAclIds []*string `locationName:"NetworkAclId" locationNameList:"item" type:"list"` @@ -98063,7 +102598,27 @@ type DescribeNetworkInsightsPathsInput struct { // // * destination - The ID of the resource. // - // * destination-port - The destination port. + // * filter-at-source.source-address - The source IPv4 address at the source. + // + // * filter-at-source.source-port-range - The source port range at the source. + // + // * filter-at-source.destination-address - The destination IPv4 address + // at the source. + // + // * filter-at-source.destination-port-range - The destination port range + // at the source. + // + // * filter-at-destination.source-address - The source IPv4 address at the + // destination. + // + // * filter-at-destination.source-port-range - The source port range at the + // destination. + // + // * filter-at-destination.destination-address - The destination IPv4 address + // at the destination. + // + // * filter-at-destination.destination-port-range - The destination port + // range at the destination. // // * protocol - The protocol. // @@ -98463,23 +103018,23 @@ type DescribeNetworkInterfacesInput struct { // One or more filters. // - // * addresses.private-ip-address - The private IPv4 addresses associated - // with the network interface. - // - // * addresses.primary - Whether the private IPv4 address is the primary - // IP address associated with the network interface. + // * association.allocation-id - The allocation ID returned when you allocated + // the Elastic IP address (IPv4) for your network interface. // - // * addresses.association.public-ip - The association ID returned when the - // network interface was associated with the Elastic IP address (IPv4). + // * association.association-id - The association ID returned when the network + // interface was associated with an IPv4 address. // // * addresses.association.owner-id - The owner ID of the addresses associated // with the network interface. // - // * association.association-id - The association ID returned when the network - // interface was associated with an IPv4 address. + // * addresses.association.public-ip - The association ID returned when the + // network interface was associated with the Elastic IP address (IPv4). // - // * association.allocation-id - The allocation ID returned when you allocated - // the Elastic IP address (IPv4) for your network interface. + // * addresses.primary - Whether the private IPv4 address is the primary + // IP address associated with the network interface. + // + // * addresses.private-ip-address - The private IPv4 addresses associated + // with the network interface. // // * association.ip-owner-id - The owner of the Elastic IP address (IPv4) // associated with the network interface. @@ -98490,11 +103045,11 @@ type DescribeNetworkInterfacesInput struct { // * association.public-dns-name - The public DNS name for the network interface // (IPv4). // - // * attachment.attachment-id - The ID of the interface attachment. - // // * attachment.attach-time - The time that the network interface was attached // to an instance. // + // * attachment.attachment-id - The ID of the interface attachment. + // // * attachment.delete-on-termination - Indicates whether the attachment // is deleted when an instance is terminated. // @@ -98516,17 +103071,15 @@ type DescribeNetworkInterfacesInput struct { // // * group-id - The ID of a security group associated with the network interface. // - // * group-name - The name of a security group associated with the network - // interface. - // // * ipv6-addresses.ipv6-address - An IPv6 address associated with the network // interface. // // * interface-type - The type of network interface (api_gateway_managed - // | aws_codestar_connections_managed | branch | efa | gateway_load_balancer - // | gateway_load_balancer_endpoint | global_accelerator_managed | interface - // | iot_rules_managed | lambda | load_balancer | nat_gateway | network_load_balancer - // | quicksight | transit_gateway | trunk | vpc_endpoint). + // | aws_codestar_connections_managed | branch | ec2_instance_connect_endpoint + // | efa | efs | gateway_load_balancer | gateway_load_balancer_endpoint | + // global_accelerator_managed | interface | iot_rules_managed | lambda | + // load_balancer | nat_gateway | network_load_balancer | quicksight | transit_gateway + // | trunk | vpc_endpoint). // // * mac-address - The MAC address of the network interface. // @@ -98535,11 +103088,11 @@ type DescribeNetworkInterfacesInput struct { // * owner-id - The Amazon Web Services account ID of the network interface // owner. // + // * private-dns-name - The private DNS name of the network interface (IPv4). + // // * private-ip-address - The private IPv4 address or addresses of the network // interface. // - // * private-dns-name - The private DNS name of the network interface (IPv4). - // // * requester-id - The alias or Amazon Web Services account ID of the principal // or service that created the network interface. // @@ -99424,16 +103977,11 @@ type DescribeReservedInstancesInput struct { // // * scope - The scope of the Reserved Instance (Region or Availability Zone). // - // * product-description - The Reserved Instance product platform description. - // Instances that include (Amazon VPC) in the product platform description - // will only be displayed to EC2-Classic account holders and are for use - // with Amazon VPC (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | SUSE - // Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise Linux - // (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows - // | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with - // SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows - // with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise - // | Windows with SQL Server Enterprise (Amazon VPC)). + // * product-description - The Reserved Instance product platform description + // (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web + // | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux + // | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server + // Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise). // // * reserved-instances-id - The ID of the Reserved Instance. // @@ -99635,9 +104183,6 @@ type DescribeReservedInstancesModificationsInput struct { // * modification-result.target-configuration.instance-type - The instance // type of the new Reserved Instances. // - // * modification-result.target-configuration.platform - The network platform - // of the new Reserved Instances (EC2-Classic | EC2-VPC). - // // * reserved-instances-id - The ID of the Reserved Instances modified. // // * reserved-instances-modification-id - The ID of the modification request. @@ -99766,16 +104311,11 @@ type DescribeReservedInstancesOfferingsInput struct { // all offerings from both Amazon Web Services and the Reserved Instance // Marketplace are listed. // - // * product-description - The Reserved Instance product platform description. - // Instances that include (Amazon VPC) in the product platform description - // will only be displayed to EC2-Classic account holders and are for use - // with Amazon VPC. (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | - // SUSE Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise - // Linux (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows - // | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with - // SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows - // with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise - // | Windows with SQL Server Enterprise (Amazon VPC)) + // * product-description - The Reserved Instance product platform description + // (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web + // | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux + // | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server + // Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise). // // * reserved-instances-offering-id - The Reserved Instances offering ID. // @@ -100035,7 +104575,7 @@ type DescribeRouteTablesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * association.route-table-association-id - The ID of an association ID // for the route table. @@ -100111,7 +104651,7 @@ type DescribeRouteTablesInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more route table IDs. + // The IDs of the route tables. // // Default: Describes all your route tables. RouteTableIds []*string `locationName:"RouteTableId" locationNameList:"item" type:"list"` @@ -100236,8 +104776,6 @@ type DescribeScheduledInstanceAvailabilityInput struct { // // * instance-type - The instance type (for example, c4.large). // - // * network-platform - The network platform (EC2-Classic or EC2-VPC). - // // * platform - The platform (Linux/UNIX or Windows). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -100418,8 +104956,6 @@ type DescribeScheduledInstancesInput struct { // // * instance-type - The instance type (for example, c4.large). // - // * network-platform - The network platform (EC2-Classic or EC2-VPC). - // // * platform - The platform (Linux/UNIX or Windows). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -100856,10 +105392,8 @@ type DescribeSecurityGroupsInput struct { // Default: Describes all of your security groups. GroupIds []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` - // [EC2-Classic and default VPC only] The names of the security groups. You - // can specify either the security group name or the security group ID. For - // security groups in a nondefault VPC, use the group-name filter to describe - // security groups by name. + // [Default VPC] The names of the security groups. You can specify either the + // security group name or the security group ID. // // Default: Describes all of your security groups. GroupNames []*string `locationName:"GroupName" locationNameList:"GroupName" type:"list"` @@ -101891,7 +106425,7 @@ type DescribeSpotInstanceRequestsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * availability-zone-group - The Availability Zone group. // @@ -101918,8 +106452,8 @@ type DescribeSpotInstanceRequestsInput struct { // in GiB. // // * launch.block-device-mapping.volume-type - The type of EBS volume: gp2 - // for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 for - // Throughput Optimized HDD, sc1for Cold HDD, or standard for Magnetic. + // or gp3 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 + // for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic. // // * launch.group-id - The ID of the security group for the instance. // @@ -102008,7 +106542,7 @@ type DescribeSpotInstanceRequestsInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more Spot Instance request IDs. + // The IDs of the Spot Instance requests. SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list"` } @@ -102068,7 +106602,7 @@ type DescribeSpotInstanceRequestsOutput struct { // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` - // One or more Spot Instance requests. + // The Spot Instance requests. SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -102119,7 +106653,7 @@ type DescribeSpotPriceHistoryInput struct { // the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). EndTime *time.Time `locationName:"endTime" type:"timestamp"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone for which prices should be // returned. @@ -102135,8 +106669,8 @@ type DescribeSpotPriceHistoryInput struct { // greater than or less than comparison is not supported). // // * timestamp - The time stamp of the Spot price history, in UTC format - // (for example, YYYY-MM-DDTHH:MM:SSZ). You can use wildcards (* and ?). - // Greater than or less than comparison is not supported. + // (for example, ddd MMM dd HH:mm:ss UTC YYYY). You can use wildcards (* + // and ?). Greater than or less than comparison is not supported. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // Filters the results by the specified instance types. @@ -102415,6 +106949,9 @@ type DescribeStoreImageTasksInput struct { // // * bucket - Returns task information for tasks that targeted a specific // bucket. For the filter value, specify the bucket name. + // + // When you specify the ImageIds parameter, any filters that you specify are + // ignored. To use the filters, you must remove the ImageIds parameter. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The AMI IDs for which to show progress. Up to 20 AMI IDs can be included @@ -102425,7 +106962,7 @@ type DescribeStoreImageTasksInput struct { // of items, make another request with the token returned in the output. For // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). // - // You cannot specify this parameter and the ImageIDs parameter in the same + // You cannot specify this parameter and the ImageIds parameter in the same // call. MaxResults *int64 `min:"1" type:"integer"` @@ -102545,7 +107082,7 @@ type DescribeSubnetsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone for the subnet. You can also // use availabilityZone as the filter name. @@ -102640,7 +107177,7 @@ type DescribeSubnetsInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more subnet IDs. + // The IDs of the subnets. // // Default: Describes all your subnets. SubnetIds []*string `locationName:"SubnetId" locationNameList:"SubnetId" type:"list"` @@ -104811,13 +109348,13 @@ type DescribeVerifiedAccessEndpointsInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. VerifiedAccessEndpointIds []*string `locationName:"VerifiedAccessEndpointId" locationNameList:"item" type:"list"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. VerifiedAccessGroupId *string `type:"string"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstanceId *string `type:"string"` } @@ -104901,7 +109438,7 @@ type DescribeVerifiedAccessEndpointsOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The ID of the Amazon Web Services Verified Access endpoint. + // Details about the Verified Access endpoints. VerifiedAccessEndpoints []*VerifiedAccessEndpoint `locationName:"verifiedAccessEndpointSet" locationNameList:"item" type:"list"` } @@ -104954,10 +109491,10 @@ type DescribeVerifiedAccessGroupsInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The ID of the Amazon Web Services Verified Access groups. + // The ID of the Verified Access groups. VerifiedAccessGroupIds []*string `locationName:"VerifiedAccessGroupId" locationNameList:"item" type:"list"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstanceId *string `type:"string"` } @@ -105035,7 +109572,7 @@ type DescribeVerifiedAccessGroupsOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The ID of the Verified Access group. + // Details about the Verified Access groups. VerifiedAccessGroups []*VerifiedAccessGroup `locationName:"verifiedAccessGroupSet" locationNameList:"item" type:"list"` } @@ -105088,7 +109625,7 @@ type DescribeVerifiedAccessInstanceLoggingConfigurationsInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The IDs of the Amazon Web Services Verified Access instances. + // The IDs of the Verified Access instances. VerifiedAccessInstanceIds []*string `locationName:"VerifiedAccessInstanceId" locationNameList:"item" type:"list"` } @@ -105156,8 +109693,7 @@ func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetVerifiedAc type DescribeVerifiedAccessInstanceLoggingConfigurationsOutput struct { _ struct{} `type:"structure"` - // The current logging configuration for the Amazon Web Services Verified Access - // instances. + // The logging configuration for the Verified Access instances. LoggingConfigurations []*VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfigurationSet" locationNameList:"item" type:"list"` // The token to use to retrieve the next page of results. This value is null @@ -105214,7 +109750,7 @@ type DescribeVerifiedAccessInstancesInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The IDs of the Amazon Web Services Verified Access instances. + // The IDs of the Verified Access instances. VerifiedAccessInstanceIds []*string `locationName:"VerifiedAccessInstanceId" locationNameList:"item" type:"list"` } @@ -105286,7 +109822,7 @@ type DescribeVerifiedAccessInstancesOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The IDs of the Amazon Web Services Verified Access instances. + // Details about the Verified Access instances. VerifiedAccessInstances []*VerifiedAccessInstance `locationName:"verifiedAccessInstanceSet" locationNameList:"item" type:"list"` } @@ -105339,7 +109875,7 @@ type DescribeVerifiedAccessTrustProvidersInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The IDs of the Amazon Web Services Verified Access trust providers. + // The IDs of the Verified Access trust providers. VerifiedAccessTrustProviderIds []*string `locationName:"VerifiedAccessTrustProviderId" locationNameList:"item" type:"list"` } @@ -105411,7 +109947,7 @@ type DescribeVerifiedAccessTrustProvidersOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The IDs of the Amazon Web Services Verified Access trust providers. + // Details about the Verified Access trust providers. VerifiedAccessTrustProviders []*VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProviderSet" locationNameList:"item" type:"list"` } @@ -106164,7 +110700,7 @@ type DescribeVpcClassicLinkDnsSupportInput struct { // from the end of the items returned by the previous request. NextToken *string `locationName:"nextToken" min:"1" type:"string"` - // One or more VPC IDs. + // The IDs of the VPCs. VpcIds []*string `locationNameList:"VpcId" type:"list"` } @@ -106270,7 +110806,7 @@ type DescribeVpcClassicLinkInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * is-classic-link-enabled - Whether the VPC is enabled for ClassicLink // (true | false). @@ -106286,7 +110822,7 @@ type DescribeVpcClassicLinkInput struct { // the tag value. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more VPCs for which you want to describe the ClassicLink status. + // The VPCs for which you want to describe the ClassicLink status. VpcIds []*string `locationName:"VpcId" locationNameList:"VpcId" type:"list"` } @@ -106329,7 +110865,7 @@ func (s *DescribeVpcClassicLinkInput) SetVpcIds(v []*string) *DescribeVpcClassic type DescribeVpcClassicLinkOutput struct { _ struct{} `type:"structure"` - // The ClassicLink status of one or more VPCs. + // The ClassicLink status of the VPCs. Vpcs []*VpcClassicLink `locationName:"vpcSet" locationNameList:"item" type:"list"` } @@ -107162,7 +111698,7 @@ type DescribeVpcPeeringConnectionsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * accepter-vpc-info.cidr-block - The IPv4 CIDR block of the accepter VPC. // @@ -107209,7 +111745,7 @@ type DescribeVpcPeeringConnectionsInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more VPC peering connection IDs. + // The IDs of the VPC peering connections. // // Default: Describes all your VPC peering connections. VpcPeeringConnectionIds []*string `locationName:"VpcPeeringConnectionId" locationNameList:"item" type:"list"` @@ -107326,7 +111862,7 @@ type DescribeVpcsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify // must exactly match the VPC's CIDR block for information to be returned @@ -107384,7 +111920,7 @@ type DescribeVpcsInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more VPC IDs. + // The IDs of the VPCs. // // Default: Describes all your VPCs. VpcIds []*string `locationName:"VpcId" locationNameList:"VpcId" type:"list"` @@ -108152,12 +112688,12 @@ type DetachVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field VerifiedAccessTrustProviderId *string `type:"string" required:"true"` @@ -108224,10 +112760,10 @@ func (s *DetachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type DetachVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -108448,11 +112984,15 @@ func (s DetachVpnGatewayOutput) GoString() string { return s.String() } -// Options for an Amazon Web Services Verified Access device-identity based -// trust provider. +// Describes the options for an Amazon Web Services Verified Access device-identity +// based trust provider. type DeviceOptions struct { _ struct{} `type:"structure"` + // The URL Amazon Web Services Verified Access will use to verify the authenticity + // of the device tokens. + PublicSigningKeyUrl *string `locationName:"publicSigningKeyUrl" type:"string"` + // The ID of the tenant application with the device-identity provider. TenantId *string `locationName:"tenantId" type:"string"` } @@ -108475,6 +113015,12 @@ func (s DeviceOptions) GoString() string { return s.String() } +// SetPublicSigningKeyUrl sets the PublicSigningKeyUrl field's value. +func (s *DeviceOptions) SetPublicSigningKeyUrl(v string) *DeviceOptions { + s.PublicSigningKeyUrl = &v + return s +} + // SetTenantId sets the TenantId field's value. func (s *DeviceOptions) SetTenantId(v string) *DeviceOptions { s.TenantId = &v @@ -108488,7 +113034,7 @@ type DhcpConfiguration struct { // The name of a DHCP option. Key *string `locationName:"key" type:"string"` - // One or more values for the DHCP option. + // The values for the DHCP option. Values []*AttributeValue `locationName:"valueSet" locationNameList:"item" type:"list"` } @@ -108522,11 +113068,11 @@ func (s *DhcpConfiguration) SetValues(v []*AttributeValue) *DhcpConfiguration { return s } -// Describes a set of DHCP options. +// The set of DHCP options. type DhcpOptions struct { _ struct{} `type:"structure"` - // One or more DHCP options in the set. + // The DHCP options in the set. DhcpConfigurations []*DhcpConfiguration `locationName:"dhcpConfigurationSet" locationNameList:"item" type:"list"` // The ID of the set of DHCP options. @@ -108911,13 +113457,12 @@ type DisableFastLaunchInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // Forces the image settings to turn off faster launching for your Windows AMI. - // This parameter overrides any errors that are encountered while cleaning up - // resources in your account. + // Forces the image settings to turn off Windows fast launch for your Windows + // AMI. This parameter overrides any errors that are encountered while cleaning + // up resources in your account. Force *bool `type:"boolean"` - // The ID of the image for which you’re turning off faster launching, and - // removing pre-provisioned snapshots. + // Specify the ID of the image for which to disable Windows fast launch. // // ImageId is a required field ImageId *string `type:"string" required:"true"` @@ -108975,7 +113520,7 @@ func (s *DisableFastLaunchInput) SetImageId(v string) *DisableFastLaunchInput { type DisableFastLaunchOutput struct { _ struct{} `type:"structure"` - // The ID of the image for which faster-launching has been turned off. + // The ID of the image for which Windows fast launch was disabled. ImageId *string `locationName:"imageId" type:"string"` // The launch template that was used to launch Windows instances from pre-provisioned @@ -108983,27 +113528,28 @@ type DisableFastLaunchOutput struct { LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` // The maximum number of instances that Amazon EC2 can launch at the same time - // to create pre-provisioned snapshots for Windows faster launching. + // to create pre-provisioned snapshots for Windows fast launch. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` - // The owner of the Windows AMI for which faster launching was turned off. + // The owner of the Windows AMI for which Windows fast launch was disabled. OwnerId *string `locationName:"ownerId" type:"string"` // The pre-provisioning resource type that must be cleaned after turning off - // faster launching for the Windows AMI. Supported values include: snapshot. + // Windows fast launch for the Windows AMI. Supported values include: snapshot. ResourceType *string `locationName:"resourceType" type:"string" enum:"FastLaunchResourceType"` - // Parameters that were used for faster launching for the Windows AMI before - // faster launching was turned off. This informs the clean-up process. + // Parameters that were used for Windows fast launch for the Windows AMI before + // Windows fast launch was disabled. This informs the clean-up process. SnapshotConfiguration *FastLaunchSnapshotConfigurationResponse `locationName:"snapshotConfiguration" type:"structure"` - // The current state of faster launching for the specified Windows AMI. + // The current state of Windows fast launch for the specified Windows AMI. State *string `locationName:"state" type:"string" enum:"FastLaunchStateCode"` - // The reason that the state changed for faster launching for the Windows AMI. + // The reason that the state changed for Windows fast launch for the Windows + // AMI. StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` - // The time that the state changed for faster launching for the Windows AMI. + // The time that the state changed for Windows fast launch for the Windows AMI. StateTransitionTime *time.Time `locationName:"stateTransitionTime" type:"timestamp"` } @@ -109448,6 +113994,71 @@ func (s *DisableFastSnapshotRestoresOutput) SetUnsuccessful(v []*DisableFastSnap return s } +type DisableImageBlockPublicAccessInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageBlockPublicAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageBlockPublicAccessInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableImageBlockPublicAccessInput) SetDryRun(v bool) *DisableImageBlockPublicAccessInput { + s.DryRun = &v + return s +} + +type DisableImageBlockPublicAccessOutput struct { + _ struct{} `type:"structure"` + + // Returns unblocked if the request succeeds; otherwise, it returns an error. + ImageBlockPublicAccessState *string `locationName:"imageBlockPublicAccessState" type:"string" enum:"ImageBlockPublicAccessDisabledState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageBlockPublicAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageBlockPublicAccessOutput) GoString() string { + return s.String() +} + +// SetImageBlockPublicAccessState sets the ImageBlockPublicAccessState field's value. +func (s *DisableImageBlockPublicAccessOutput) SetImageBlockPublicAccessState(v string) *DisableImageBlockPublicAccessOutput { + s.ImageBlockPublicAccessState = &v + return s +} + type DisableImageDeprecationInput struct { _ struct{} `type:"structure"` @@ -109537,6 +114148,95 @@ func (s *DisableImageDeprecationOutput) SetReturn(v bool) *DisableImageDeprecati return s } +type DisableImageInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the AMI. + // + // ImageId is a required field + ImageId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableImageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableImageInput"} + if s.ImageId == nil { + invalidParams.Add(request.NewErrParamRequired("ImageId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableImageInput) SetDryRun(v bool) *DisableImageInput { + s.DryRun = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *DisableImageInput) SetImageId(v string) *DisableImageInput { + s.ImageId = &v + return s +} + +type DisableImageOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, it returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *DisableImageOutput) SetReturn(v bool) *DisableImageOutput { + s.Return = &v + return s +} + type DisableIpamOrganizationAdminAccountInput struct { _ struct{} `type:"structure"` @@ -109693,6 +114393,71 @@ func (s *DisableSerialConsoleAccessOutput) SetSerialConsoleAccessEnabled(v bool) return s } +type DisableSnapshotBlockPublicAccessInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableSnapshotBlockPublicAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableSnapshotBlockPublicAccessInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableSnapshotBlockPublicAccessInput) SetDryRun(v bool) *DisableSnapshotBlockPublicAccessInput { + s.DryRun = &v + return s +} + +type DisableSnapshotBlockPublicAccessOutput struct { + _ struct{} `type:"structure"` + + // Returns unblocked if the request succeeds. + State *string `locationName:"state" type:"string" enum:"SnapshotBlockPublicAccessState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableSnapshotBlockPublicAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableSnapshotBlockPublicAccessOutput) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *DisableSnapshotBlockPublicAccessOutput) SetState(v string) *DisableSnapshotBlockPublicAccessOutput { + s.State = &v + return s +} + type DisableTransitGatewayRouteTablePropagationInput struct { _ struct{} `type:"structure"` @@ -110049,7 +114814,7 @@ func (s *DisableVpcClassicLinkOutput) SetReturn(v bool) *DisableVpcClassicLinkOu type DisassociateAddressInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The association ID. Required for EC2-VPC. + // The association ID. This parameter is required. AssociationId *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -110058,7 +114823,7 @@ type DisassociateAddressInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // [EC2-Classic] The Elastic IP address. Required for EC2-Classic. + // Deprecated. PublicIp *string `type:"string"` } @@ -110515,6 +115280,109 @@ func (s *DisassociateInstanceEventWindowOutput) SetInstanceEventWindow(v *Instan return s } +type DisassociateIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // A public 2-byte or 4-byte ASN. + // + // Asn is a required field + Asn *string `type:"string" required:"true"` + + // A BYOIP CIDR. + // + // Cidr is a required field + Cidr *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateIpamByoasnInput"} + if s.Asn == nil { + invalidParams.Add(request.NewErrParamRequired("Asn")) + } + if s.Cidr == nil { + invalidParams.Add(request.NewErrParamRequired("Cidr")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsn sets the Asn field's value. +func (s *DisassociateIpamByoasnInput) SetAsn(v string) *DisassociateIpamByoasnInput { + s.Asn = &v + return s +} + +// SetCidr sets the Cidr field's value. +func (s *DisassociateIpamByoasnInput) SetCidr(v string) *DisassociateIpamByoasnInput { + s.Cidr = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DisassociateIpamByoasnInput) SetDryRun(v bool) *DisassociateIpamByoasnInput { + s.DryRun = &v + return s +} + +type DisassociateIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // An ASN and BYOIP CIDR association. + AsnAssociation *AsnAssociation `locationName:"asnAssociation" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetAsnAssociation sets the AsnAssociation field's value. +func (s *DisassociateIpamByoasnOutput) SetAsnAssociation(v *AsnAssociation) *DisassociateIpamByoasnOutput { + s.AsnAssociation = v + return s +} + type DisassociateIpamResourceDiscoveryInput struct { _ struct{} `type:"structure"` @@ -110623,7 +115491,7 @@ type DisassociateNatGatewayAddressInput struct { // seconds. MaxDrainDurationSeconds *int64 `min:"1" type:"integer"` - // The NAT gateway ID. + // The ID of the NAT gateway. // // NatGatewayId is a required field NatGatewayId *string `type:"string" required:"true"` @@ -110696,7 +115564,7 @@ type DisassociateNatGatewayAddressOutput struct { // Information about the NAT gateway IP addresses. NatGatewayAddresses []*NatGatewayAddress `locationName:"natGatewayAddressSet" locationNameList:"item" type:"list"` - // The NAT gateway ID. + // The ID of the NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` } @@ -111513,7 +116381,11 @@ type DiskImageDescription struct { // // For information about the import manifest referenced by this API action, // see VM Import Manifest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). - ImportManifestUrl *string `locationName:"importManifestUrl" type:"string"` + // + // ImportManifestUrl is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DiskImageDescription's + // String and GoString methods. + ImportManifestUrl *string `locationName:"importManifestUrl" type:"string" sensitive:"true"` // The size of the disk image, in GiB. Size *int64 `locationName:"size" type:"long"` @@ -111584,8 +116456,12 @@ type DiskImageDetail struct { // For information about the import manifest referenced by this API action, // see VM Import Manifest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). // + // ImportManifestUrl is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DiskImageDetail's + // String and GoString methods. + // // ImportManifestUrl is a required field - ImportManifestUrl *string `locationName:"importManifestUrl" type:"string" required:"true"` + ImportManifestUrl *string `locationName:"importManifestUrl" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -111781,6 +116657,9 @@ type DnsOptions struct { // The DNS records created for the endpoint. DnsRecordIpType *string `locationName:"dnsRecordIpType" type:"string" enum:"DnsRecordIpType"` + + // Indicates whether to enable private DNS only for inbound endpoints. + PrivateDnsOnlyForInboundResolverEndpoint *bool `locationName:"privateDnsOnlyForInboundResolverEndpoint" type:"boolean"` } // String returns the string representation. @@ -111807,12 +116686,24 @@ func (s *DnsOptions) SetDnsRecordIpType(v string) *DnsOptions { return s } +// SetPrivateDnsOnlyForInboundResolverEndpoint sets the PrivateDnsOnlyForInboundResolverEndpoint field's value. +func (s *DnsOptions) SetPrivateDnsOnlyForInboundResolverEndpoint(v bool) *DnsOptions { + s.PrivateDnsOnlyForInboundResolverEndpoint = &v + return s +} + // Describes the DNS options for an endpoint. type DnsOptionsSpecification struct { _ struct{} `type:"structure"` // The DNS records created for the endpoint. DnsRecordIpType *string `type:"string" enum:"DnsRecordIpType"` + + // Indicates whether to enable private DNS only for inbound endpoints. This + // option is available only for services that support both gateway and interface + // endpoints. It routes traffic that originates from the VPC to the gateway + // endpoint and traffic that originates from on-premises to the interface endpoint. + PrivateDnsOnlyForInboundResolverEndpoint *bool `type:"boolean"` } // String returns the string representation. @@ -111839,6 +116730,12 @@ func (s *DnsOptionsSpecification) SetDnsRecordIpType(v string) *DnsOptionsSpecif return s } +// SetPrivateDnsOnlyForInboundResolverEndpoint sets the PrivateDnsOnlyForInboundResolverEndpoint field's value. +func (s *DnsOptionsSpecification) SetPrivateDnsOnlyForInboundResolverEndpoint(v bool) *DnsOptionsSpecification { + s.PrivateDnsOnlyForInboundResolverEndpoint = &v + return s +} + // Information about the DNS server to be used. type DnsServersOptionsModifyStructure struct { _ struct{} `type:"structure"` @@ -111940,19 +116837,18 @@ type EbsBlockDevice struct { // // The following are the supported values for each volume type: // - // * gp3: 3,000-16,000 IOPS + // * gp3: 3,000 - 16,000 IOPS // - // * io1: 100-64,000 IOPS + // * io1: 100 - 64,000 IOPS // - // * io2: 100-64,000 IOPS + // * io2: 100 - 256,000 IOPS // - // For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built - // on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families guarantee performance up to 32,000 IOPS. + // For io2 volumes, you can achieve up to 256,000 IOPS on instances built on + // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // On other instances, you can achieve performance up to 32,000 IOPS. // // This parameter is required for io1 and io2 volumes. The default for gp3 volumes - // is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard - // volumes. + // is 3,000 IOPS. Iops *int64 `locationName:"iops" type:"integer"` // Identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed @@ -111966,8 +116862,7 @@ type EbsBlockDevice struct { // The ARN of the Outpost on which the snapshot is stored. // - // This parameter is only supported on BlockDeviceMapping objects called by - // CreateImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html). + // This parameter is not supported when using CreateImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html). OutpostArn *string `locationName:"outpostArn" type:"string"` // The ID of the snapshot. @@ -111985,20 +116880,21 @@ type EbsBlockDevice struct { // You can specify a volume size that is equal to or larger than the snapshot // size. // - // The following are the supported volumes sizes for each volume type: + // The following are the supported sizes for each volume type: // - // * gp2 and gp3:1-16,384 + // * gp2 and gp3: 1 - 16,384 GiB // - // * io1 and io2: 4-16,384 + // * io1: 4 - 16,384 GiB // - // * st1 and sc1: 125-16,384 + // * io2: 4 - 65,536 GiB // - // * standard: 1-1,024 + // * st1 and sc1: 125 - 16,384 GiB + // + // * standard: 1 - 1024 GiB VolumeSize *int64 `locationName:"volumeSize" type:"integer"` // The volume type. For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) - // in the Amazon EC2 User Guide. If the volume type is io1 or io2, you must - // specify the IOPS that the volume supports. + // in the Amazon EC2 User Guide. VolumeType *string `locationName:"volumeType" type:"string" enum:"VolumeType"` } @@ -112319,6 +117215,176 @@ func (s *EbsOptimizedInfo) SetMaximumThroughputInMBps(v float64) *EbsOptimizedIn return s } +// The EC2 Instance Connect Endpoint. +type Ec2InstanceConnectEndpoint struct { + _ struct{} `type:"structure"` + + // The Availability Zone of the EC2 Instance Connect Endpoint. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The date and time that the EC2 Instance Connect Endpoint was created. + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"` + + // The DNS name of the EC2 Instance Connect Endpoint. + DnsName *string `locationName:"dnsName" type:"string"` + + FipsDnsName *string `locationName:"fipsDnsName" type:"string"` + + // The Amazon Resource Name (ARN) of the EC2 Instance Connect Endpoint. + InstanceConnectEndpointArn *string `locationName:"instanceConnectEndpointArn" min:"1" type:"string"` + + // The ID of the EC2 Instance Connect Endpoint. + InstanceConnectEndpointId *string `locationName:"instanceConnectEndpointId" type:"string"` + + // The ID of the elastic network interface that Amazon EC2 automatically created + // when creating the EC2 Instance Connect Endpoint. + NetworkInterfaceIds []*string `locationName:"networkInterfaceIdSet" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services account that created the EC2 Instance Connect + // Endpoint. + OwnerId *string `locationName:"ownerId" type:"string"` + + // Indicates whether your client's IP address is preserved as the source. The + // value is true or false. + // + // * If true, your client's IP address is used when you connect to a resource. + // + // * If false, the elastic network interface IP address is used when you + // connect to a resource. + // + // Default: true + PreserveClientIp *bool `locationName:"preserveClientIp" type:"boolean"` + + // The security groups associated with the endpoint. If you didn't specify a + // security group, the default security group for your VPC is associated with + // the endpoint. + SecurityGroupIds []*string `locationName:"securityGroupIdSet" locationNameList:"item" type:"list"` + + // The current state of the EC2 Instance Connect Endpoint. + State *string `locationName:"state" type:"string" enum:"Ec2InstanceConnectEndpointState"` + + // The message for the current state of the EC2 Instance Connect Endpoint. Can + // include a failure message. + StateMessage *string `locationName:"stateMessage" type:"string"` + + // The ID of the subnet in which the EC2 Instance Connect Endpoint was created. + SubnetId *string `locationName:"subnetId" type:"string"` + + // The tags assigned to the EC2 Instance Connect Endpoint. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the VPC in which the EC2 Instance Connect Endpoint was created. + VpcId *string `locationName:"vpcId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ec2InstanceConnectEndpoint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ec2InstanceConnectEndpoint) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *Ec2InstanceConnectEndpoint) SetAvailabilityZone(v string) *Ec2InstanceConnectEndpoint { + s.AvailabilityZone = &v + return s +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *Ec2InstanceConnectEndpoint) SetCreatedAt(v time.Time) *Ec2InstanceConnectEndpoint { + s.CreatedAt = &v + return s +} + +// SetDnsName sets the DnsName field's value. +func (s *Ec2InstanceConnectEndpoint) SetDnsName(v string) *Ec2InstanceConnectEndpoint { + s.DnsName = &v + return s +} + +// SetFipsDnsName sets the FipsDnsName field's value. +func (s *Ec2InstanceConnectEndpoint) SetFipsDnsName(v string) *Ec2InstanceConnectEndpoint { + s.FipsDnsName = &v + return s +} + +// SetInstanceConnectEndpointArn sets the InstanceConnectEndpointArn field's value. +func (s *Ec2InstanceConnectEndpoint) SetInstanceConnectEndpointArn(v string) *Ec2InstanceConnectEndpoint { + s.InstanceConnectEndpointArn = &v + return s +} + +// SetInstanceConnectEndpointId sets the InstanceConnectEndpointId field's value. +func (s *Ec2InstanceConnectEndpoint) SetInstanceConnectEndpointId(v string) *Ec2InstanceConnectEndpoint { + s.InstanceConnectEndpointId = &v + return s +} + +// SetNetworkInterfaceIds sets the NetworkInterfaceIds field's value. +func (s *Ec2InstanceConnectEndpoint) SetNetworkInterfaceIds(v []*string) *Ec2InstanceConnectEndpoint { + s.NetworkInterfaceIds = v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *Ec2InstanceConnectEndpoint) SetOwnerId(v string) *Ec2InstanceConnectEndpoint { + s.OwnerId = &v + return s +} + +// SetPreserveClientIp sets the PreserveClientIp field's value. +func (s *Ec2InstanceConnectEndpoint) SetPreserveClientIp(v bool) *Ec2InstanceConnectEndpoint { + s.PreserveClientIp = &v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *Ec2InstanceConnectEndpoint) SetSecurityGroupIds(v []*string) *Ec2InstanceConnectEndpoint { + s.SecurityGroupIds = v + return s +} + +// SetState sets the State field's value. +func (s *Ec2InstanceConnectEndpoint) SetState(v string) *Ec2InstanceConnectEndpoint { + s.State = &v + return s +} + +// SetStateMessage sets the StateMessage field's value. +func (s *Ec2InstanceConnectEndpoint) SetStateMessage(v string) *Ec2InstanceConnectEndpoint { + s.StateMessage = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *Ec2InstanceConnectEndpoint) SetSubnetId(v string) *Ec2InstanceConnectEndpoint { + s.SubnetId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *Ec2InstanceConnectEndpoint) SetTags(v []*Tag) *Ec2InstanceConnectEndpoint { + s.Tags = v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *Ec2InstanceConnectEndpoint) SetVpcId(v string) *Ec2InstanceConnectEndpoint { + s.VpcId = &v + return s +} + // Describes the Elastic Fabric Adapters for the instance type. type EfaInfo struct { _ struct{} `type:"structure"` @@ -112835,8 +117901,50 @@ func (s *EnaSrdSpecification) SetEnaSrdUdpSpecification(v *EnaSrdUdpSpecificatio return s } +// Launch instances with ENA Express settings configured from your launch template. +type EnaSrdSpecificationRequest struct { + _ struct{} `type:"structure"` + + // Specifies whether ENA Express is enabled for the network interface when you + // launch an instance from your launch template. + EnaSrdEnabled *bool `type:"boolean"` + + // Contains ENA Express settings for UDP network traffic in your launch template. + EnaSrdUdpSpecification *EnaSrdUdpSpecificationRequest `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdSpecificationRequest) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *EnaSrdSpecificationRequest) SetEnaSrdEnabled(v bool) *EnaSrdSpecificationRequest { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *EnaSrdSpecificationRequest) SetEnaSrdUdpSpecification(v *EnaSrdUdpSpecificationRequest) *EnaSrdSpecificationRequest { + s.EnaSrdUdpSpecification = v + return s +} + // ENA Express is compatible with both TCP and UDP transport protocols. When -// it’s enabled, TCP traffic automatically uses it. However, some UDP-based +// it's enabled, TCP traffic automatically uses it. However, some UDP-based // applications are designed to handle network packets that are out of order, // without a need for retransmission, such as live video broadcasting or other // near-real-time applications. For UDP traffic, you can specify whether to @@ -112844,8 +117952,8 @@ func (s *EnaSrdSpecification) SetEnaSrdUdpSpecification(v *EnaSrdUdpSpecificatio type EnaSrdUdpSpecification struct { _ struct{} `type:"structure"` - // Indicates whether UDP traffic uses ENA Express. To specify this setting, - // you must first enable ENA Express. + // Indicates whether UDP traffic to and from the instance uses ENA Express. + // To specify this setting, you must first enable ENA Express. EnaSrdUdpEnabled *bool `type:"boolean"` } @@ -112873,6 +117981,41 @@ func (s *EnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *EnaSrdUdpSpecifica return s } +// Configures ENA Express for UDP network traffic from your launch template. +type EnaSrdUdpSpecificationRequest struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic uses ENA Express for your instance. To ensure + // that UDP traffic can use ENA Express when you launch an instance, you must + // also set EnaSrdEnabled in the EnaSrdSpecificationRequest to true in your + // launch template. + EnaSrdUdpEnabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdUdpSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdUdpSpecificationRequest) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *EnaSrdUdpSpecificationRequest) SetEnaSrdUdpEnabled(v bool) *EnaSrdUdpSpecificationRequest { + s.EnaSrdUdpEnabled = &v + return s +} + type EnableAddressTransferInput struct { _ struct{} `type:"structure"` @@ -113153,7 +118296,7 @@ type EnableFastLaunchInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the image for which you’re enabling faster launching. + // Specify the ID of the image for which to enable Windows fast launch. // // ImageId is a required field ImageId *string `type:"string" required:"true"` @@ -113164,17 +118307,17 @@ type EnableFastLaunchInput struct { LaunchTemplate *FastLaunchLaunchTemplateSpecificationRequest `type:"structure"` // The maximum number of instances that Amazon EC2 can launch at the same time - // to create pre-provisioned snapshots for Windows faster launching. Value must - // be 6 or greater. + // to create pre-provisioned snapshots for Windows fast launch. Value must be + // 6 or greater. MaxParallelLaunches *int64 `type:"integer"` - // The type of resource to use for pre-provisioning the Windows AMI for faster - // launching. Supported values include: snapshot, which is the default value. + // The type of resource to use for pre-provisioning the AMI for Windows fast + // launch. Supported values include: snapshot, which is the default value. ResourceType *string `type:"string"` // Configuration settings for creating and managing the snapshots that are used - // for pre-provisioning the Windows AMI for faster launching. The associated - // ResourceType must be snapshot. + // for pre-provisioning the AMI for Windows fast launch. The associated ResourceType + // must be snapshot. SnapshotConfiguration *FastLaunchSnapshotConfigurationRequest `type:"structure"` } @@ -113253,8 +118396,7 @@ func (s *EnableFastLaunchInput) SetSnapshotConfiguration(v *FastLaunchSnapshotCo type EnableFastLaunchOutput struct { _ struct{} `type:"structure"` - // The image ID that identifies the Windows AMI for which faster launching was - // enabled. + // The image ID that identifies the AMI for which Windows fast launch was enabled. ImageId *string `locationName:"imageId" type:"string"` // The launch template that is used when launching Windows instances from pre-provisioned @@ -113262,14 +118404,14 @@ type EnableFastLaunchOutput struct { LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` // The maximum number of instances that Amazon EC2 can launch at the same time - // to create pre-provisioned snapshots for Windows faster launching. + // to create pre-provisioned snapshots for Windows fast launch. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` - // The owner ID for the Windows AMI for which faster launching was enabled. + // The owner ID for the AMI for which Windows fast launch was enabled. OwnerId *string `locationName:"ownerId" type:"string"` - // The type of resource that was defined for pre-provisioning the Windows AMI - // for faster launching. + // The type of resource that was defined for pre-provisioning the AMI for Windows + // fast launch. ResourceType *string `locationName:"resourceType" type:"string" enum:"FastLaunchResourceType"` // Settings to create and manage the pre-provisioned snapshots that Amazon EC2 @@ -113277,13 +118419,13 @@ type EnableFastLaunchOutput struct { // when the associated resourceType is snapshot. SnapshotConfiguration *FastLaunchSnapshotConfigurationResponse `locationName:"snapshotConfiguration" type:"structure"` - // The current state of faster launching for the specified Windows AMI. + // The current state of Windows fast launch for the specified AMI. State *string `locationName:"state" type:"string" enum:"FastLaunchStateCode"` - // The reason that the state changed for faster launching for the Windows AMI. + // The reason that the state changed for Windows fast launch for the AMI. StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` - // The time that the state changed for faster launching for the Windows AMI. + // The time that the state changed for Windows fast launch for the AMI. StateTransitionTime *time.Time `locationName:"stateTransitionTime" type:"timestamp"` } @@ -113730,6 +118872,98 @@ func (s *EnableFastSnapshotRestoresOutput) SetUnsuccessful(v []*EnableFastSnapsh return s } +type EnableImageBlockPublicAccessInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // Specify block-new-sharing to enable block public access for AMIs at the account + // level in the specified Region. This will block any attempt to publicly share + // your AMIs in the specified Region. + // + // ImageBlockPublicAccessState is a required field + ImageBlockPublicAccessState *string `type:"string" required:"true" enum:"ImageBlockPublicAccessEnabledState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageBlockPublicAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageBlockPublicAccessInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableImageBlockPublicAccessInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableImageBlockPublicAccessInput"} + if s.ImageBlockPublicAccessState == nil { + invalidParams.Add(request.NewErrParamRequired("ImageBlockPublicAccessState")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableImageBlockPublicAccessInput) SetDryRun(v bool) *EnableImageBlockPublicAccessInput { + s.DryRun = &v + return s +} + +// SetImageBlockPublicAccessState sets the ImageBlockPublicAccessState field's value. +func (s *EnableImageBlockPublicAccessInput) SetImageBlockPublicAccessState(v string) *EnableImageBlockPublicAccessInput { + s.ImageBlockPublicAccessState = &v + return s +} + +type EnableImageBlockPublicAccessOutput struct { + _ struct{} `type:"structure"` + + // Returns block-new-sharing if the request succeeds; otherwise, it returns + // an error. + ImageBlockPublicAccessState *string `locationName:"imageBlockPublicAccessState" type:"string" enum:"ImageBlockPublicAccessEnabledState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageBlockPublicAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageBlockPublicAccessOutput) GoString() string { + return s.String() +} + +// SetImageBlockPublicAccessState sets the ImageBlockPublicAccessState field's value. +func (s *EnableImageBlockPublicAccessOutput) SetImageBlockPublicAccessState(v string) *EnableImageBlockPublicAccessOutput { + s.ImageBlockPublicAccessState = &v + return s +} + type EnableImageDeprecationInput struct { _ struct{} `type:"structure"` @@ -113839,6 +119073,95 @@ func (s *EnableImageDeprecationOutput) SetReturn(v bool) *EnableImageDeprecation return s } +type EnableImageInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the AMI. + // + // ImageId is a required field + ImageId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableImageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableImageInput"} + if s.ImageId == nil { + invalidParams.Add(request.NewErrParamRequired("ImageId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableImageInput) SetDryRun(v bool) *EnableImageInput { + s.DryRun = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *EnableImageInput) SetImageId(v string) *EnableImageInput { + s.ImageId = &v + return s +} + +type EnableImageOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, it returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *EnableImageOutput) SetReturn(v bool) *EnableImageOutput { + s.Return = &v + return s +} + type EnableIpamOrganizationAdminAccountInput struct { _ struct{} `type:"structure"` @@ -114060,6 +119383,112 @@ func (s *EnableSerialConsoleAccessOutput) SetSerialConsoleAccessEnabled(v bool) return s } +type EnableSnapshotBlockPublicAccessInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The mode in which to enable block public access for snapshots for the Region. + // Specify one of the following values: + // + // * block-all-sharing - Prevents all public sharing of snapshots in the + // Region. Users in the account will no longer be able to request new public + // sharing. Additionally, snapshots that are already publicly shared are + // treated as private and they are no longer publicly available. If you enable + // block public access for snapshots in block-all-sharing mode, it does not + // change the permissions for snapshots that are already publicly shared. + // Instead, it prevents these snapshots from be publicly visible and publicly + // accessible. Therefore, the attributes for these snapshots still indicate + // that they are publicly shared, even though they are not publicly available. + // + // * block-new-sharing - Prevents only new public sharing of snapshots in + // the Region. Users in the account will no longer be able to request new + // public sharing. However, snapshots that are already publicly shared, remain + // publicly available. + // + // State is a required field + State *string `type:"string" required:"true" enum:"SnapshotBlockPublicAccessState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableSnapshotBlockPublicAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableSnapshotBlockPublicAccessInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableSnapshotBlockPublicAccessInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableSnapshotBlockPublicAccessInput"} + if s.State == nil { + invalidParams.Add(request.NewErrParamRequired("State")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableSnapshotBlockPublicAccessInput) SetDryRun(v bool) *EnableSnapshotBlockPublicAccessInput { + s.DryRun = &v + return s +} + +// SetState sets the State field's value. +func (s *EnableSnapshotBlockPublicAccessInput) SetState(v string) *EnableSnapshotBlockPublicAccessInput { + s.State = &v + return s +} + +type EnableSnapshotBlockPublicAccessOutput struct { + _ struct{} `type:"structure"` + + // The state of block public access for snapshots for the account and Region. + // Returns either block-all-sharing or block-new-sharing if the request succeeds. + State *string `locationName:"state" type:"string" enum:"SnapshotBlockPublicAccessState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableSnapshotBlockPublicAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableSnapshotBlockPublicAccessOutput) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *EnableSnapshotBlockPublicAccessOutput) SetState(v string) *EnableSnapshotBlockPublicAccessOutput { + s.State = &v + return s +} + type EnableTransitGatewayRouteTablePropagationInput struct { _ struct{} `type:"structure"` @@ -114756,6 +120185,12 @@ type Explanation struct { // The explanation code. ExplanationCode *string `locationName:"explanationCode" type:"string"` + // The Network Firewall stateful rule. + FirewallStatefulRule *FirewallStatefulRule `locationName:"firewallStatefulRule" type:"structure"` + + // The Network Firewall stateless rule. + FirewallStatelessRule *FirewallStatelessRule `locationName:"firewallStatelessRule" type:"structure"` + // The route table. IngressRouteTable *AnalysisComponent `locationName:"ingressRouteTable" type:"structure"` @@ -114979,6 +120414,18 @@ func (s *Explanation) SetExplanationCode(v string) *Explanation { return s } +// SetFirewallStatefulRule sets the FirewallStatefulRule field's value. +func (s *Explanation) SetFirewallStatefulRule(v *FirewallStatefulRule) *Explanation { + s.FirewallStatefulRule = v + return s +} + +// SetFirewallStatelessRule sets the FirewallStatelessRule field's value. +func (s *Explanation) SetFirewallStatelessRule(v *FirewallStatelessRule) *Explanation { + s.FirewallStatelessRule = v + return s +} + // SetIngressRouteTable sets the IngressRouteTable field's value. func (s *Explanation) SetIngressRouteTable(v *AnalysisComponent) *Explanation { s.IngressRouteTable = v @@ -116240,22 +121687,23 @@ func (s *FailedQueuedPurchaseDeletion) SetReservedInstancesId(v string) *FailedQ return s } -// Request to create a launch template for a fast-launch enabled Windows AMI. +// Request to create a launch template for a Windows fast launch enabled AMI. // // Note - You can specify either the LaunchTemplateName or the LaunchTemplateId, // but not both. type FastLaunchLaunchTemplateSpecificationRequest struct { _ struct{} `type:"structure"` - // The ID of the launch template to use for faster launching for a Windows AMI. + // Specify the ID of the launch template that the AMI should use for Windows + // fast launch. LaunchTemplateId *string `type:"string"` - // The name of the launch template to use for faster launching for a Windows - // AMI. + // Specify the name of the launch template that the AMI should use for Windows + // fast launch. LaunchTemplateName *string `type:"string"` - // The version of the launch template to use for faster launching for a Windows - // AMI. + // Specify the version of the launch template that the AMI should use for Windows + // fast launch. // // Version is a required field Version *string `type:"string" required:"true"` @@ -116310,21 +121758,17 @@ func (s *FastLaunchLaunchTemplateSpecificationRequest) SetVersion(v string) *Fas return s } -// Identifies the launch template to use for faster launching of the Windows -// AMI. +// Identifies the launch template that the AMI uses for Windows fast launch. type FastLaunchLaunchTemplateSpecificationResponse struct { _ struct{} `type:"structure"` - // The ID of the launch template for faster launching of the associated Windows - // AMI. + // The ID of the launch template that the AMI uses for Windows fast launch. LaunchTemplateId *string `locationName:"launchTemplateId" type:"string"` - // The name of the launch template for faster launching of the associated Windows - // AMI. + // The name of the launch template that the AMI uses for Windows fast launch. LaunchTemplateName *string `locationName:"launchTemplateName" type:"string"` - // The version of the launch template for faster launching of the associated - // Windows AMI. + // The version of the launch template that the AMI uses for Windows fast launch. Version *string `locationName:"version" type:"string"` } @@ -116365,12 +121809,12 @@ func (s *FastLaunchLaunchTemplateSpecificationResponse) SetVersion(v string) *Fa } // Configuration settings for creating and managing pre-provisioned snapshots -// for a fast-launch enabled Windows AMI. +// for a Windows fast launch enabled AMI. type FastLaunchSnapshotConfigurationRequest struct { _ struct{} `type:"structure"` - // The number of pre-provisioned snapshots to keep on hand for a fast-launch - // enabled Windows AMI. + // The number of pre-provisioned snapshots to keep on hand for a Windows fast + // launch enabled AMI. TargetResourceCount *int64 `type:"integer"` } @@ -116399,12 +121843,12 @@ func (s *FastLaunchSnapshotConfigurationRequest) SetTargetResourceCount(v int64) } // Configuration settings for creating and managing pre-provisioned snapshots -// for a fast-launch enabled Windows AMI. +// for a Windows fast launch enabled Windows AMI. type FastLaunchSnapshotConfigurationResponse struct { _ struct{} `type:"structure"` - // The number of pre-provisioned snapshots requested to keep on hand for a fast-launch - // enabled Windows AMI. + // The number of pre-provisioned snapshots requested to keep on hand for a Windows + // fast launch enabled AMI. TargetResourceCount *int64 `locationName:"targetResourceCount" type:"integer"` } @@ -116564,6 +122008,237 @@ func (s *Filter) SetValues(v []*string) *Filter { return s } +// Describes a port range. +type FilterPortRange struct { + _ struct{} `type:"structure"` + + // The first port in the range. + FromPort *int64 `locationName:"fromPort" type:"integer"` + + // The last port in the range. + ToPort *int64 `locationName:"toPort" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilterPortRange) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilterPortRange) GoString() string { + return s.String() +} + +// SetFromPort sets the FromPort field's value. +func (s *FilterPortRange) SetFromPort(v int64) *FilterPortRange { + s.FromPort = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *FilterPortRange) SetToPort(v int64) *FilterPortRange { + s.ToPort = &v + return s +} + +// Describes a stateful rule. +type FirewallStatefulRule struct { + _ struct{} `type:"structure"` + + // The destination ports. + DestinationPorts []*PortRange `locationName:"destinationPortSet" locationNameList:"item" type:"list"` + + // The destination IP addresses, in CIDR notation. + Destinations []*string `locationName:"destinationSet" locationNameList:"item" type:"list"` + + // The direction. The possible values are FORWARD and ANY. + Direction *string `locationName:"direction" type:"string"` + + // The protocol. + Protocol *string `locationName:"protocol" type:"string"` + + // The rule action. The possible values are pass, drop, and alert. + RuleAction *string `locationName:"ruleAction" type:"string"` + + // The ARN of the stateful rule group. + RuleGroupArn *string `locationName:"ruleGroupArn" min:"1" type:"string"` + + // The source ports. + SourcePorts []*PortRange `locationName:"sourcePortSet" locationNameList:"item" type:"list"` + + // The source IP addresses, in CIDR notation. + Sources []*string `locationName:"sourceSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallStatefulRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallStatefulRule) GoString() string { + return s.String() +} + +// SetDestinationPorts sets the DestinationPorts field's value. +func (s *FirewallStatefulRule) SetDestinationPorts(v []*PortRange) *FirewallStatefulRule { + s.DestinationPorts = v + return s +} + +// SetDestinations sets the Destinations field's value. +func (s *FirewallStatefulRule) SetDestinations(v []*string) *FirewallStatefulRule { + s.Destinations = v + return s +} + +// SetDirection sets the Direction field's value. +func (s *FirewallStatefulRule) SetDirection(v string) *FirewallStatefulRule { + s.Direction = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *FirewallStatefulRule) SetProtocol(v string) *FirewallStatefulRule { + s.Protocol = &v + return s +} + +// SetRuleAction sets the RuleAction field's value. +func (s *FirewallStatefulRule) SetRuleAction(v string) *FirewallStatefulRule { + s.RuleAction = &v + return s +} + +// SetRuleGroupArn sets the RuleGroupArn field's value. +func (s *FirewallStatefulRule) SetRuleGroupArn(v string) *FirewallStatefulRule { + s.RuleGroupArn = &v + return s +} + +// SetSourcePorts sets the SourcePorts field's value. +func (s *FirewallStatefulRule) SetSourcePorts(v []*PortRange) *FirewallStatefulRule { + s.SourcePorts = v + return s +} + +// SetSources sets the Sources field's value. +func (s *FirewallStatefulRule) SetSources(v []*string) *FirewallStatefulRule { + s.Sources = v + return s +} + +// Describes a stateless rule. +type FirewallStatelessRule struct { + _ struct{} `type:"structure"` + + // The destination ports. + DestinationPorts []*PortRange `locationName:"destinationPortSet" locationNameList:"item" type:"list"` + + // The destination IP addresses, in CIDR notation. + Destinations []*string `locationName:"destinationSet" locationNameList:"item" type:"list"` + + // The rule priority. + Priority *int64 `locationName:"priority" type:"integer"` + + // The protocols. + Protocols []*int64 `locationName:"protocolSet" locationNameList:"item" type:"list"` + + // The rule action. The possible values are pass, drop, and forward_to_site. + RuleAction *string `locationName:"ruleAction" type:"string"` + + // The ARN of the stateless rule group. + RuleGroupArn *string `locationName:"ruleGroupArn" min:"1" type:"string"` + + // The source ports. + SourcePorts []*PortRange `locationName:"sourcePortSet" locationNameList:"item" type:"list"` + + // The source IP addresses, in CIDR notation. + Sources []*string `locationName:"sourceSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallStatelessRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallStatelessRule) GoString() string { + return s.String() +} + +// SetDestinationPorts sets the DestinationPorts field's value. +func (s *FirewallStatelessRule) SetDestinationPorts(v []*PortRange) *FirewallStatelessRule { + s.DestinationPorts = v + return s +} + +// SetDestinations sets the Destinations field's value. +func (s *FirewallStatelessRule) SetDestinations(v []*string) *FirewallStatelessRule { + s.Destinations = v + return s +} + +// SetPriority sets the Priority field's value. +func (s *FirewallStatelessRule) SetPriority(v int64) *FirewallStatelessRule { + s.Priority = &v + return s +} + +// SetProtocols sets the Protocols field's value. +func (s *FirewallStatelessRule) SetProtocols(v []*int64) *FirewallStatelessRule { + s.Protocols = v + return s +} + +// SetRuleAction sets the RuleAction field's value. +func (s *FirewallStatelessRule) SetRuleAction(v string) *FirewallStatelessRule { + s.RuleAction = &v + return s +} + +// SetRuleGroupArn sets the RuleGroupArn field's value. +func (s *FirewallStatelessRule) SetRuleGroupArn(v string) *FirewallStatelessRule { + s.RuleGroupArn = &v + return s +} + +// SetSourcePorts sets the SourcePorts field's value. +func (s *FirewallStatelessRule) SetSourcePorts(v []*PortRange) *FirewallStatelessRule { + s.SourcePorts = v + return s +} + +// SetSources sets the Sources field's value. +func (s *FirewallStatelessRule) SetSources(v []*string) *FirewallStatelessRule { + s.Sources = v + return s +} + // Information about a Capacity Reservation in a Capacity Reservation Fleet. type FleetCapacityReservation struct { _ struct{} `type:"structure"` @@ -117060,8 +122735,9 @@ type FleetLaunchTemplateOverrides struct { // The Availability Zone in which to launch the instances. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` - // The ID of the AMI. An AMI is required to launch an instance. The AMI ID must - // be specified here or in the launch template. + // The ID of the AMI. An AMI is required to launch an instance. This parameter + // is only available for fleets of type instant. For fleets of type maintain + // and request, you must specify the AMI ID in the launch template. ImageId *string `locationName:"imageId" type:"string"` // The attributes for the instance types. When you specify instance attributes, @@ -117192,8 +122868,9 @@ type FleetLaunchTemplateOverridesRequest struct { // The Availability Zone in which to launch the instances. AvailabilityZone *string `type:"string"` - // The ID of the AMI. An AMI is required to launch an instance. The AMI ID must - // be specified here or in the launch template. + // The ID of the AMI. An AMI is required to launch an instance. This parameter + // is only available for fleets of type instant. For fleets of type maintain + // and request, you must specify the AMI ID in the launch template. ImageId *string `type:"string"` // The attributes for the instance types. When you specify instance attributes, @@ -118920,6 +124597,10 @@ type GetCoipPoolUsageOutput struct { // The ID of the local gateway route table. LocalGatewayRouteTableId *string `locationName:"localGatewayRouteTableId" type:"string"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation. @@ -118958,6 +124639,12 @@ func (s *GetCoipPoolUsageOutput) SetLocalGatewayRouteTableId(v string) *GetCoipP return s } +// SetNextToken sets the NextToken field's value. +func (s *GetCoipPoolUsageOutput) SetNextToken(v string) *GetCoipPoolUsageOutput { + s.NextToken = &v + return s +} + type GetConsoleOutputInput struct { _ struct{} `type:"structure"` @@ -119378,6 +125065,9 @@ type GetEbsEncryptionByDefaultOutput struct { // Indicates whether encryption by default is enabled. EbsEncryptionByDefault *bool `locationName:"ebsEncryptionByDefault" type:"boolean"` + + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` } // String returns the string representation. @@ -119404,6 +125094,12 @@ func (s *GetEbsEncryptionByDefaultOutput) SetEbsEncryptionByDefault(v bool) *Get return s } +// SetSseType sets the SseType field's value. +func (s *GetEbsEncryptionByDefaultOutput) SetSseType(v string) *GetEbsEncryptionByDefaultOutput { + s.SseType = &v + return s +} + type GetFlowLogsIntegrationTemplateInput struct { _ struct{} `type:"structure"` @@ -119530,7 +125226,9 @@ func (s *GetFlowLogsIntegrationTemplateOutput) SetResult(v string) *GetFlowLogsI type GetGroupsForCapacityReservationInput struct { _ struct{} `type:"structure"` - // The ID of the Capacity Reservation. + // The ID of the Capacity Reservation. If you specify a Capacity Reservation + // that is shared with you, the operation returns only Capacity Reservation + // groups that you own. // // CapacityReservationId is a required field CapacityReservationId *string `type:"string" required:"true"` @@ -119771,6 +125469,79 @@ func (s *GetHostReservationPurchasePreviewOutput) SetTotalUpfrontPrice(v string) return s } +type GetImageBlockPublicAccessStateInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetImageBlockPublicAccessStateInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetImageBlockPublicAccessStateInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *GetImageBlockPublicAccessStateInput) SetDryRun(v bool) *GetImageBlockPublicAccessStateInput { + s.DryRun = &v + return s +} + +type GetImageBlockPublicAccessStateOutput struct { + _ struct{} `type:"structure"` + + // The current state of block public access for AMIs at the account level in + // the specified Amazon Web Services Region. + // + // Possible values: + // + // * block-new-sharing - Any attempt to publicly share your AMIs in the specified + // Region is blocked. + // + // * unblocked - Your AMIs in the specified Region can be publicly shared. + ImageBlockPublicAccessState *string `locationName:"imageBlockPublicAccessState" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetImageBlockPublicAccessStateOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetImageBlockPublicAccessStateOutput) GoString() string { + return s.String() +} + +// SetImageBlockPublicAccessState sets the ImageBlockPublicAccessState field's value. +func (s *GetImageBlockPublicAccessStateOutput) SetImageBlockPublicAccessState(v string) *GetImageBlockPublicAccessStateOutput { + s.ImageBlockPublicAccessState = &v + return s +} + type GetInstanceTypesFromInstanceRequirementsInput struct { _ struct{} `type:"structure"` @@ -120334,6 +126105,159 @@ func (s *GetIpamDiscoveredAccountsOutput) SetNextToken(v string) *GetIpamDiscove return s } +type GetIpamDiscoveredPublicAddressesInput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Region for the IP address. + // + // AddressRegion is a required field + AddressRegion *string `type:"string" required:"true"` + + // A check for whether you have the required permissions for the action without + // actually making the request and provides an error response. If you have the + // required permissions, the error response is DryRunOperation. Otherwise, it + // is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // Filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // An IPAM resource discovery ID. + // + // IpamResourceDiscoveryId is a required field + IpamResourceDiscoveryId *string `type:"string" required:"true"` + + // The maximum number of IPAM discovered public addresses to return in one page + // of results. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpamDiscoveredPublicAddressesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpamDiscoveredPublicAddressesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetIpamDiscoveredPublicAddressesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetIpamDiscoveredPublicAddressesInput"} + if s.AddressRegion == nil { + invalidParams.Add(request.NewErrParamRequired("AddressRegion")) + } + if s.IpamResourceDiscoveryId == nil { + invalidParams.Add(request.NewErrParamRequired("IpamResourceDiscoveryId")) + } + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAddressRegion sets the AddressRegion field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetAddressRegion(v string) *GetIpamDiscoveredPublicAddressesInput { + s.AddressRegion = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetDryRun(v bool) *GetIpamDiscoveredPublicAddressesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetFilters(v []*Filter) *GetIpamDiscoveredPublicAddressesInput { + s.Filters = v + return s +} + +// SetIpamResourceDiscoveryId sets the IpamResourceDiscoveryId field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetIpamResourceDiscoveryId(v string) *GetIpamDiscoveredPublicAddressesInput { + s.IpamResourceDiscoveryId = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetMaxResults(v int64) *GetIpamDiscoveredPublicAddressesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetNextToken(v string) *GetIpamDiscoveredPublicAddressesInput { + s.NextToken = &v + return s +} + +type GetIpamDiscoveredPublicAddressesOutput struct { + _ struct{} `type:"structure"` + + // IPAM discovered public addresses. + IpamDiscoveredPublicAddresses []*IpamDiscoveredPublicAddress `locationName:"ipamDiscoveredPublicAddressSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The oldest successful resource discovery time. + OldestSampleTime *time.Time `locationName:"oldestSampleTime" type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpamDiscoveredPublicAddressesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpamDiscoveredPublicAddressesOutput) GoString() string { + return s.String() +} + +// SetIpamDiscoveredPublicAddresses sets the IpamDiscoveredPublicAddresses field's value. +func (s *GetIpamDiscoveredPublicAddressesOutput) SetIpamDiscoveredPublicAddresses(v []*IpamDiscoveredPublicAddress) *GetIpamDiscoveredPublicAddressesOutput { + s.IpamDiscoveredPublicAddresses = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetIpamDiscoveredPublicAddressesOutput) SetNextToken(v string) *GetIpamDiscoveredPublicAddressesOutput { + s.NextToken = &v + return s +} + +// SetOldestSampleTime sets the OldestSampleTime field's value. +func (s *GetIpamDiscoveredPublicAddressesOutput) SetOldestSampleTime(v time.Time) *GetIpamDiscoveredPublicAddressesOutput { + s.OldestSampleTime = &v + return s +} + type GetIpamDiscoveredResourceCidrsInput struct { _ struct{} `type:"structure"` @@ -121558,7 +127482,11 @@ type GetPasswordDataOutput struct { // The password of the instance. Returns an empty string if the password is // not available. - PasswordData *string `locationName:"passwordData" type:"string"` + // + // PasswordData is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetPasswordDataOutput's + // String and GoString methods. + PasswordData *string `locationName:"passwordData" type:"string" sensitive:"true"` // The time the data was last updated. Timestamp *time.Time `locationName:"timestamp" type:"timestamp"` @@ -121783,6 +127711,149 @@ func (s *GetReservedInstancesExchangeQuoteOutput) SetValidationFailureReason(v s return s } +type GetSecurityGroupsForVpcInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. If using multiple filters, the results include security groups + // which match all filters. + // + // * group-id: The security group ID. + // + // * description: The security group's description. + // + // * group-name: The security group name. + // + // * owner-id: The security group owner ID. + // + // * primary-vpc-id: The VPC ID in which the security group was created. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + MaxResults *int64 `min:"5" type:"integer"` + + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. + NextToken *string `type:"string"` + + // The VPC ID where the security group can be used. + // + // VpcId is a required field + VpcId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecurityGroupsForVpcInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecurityGroupsForVpcInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetSecurityGroupsForVpcInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetSecurityGroupsForVpcInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + if s.VpcId == nil { + invalidParams.Add(request.NewErrParamRequired("VpcId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetSecurityGroupsForVpcInput) SetDryRun(v bool) *GetSecurityGroupsForVpcInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *GetSecurityGroupsForVpcInput) SetFilters(v []*Filter) *GetSecurityGroupsForVpcInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetSecurityGroupsForVpcInput) SetMaxResults(v int64) *GetSecurityGroupsForVpcInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetSecurityGroupsForVpcInput) SetNextToken(v string) *GetSecurityGroupsForVpcInput { + s.NextToken = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *GetSecurityGroupsForVpcInput) SetVpcId(v string) *GetSecurityGroupsForVpcInput { + s.VpcId = &v + return s +} + +type GetSecurityGroupsForVpcOutput struct { + _ struct{} `type:"structure"` + + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The security group that can be used by interfaces in the VPC. + SecurityGroupForVpcs []*SecurityGroupForVpc `locationName:"securityGroupForVpcSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecurityGroupsForVpcOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecurityGroupsForVpcOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *GetSecurityGroupsForVpcOutput) SetNextToken(v string) *GetSecurityGroupsForVpcOutput { + s.NextToken = &v + return s +} + +// SetSecurityGroupForVpcs sets the SecurityGroupForVpcs field's value. +func (s *GetSecurityGroupsForVpcOutput) SetSecurityGroupForVpcs(v []*SecurityGroupForVpc) *GetSecurityGroupsForVpcOutput { + s.SecurityGroupForVpcs = v + return s +} + type GetSerialConsoleAccessStatusInput struct { _ struct{} `type:"structure"` @@ -121850,6 +127921,83 @@ func (s *GetSerialConsoleAccessStatusOutput) SetSerialConsoleAccessEnabled(v boo return s } +type GetSnapshotBlockPublicAccessStateInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSnapshotBlockPublicAccessStateInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSnapshotBlockPublicAccessStateInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *GetSnapshotBlockPublicAccessStateInput) SetDryRun(v bool) *GetSnapshotBlockPublicAccessStateInput { + s.DryRun = &v + return s +} + +type GetSnapshotBlockPublicAccessStateOutput struct { + _ struct{} `type:"structure"` + + // The current state of block public access for snapshots. Possible values include: + // + // * block-all-sharing - All public sharing of snapshots is blocked. Users + // in the account can't request new public sharing. Additionally, snapshots + // that were already publicly shared are treated as private and are not publicly + // available. + // + // * block-new-sharing - Only new public sharing of snapshots is blocked. + // Users in the account can't request new public sharing. However, snapshots + // that were already publicly shared, remain publicly available. + // + // * unblocked - Public sharing is not blocked. Users can publicly share + // snapshots. + State *string `locationName:"state" type:"string" enum:"SnapshotBlockPublicAccessState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSnapshotBlockPublicAccessStateOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSnapshotBlockPublicAccessStateOutput) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *GetSnapshotBlockPublicAccessStateOutput) SetState(v string) *GetSnapshotBlockPublicAccessStateOutput { + s.State = &v + return s +} + type GetSpotPlacementScoresInput struct { _ struct{} `type:"structure"` @@ -123164,7 +129312,7 @@ type GetVerifiedAccessEndpointPolicyInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. // // VerifiedAccessEndpointId is a required field VerifiedAccessEndpointId *string `type:"string" required:"true"` @@ -123216,7 +129364,7 @@ func (s *GetVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v str type GetVerifiedAccessEndpointPolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `locationName:"policyDocument" type:"string"` // The status of the Verified Access policy. @@ -123262,7 +129410,7 @@ type GetVerifiedAccessGroupPolicyInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. // // VerifiedAccessGroupId is a required field VerifiedAccessGroupId *string `type:"string" required:"true"` @@ -123314,7 +129462,7 @@ func (s *GetVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string) * type GetVerifiedAccessGroupPolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `locationName:"policyDocument" type:"string"` // The status of the Verified Access policy. @@ -123588,6 +129736,154 @@ func (s *GetVpnConnectionDeviceTypesOutput) SetVpnConnectionDeviceTypes(v []*Vpn return s } +type GetVpnTunnelReplacementStatusInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Site-to-Site VPN connection. + // + // VpnConnectionId is a required field + VpnConnectionId *string `type:"string" required:"true"` + + // The external IP address of the VPN tunnel. + // + // VpnTunnelOutsideIpAddress is a required field + VpnTunnelOutsideIpAddress *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVpnTunnelReplacementStatusInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVpnTunnelReplacementStatusInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetVpnTunnelReplacementStatusInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetVpnTunnelReplacementStatusInput"} + if s.VpnConnectionId == nil { + invalidParams.Add(request.NewErrParamRequired("VpnConnectionId")) + } + if s.VpnTunnelOutsideIpAddress == nil { + invalidParams.Add(request.NewErrParamRequired("VpnTunnelOutsideIpAddress")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetVpnTunnelReplacementStatusInput) SetDryRun(v bool) *GetVpnTunnelReplacementStatusInput { + s.DryRun = &v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *GetVpnTunnelReplacementStatusInput) SetVpnConnectionId(v string) *GetVpnTunnelReplacementStatusInput { + s.VpnConnectionId = &v + return s +} + +// SetVpnTunnelOutsideIpAddress sets the VpnTunnelOutsideIpAddress field's value. +func (s *GetVpnTunnelReplacementStatusInput) SetVpnTunnelOutsideIpAddress(v string) *GetVpnTunnelReplacementStatusInput { + s.VpnTunnelOutsideIpAddress = &v + return s +} + +type GetVpnTunnelReplacementStatusOutput struct { + _ struct{} `type:"structure"` + + // The ID of the customer gateway. + CustomerGatewayId *string `locationName:"customerGatewayId" type:"string"` + + // Get details of pending tunnel endpoint maintenance. + MaintenanceDetails *MaintenanceDetails `locationName:"maintenanceDetails" type:"structure"` + + // The ID of the transit gateway associated with the VPN connection. + TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` + + // The ID of the Site-to-Site VPN connection. + VpnConnectionId *string `locationName:"vpnConnectionId" type:"string"` + + // The ID of the virtual private gateway. + VpnGatewayId *string `locationName:"vpnGatewayId" type:"string"` + + // The external IP address of the VPN tunnel. + VpnTunnelOutsideIpAddress *string `locationName:"vpnTunnelOutsideIpAddress" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVpnTunnelReplacementStatusOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVpnTunnelReplacementStatusOutput) GoString() string { + return s.String() +} + +// SetCustomerGatewayId sets the CustomerGatewayId field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetCustomerGatewayId(v string) *GetVpnTunnelReplacementStatusOutput { + s.CustomerGatewayId = &v + return s +} + +// SetMaintenanceDetails sets the MaintenanceDetails field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetMaintenanceDetails(v *MaintenanceDetails) *GetVpnTunnelReplacementStatusOutput { + s.MaintenanceDetails = v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetTransitGatewayId(v string) *GetVpnTunnelReplacementStatusOutput { + s.TransitGatewayId = &v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetVpnConnectionId(v string) *GetVpnTunnelReplacementStatusOutput { + s.VpnConnectionId = &v + return s +} + +// SetVpnGatewayId sets the VpnGatewayId field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetVpnGatewayId(v string) *GetVpnTunnelReplacementStatusOutput { + s.VpnGatewayId = &v + return s +} + +// SetVpnTunnelOutsideIpAddress sets the VpnTunnelOutsideIpAddress field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetVpnTunnelOutsideIpAddress(v string) *GetVpnTunnelReplacementStatusOutput { + s.VpnTunnelOutsideIpAddress = &v + return s +} + // Describes the GPU accelerators for the instance type. type GpuDeviceInfo struct { _ struct{} `type:"structure"` @@ -123763,14 +130059,14 @@ func (s *GroupIdentifier) SetGroupName(v string) *GroupIdentifier { } // Indicates whether your instance is configured for hibernation. This parameter -// is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). +// is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon EC2 User Guide. type HibernationOptions struct { _ struct{} `type:"structure"` - // If this parameter is set to true, your instance is enabled for hibernation; - // otherwise, it is not enabled for hibernation. + // If true, your instance is enabled for hibernation; otherwise, it is not enabled + // for hibernation. Configured *bool `locationName:"configured" type:"boolean"` } @@ -123799,13 +130095,22 @@ func (s *HibernationOptions) SetConfigured(v bool) *HibernationOptions { } // Indicates whether your instance is configured for hibernation. This parameter -// is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). +// is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon EC2 User Guide. type HibernationOptionsRequest struct { _ struct{} `type:"structure"` - // If you set this parameter to true, your instance is enabled for hibernation. + // Set to true to enable your instance for hibernation. + // + // For Spot Instances, if you set Configured to true, either omit the InstanceInterruptionBehavior + // parameter (for SpotMarketOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotMarketOptions.html)), + // or set it to hibernate. When Configured is true: + // + // * If you omit InstanceInterruptionBehavior, it defaults to hibernate. + // + // * If you set InstanceInterruptionBehavior to a value other than hibernate, + // you'll get an error. // // Default: false Configured *bool `type:"boolean"` @@ -123957,6 +130262,9 @@ type Host struct { // Dedicated Host supports a single instance type only. AllowsMultipleInstanceTypes *string `locationName:"allowsMultipleInstanceTypes" type:"string" enum:"AllowsMultipleInstanceTypes"` + // The ID of the Outpost hardware asset on which the Dedicated Host is allocated. + AssetId *string `locationName:"assetId" type:"string"` + // Whether auto-placement is on or off. AutoPlacement *string `locationName:"autoPlacement" type:"string" enum:"AutoPlacement"` @@ -124045,6 +130353,12 @@ func (s *Host) SetAllowsMultipleInstanceTypes(v string) *Host { return s } +// SetAssetId sets the AssetId field's value. +func (s *Host) SetAssetId(v string) *Host { + s.AssetId = &v + return s +} + // SetAutoPlacement sets the AutoPlacement field's value. func (s *Host) SetAutoPlacement(v string) *Host { s.AutoPlacement = &v @@ -124841,7 +131155,7 @@ type Image struct { // Specifies whether enhanced networking with ENA is enabled. EnaSupport *bool `locationName:"enaSupport" type:"boolean"` - // The hypervisor type of the image. + // The hypervisor type of the image. Only xen is supported. ovm is not supported. Hypervisor *string `locationName:"hypervisor" type:"string" enum:"HypervisorType"` // The ID of the AMI. @@ -124902,6 +131216,11 @@ type Image struct { // or an instance store volume. RootDeviceType *string `locationName:"rootDeviceType" type:"string" enum:"DeviceType"` + // The ID of the instance that the AMI was created from if the AMI was created + // using CreateImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html). + // This field only appears if the AMI was created using CreateImage. + SourceInstanceId *string `locationName:"sourceInstanceId" type:"string"` + // Specifies whether enhanced networking with the Intel 82599 Virtual Function // interface is enabled. SriovNetSupport *string `locationName:"sriovNetSupport" type:"string"` @@ -125091,6 +131410,12 @@ func (s *Image) SetRootDeviceType(v string) *Image { return s } +// SetSourceInstanceId sets the SourceInstanceId field's value. +func (s *Image) SetSourceInstanceId(v string) *Image { + s.SourceInstanceId = &v + return s +} + // SetSriovNetSupport sets the SriovNetSupport field's value. func (s *Image) SetSriovNetSupport(v string) *Image { s.SriovNetSupport = &v @@ -125153,7 +131478,11 @@ type ImageDiskContainer struct { // The URL to the Amazon S3-based disk image being imported. The URL can either // be a https URL (https://..) or an Amazon S3 URL (s3://..) - Url *string `type:"string"` + // + // Url is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ImageDiskContainer's + // String and GoString methods. + Url *string `type:"string" sensitive:"true"` // The S3 bucket for the disk image. UserBucket *UserBucket `type:"structure"` @@ -125397,6 +131726,10 @@ type ImportImageInput struct { Architecture *string `type:"string"` // The boot mode of the virtual machine. + // + // The uefi-preferred boot mode isn't supported for importing images. For more + // information, see Boot modes (https://docs.aws.amazon.com/vm-import/latest/userguide/prerequisites.html#vmimport-boot-modes) + // in the VM Import/Export User Guide. BootMode *string `type:"string" enum:"BootModeValues"` // The client-specific data. @@ -125437,9 +131770,7 @@ type ImportImageInput struct { // // * Key ID // - // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed - // by the Region of the key, the Amazon Web Services account ID of the key - // owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Key alias // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed // by the Region of the key, the Amazon Web Services account ID of the key @@ -125477,7 +131808,9 @@ type ImportImageInput struct { // in the VM Import/Export User Guide. LicenseType *string `type:"string"` - // The operating system of the virtual machine. + // The operating system of the virtual machine. If you import a VM that is compatible + // with Unified Extensible Firmware Interface (UEFI) using an EBS snapshot, + // you must specify a value for the platform. // // Valid values: Windows | Linux Platform *string `type:"string"` @@ -126600,9 +132933,7 @@ type ImportSnapshotInput struct { // // * Key ID // - // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed - // by the Region of the key, the Amazon Web Services account ID of the key - // owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Key alias // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed // by the Region of the key, the Amazon Web Services account ID of the key @@ -127029,6 +133360,10 @@ type InferenceAcceleratorInfo struct { // Describes the Inference accelerators for the instance type. Accelerators []*InferenceDeviceInfo `locationName:"accelerators" type:"list"` + + // The total size of the memory for the inference accelerators for the instance + // type, in MiB. + TotalInferenceMemoryInMiB *int64 `locationName:"totalInferenceMemoryInMiB" type:"integer"` } // String returns the string representation. @@ -127055,6 +133390,12 @@ func (s *InferenceAcceleratorInfo) SetAccelerators(v []*InferenceDeviceInfo) *In return s } +// SetTotalInferenceMemoryInMiB sets the TotalInferenceMemoryInMiB field's value. +func (s *InferenceAcceleratorInfo) SetTotalInferenceMemoryInMiB(v int64) *InferenceAcceleratorInfo { + s.TotalInferenceMemoryInMiB = &v + return s +} + // Describes the Inference accelerators for the instance type. type InferenceDeviceInfo struct { _ struct{} `type:"structure"` @@ -127065,6 +133406,9 @@ type InferenceDeviceInfo struct { // The manufacturer of the Inference accelerator. Manufacturer *string `locationName:"manufacturer" type:"string"` + // Describes the memory available to the inference accelerator. + MemoryInfo *InferenceDeviceMemoryInfo `locationName:"memoryInfo" type:"structure"` + // The name of the Inference accelerator. Name *string `locationName:"name" type:"string"` } @@ -127099,12 +133443,50 @@ func (s *InferenceDeviceInfo) SetManufacturer(v string) *InferenceDeviceInfo { return s } +// SetMemoryInfo sets the MemoryInfo field's value. +func (s *InferenceDeviceInfo) SetMemoryInfo(v *InferenceDeviceMemoryInfo) *InferenceDeviceInfo { + s.MemoryInfo = v + return s +} + // SetName sets the Name field's value. func (s *InferenceDeviceInfo) SetName(v string) *InferenceDeviceInfo { s.Name = &v return s } +// Describes the memory available to the inference accelerator. +type InferenceDeviceMemoryInfo struct { + _ struct{} `type:"structure"` + + // The size of the memory available to the inference accelerator, in MiB. + SizeInMiB *int64 `locationName:"sizeInMiB" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InferenceDeviceMemoryInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InferenceDeviceMemoryInfo) GoString() string { + return s.String() +} + +// SetSizeInMiB sets the SizeInMiB field's value. +func (s *InferenceDeviceMemoryInfo) SetSizeInMiB(v int64) *InferenceDeviceMemoryInfo { + s.SizeInMiB = &v + return s +} + // Describes an instance. type Instance struct { _ struct{} `type:"structure"` @@ -127213,7 +133595,7 @@ type Instance struct { // The monitoring for the instance. Monitoring *Monitoring `locationName:"monitoring" type:"structure"` - // [EC2-VPC] The network interfaces for the instance. + // The network interfaces for the instance. NetworkInterfaces []*InstanceNetworkInterface `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` // The Amazon Resource Name (ARN) of the Outpost. @@ -127222,7 +133604,8 @@ type Instance struct { // The location where the instance launched, if applicable. Placement *Placement `locationName:"placement" type:"structure"` - // The value is Windows for Windows instances; otherwise blank. + // The platform. This value is windows for Windows instances; otherwise, it + // is empty. Platform *string `locationName:"platform" type:"string" enum:"PlatformValues"` // The platform details value for the instance. For more information, see AMI @@ -127230,14 +133613,14 @@ type Instance struct { // in the Amazon EC2 User Guide. PlatformDetails *string `locationName:"platformDetails" type:"string"` - // (IPv4 only) The private DNS hostname name assigned to the instance. This + // [IPv4 only] The private DNS hostname name assigned to the instance. This // DNS hostname can only be used inside the Amazon EC2 network. This name is // not available until the instance enters the running state. // - // [EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private - // DNS hostnames if you've enabled DNS resolution and DNS hostnames in your - // VPC. If you are not using the Amazon-provided DNS server in your VPC, your - // custom domain name servers must resolve the hostname as appropriate. + // The Amazon-provided DNS server resolves Amazon-provided private DNS hostnames + // if you've enabled DNS resolution and DNS hostnames in your VPC. If you are + // not using the Amazon-provided DNS server in your VPC, your custom domain + // name servers must resolve the hostname as appropriate. PrivateDnsName *string `locationName:"privateDnsName" type:"string"` // The options for the instance hostname. @@ -127249,9 +133632,9 @@ type Instance struct { // The product codes attached to this instance, if applicable. ProductCodes []*ProductCode `locationName:"productCodes" locationNameList:"item" type:"list"` - // (IPv4 only) The public DNS name assigned to the instance. This name is not - // available until the instance enters the running state. For EC2-VPC, this - // name is only available if you've enabled DNS hostnames for your VPC. + // [IPv4 only] The public DNS name assigned to the instance. This name is not + // available until the instance enters the running state. This name is only + // available if you've enabled DNS hostnames for your VPC. PublicDnsName *string `locationName:"dnsName" type:"string"` // The public IPv4 address, or the Carrier IP address assigned to the instance, @@ -127293,7 +133676,7 @@ type Instance struct { // The reason for the most recent state transition. This might be an empty string. StateTransitionReason *string `locationName:"reason" type:"string"` - // [EC2-VPC] The ID of the subnet in which the instance is running. + // The ID of the subnet in which the instance is running. SubnetId *string `locationName:"subnetId" type:"string"` // Any tags assigned to the instance. @@ -127315,7 +133698,7 @@ type Instance struct { // The virtualization type of the instance. VirtualizationType *string `locationName:"virtualizationType" type:"string" enum:"VirtualizationType"` - // [EC2-VPC] The ID of the VPC in which the instance is running. + // The ID of the VPC in which the instance is running. VpcId *string `locationName:"vpcId" type:"string"` } @@ -127679,6 +134062,96 @@ func (s *Instance) SetVpcId(v string) *Instance { return s } +// ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology +// to increase the maximum bandwidth used per stream and minimize tail latency +// of network traffic between EC2 instances. With ENA Express, you can communicate +// between two EC2 instances in the same subnet within the same account, or +// in different accounts. Both sending and receiving instances must have ENA +// Express enabled. +// +// To improve the reliability of network packet delivery, ENA Express reorders +// network packets on the receiving end by default. However, some UDP-based +// applications are designed to handle network packets that are out of order +// to reduce the overhead for packet delivery at the network layer. When ENA +// Express is enabled, you can specify whether UDP network traffic uses it. +type InstanceAttachmentEnaSrdSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether ENA Express is enabled for the network interface. + EnaSrdEnabled *bool `locationName:"enaSrdEnabled" type:"boolean"` + + // Configures ENA Express for UDP network traffic. + EnaSrdUdpSpecification *InstanceAttachmentEnaSrdUdpSpecification `locationName:"enaSrdUdpSpecification" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceAttachmentEnaSrdSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceAttachmentEnaSrdSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *InstanceAttachmentEnaSrdSpecification) SetEnaSrdEnabled(v bool) *InstanceAttachmentEnaSrdSpecification { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *InstanceAttachmentEnaSrdSpecification) SetEnaSrdUdpSpecification(v *InstanceAttachmentEnaSrdUdpSpecification) *InstanceAttachmentEnaSrdSpecification { + s.EnaSrdUdpSpecification = v + return s +} + +// ENA Express is compatible with both TCP and UDP transport protocols. When +// it's enabled, TCP traffic automatically uses it. However, some UDP-based +// applications are designed to handle network packets that are out of order, +// without a need for retransmission, such as live video broadcasting or other +// near-real-time applications. For UDP traffic, you can specify whether to +// use ENA Express, based on your application environment needs. +type InstanceAttachmentEnaSrdUdpSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic to and from the instance uses ENA Express. + // To specify this setting, you must first enable ENA Express. + EnaSrdUdpEnabled *bool `locationName:"enaSrdUdpEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceAttachmentEnaSrdUdpSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceAttachmentEnaSrdUdpSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *InstanceAttachmentEnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *InstanceAttachmentEnaSrdUdpSpecification { + s.EnaSrdUdpEnabled = &v + return s +} + // Describes a block device mapping. type InstanceBlockDeviceMapping struct { _ struct{} `type:"structure"` @@ -128502,6 +134975,13 @@ type InstanceIpv6Address struct { // The IPv6 address. Ipv6Address *string `locationName:"ipv6Address" type:"string"` + + // Determines if an IPv6 address associated with a network interface is the + // primary IPv6 address. When you enable an IPv6 GUA address to be a primary + // IPv6, the first IPv6 GUA will be made the primary IPv6 address until the + // instance is terminated or the network interface is detached. For more information, + // see RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). + IsPrimaryIpv6 *bool `locationName:"isPrimaryIpv6" type:"boolean"` } // String returns the string representation. @@ -128528,6 +135008,12 @@ func (s *InstanceIpv6Address) SetIpv6Address(v string) *InstanceIpv6Address { return s } +// SetIsPrimaryIpv6 sets the IsPrimaryIpv6 field's value. +func (s *InstanceIpv6Address) SetIsPrimaryIpv6(v bool) *InstanceIpv6Address { + s.IsPrimaryIpv6 = &v + return s +} + // Describes an IPv6 address. type InstanceIpv6AddressRequest struct { _ struct{} `type:"structure"` @@ -128955,6 +135441,12 @@ type InstanceNetworkInterface struct { // The network interface attachment. Attachment *InstanceNetworkInterfaceAttachment `locationName:"attachment" type:"structure"` + // A security group connection tracking configuration that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingConfiguration *ConnectionTrackingSpecificationResponse `locationName:"connectionTrackingConfiguration" type:"structure"` + // The description. Description *string `locationName:"description" type:"string"` @@ -129036,6 +135528,12 @@ func (s *InstanceNetworkInterface) SetAttachment(v *InstanceNetworkInterfaceAtta return s } +// SetConnectionTrackingConfiguration sets the ConnectionTrackingConfiguration field's value. +func (s *InstanceNetworkInterface) SetConnectionTrackingConfiguration(v *ConnectionTrackingSpecificationResponse) *InstanceNetworkInterface { + s.ConnectionTrackingConfiguration = v + return s +} + // SetDescription sets the Description field's value. func (s *InstanceNetworkInterface) SetDescription(v string) *InstanceNetworkInterface { s.Description = &v @@ -129216,6 +135714,10 @@ type InstanceNetworkInterfaceAttachment struct { // The index of the device on the instance for the network interface attachment. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` + // Contains the ENA Express settings for the network interface that's attached + // to the instance. + EnaSrdSpecification *InstanceAttachmentEnaSrdSpecification `locationName:"enaSrdSpecification" type:"structure"` + // The index of the network card. NetworkCardIndex *int64 `locationName:"networkCardIndex" type:"integer"` @@ -129265,6 +135767,12 @@ func (s *InstanceNetworkInterfaceAttachment) SetDeviceIndex(v int64) *InstanceNe return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *InstanceNetworkInterfaceAttachment) SetEnaSrdSpecification(v *InstanceAttachmentEnaSrdSpecification) *InstanceNetworkInterfaceAttachment { + s.EnaSrdSpecification = v + return s +} + // SetNetworkCardIndex sets the NetworkCardIndex field's value. func (s *InstanceNetworkInterfaceAttachment) SetNetworkCardIndex(v int64) *InstanceNetworkInterfaceAttachment { s.NetworkCardIndex = &v @@ -129294,8 +135802,19 @@ type InstanceNetworkInterfaceSpecification struct { // for eth0, and can only be assigned to a new network interface, not an existing // one. You cannot specify more than one network interface in the request. If // launching into a default subnet, the default value is true. + // + // Starting on February 1, 2024, Amazon Web Services will charge for all public + // IPv4 addresses, including public IPv4 addresses associated with running instances + // and Elastic IP addresses. For more information, see the Public IPv4 Address + // tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/). AssociatePublicIpAddress *bool `locationName:"associatePublicIpAddress" type:"boolean"` + // A security group connection tracking specification that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingSpecification *ConnectionTrackingSpecificationRequest `type:"structure"` + // If set to true, the interface is deleted when the instance is terminated. // You can specify true only if creating a new network interface when launching // an instance. @@ -129312,6 +135831,10 @@ type InstanceNetworkInterfaceSpecification struct { // the device index. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` + // Specifies the ENA Express settings for the network interface that's attached + // to the instance. + EnaSrdSpecification *EnaSrdSpecificationRequest `type:"structure"` + // The IDs of the security groups for the network interface. Applies only if // creating a network interface when launching an instance. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` @@ -129366,6 +135889,13 @@ type InstanceNetworkInterfaceSpecification struct { // specify a network interface ID in a launch specification. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + // The primary IPv6 address of the network interface. When you enable an IPv6 + // GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary + // IPv6 address until the instance is terminated or the network interface is + // detached. For more information about primary IPv6 addresses, see RunInstances + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). + PrimaryIpv6 *bool `type:"boolean"` + // The private IPv4 address of the network interface. Applies only if creating // a network interface when launching an instance. You cannot specify this option // if you're launching more than one instance in a RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) @@ -129420,6 +135950,12 @@ func (s *InstanceNetworkInterfaceSpecification) SetAssociatePublicIpAddress(v bo return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *InstanceNetworkInterfaceSpecification) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecificationRequest) *InstanceNetworkInterfaceSpecification { + s.ConnectionTrackingSpecification = v + return s +} + // SetDeleteOnTermination sets the DeleteOnTermination field's value. func (s *InstanceNetworkInterfaceSpecification) SetDeleteOnTermination(v bool) *InstanceNetworkInterfaceSpecification { s.DeleteOnTermination = &v @@ -129438,6 +135974,12 @@ func (s *InstanceNetworkInterfaceSpecification) SetDeviceIndex(v int64) *Instanc return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *InstanceNetworkInterfaceSpecification) SetEnaSrdSpecification(v *EnaSrdSpecificationRequest) *InstanceNetworkInterfaceSpecification { + s.EnaSrdSpecification = v + return s +} + // SetGroups sets the Groups field's value. func (s *InstanceNetworkInterfaceSpecification) SetGroups(v []*string) *InstanceNetworkInterfaceSpecification { s.Groups = v @@ -129498,6 +136040,12 @@ func (s *InstanceNetworkInterfaceSpecification) SetNetworkInterfaceId(v string) return s } +// SetPrimaryIpv6 sets the PrimaryIpv6 field's value. +func (s *InstanceNetworkInterfaceSpecification) SetPrimaryIpv6(v bool) *InstanceNetworkInterfaceSpecification { + s.PrimaryIpv6 = &v + return s +} + // SetPrivateIpAddress sets the PrivateIpAddress field's value. func (s *InstanceNetworkInterfaceSpecification) SetPrivateIpAddress(v string) *InstanceNetworkInterfaceSpecification { s.PrivateIpAddress = &v @@ -129585,6 +136133,9 @@ func (s *InstancePrivateIpAddress) SetPrivateIpAddress(v string) *InstancePrivat // The attributes for the instance types. When you specify instance attributes, // Amazon EC2 will identify instance types with these attributes. // +// You must specify VCpuCount and MemoryMiB. All other attributes are optional. +// Any unspecified optional attribute is set to its default. +// // When you specify multiple attributes, you get instance types that satisfy // all of the specified attributes. If you specify multiple values for an attribute, // you get instance types that satisfy any of the specified values. @@ -129599,11 +136150,18 @@ func (s *InstancePrivateIpAddress) SetPrivateIpAddress(v string) *InstancePrivat // - ExcludedInstanceTypes - The instance types to exclude from the list, // even if they match your specified attributes. // -// You must specify VCpuCount and MemoryMiB. All other attributes are optional. -// Any unspecified optional attribute is set to its default. +// If you specify InstanceRequirements, you can't specify InstanceType. // -// For more information, see Attribute-based instance type selection for EC2 -// Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), +// Attribute-based instance type selection is only supported when using Auto +// Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan +// to use the launch template in the launch instance wizard (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html) +// or with the RunInstances API (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html), +// you can't specify InstanceRequirements. +// +// For more information, see Create a mixed instances group using attribute-based +// instance type selection (https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) +// in the Amazon EC2 Auto Scaling User Guide, and also Attribute-based instance +// type selection for EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), // Attribute-based instance type selection for Spot Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), // and Spot placement score (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) // in the Amazon EC2 User Guide. @@ -129620,11 +136178,13 @@ type InstanceRequirements struct { // Indicates whether instance types must have accelerators by specific manufacturers. // - // * For instance types with NVIDIA devices, specify nvidia. + // * For instance types with Amazon Web Services devices, specify amazon-web-services. // // * For instance types with AMD devices, specify amd. // - // * For instance types with Amazon Web Services devices, specify amazon-web-services. + // * For instance types with Habana devices, specify habana. + // + // * For instance types with NVIDIA devices, specify nvidia. // // * For instance types with Xilinx devices, specify xilinx. // @@ -129633,24 +136193,30 @@ type InstanceRequirements struct { // The accelerators that must be on the instance type. // + // * For instance types with NVIDIA A10G GPUs, specify a10g. + // // * For instance types with NVIDIA A100 GPUs, specify a100. // - // * For instance types with NVIDIA V100 GPUs, specify v100. + // * For instance types with NVIDIA H100 GPUs, specify h100. // - // * For instance types with NVIDIA K80 GPUs, specify k80. + // * For instance types with Amazon Web Services Inferentia chips, specify + // inferentia. // - // * For instance types with NVIDIA T4 GPUs, specify t4. + // * For instance types with NVIDIA GRID K520 GPUs, specify k520. + // + // * For instance types with NVIDIA K80 GPUs, specify k80. // // * For instance types with NVIDIA M60 GPUs, specify m60. // // * For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520. // - // * For instance types with Xilinx VU9P FPGAs, specify vu9p. + // * For instance types with NVIDIA T4 GPUs, specify t4. // - // * For instance types with Amazon Web Services Inferentia chips, specify - // inferentia. + // * For instance types with NVIDIA T4G GPUs, specify t4g. // - // * For instance types with NVIDIA GRID K520 GPUs, specify k520. + // * For instance types with Xilinx VU9P FPGAs, specify vu9p. + // + // * For instance types with NVIDIA V100 GPUs, specify v100. // // Default: Any accelerator AcceleratorNames []*string `locationName:"acceleratorNameSet" locationNameList:"item" type:"list" enum:"AcceleratorName"` @@ -130020,6 +136586,9 @@ func (s *InstanceRequirements) SetVCpuCount(v *VCpuCountRange) *InstanceRequirem // The attributes for the instance types. When you specify instance attributes, // Amazon EC2 will identify instance types with these attributes. // +// You must specify VCpuCount and MemoryMiB. All other attributes are optional. +// Any unspecified optional attribute is set to its default. +// // When you specify multiple attributes, you get instance types that satisfy // all of the specified attributes. If you specify multiple values for an attribute, // you get instance types that satisfy any of the specified values. @@ -130034,8 +136603,14 @@ func (s *InstanceRequirements) SetVCpuCount(v *VCpuCountRange) *InstanceRequirem // - ExcludedInstanceTypes - The instance types to exclude from the list, // even if they match your specified attributes. // -// You must specify VCpuCount and MemoryMiB. All other attributes are optional. -// Any unspecified optional attribute is set to its default. +// If you specify InstanceRequirements, you can't specify InstanceType. +// +// Attribute-based instance type selection is only supported when using Auto +// Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan +// to use the launch template in the launch instance wizard (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), +// or with the RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) +// API or AWS::EC2::Instance (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) +// Amazon Web Services CloudFormation resource, you can't specify InstanceRequirements. // // For more information, see Attribute-based instance type selection for EC2 // Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), @@ -130055,11 +136630,13 @@ type InstanceRequirementsRequest struct { // Indicates whether instance types must have accelerators by specific manufacturers. // - // * For instance types with NVIDIA devices, specify nvidia. + // * For instance types with Amazon Web Services devices, specify amazon-web-services. // // * For instance types with AMD devices, specify amd. // - // * For instance types with Amazon Web Services devices, specify amazon-web-services. + // * For instance types with Habana devices, specify habana. + // + // * For instance types with NVIDIA devices, specify nvidia. // // * For instance types with Xilinx devices, specify xilinx. // @@ -130068,24 +136645,30 @@ type InstanceRequirementsRequest struct { // The accelerators that must be on the instance type. // + // * For instance types with NVIDIA A10G GPUs, specify a10g. + // // * For instance types with NVIDIA A100 GPUs, specify a100. // - // * For instance types with NVIDIA V100 GPUs, specify v100. + // * For instance types with NVIDIA H100 GPUs, specify h100. // - // * For instance types with NVIDIA K80 GPUs, specify k80. + // * For instance types with Amazon Web Services Inferentia chips, specify + // inferentia. // - // * For instance types with NVIDIA T4 GPUs, specify t4. + // * For instance types with NVIDIA GRID K520 GPUs, specify k520. + // + // * For instance types with NVIDIA K80 GPUs, specify k80. // // * For instance types with NVIDIA M60 GPUs, specify m60. // // * For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520. // - // * For instance types with Xilinx VU9P FPGAs, specify vu9p. + // * For instance types with NVIDIA T4 GPUs, specify t4. // - // * For instance types with Amazon Web Services Inferentia chips, specify - // inferentia. + // * For instance types with NVIDIA T4G GPUs, specify t4g. // - // * For instance types with NVIDIA GRID K520 GPUs, specify k520. + // * For instance types with Xilinx VU9P FPGAs, specify vu9p. + // + // * For instance types with NVIDIA V100 GPUs, specify v100. // // Default: Any accelerator AcceleratorNames []*string `locationName:"AcceleratorName" locationNameList:"item" type:"list" enum:"AcceleratorName"` @@ -130231,8 +136814,10 @@ type InstanceRequirementsRequest struct { // MemoryMiB is a required field MemoryMiB *MemoryMiBRequest `type:"structure" required:"true"` - // The minimum and maximum amount of network bandwidth, in gigabits per second - // (Gbps). + // The minimum and maximum amount of baseline network bandwidth, in gigabits + // per second (Gbps). For more information, see Amazon EC2 instance network + // bandwidth (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html) + // in the Amazon EC2 User Guide. // // Default: No minimum or maximum limits NetworkBandwidthGbps *NetworkBandwidthGbpsRequest `type:"structure"` @@ -131104,17 +137689,97 @@ func (s *InstanceTagNotificationAttribute) SetInstanceTagKeys(v []*string) *Inst return s } +// Information about the instance topology. +type InstanceTopology struct { + _ struct{} `type:"structure"` + + // The name of the Availability Zone or Local Zone that the instance is in. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The name of the placement group that the instance is in. + GroupName *string `locationName:"groupName" type:"string"` + + // The instance ID. + InstanceId *string `locationName:"instanceId" type:"string"` + + // The instance type. + InstanceType *string `locationName:"instanceType" type:"string"` + + // The network nodes. The nodes are hashed based on your account. Instances + // from different accounts running under the same droplet will return a different + // hashed list of strings. + NetworkNodes []*string `locationName:"networkNodeSet" locationNameList:"item" type:"list"` + + // The ID of the Availability Zone or Local Zone that the instance is in. + ZoneId *string `locationName:"zoneId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceTopology) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceTopology) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *InstanceTopology) SetAvailabilityZone(v string) *InstanceTopology { + s.AvailabilityZone = &v + return s +} + +// SetGroupName sets the GroupName field's value. +func (s *InstanceTopology) SetGroupName(v string) *InstanceTopology { + s.GroupName = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *InstanceTopology) SetInstanceId(v string) *InstanceTopology { + s.InstanceId = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *InstanceTopology) SetInstanceType(v string) *InstanceTopology { + s.InstanceType = &v + return s +} + +// SetNetworkNodes sets the NetworkNodes field's value. +func (s *InstanceTopology) SetNetworkNodes(v []*string) *InstanceTopology { + s.NetworkNodes = v + return s +} + +// SetZoneId sets the ZoneId field's value. +func (s *InstanceTopology) SetZoneId(v string) *InstanceTopology { + s.ZoneId = &v + return s +} + // Describes the instance type. type InstanceTypeInfo struct { _ struct{} `type:"structure"` - // Indicates whether auto recovery is supported. + // Indicates whether Amazon CloudWatch action based recovery is supported. AutoRecoverySupported *bool `locationName:"autoRecoverySupported" type:"boolean"` // Indicates whether the instance is a bare metal instance type. BareMetal *bool `locationName:"bareMetal" type:"boolean"` - // Indicates whether the instance type is a burstable performance instance type. + // Indicates whether the instance type is a burstable performance T instance + // type. For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html). BurstablePerformanceSupported *bool `locationName:"burstablePerformanceSupported" type:"boolean"` // Indicates whether the instance type is current generation. @@ -131160,6 +137825,15 @@ type InstanceTypeInfo struct { // Describes the network settings for the instance type. NetworkInfo *NetworkInfo `locationName:"networkInfo" type:"structure"` + // Indicates whether Nitro Enclaves is supported. + NitroEnclavesSupport *string `locationName:"nitroEnclavesSupport" type:"string" enum:"NitroEnclavesSupport"` + + // Describes the supported NitroTPM versions for the instance type. + NitroTpmInfo *NitroTpmInfo `locationName:"nitroTpmInfo" type:"structure"` + + // Indicates whether NitroTPM is supported. + NitroTpmSupport *string `locationName:"nitroTpmSupport" type:"string" enum:"NitroTpmSupport"` + // Describes the placement group settings for the instance type. PlacementGroupInfo *PlacementGroupInfo `locationName:"placementGroupInfo" type:"structure"` @@ -131303,6 +137977,24 @@ func (s *InstanceTypeInfo) SetNetworkInfo(v *NetworkInfo) *InstanceTypeInfo { return s } +// SetNitroEnclavesSupport sets the NitroEnclavesSupport field's value. +func (s *InstanceTypeInfo) SetNitroEnclavesSupport(v string) *InstanceTypeInfo { + s.NitroEnclavesSupport = &v + return s +} + +// SetNitroTpmInfo sets the NitroTpmInfo field's value. +func (s *InstanceTypeInfo) SetNitroTpmInfo(v *NitroTpmInfo) *InstanceTypeInfo { + s.NitroTpmInfo = v + return s +} + +// SetNitroTpmSupport sets the NitroTpmSupport field's value. +func (s *InstanceTypeInfo) SetNitroTpmSupport(v string) *InstanceTypeInfo { + s.NitroTpmSupport = &v + return s +} + // SetPlacementGroupInfo sets the PlacementGroupInfo field's value. func (s *InstanceTypeInfo) SetPlacementGroupInfo(v *PlacementGroupInfo) *InstanceTypeInfo { s.PlacementGroupInfo = v @@ -131643,21 +138335,20 @@ type IpPermission struct { // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). // - // [VPC only] Use -1 to specify all protocols. When authorizing security group - // rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 - // allows traffic on all ports, regardless of any port range you specify. For - // tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range - // is optional; if you omit the port range, traffic for all types and codes - // is allowed. + // Use -1 to specify all protocols. When authorizing security group rules, specifying + // -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic + // on all ports, regardless of any port range you specify. For tcp, udp, and + // icmp, you must specify a port range. For icmpv6, the port range is optional; + // if you omit the port range, traffic for all types and codes is allowed. IpProtocol *string `locationName:"ipProtocol" type:"string"` // The IPv4 ranges. IpRanges []*IpRange `locationName:"ipRanges" locationNameList:"item" type:"list"` - // [VPC only] The IPv6 ranges. + // The IPv6 ranges. Ipv6Ranges []*Ipv6Range `locationName:"ipv6Ranges" locationNameList:"item" type:"list"` - // [VPC only] The prefix list IDs. + // The prefix list IDs. PrefixListIds []*PrefixListId `locationName:"prefixListIds" locationNameList:"item" type:"list"` // If the protocol is TCP or UDP, this is the end of the port range. If the @@ -131832,11 +138523,19 @@ type Ipam struct { // The state of the IPAM. State *string `locationName:"state" type:"string" enum:"IpamState"` + // The state message. + StateMessage *string `locationName:"stateMessage" type:"string"` + // The key/value combination of a tag assigned to the resource. Use the tag // key in the filter name and the tag value as the filter value. For example, // to find all resources that have a tag with the key Owner and the value TeamA, // specify tag:Owner for the filter name and TeamA for the filter value. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // IPAM is offered in a Free Tier and an Advanced Tier. For more information + // about the features available in each tier and the costs associated with the + // tiers, see Amazon VPC pricing > IPAM tab (http://aws.amazon.com/vpc/pricing/). + Tier *string `locationName:"tier" type:"string" enum:"IpamTier"` } // String returns the string representation. @@ -131935,12 +138634,24 @@ func (s *Ipam) SetState(v string) *Ipam { return s } +// SetStateMessage sets the StateMessage field's value. +func (s *Ipam) SetStateMessage(v string) *Ipam { + s.StateMessage = &v + return s +} + // SetTags sets the Tags field's value. func (s *Ipam) SetTags(v []*Tag) *Ipam { s.Tags = v return s } +// SetTier sets the Tier field's value. +func (s *Ipam) SetTier(v string) *Ipam { + s.Tier = &v + return s +} + // The historical record of a CIDR within an IPAM scope. For more information, // see View the history of IP addresses (https://docs.aws.amazon.com/vpc/latest/ipam/view-history-cidr-ipam.html) // in the Amazon VPC IPAM User Guide. @@ -132189,6 +138900,203 @@ func (s *IpamDiscoveredAccount) SetLastSuccessfulDiscoveryTime(v time.Time) *Ipa return s } +// A public IP Address discovered by IPAM. +type IpamDiscoveredPublicAddress struct { + _ struct{} `type:"structure"` + + // The IP address. + Address *string `locationName:"address" type:"string"` + + // The allocation ID of the resource the IP address is assigned to. + AddressAllocationId *string `locationName:"addressAllocationId" type:"string"` + + // The ID of the owner of the resource the IP address is assigned to. + AddressOwnerId *string `locationName:"addressOwnerId" type:"string"` + + // The Region of the resource the IP address is assigned to. + AddressRegion *string `locationName:"addressRegion" type:"string"` + + // The IP address type. + AddressType *string `locationName:"addressType" type:"string" enum:"IpamPublicAddressType"` + + // The association status. + AssociationStatus *string `locationName:"associationStatus" type:"string" enum:"IpamPublicAddressAssociationStatus"` + + // The instance ID of the instance the assigned IP address is assigned to. + InstanceId *string `locationName:"instanceId" type:"string"` + + // The resource discovery ID. + IpamResourceDiscoveryId *string `locationName:"ipamResourceDiscoveryId" type:"string"` + + // The network border group that the resource that the IP address is assigned + // to is in. + NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` + + // The description of the network interface that IP address is assigned to. + NetworkInterfaceDescription *string `locationName:"networkInterfaceDescription" type:"string"` + + // The network interface ID of the resource with the assigned IP address. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + + // The ID of the public IPv4 pool that the resource with the assigned IP address + // is from. + PublicIpv4PoolId *string `locationName:"publicIpv4PoolId" type:"string"` + + // The last successful resource discovery time. + SampleTime *time.Time `locationName:"sampleTime" type:"timestamp"` + + // Security groups associated with the resource that the IP address is assigned + // to. + SecurityGroups []*IpamPublicAddressSecurityGroup `locationName:"securityGroupSet" locationNameList:"item" type:"list"` + + // The Amazon Web Services service associated with the IP address. + Service *string `locationName:"service" type:"string" enum:"IpamPublicAddressAwsService"` + + // The resource ARN or ID. + ServiceResource *string `locationName:"serviceResource" type:"string"` + + // The ID of the subnet that the resource with the assigned IP address is in. + SubnetId *string `locationName:"subnetId" type:"string"` + + // Tags associated with the IP address. + Tags *IpamPublicAddressTags `locationName:"tags" type:"structure"` + + // The ID of the VPC that the resource with the assigned IP address is in. + VpcId *string `locationName:"vpcId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamDiscoveredPublicAddress) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamDiscoveredPublicAddress) GoString() string { + return s.String() +} + +// SetAddress sets the Address field's value. +func (s *IpamDiscoveredPublicAddress) SetAddress(v string) *IpamDiscoveredPublicAddress { + s.Address = &v + return s +} + +// SetAddressAllocationId sets the AddressAllocationId field's value. +func (s *IpamDiscoveredPublicAddress) SetAddressAllocationId(v string) *IpamDiscoveredPublicAddress { + s.AddressAllocationId = &v + return s +} + +// SetAddressOwnerId sets the AddressOwnerId field's value. +func (s *IpamDiscoveredPublicAddress) SetAddressOwnerId(v string) *IpamDiscoveredPublicAddress { + s.AddressOwnerId = &v + return s +} + +// SetAddressRegion sets the AddressRegion field's value. +func (s *IpamDiscoveredPublicAddress) SetAddressRegion(v string) *IpamDiscoveredPublicAddress { + s.AddressRegion = &v + return s +} + +// SetAddressType sets the AddressType field's value. +func (s *IpamDiscoveredPublicAddress) SetAddressType(v string) *IpamDiscoveredPublicAddress { + s.AddressType = &v + return s +} + +// SetAssociationStatus sets the AssociationStatus field's value. +func (s *IpamDiscoveredPublicAddress) SetAssociationStatus(v string) *IpamDiscoveredPublicAddress { + s.AssociationStatus = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *IpamDiscoveredPublicAddress) SetInstanceId(v string) *IpamDiscoveredPublicAddress { + s.InstanceId = &v + return s +} + +// SetIpamResourceDiscoveryId sets the IpamResourceDiscoveryId field's value. +func (s *IpamDiscoveredPublicAddress) SetIpamResourceDiscoveryId(v string) *IpamDiscoveredPublicAddress { + s.IpamResourceDiscoveryId = &v + return s +} + +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *IpamDiscoveredPublicAddress) SetNetworkBorderGroup(v string) *IpamDiscoveredPublicAddress { + s.NetworkBorderGroup = &v + return s +} + +// SetNetworkInterfaceDescription sets the NetworkInterfaceDescription field's value. +func (s *IpamDiscoveredPublicAddress) SetNetworkInterfaceDescription(v string) *IpamDiscoveredPublicAddress { + s.NetworkInterfaceDescription = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *IpamDiscoveredPublicAddress) SetNetworkInterfaceId(v string) *IpamDiscoveredPublicAddress { + s.NetworkInterfaceId = &v + return s +} + +// SetPublicIpv4PoolId sets the PublicIpv4PoolId field's value. +func (s *IpamDiscoveredPublicAddress) SetPublicIpv4PoolId(v string) *IpamDiscoveredPublicAddress { + s.PublicIpv4PoolId = &v + return s +} + +// SetSampleTime sets the SampleTime field's value. +func (s *IpamDiscoveredPublicAddress) SetSampleTime(v time.Time) *IpamDiscoveredPublicAddress { + s.SampleTime = &v + return s +} + +// SetSecurityGroups sets the SecurityGroups field's value. +func (s *IpamDiscoveredPublicAddress) SetSecurityGroups(v []*IpamPublicAddressSecurityGroup) *IpamDiscoveredPublicAddress { + s.SecurityGroups = v + return s +} + +// SetService sets the Service field's value. +func (s *IpamDiscoveredPublicAddress) SetService(v string) *IpamDiscoveredPublicAddress { + s.Service = &v + return s +} + +// SetServiceResource sets the ServiceResource field's value. +func (s *IpamDiscoveredPublicAddress) SetServiceResource(v string) *IpamDiscoveredPublicAddress { + s.ServiceResource = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *IpamDiscoveredPublicAddress) SetSubnetId(v string) *IpamDiscoveredPublicAddress { + s.SubnetId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *IpamDiscoveredPublicAddress) SetTags(v *IpamPublicAddressTags) *IpamDiscoveredPublicAddress { + s.Tags = v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *IpamDiscoveredPublicAddress) SetVpcId(v string) *IpamDiscoveredPublicAddress { + s.VpcId = &v + return s +} + // An IPAM discovered resource CIDR. A discovered resource is a resource CIDR // monitored under a resource discovery. The following resources can be discovered: // VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses. The discovered @@ -132526,10 +139434,13 @@ type IpamPool struct { // pool within an existing source pool. SourceIpamPoolId *string `locationName:"sourceIpamPoolId" type:"string"` + // The resource used to provision CIDRs to a resource planning pool. + SourceResource *IpamPoolSourceResource `locationName:"sourceResource" type:"structure"` + // The state of the IPAM pool. State *string `locationName:"state" type:"string" enum:"IpamPoolState"` - // A message related to the failed creation of an IPAM pool. + // The state message. StateMessage *string `locationName:"stateMessage" type:"string"` // The key/value combination of a tag assigned to the resource. Use the tag @@ -132677,6 +139588,12 @@ func (s *IpamPool) SetSourceIpamPoolId(v string) *IpamPool { return s } +// SetSourceResource sets the SourceResource field's value. +func (s *IpamPool) SetSourceResource(v *IpamPoolSourceResource) *IpamPool { + s.SourceResource = v + return s +} + // SetState sets the State field's value. func (s *IpamPool) SetState(v string) *IpamPool { s.State = &v @@ -132900,6 +139817,238 @@ func (s *IpamPoolCidrFailureReason) SetMessage(v string) *IpamPoolCidrFailureRea return s } +// The resource used to provision CIDRs to a resource planning pool. +type IpamPoolSourceResource struct { + _ struct{} `type:"structure"` + + // The source resource ID. + ResourceId *string `locationName:"resourceId" type:"string"` + + // The source resource owner. + ResourceOwner *string `locationName:"resourceOwner" type:"string"` + + // The source resource Region. + ResourceRegion *string `locationName:"resourceRegion" type:"string"` + + // The source resource type. + ResourceType *string `locationName:"resourceType" type:"string" enum:"IpamPoolSourceResourceType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPoolSourceResource) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPoolSourceResource) GoString() string { + return s.String() +} + +// SetResourceId sets the ResourceId field's value. +func (s *IpamPoolSourceResource) SetResourceId(v string) *IpamPoolSourceResource { + s.ResourceId = &v + return s +} + +// SetResourceOwner sets the ResourceOwner field's value. +func (s *IpamPoolSourceResource) SetResourceOwner(v string) *IpamPoolSourceResource { + s.ResourceOwner = &v + return s +} + +// SetResourceRegion sets the ResourceRegion field's value. +func (s *IpamPoolSourceResource) SetResourceRegion(v string) *IpamPoolSourceResource { + s.ResourceRegion = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *IpamPoolSourceResource) SetResourceType(v string) *IpamPoolSourceResource { + s.ResourceType = &v + return s +} + +// The resource used to provision CIDRs to a resource planning pool. +type IpamPoolSourceResourceRequest struct { + _ struct{} `type:"structure"` + + // The source resource ID. + ResourceId *string `type:"string"` + + // The source resource owner. + ResourceOwner *string `type:"string"` + + // The source resource Region. + ResourceRegion *string `type:"string"` + + // The source resource type. + ResourceType *string `type:"string" enum:"IpamPoolSourceResourceType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPoolSourceResourceRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPoolSourceResourceRequest) GoString() string { + return s.String() +} + +// SetResourceId sets the ResourceId field's value. +func (s *IpamPoolSourceResourceRequest) SetResourceId(v string) *IpamPoolSourceResourceRequest { + s.ResourceId = &v + return s +} + +// SetResourceOwner sets the ResourceOwner field's value. +func (s *IpamPoolSourceResourceRequest) SetResourceOwner(v string) *IpamPoolSourceResourceRequest { + s.ResourceOwner = &v + return s +} + +// SetResourceRegion sets the ResourceRegion field's value. +func (s *IpamPoolSourceResourceRequest) SetResourceRegion(v string) *IpamPoolSourceResourceRequest { + s.ResourceRegion = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *IpamPoolSourceResourceRequest) SetResourceType(v string) *IpamPoolSourceResourceRequest { + s.ResourceType = &v + return s +} + +// The security group that the resource with the public IP address is in. +type IpamPublicAddressSecurityGroup struct { + _ struct{} `type:"structure"` + + // The security group's ID. + GroupId *string `locationName:"groupId" type:"string"` + + // The security group's name. + GroupName *string `locationName:"groupName" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressSecurityGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressSecurityGroup) GoString() string { + return s.String() +} + +// SetGroupId sets the GroupId field's value. +func (s *IpamPublicAddressSecurityGroup) SetGroupId(v string) *IpamPublicAddressSecurityGroup { + s.GroupId = &v + return s +} + +// SetGroupName sets the GroupName field's value. +func (s *IpamPublicAddressSecurityGroup) SetGroupName(v string) *IpamPublicAddressSecurityGroup { + s.GroupName = &v + return s +} + +// A tag for a public IP address discovered by IPAM. +type IpamPublicAddressTag struct { + _ struct{} `type:"structure"` + + // The tag's key. + Key *string `locationName:"key" type:"string"` + + // The tag's value. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressTag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressTag) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *IpamPublicAddressTag) SetKey(v string) *IpamPublicAddressTag { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *IpamPublicAddressTag) SetValue(v string) *IpamPublicAddressTag { + s.Value = &v + return s +} + +// Tags for a public IP address discovered by IPAM. +type IpamPublicAddressTags struct { + _ struct{} `type:"structure"` + + // Tags for an Elastic IP address. + EipTags []*IpamPublicAddressTag `locationName:"eipTagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressTags) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressTags) GoString() string { + return s.String() +} + +// SetEipTags sets the EipTags field's value. +func (s *IpamPublicAddressTags) SetEipTags(v []*IpamPublicAddressTag) *IpamPublicAddressTags { + s.EipTags = v + return s +} + // The CIDR for an IPAM resource. type IpamResourceCidr struct { _ struct{} `type:"structure"` @@ -133880,7 +141029,7 @@ func (s *Ipv6PrefixSpecificationResponse) SetIpv6Prefix(v string) *Ipv6PrefixSpe return s } -// [EC2-VPC only] Describes an IPv6 range. +// Describes an IPv6 range. type Ipv6Range struct { _ struct{} `type:"structure"` @@ -134184,7 +141333,7 @@ type LaunchSpecification struct { // Deprecated. AddressingType *string `locationName:"addressingType" type:"string"` - // One or more block device mapping entries. + // The block device mapping entries. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` // Indicates whether the instance is optimized for EBS I/O. This optimization @@ -134214,8 +141363,8 @@ type LaunchSpecification struct { // Describes the monitoring of an instance. Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"` - // One or more network interfaces. If you specify a network interface, you must - // specify subnet IDs and security group IDs using the network interface. + // The network interfaces. If you specify a network interface, you must specify + // subnet IDs and security group IDs using the network interface. NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` // The placement information for the instance. @@ -134224,9 +141373,7 @@ type LaunchSpecification struct { // The ID of the RAM disk. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // The IDs of the security groups. SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The ID of the subnet in which to launch the instance. @@ -134707,7 +141854,9 @@ func (s *LaunchTemplateCapacityReservationSpecificationResponse) SetCapacityRese type LaunchTemplateConfig struct { _ struct{} `type:"structure"` - // The launch template. + // The launch template to use. Make sure that the launch template does not contain + // the NetworkInterfaceId parameter because you can't specify a network interface + // ID in a Spot Fleet. LaunchTemplateSpecification *FleetLaunchTemplateSpecification `locationName:"launchTemplateSpecification" type:"structure"` // Any parameters that you specify override the same parameters in the launch @@ -134764,6 +141913,10 @@ func (s *LaunchTemplateConfig) SetOverrides(v []*LaunchTemplateOverrides) *Launc type LaunchTemplateCpuOptions struct { _ struct{} `type:"structure"` + // Indicates whether the instance is enabled for AMD SEV-SNP. For more information, + // see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `locationName:"coreCount" type:"integer"` @@ -134789,6 +141942,12 @@ func (s LaunchTemplateCpuOptions) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *LaunchTemplateCpuOptions) SetAmdSevSnp(v string) *LaunchTemplateCpuOptions { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *LaunchTemplateCpuOptions) SetCoreCount(v int64) *LaunchTemplateCpuOptions { s.CoreCount = &v @@ -134806,6 +141965,11 @@ func (s *LaunchTemplateCpuOptions) SetThreadsPerCore(v int64) *LaunchTemplateCpu type LaunchTemplateCpuOptionsRequest struct { _ struct{} `type:"structure"` + // Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is + // supported with M6a, R6a, and C6a instance types only. For more information, + // see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `type:"integer"` @@ -134832,6 +141996,12 @@ func (s LaunchTemplateCpuOptionsRequest) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *LaunchTemplateCpuOptionsRequest) SetAmdSevSnp(v string) *LaunchTemplateCpuOptionsRequest { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *LaunchTemplateCpuOptionsRequest) SetCoreCount(v int64) *LaunchTemplateCpuOptionsRequest { s.CoreCount = &v @@ -134958,18 +142128,17 @@ type LaunchTemplateEbsBlockDeviceRequest struct { // // The following are the supported values for each volume type: // - // * gp3: 3,000-16,000 IOPS + // * gp3: 3,000 - 16,000 IOPS // - // * io1: 100-64,000 IOPS + // * io1: 100 - 64,000 IOPS // - // * io2: 100-64,000 IOPS + // * io2: 100 - 256,000 IOPS // - // For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built - // on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families guarantee performance up to 32,000 IOPS. + // For io2 volumes, you can achieve up to 256,000 IOPS on instances built on + // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // On other instances, you can achieve performance up to 32,000 IOPS. // - // This parameter is supported for io1, io2, and gp3 volumes only. This parameter - // is not supported for gp2, st1, sc1, or standard volumes. + // This parameter is supported for io1, io2, and gp3 volumes only. Iops *int64 `type:"integer"` // The ARN of the symmetric Key Management Service (KMS) CMK used for encryption. @@ -134987,13 +142156,15 @@ type LaunchTemplateEbsBlockDeviceRequest struct { // a volume size. The following are the supported volumes sizes for each volume // type: // - // * gp2 and gp3: 1-16,384 + // * gp2 and gp3: 1 - 16,384 GiB + // + // * io1: 4 - 16,384 GiB // - // * io1 and io2: 4-16,384 + // * io2: 4 - 65,536 GiB // - // * st1 and sc1: 125-16,384 + // * st1 and sc1: 125 - 16,384 GiB // - // * standard: 1-1,024 + // * standard: 1 - 1024 GiB VolumeSize *int64 `type:"integer"` // The volume type. For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) @@ -135173,6 +142344,96 @@ func (s *LaunchTemplateElasticInferenceAcceleratorResponse) SetType(v string) *L return s } +// ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology +// to increase the maximum bandwidth used per stream and minimize tail latency +// of network traffic between EC2 instances. With ENA Express, you can communicate +// between two EC2 instances in the same subnet within the same account, or +// in different accounts. Both sending and receiving instances must have ENA +// Express enabled. +// +// To improve the reliability of network packet delivery, ENA Express reorders +// network packets on the receiving end by default. However, some UDP-based +// applications are designed to handle network packets that are out of order +// to reduce the overhead for packet delivery at the network layer. When ENA +// Express is enabled, you can specify whether UDP network traffic uses it. +type LaunchTemplateEnaSrdSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether ENA Express is enabled for the network interface. + EnaSrdEnabled *bool `locationName:"enaSrdEnabled" type:"boolean"` + + // Configures ENA Express for UDP network traffic. + EnaSrdUdpSpecification *LaunchTemplateEnaSrdUdpSpecification `locationName:"enaSrdUdpSpecification" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateEnaSrdSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateEnaSrdSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *LaunchTemplateEnaSrdSpecification) SetEnaSrdEnabled(v bool) *LaunchTemplateEnaSrdSpecification { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *LaunchTemplateEnaSrdSpecification) SetEnaSrdUdpSpecification(v *LaunchTemplateEnaSrdUdpSpecification) *LaunchTemplateEnaSrdSpecification { + s.EnaSrdUdpSpecification = v + return s +} + +// ENA Express is compatible with both TCP and UDP transport protocols. When +// it's enabled, TCP traffic automatically uses it. However, some UDP-based +// applications are designed to handle network packets that are out of order, +// without a need for retransmission, such as live video broadcasting or other +// near-real-time applications. For UDP traffic, you can specify whether to +// use ENA Express, based on your application environment needs. +type LaunchTemplateEnaSrdUdpSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic to and from the instance uses ENA Express. + // To specify this setting, you must first enable ENA Express. + EnaSrdUdpEnabled *bool `locationName:"enaSrdUdpEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateEnaSrdUdpSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateEnaSrdUdpSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *LaunchTemplateEnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *LaunchTemplateEnaSrdUdpSpecification { + s.EnaSrdUdpEnabled = &v + return s +} + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. type LaunchTemplateEnclaveOptions struct { _ struct{} `type:"structure"` @@ -135565,20 +142826,18 @@ type LaunchTemplateInstanceMetadataOptions struct { // Possible values: Integers from 1 to 64 HttpPutResponseHopLimit *int64 `locationName:"httpPutResponseHopLimit" type:"integer"` - // Indicates whether IMDSv2 is optional or required. + // Indicates whether IMDSv2 is required. // - // optional - When IMDSv2 is optional, you can choose to retrieve instance metadata - // with or without a session token in your request. If you retrieve the IAM - // role credentials without a token, the IMDSv1 role credentials are returned. - // If you retrieve the IAM role credentials using a valid session token, the - // IMDSv2 role credentials are returned. + // * optional - IMDSv2 is optional. You can choose whether to send a session + // token in your instance metadata retrieval requests. If you retrieve IAM + // role credentials without a session token, you receive the IMDSv1 role + // credentials. If you retrieve IAM role credentials using a valid session + // token, you receive the IMDSv2 role credentials. // - // required - When IMDSv2 is required, you must send a session token with any - // instance metadata retrieval requests. In this state, retrieving the IAM role - // credentials always returns IMDSv2 credentials; IMDSv1 credentials are not - // available. - // - // Default: optional + // * required - IMDSv2 is required. You must send a session token in your + // instance metadata retrieval requests. With this option, retrieving the + // IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials + // are not available. HttpTokens *string `locationName:"httpTokens" type:"string" enum:"LaunchTemplateHttpTokensState"` // Set to enabled to allow access to instance tags from the instance metadata. @@ -135678,22 +142937,21 @@ type LaunchTemplateInstanceMetadataOptionsRequest struct { // Possible values: Integers from 1 to 64 HttpPutResponseHopLimit *int64 `type:"integer"` - // IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional - // (in other words, set the use of IMDSv2 to optional) or required (in other - // words, set the use of IMDSv2 to required). + // Indicates whether IMDSv2 is required. // - // * optional - When IMDSv2 is optional, you can choose to retrieve instance - // metadata with or without a session token in your request. If you retrieve - // the IAM role credentials without a token, the IMDSv1 role credentials - // are returned. If you retrieve the IAM role credentials using a valid session - // token, the IMDSv2 role credentials are returned. + // * optional - IMDSv2 is optional. You can choose whether to send a session + // token in your instance metadata retrieval requests. If you retrieve IAM + // role credentials without a session token, you receive the IMDSv1 role + // credentials. If you retrieve IAM role credentials using a valid session + // token, you receive the IMDSv2 role credentials. // - // * required - When IMDSv2 is required, you must send a session token with - // any instance metadata retrieval requests. In this state, retrieving the + // * required - IMDSv2 is required. You must send a session token in your + // instance metadata retrieval requests. With this option, retrieving the // IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials // are not available. // - // Default: optional + // Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) for + // your instance is v2.0, the default is required. HttpTokens *string `type:"string" enum:"LaunchTemplateHttpTokensState"` // Set to enabled to allow access to instance tags from the instance metadata. @@ -135768,8 +143026,19 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // Indicates whether to associate a public IPv4 address with eth0 for a new // network interface. + // + // Starting on February 1, 2024, Amazon Web Services will charge for all public + // IPv4 addresses, including public IPv4 addresses associated with running instances + // and Elastic IP addresses. For more information, see the Public IPv4 Address + // tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/). AssociatePublicIpAddress *bool `locationName:"associatePublicIpAddress" type:"boolean"` + // A security group connection tracking specification that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingSpecification *ConnectionTrackingSpecification `locationName:"connectionTrackingSpecification" type:"structure"` + // Indicates whether the network interface is deleted when the instance is terminated. DeleteOnTermination *bool `locationName:"deleteOnTermination" type:"boolean"` @@ -135779,6 +143048,10 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // The device index for the network interface attachment. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` + // Contains the ENA Express settings for instances launched from your launch + // template. + EnaSrdSpecification *LaunchTemplateEnaSrdSpecification `locationName:"enaSrdSpecification" type:"structure"` + // The IDs of one or more security groups. Groups []*string `locationName:"groupSet" locationNameList:"groupId" type:"list"` @@ -135811,6 +143084,13 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + // The primary IPv6 address of the network interface. When you enable an IPv6 + // GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary + // IPv6 address until the instance is terminated or the network interface is + // detached. For more information about primary IPv6 addresses, see RunInstances + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). + PrimaryIpv6 *bool `locationName:"primaryIpv6" type:"boolean"` + // The primary private IPv4 address of the network interface. PrivateIpAddress *string `locationName:"privateIpAddress" type:"string"` @@ -135854,6 +143134,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetAssociatePublic return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecification) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.ConnectionTrackingSpecification = v + return s +} + // SetDeleteOnTermination sets the DeleteOnTermination field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetDeleteOnTermination(v bool) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.DeleteOnTermination = &v @@ -135872,6 +143158,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetDeviceIndex(v i return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetEnaSrdSpecification(v *LaunchTemplateEnaSrdSpecification) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.EnaSrdSpecification = v + return s +} + // SetGroups sets the Groups field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetGroups(v []*string) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.Groups = v @@ -135932,6 +143224,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetNetworkInterfac return s } +// SetPrimaryIpv6 sets the PrimaryIpv6 field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetPrimaryIpv6(v bool) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.PrimaryIpv6 = &v + return s +} + // SetPrivateIpAddress sets the PrivateIpAddress field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetPrivateIpAddress(v string) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.PrivateIpAddress = &v @@ -135969,8 +143267,19 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { AssociateCarrierIpAddress *bool `type:"boolean"` // Associates a public IPv4 address with eth0 for a new network interface. + // + // Starting on February 1, 2024, Amazon Web Services will charge for all public + // IPv4 addresses, including public IPv4 addresses associated with running instances + // and Elastic IP addresses. For more information, see the Public IPv4 Address + // tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/). AssociatePublicIpAddress *bool `type:"boolean"` + // A security group connection tracking specification that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingSpecification *ConnectionTrackingSpecificationRequest `type:"structure"` + // Indicates whether the network interface is deleted when the instance is terminated. DeleteOnTermination *bool `type:"boolean"` @@ -135980,6 +143289,9 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // The device index for the network interface attachment. DeviceIndex *int64 `type:"integer"` + // Configure ENA Express settings for your launch template. + EnaSrdSpecification *EnaSrdSpecificationRequest `type:"structure"` + // The IDs of one or more security groups. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` @@ -136025,6 +143337,13 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // The ID of the network interface. NetworkInterfaceId *string `type:"string"` + // The primary IPv6 address of the network interface. When you enable an IPv6 + // GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary + // IPv6 address until the instance is terminated or the network interface is + // detached. For more information about primary IPv6 addresses, see RunInstances + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). + PrimaryIpv6 *bool `type:"boolean"` + // The primary private IPv4 address of the network interface. PrivateIpAddress *string `type:"string"` @@ -136068,6 +143387,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetAssociat return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecificationRequest) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.ConnectionTrackingSpecification = v + return s +} + // SetDeleteOnTermination sets the DeleteOnTermination field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetDeleteOnTermination(v bool) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.DeleteOnTermination = &v @@ -136086,6 +143411,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetDeviceIn return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetEnaSrdSpecification(v *EnaSrdSpecificationRequest) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.EnaSrdSpecification = v + return s +} + // SetGroups sets the Groups field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetGroups(v []*string) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.Groups = v @@ -136146,6 +143477,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetNetworkI return s } +// SetPrimaryIpv6 sets the PrimaryIpv6 field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetPrimaryIpv6(v bool) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.PrimaryIpv6 = &v + return s +} + // SetPrivateIpAddress sets the PrivateIpAddress field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetPrivateIpAddress(v string) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.PrivateIpAddress = &v @@ -136375,8 +143712,8 @@ type LaunchTemplatePlacement struct { // Reserved for future use. SpreadDomain *string `locationName:"spreadDomain" type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. Tenancy *string `locationName:"tenancy" type:"string" enum:"Tenancy"` } @@ -136484,8 +143821,8 @@ type LaunchTemplatePlacementRequest struct { // Reserved for future use. SpreadDomain *string `type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. Tenancy *string `type:"string" enum:"Tenancy"` } @@ -136943,9 +144280,12 @@ type LaunchTemplateTagSpecificationRequest struct { // The type of resource to tag. // - // The Valid Values are all the resource types that can be tagged. However, - // when creating a launch template, you can specify tags for the following resource - // types only: instance | volume | elastic-gpu | network-interface | spot-instances-request + // Valid Values lists all resource types for Amazon EC2 that can be tagged. + // When you create a launch template, you can specify tags for the following + // resource types only: instance | volume | elastic-gpu | network-interface + // | spot-instances-request. If the instance does not include the resource type + // that you specify, the instance launch fails. For example, not all instance + // types include an Elastic GPU. // // To tag a resource after it has been created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). ResourceType *string `type:"string" enum:"ResourceType"` @@ -138296,6 +145636,439 @@ func (s *LocalGatewayVirtualInterfaceGroup) SetTags(v []*Tag) *LocalGatewayVirtu return s } +type LockSnapshotInput struct { + _ struct{} `type:"structure"` + + // The cooling-off period during which you can unlock the snapshot or modify + // the lock settings after locking the snapshot in compliance mode, in hours. + // After the cooling-off period expires, you can't unlock or delete the snapshot, + // decrease the lock duration, or change the lock mode. You can increase the + // lock duration after the cooling-off period expires. + // + // The cooling-off period is optional when locking a snapshot in compliance + // mode. If you are locking the snapshot in governance mode, omit this parameter. + // + // To lock the snapshot in compliance mode immediately without a cooling-off + // period, omit this parameter. + // + // If you are extending the lock duration for a snapshot that is locked in compliance + // mode after the cooling-off period has expired, omit this parameter. If you + // specify a cooling-period in a such a request, the request fails. + // + // Allowed values: Min 1, max 72. + CoolOffPeriod *int64 `min:"1" type:"integer"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The date and time at which the snapshot lock is to automatically expire, + // in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + // + // You must specify either this parameter or LockDuration, but not both. + ExpirationDate *time.Time `type:"timestamp"` + + // The period of time for which to lock the snapshot, in days. The snapshot + // lock will automatically expire after this period lapses. + // + // You must specify either this parameter or ExpirationDate, but not both. + // + // Allowed values: Min: 1, max 36500 + LockDuration *int64 `min:"1" type:"integer"` + + // The mode in which to lock the snapshot. Specify one of the following: + // + // * governance - Locks the snapshot in governance mode. Snapshots locked + // in governance mode can't be deleted until one of the following conditions + // are met: The lock duration expires. The snapshot is unlocked by a user + // with the appropriate permissions. Users with the appropriate IAM permissions + // can unlock the snapshot, increase or decrease the lock duration, and change + // the lock mode to compliance at any time. If you lock a snapshot in governance + // mode, omit CoolOffPeriod. + // + // * compliance - Locks the snapshot in compliance mode. Snapshots locked + // in compliance mode can't be unlocked by any user. They can be deleted + // only after the lock duration expires. Users can't decrease the lock duration + // or change the lock mode to governance. However, users with appropriate + // IAM permissions can increase the lock duration at any time. If you lock + // a snapshot in compliance mode, you can optionally specify CoolOffPeriod. + // + // LockMode is a required field + LockMode *string `type:"string" required:"true" enum:"LockMode"` + + // The ID of the snapshot to lock. + // + // SnapshotId is a required field + SnapshotId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockSnapshotInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockSnapshotInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *LockSnapshotInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "LockSnapshotInput"} + if s.CoolOffPeriod != nil && *s.CoolOffPeriod < 1 { + invalidParams.Add(request.NewErrParamMinValue("CoolOffPeriod", 1)) + } + if s.LockDuration != nil && *s.LockDuration < 1 { + invalidParams.Add(request.NewErrParamMinValue("LockDuration", 1)) + } + if s.LockMode == nil { + invalidParams.Add(request.NewErrParamRequired("LockMode")) + } + if s.SnapshotId == nil { + invalidParams.Add(request.NewErrParamRequired("SnapshotId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCoolOffPeriod sets the CoolOffPeriod field's value. +func (s *LockSnapshotInput) SetCoolOffPeriod(v int64) *LockSnapshotInput { + s.CoolOffPeriod = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *LockSnapshotInput) SetDryRun(v bool) *LockSnapshotInput { + s.DryRun = &v + return s +} + +// SetExpirationDate sets the ExpirationDate field's value. +func (s *LockSnapshotInput) SetExpirationDate(v time.Time) *LockSnapshotInput { + s.ExpirationDate = &v + return s +} + +// SetLockDuration sets the LockDuration field's value. +func (s *LockSnapshotInput) SetLockDuration(v int64) *LockSnapshotInput { + s.LockDuration = &v + return s +} + +// SetLockMode sets the LockMode field's value. +func (s *LockSnapshotInput) SetLockMode(v string) *LockSnapshotInput { + s.LockMode = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *LockSnapshotInput) SetSnapshotId(v string) *LockSnapshotInput { + s.SnapshotId = &v + return s +} + +type LockSnapshotOutput struct { + _ struct{} `type:"structure"` + + // The compliance mode cooling-off period, in hours. + CoolOffPeriod *int64 `locationName:"coolOffPeriod" type:"integer"` + + // The date and time at which the compliance mode cooling-off period expires, + // in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + CoolOffPeriodExpiresOn *time.Time `locationName:"coolOffPeriodExpiresOn" type:"timestamp"` + + // The date and time at which the snapshot was locked, in the UTC time zone + // (YYYY-MM-DDThh:mm:ss.sssZ). + LockCreatedOn *time.Time `locationName:"lockCreatedOn" type:"timestamp"` + + // The period of time for which the snapshot is locked, in days. + LockDuration *int64 `locationName:"lockDuration" type:"integer"` + + // The date and time at which the lock duration started, in the UTC time zone + // (YYYY-MM-DDThh:mm:ss.sssZ). + LockDurationStartTime *time.Time `locationName:"lockDurationStartTime" type:"timestamp"` + + // The date and time at which the lock will expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + LockExpiresOn *time.Time `locationName:"lockExpiresOn" type:"timestamp"` + + // The state of the snapshot lock. Valid states include: + // + // * compliance-cooloff - The snapshot has been locked in compliance mode + // but it is still within the cooling-off period. The snapshot can't be deleted, + // but it can be unlocked and the lock settings can be modified by users + // with appropriate permissions. + // + // * governance - The snapshot is locked in governance mode. The snapshot + // can't be deleted, but it can be unlocked and the lock settings can be + // modified by users with appropriate permissions. + // + // * compliance - The snapshot is locked in compliance mode and the cooling-off + // period has expired. The snapshot can't be unlocked or deleted. The lock + // duration can only be increased by users with appropriate permissions. + // + // * expired - The snapshot was locked in compliance or governance mode but + // the lock duration has expired. The snapshot is not locked and can be deleted. + LockState *string `locationName:"lockState" type:"string" enum:"LockState"` + + // The ID of the snapshot + SnapshotId *string `locationName:"snapshotId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockSnapshotOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockSnapshotOutput) GoString() string { + return s.String() +} + +// SetCoolOffPeriod sets the CoolOffPeriod field's value. +func (s *LockSnapshotOutput) SetCoolOffPeriod(v int64) *LockSnapshotOutput { + s.CoolOffPeriod = &v + return s +} + +// SetCoolOffPeriodExpiresOn sets the CoolOffPeriodExpiresOn field's value. +func (s *LockSnapshotOutput) SetCoolOffPeriodExpiresOn(v time.Time) *LockSnapshotOutput { + s.CoolOffPeriodExpiresOn = &v + return s +} + +// SetLockCreatedOn sets the LockCreatedOn field's value. +func (s *LockSnapshotOutput) SetLockCreatedOn(v time.Time) *LockSnapshotOutput { + s.LockCreatedOn = &v + return s +} + +// SetLockDuration sets the LockDuration field's value. +func (s *LockSnapshotOutput) SetLockDuration(v int64) *LockSnapshotOutput { + s.LockDuration = &v + return s +} + +// SetLockDurationStartTime sets the LockDurationStartTime field's value. +func (s *LockSnapshotOutput) SetLockDurationStartTime(v time.Time) *LockSnapshotOutput { + s.LockDurationStartTime = &v + return s +} + +// SetLockExpiresOn sets the LockExpiresOn field's value. +func (s *LockSnapshotOutput) SetLockExpiresOn(v time.Time) *LockSnapshotOutput { + s.LockExpiresOn = &v + return s +} + +// SetLockState sets the LockState field's value. +func (s *LockSnapshotOutput) SetLockState(v string) *LockSnapshotOutput { + s.LockState = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *LockSnapshotOutput) SetSnapshotId(v string) *LockSnapshotOutput { + s.SnapshotId = &v + return s +} + +// Information about a locked snapshot. +type LockedSnapshotsInfo struct { + _ struct{} `type:"structure"` + + // The compliance mode cooling-off period, in hours. + CoolOffPeriod *int64 `locationName:"coolOffPeriod" type:"integer"` + + // The date and time at which the compliance mode cooling-off period expires, + // in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + CoolOffPeriodExpiresOn *time.Time `locationName:"coolOffPeriodExpiresOn" type:"timestamp"` + + // The date and time at which the snapshot was locked, in the UTC time zone + // (YYYY-MM-DDThh:mm:ss.sssZ). + LockCreatedOn *time.Time `locationName:"lockCreatedOn" type:"timestamp"` + + // The period of time for which the snapshot is locked, in days. + LockDuration *int64 `locationName:"lockDuration" type:"integer"` + + // The date and time at which the lock duration started, in the UTC time zone + // (YYYY-MM-DDThh:mm:ss.sssZ). + // + // If you lock a snapshot that is in the pending state, the lock duration starts + // only once the snapshot enters the completed state. + LockDurationStartTime *time.Time `locationName:"lockDurationStartTime" type:"timestamp"` + + // The date and time at which the lock will expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + LockExpiresOn *time.Time `locationName:"lockExpiresOn" type:"timestamp"` + + // The state of the snapshot lock. Valid states include: + // + // * compliance-cooloff - The snapshot has been locked in compliance mode + // but it is still within the cooling-off period. The snapshot can't be deleted, + // but it can be unlocked and the lock settings can be modified by users + // with appropriate permissions. + // + // * governance - The snapshot is locked in governance mode. The snapshot + // can't be deleted, but it can be unlocked and the lock settings can be + // modified by users with appropriate permissions. + // + // * compliance - The snapshot is locked in compliance mode and the cooling-off + // period has expired. The snapshot can't be unlocked or deleted. The lock + // duration can only be increased by users with appropriate permissions. + // + // * expired - The snapshot was locked in compliance or governance mode but + // the lock duration has expired. The snapshot is not locked and can be deleted. + LockState *string `locationName:"lockState" type:"string" enum:"LockState"` + + // The account ID of the Amazon Web Services account that owns the snapshot. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockedSnapshotsInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockedSnapshotsInfo) GoString() string { + return s.String() +} + +// SetCoolOffPeriod sets the CoolOffPeriod field's value. +func (s *LockedSnapshotsInfo) SetCoolOffPeriod(v int64) *LockedSnapshotsInfo { + s.CoolOffPeriod = &v + return s +} + +// SetCoolOffPeriodExpiresOn sets the CoolOffPeriodExpiresOn field's value. +func (s *LockedSnapshotsInfo) SetCoolOffPeriodExpiresOn(v time.Time) *LockedSnapshotsInfo { + s.CoolOffPeriodExpiresOn = &v + return s +} + +// SetLockCreatedOn sets the LockCreatedOn field's value. +func (s *LockedSnapshotsInfo) SetLockCreatedOn(v time.Time) *LockedSnapshotsInfo { + s.LockCreatedOn = &v + return s +} + +// SetLockDuration sets the LockDuration field's value. +func (s *LockedSnapshotsInfo) SetLockDuration(v int64) *LockedSnapshotsInfo { + s.LockDuration = &v + return s +} + +// SetLockDurationStartTime sets the LockDurationStartTime field's value. +func (s *LockedSnapshotsInfo) SetLockDurationStartTime(v time.Time) *LockedSnapshotsInfo { + s.LockDurationStartTime = &v + return s +} + +// SetLockExpiresOn sets the LockExpiresOn field's value. +func (s *LockedSnapshotsInfo) SetLockExpiresOn(v time.Time) *LockedSnapshotsInfo { + s.LockExpiresOn = &v + return s +} + +// SetLockState sets the LockState field's value. +func (s *LockedSnapshotsInfo) SetLockState(v string) *LockedSnapshotsInfo { + s.LockState = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *LockedSnapshotsInfo) SetOwnerId(v string) *LockedSnapshotsInfo { + s.OwnerId = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *LockedSnapshotsInfo) SetSnapshotId(v string) *LockedSnapshotsInfo { + s.SnapshotId = &v + return s +} + +// Details for Site-to-Site VPN tunnel endpoint maintenance events. +type MaintenanceDetails struct { + _ struct{} `type:"structure"` + + // Timestamp of last applied maintenance. + LastMaintenanceApplied *time.Time `locationName:"lastMaintenanceApplied" type:"timestamp"` + + // The timestamp after which Amazon Web Services will automatically apply maintenance. + MaintenanceAutoAppliedAfter *time.Time `locationName:"maintenanceAutoAppliedAfter" type:"timestamp"` + + // Verify existence of a pending maintenance. + PendingMaintenance *string `locationName:"pendingMaintenance" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MaintenanceDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MaintenanceDetails) GoString() string { + return s.String() +} + +// SetLastMaintenanceApplied sets the LastMaintenanceApplied field's value. +func (s *MaintenanceDetails) SetLastMaintenanceApplied(v time.Time) *MaintenanceDetails { + s.LastMaintenanceApplied = &v + return s +} + +// SetMaintenanceAutoAppliedAfter sets the MaintenanceAutoAppliedAfter field's value. +func (s *MaintenanceDetails) SetMaintenanceAutoAppliedAfter(v time.Time) *MaintenanceDetails { + s.MaintenanceAutoAppliedAfter = &v + return s +} + +// SetPendingMaintenance sets the PendingMaintenance field's value. +func (s *MaintenanceDetails) SetPendingMaintenance(v string) *MaintenanceDetails { + s.PendingMaintenance = &v + return s +} + // Describes a managed prefix list. type ManagedPrefixList struct { _ struct{} `type:"structure"` @@ -140520,10 +148293,9 @@ type ModifyInstanceAttributeInput struct { // a PV instance can make it unreachable. EnaSupport *AttributeBooleanValue `locationName:"enaSupport" type:"structure"` - // [EC2-VPC] Replaces the security groups of the instance with the specified - // security groups. You must specify at least one security group, even if it's - // just the default security group for the VPC. You must specify the security - // group ID, not the security group name. + // Replaces the security groups of the instance with the specified security + // groups. You must specify the ID of at least one security group, even if it's + // just the default security group for the VPC. Groups []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` // The ID of the instance. @@ -141335,7 +149107,7 @@ type ModifyInstanceMetadataOptionsInput struct { HttpEndpoint *string `type:"string" enum:"InstanceMetadataEndpointState"` // Enables or disables the IPv6 endpoint for the instance metadata service. - // This setting applies only if you have enabled the HTTP metadata endpoint. + // Applies only if you enabled the HTTP metadata endpoint. HttpProtocolIpv6 *string `type:"string" enum:"InstanceMetadataProtocolState"` // The desired HTTP PUT response hop limit for instance metadata requests. The @@ -141511,7 +149283,8 @@ type ModifyInstancePlacementInput struct { // The ID of the Dedicated Host with which to associate the instance. HostId *string `locationName:"hostId" type:"string"` - // The ARN of the host resource group in which to place the instance. + // The ARN of the host resource group in which to place the instance. The instance + // must have a tenancy of host to specify this parameter. HostResourceGroupArn *string `type:"string"` // The ID of the instance that you are modifying. @@ -141525,9 +149298,10 @@ type ModifyInstancePlacementInput struct { // The tenancy for the instance. // - // For T3 instances, you can't change the tenancy from dedicated to host, or - // from host to dedicated. Attempting to make one of these unsupported tenancy - // changes results in the InvalidTenancy error code. + // For T3 instances, you must launch the instance on a Dedicated Host to use + // a tenancy of host. You can't change the tenancy from host to dedicated or + // default. Attempting to make one of these unsupported tenancy changes results + // in an InvalidRequest error code. Tenancy *string `locationName:"tenancy" type:"string" enum:"HostTenancy"` } @@ -141669,6 +149443,11 @@ type ModifyIpamInput struct { // The operating Regions to remove. RemoveOperatingRegions []*RemoveIpamOperatingRegion `locationName:"RemoveOperatingRegion" type:"list"` + + // IPAM is offered in a Free Tier and an Advanced Tier. For more information + // about the features available in each tier and the costs associated with the + // tiers, see Amazon VPC pricing > IPAM tab (http://aws.amazon.com/vpc/pricing/). + Tier *string `type:"string" enum:"IpamTier"` } // String returns the string representation. @@ -141732,6 +149511,12 @@ func (s *ModifyIpamInput) SetRemoveOperatingRegions(v []*RemoveIpamOperatingRegi return s } +// SetTier sets the Tier field's value. +func (s *ModifyIpamInput) SetTier(v string) *ModifyIpamInput { + s.Tier = &v + return s +} + type ModifyIpamOutput struct { _ struct{} `type:"structure"` @@ -142736,6 +150521,9 @@ type ModifyNetworkInterfaceAttributeInput struct { // attribute, you must specify the ID of the interface attachment. Attachment *NetworkInterfaceAttachmentChanges `locationName:"attachment" type:"structure"` + // A connection tracking specification. + ConnectionTrackingSpecification *ConnectionTrackingSpecificationRequest `type:"structure"` + // A description for the network interface. Description *AttributeValue `locationName:"description" type:"structure"` @@ -142749,6 +150537,21 @@ type ModifyNetworkInterfaceAttributeInput struct { // attached to the instance. EnaSrdSpecification *EnaSrdSpecification `type:"structure"` + // If you’re modifying a network interface in a dual-stack or IPv6-only subnet, + // you have the option to assign a primary IPv6 IP address. A primary IPv6 address + // is an IPv6 GUA address associated with an ENI that you have enabled to use + // a primary IPv6 address. Use this option if the instance that this ENI will + // be attached to relies on its IPv6 address not changing. Amazon Web Services + // will automatically assign an IPv6 address associated with the ENI attached + // to your instance to be the primary IPv6 address. Once you enable an IPv6 + // GUA address to be a primary IPv6, you cannot disable it. When you enable + // an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made + // the primary IPv6 address until the instance is terminated or the network + // interface is detached. If you have multiple IPv6 addresses associated with + // an ENI attached to your instance and you enable a primary IPv6 address, the + // first IPv6 GUA address associated with the ENI becomes the primary IPv6 address. + EnablePrimaryIpv6 *bool `type:"boolean"` + // Changes the security groups for the network interface. The new set of groups // you specify replaces the current set. You must specify at least one group, // even if it's just the default security group in the VPC. You must specify @@ -142806,6 +150609,12 @@ func (s *ModifyNetworkInterfaceAttributeInput) SetAttachment(v *NetworkInterface return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *ModifyNetworkInterfaceAttributeInput) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecificationRequest) *ModifyNetworkInterfaceAttributeInput { + s.ConnectionTrackingSpecification = v + return s +} + // SetDescription sets the Description field's value. func (s *ModifyNetworkInterfaceAttributeInput) SetDescription(v *AttributeValue) *ModifyNetworkInterfaceAttributeInput { s.Description = v @@ -142824,6 +150633,12 @@ func (s *ModifyNetworkInterfaceAttributeInput) SetEnaSrdSpecification(v *EnaSrdS return s } +// SetEnablePrimaryIpv6 sets the EnablePrimaryIpv6 field's value. +func (s *ModifyNetworkInterfaceAttributeInput) SetEnablePrimaryIpv6(v bool) *ModifyNetworkInterfaceAttributeInput { + s.EnablePrimaryIpv6 = &v + return s +} + // SetGroups sets the Groups field's value. func (s *ModifyNetworkInterfaceAttributeInput) SetGroups(v []*string) *ModifyNetworkInterfaceAttributeInput { s.Groups = v @@ -144068,6 +151883,10 @@ type ModifyTrafficMirrorSessionInput struct { // For example, if you set this value to 100, then the first 100 bytes that // meet the filter criteria are copied to the target. Do not specify this parameter // when you want to mirror the entire packet. + // + // For sessions with Network Load Balancer (NLB) traffic mirror targets, the + // default PacketLength will be set to 8500. Valid values are 1-8500. Setting + // a PacketLength greater than 8500 will result in an error response. PacketLength *int64 `type:"integer"` // The properties that you want to remove from the Traffic Mirror session. @@ -144331,6 +152150,20 @@ type ModifyTransitGatewayOptions struct { // Removes CIDR blocks for the transit gateway. RemoveTransitGatewayCidrBlocks []*string `locationNameList:"item" type:"list"` + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // For important information about this feature, see Create a transit gateway + // (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `type:"string" enum:"SecurityGroupReferencingSupportValue"` + // Enable or disable Equal Cost Multipath Protocol support. VpnEcmpSupport *string `type:"string" enum:"VpnEcmpSupportValue"` } @@ -144407,6 +152240,12 @@ func (s *ModifyTransitGatewayOptions) SetRemoveTransitGatewayCidrBlocks(v []*str return s } +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *ModifyTransitGatewayOptions) SetSecurityGroupReferencingSupport(v string) *ModifyTransitGatewayOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // SetVpnEcmpSupport sets the VpnEcmpSupport field's value. func (s *ModifyTransitGatewayOptions) SetVpnEcmpSupport(v string) *ModifyTransitGatewayOptions { s.VpnEcmpSupport = &v @@ -144696,6 +152535,20 @@ type ModifyTransitGatewayVpcAttachmentRequestOptions struct { // Enable or disable IPv6 support. The default is enable. Ipv6Support *string `type:"string" enum:"Ipv6SupportValue"` + + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // For important information about this feature, see Create a transit gateway + // attachment to a VPC (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `type:"string" enum:"SecurityGroupReferencingSupportValue"` } // String returns the string representation. @@ -144734,7 +152587,14 @@ func (s *ModifyTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } -// Options for a network-interface type Verified Access endpoint. +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *ModifyTransitGatewayVpcAttachmentRequestOptions) SetSecurityGroupReferencingSupport(v string) *ModifyTransitGatewayVpcAttachmentRequestOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + +// Describes the options when modifying a Verified Access endpoint with the +// network-interface type. type ModifyVerifiedAccessEndpointEniOptions struct { _ struct{} `type:"structure"` @@ -144796,7 +152656,7 @@ type ModifyVerifiedAccessEndpointInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access endpoint. + // A description for the Verified Access endpoint. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -144805,19 +152665,18 @@ type ModifyVerifiedAccessEndpointInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The load balancer details if creating the Amazon Web Services Verified Access - // endpoint as load-balancertype. + // The load balancer details if creating the Verified Access endpoint as load-balancertype. LoadBalancerOptions *ModifyVerifiedAccessEndpointLoadBalancerOptions `type:"structure"` // The network interface options. NetworkInterfaceOptions *ModifyVerifiedAccessEndpointEniOptions `type:"structure"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. // // VerifiedAccessEndpointId is a required field VerifiedAccessEndpointId *string `type:"string" required:"true"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. VerifiedAccessGroupId *string `type:"string"` } @@ -144971,7 +152830,7 @@ func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*stri type ModifyVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access endpoint details. + // Details about the Verified Access endpoint. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -145013,15 +152872,16 @@ type ModifyVerifiedAccessEndpointPolicyInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `type:"string"` // The status of the Verified Access policy. - // - // PolicyEnabled is a required field - PolicyEnabled *bool `type:"boolean" required:"true"` + PolicyEnabled *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + + // The ID of the Verified Access endpoint. // // VerifiedAccessEndpointId is a required field VerifiedAccessEndpointId *string `type:"string" required:"true"` @@ -145048,9 +152908,6 @@ func (s ModifyVerifiedAccessEndpointPolicyInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ModifyVerifiedAccessEndpointPolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointPolicyInput"} - if s.PolicyEnabled == nil { - invalidParams.Add(request.NewErrParamRequired("PolicyEnabled")) - } if s.VerifiedAccessEndpointId == nil { invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) } @@ -145085,6 +152942,12 @@ func (s *ModifyVerifiedAccessEndpointPolicyInput) SetPolicyEnabled(v bool) *Modi return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *ModifyVerifiedAccessEndpointPolicyInput { + s.SseSpecification = v + return s +} + // SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. func (s *ModifyVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v string) *ModifyVerifiedAccessEndpointPolicyInput { s.VerifiedAccessEndpointId = &v @@ -145094,11 +152957,14 @@ func (s *ModifyVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v type ModifyVerifiedAccessEndpointPolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `locationName:"policyDocument" type:"string"` // The status of the Verified Access policy. PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` + + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` } // String returns the string representation. @@ -145131,6 +152997,12 @@ func (s *ModifyVerifiedAccessEndpointPolicyOutput) SetPolicyEnabled(v bool) *Mod return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessEndpointPolicyOutput) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *ModifyVerifiedAccessEndpointPolicyOutput { + s.SseSpecification = v + return s +} + type ModifyVerifiedAccessGroupInput struct { _ struct{} `type:"structure"` @@ -145139,7 +153011,7 @@ type ModifyVerifiedAccessGroupInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access group. + // A description for the Verified Access group. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -145148,12 +153020,12 @@ type ModifyVerifiedAccessGroupInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. // // VerifiedAccessGroupId is a required field VerifiedAccessGroupId *string `type:"string" required:"true"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstanceId *string `type:"string"` } @@ -145221,7 +153093,7 @@ func (s *ModifyVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) * type ModifyVerifiedAccessGroupOutput struct { _ struct{} `type:"structure"` - // Details of Amazon Web Services Verified Access group. + // Details about the Verified Access group. VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` } @@ -145263,15 +153135,16 @@ type ModifyVerifiedAccessGroupPolicyInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `type:"string"` // The status of the Verified Access policy. - // - // PolicyEnabled is a required field - PolicyEnabled *bool `type:"boolean" required:"true"` + PolicyEnabled *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access group. + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + + // The ID of the Verified Access group. // // VerifiedAccessGroupId is a required field VerifiedAccessGroupId *string `type:"string" required:"true"` @@ -145298,9 +153171,6 @@ func (s ModifyVerifiedAccessGroupPolicyInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ModifyVerifiedAccessGroupPolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessGroupPolicyInput"} - if s.PolicyEnabled == nil { - invalidParams.Add(request.NewErrParamRequired("PolicyEnabled")) - } if s.VerifiedAccessGroupId == nil { invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) } @@ -145335,6 +153205,12 @@ func (s *ModifyVerifiedAccessGroupPolicyInput) SetPolicyEnabled(v bool) *ModifyV return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *ModifyVerifiedAccessGroupPolicyInput { + s.SseSpecification = v + return s +} + // SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. func (s *ModifyVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string) *ModifyVerifiedAccessGroupPolicyInput { s.VerifiedAccessGroupId = &v @@ -145344,11 +153220,14 @@ func (s *ModifyVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string type ModifyVerifiedAccessGroupPolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `locationName:"policyDocument" type:"string"` // The status of the Verified Access policy. PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` + + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` } // String returns the string representation. @@ -145381,6 +153260,12 @@ func (s *ModifyVerifiedAccessGroupPolicyOutput) SetPolicyEnabled(v bool) *Modify return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessGroupPolicyOutput) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *ModifyVerifiedAccessGroupPolicyOutput { + s.SseSpecification = v + return s +} + type ModifyVerifiedAccessInstanceInput struct { _ struct{} `type:"structure"` @@ -145389,7 +153274,7 @@ type ModifyVerifiedAccessInstanceInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access instance. + // A description for the Verified Access instance. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -145398,7 +153283,7 @@ type ModifyVerifiedAccessInstanceInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` @@ -145462,7 +153347,7 @@ func (s *ModifyVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string type ModifyVerifiedAccessInstanceLoggingConfigurationInput struct { _ struct{} `type:"structure"` - // The configuration options for Amazon Web Services Verified Access instances. + // The configuration options for Verified Access instances. // // AccessLogs is a required field AccessLogs *VerifiedAccessLogOptions `type:"structure" required:"true"` @@ -145478,7 +153363,7 @@ type ModifyVerifiedAccessInstanceLoggingConfigurationInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` @@ -145550,7 +153435,7 @@ func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetVerifiedAcces type ModifyVerifiedAccessInstanceLoggingConfigurationOutput struct { _ struct{} `type:"structure"` - // The logging configuration for Amazon Web Services Verified Access instance. + // The logging configuration for the Verified Access instance. LoggingConfiguration *VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfiguration" type:"structure"` } @@ -145581,7 +153466,7 @@ func (s *ModifyVerifiedAccessInstanceLoggingConfigurationOutput) SetLoggingConfi type ModifyVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -145609,6 +153494,40 @@ func (s *ModifyVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *Verifi return s } +// Modifies the configuration of the specified device-based Amazon Web Services +// Verified Access trust provider. +type ModifyVerifiedAccessTrustProviderDeviceOptions struct { + _ struct{} `type:"structure"` + + // The URL Amazon Web Services Verified Access will use to verify the authenticity + // of the device tokens. + PublicSigningKeyUrl *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderDeviceOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderDeviceOptions) GoString() string { + return s.String() +} + +// SetPublicSigningKeyUrl sets the PublicSigningKeyUrl field's value. +func (s *ModifyVerifiedAccessTrustProviderDeviceOptions) SetPublicSigningKeyUrl(v string) *ModifyVerifiedAccessTrustProviderDeviceOptions { + s.PublicSigningKeyUrl = &v + return s +} + type ModifyVerifiedAccessTrustProviderInput struct { _ struct{} `type:"structure"` @@ -145617,19 +153536,26 @@ type ModifyVerifiedAccessTrustProviderInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access trust provider. + // A description for the Verified Access trust provider. Description *string `type:"string"` + // The options for a device-based trust provider. This parameter is required + // when the provider type is device. + DeviceOptions *ModifyVerifiedAccessTrustProviderDeviceOptions `type:"structure"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The OpenID Connect details for an oidc-type, user-identity based trust provider. + // The options for an OpenID Connect-compatible user-identity trust provider. OidcOptions *ModifyVerifiedAccessTrustProviderOidcOptions `type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field VerifiedAccessTrustProviderId *string `type:"string" required:"true"` @@ -145678,6 +153604,12 @@ func (s *ModifyVerifiedAccessTrustProviderInput) SetDescription(v string) *Modif return s } +// SetDeviceOptions sets the DeviceOptions field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetDeviceOptions(v *ModifyVerifiedAccessTrustProviderDeviceOptions) *ModifyVerifiedAccessTrustProviderInput { + s.DeviceOptions = v + return s +} + // SetDryRun sets the DryRun field's value. func (s *ModifyVerifiedAccessTrustProviderInput) SetDryRun(v bool) *ModifyVerifiedAccessTrustProviderInput { s.DryRun = &v @@ -145690,20 +153622,48 @@ func (s *ModifyVerifiedAccessTrustProviderInput) SetOidcOptions(v *ModifyVerifie return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *ModifyVerifiedAccessTrustProviderInput { + s.SseSpecification = v + return s +} + // SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. func (s *ModifyVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *ModifyVerifiedAccessTrustProviderInput { s.VerifiedAccessTrustProviderId = &v return s } -// OpenID Connect options for an oidc-type, user-identity based trust provider. +// Options for an OpenID Connect-compatible user-identity trust provider. type ModifyVerifiedAccessTrustProviderOidcOptions struct { _ struct{} `type:"structure"` + // The OIDC authorization endpoint. + AuthorizationEndpoint *string `type:"string"` + + // The client identifier. + ClientId *string `type:"string"` + + // The client secret. + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ModifyVerifiedAccessTrustProviderOidcOptions's + // String and GoString methods. + ClientSecret *string `type:"string" sensitive:"true"` + + // The OIDC issuer. + Issuer *string `type:"string"` + // OpenID Connect (OIDC) scopes are used by an application during authentication // to authorize access to a user's details. Each scope returns a specific set // of user attributes. Scope *string `type:"string"` + + // The OIDC token endpoint. + TokenEndpoint *string `type:"string"` + + // The OIDC user info endpoint. + UserInfoEndpoint *string `type:"string"` } // String returns the string representation. @@ -145724,16 +153684,52 @@ func (s ModifyVerifiedAccessTrustProviderOidcOptions) GoString() string { return s.String() } +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetAuthorizationEndpoint(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetClientId(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetClientSecret(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.ClientSecret = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetIssuer(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.Issuer = &v + return s +} + // SetScope sets the Scope field's value. func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetScope(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { s.Scope = &v return s } +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetTokenEndpoint(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.TokenEndpoint = &v + return s +} + +// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetUserInfoEndpoint(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.UserInfoEndpoint = &v + return s +} + type ModifyVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -145864,11 +153860,15 @@ type ModifyVolumeInput struct { // // The following are the supported values for each volume type: // - // * gp3: 3,000-16,000 IOPS + // * gp3: 3,000 - 16,000 IOPS // - // * io1: 100-64,000 IOPS + // * io1: 100 - 64,000 IOPS // - // * io2: 100-64,000 IOPS + // * io2: 100 - 256,000 IOPS + // + // For io2 volumes, you can achieve up to 256,000 IOPS on instances built on + // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // On other instances, you can achieve performance up to 32,000 IOPS. // // Default: The existing value is retained if you keep the same volume type. // If you change the volume type to io1, io2, or gp3, the default is 3,000. @@ -145886,13 +153886,15 @@ type ModifyVolumeInput struct { // // The following are the supported volumes sizes for each volume type: // - // * gp2 and gp3: 1-16,384 + // * gp2 and gp3: 1 - 16,384 GiB // - // * io1 and io2: 4-16,384 + // * io1: 4 - 16,384 GiB // - // * st1 and sc1: 125-16,384 + // * io2: 4 - 65,536 GiB // - // * standard: 1-1,024 + // * st1 and sc1: 125 - 16,384 GiB + // + // * standard: 1 - 1024 GiB // // Default: The existing size is retained. Size *int64 `type:"integer"` @@ -146245,7 +154247,7 @@ type ModifyVpcEndpointInput struct { AddRouteTableIds []*string `locationName:"AddRouteTableId" locationNameList:"item" type:"list"` // (Interface endpoint) The IDs of the security groups to associate with the - // network interface. + // endpoint network interfaces. AddSecurityGroupIds []*string `locationName:"AddSecurityGroupId" locationNameList:"item" type:"list"` // (Interface and Gateway Load Balancer endpoints) The IDs of the subnets in @@ -146277,7 +154279,7 @@ type ModifyVpcEndpointInput struct { RemoveRouteTableIds []*string `locationName:"RemoveRouteTableId" locationNameList:"item" type:"list"` // (Interface endpoint) The IDs of the security groups to disassociate from - // the network interface. + // the endpoint network interfaces. RemoveSecurityGroupIds []*string `locationName:"RemoveSecurityGroupId" locationNameList:"item" type:"list"` // (Interface endpoint) The IDs of the subnets from which to remove the endpoint. @@ -146287,6 +154289,9 @@ type ModifyVpcEndpointInput struct { // policy. The default policy allows full access to the service. ResetPolicy *bool `type:"boolean"` + // The subnet configurations for the endpoint. + SubnetConfigurations []*SubnetConfiguration `locationName:"SubnetConfiguration" locationNameList:"item" type:"list"` + // The ID of the endpoint. // // VpcEndpointId is a required field @@ -146396,6 +154401,12 @@ func (s *ModifyVpcEndpointInput) SetResetPolicy(v bool) *ModifyVpcEndpointInput return s } +// SetSubnetConfigurations sets the SubnetConfigurations field's value. +func (s *ModifyVpcEndpointInput) SetSubnetConfigurations(v []*SubnetConfiguration) *ModifyVpcEndpointInput { + s.SubnetConfigurations = v + return s +} + // SetVpcEndpointId sets the VpcEndpointId field's value. func (s *ModifyVpcEndpointInput) SetVpcEndpointId(v string) *ModifyVpcEndpointInput { s.VpcEndpointId = &v @@ -147415,10 +155426,20 @@ type ModifyVpnTunnelOptionsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // Choose whether or not to trigger immediate tunnel replacement. This is only + // applicable when turning on or off EnableTunnelLifecycleControl. + // + // Valid values: True | False + SkipTunnelReplacement *bool `type:"boolean"` + // The tunnel options to modify. // + // TunnelOptions is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ModifyVpnTunnelOptionsInput's + // String and GoString methods. + // // TunnelOptions is a required field - TunnelOptions *ModifyVpnTunnelOptionsSpecification `type:"structure" required:"true"` + TunnelOptions *ModifyVpnTunnelOptionsSpecification `type:"structure" required:"true" sensitive:"true"` // The ID of the Amazon Web Services Site-to-Site VPN connection. // @@ -147474,6 +155495,12 @@ func (s *ModifyVpnTunnelOptionsInput) SetDryRun(v bool) *ModifyVpnTunnelOptionsI return s } +// SetSkipTunnelReplacement sets the SkipTunnelReplacement field's value. +func (s *ModifyVpnTunnelOptionsInput) SetSkipTunnelReplacement(v bool) *ModifyVpnTunnelOptionsInput { + s.SkipTunnelReplacement = &v + return s +} + // SetTunnelOptions sets the TunnelOptions field's value. func (s *ModifyVpnTunnelOptionsInput) SetTunnelOptions(v *ModifyVpnTunnelOptionsSpecification) *ModifyVpnTunnelOptionsInput { s.TunnelOptions = v @@ -147525,7 +155552,7 @@ func (s *ModifyVpnTunnelOptionsOutput) SetVpnConnection(v *VpnConnection) *Modif // The Amazon Web Services Site-to-Site VPN tunnel options to modify. type ModifyVpnTunnelOptionsSpecification struct { - _ struct{} `type:"structure"` + _ struct{} `type:"structure" sensitive:"true"` // The action to take after DPD timeout occurs. Specify restart to restart the // IKE initiation. Specify clear to end the IKE session. @@ -147535,13 +155562,18 @@ type ModifyVpnTunnelOptionsSpecification struct { // Default: clear DPDTimeoutAction *string `type:"string"` - // The number of seconds after which a DPD timeout occurs. + // The number of seconds after which a DPD timeout occurs. A DPD timeout of + // 40 seconds means that the VPN endpoint will consider the peer dead 30 seconds + // after the first failed keep-alive. // // Constraints: A value greater than or equal to 30. // - // Default: 30 + // Default: 40 DPDTimeoutSeconds *int64 `type:"integer"` + // Turn on or off tunnel endpoint lifecycle control feature. + EnableTunnelLifecycleControl *bool `type:"boolean"` + // The IKE versions that are permitted for the VPN tunnel. // // Valid values: ikev1 | ikev2 @@ -147607,7 +155639,11 @@ type ModifyVpnTunnelOptionsSpecification struct { // Constraints: Allowed characters are alphanumeric characters, periods (.), // and underscores (_). Must be between 8 and 64 characters in length and cannot // start with zero (0). - PreSharedKey *string `type:"string"` + // + // PreSharedKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ModifyVpnTunnelOptionsSpecification's + // String and GoString methods. + PreSharedKey *string `type:"string" sensitive:"true"` // The percentage of the rekey window (determined by RekeyMarginTimeSeconds) // during which the rekey time is randomly selected. @@ -147703,6 +155739,12 @@ func (s *ModifyVpnTunnelOptionsSpecification) SetDPDTimeoutSeconds(v int64) *Mod return s } +// SetEnableTunnelLifecycleControl sets the EnableTunnelLifecycleControl field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetEnableTunnelLifecycleControl(v bool) *ModifyVpnTunnelOptionsSpecification { + s.EnableTunnelLifecycleControl = &v + return s +} + // SetIKEVersions sets the IKEVersions field's value. func (s *ModifyVpnTunnelOptionsSpecification) SetIKEVersions(v []*IKEVersionsRequestListValue) *ModifyVpnTunnelOptionsSpecification { s.IKEVersions = v @@ -148142,16 +156184,13 @@ func (s *MoveByoipCidrToIpamOutput) SetByoipCidr(v *ByoipCidr) *MoveByoipCidrToI return s } -// Describes the status of a moving Elastic IP address. +// This action is deprecated. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Describes the status of a moving Elastic IP address. type MovingAddressStatus struct { _ struct{} `type:"structure"` - // The status of the Elastic IP address that's being moved to the EC2-VPC platform, - // or restored to the EC2-Classic platform. + // The status of the Elastic IP address that's being moved or restored. MoveStatus *string `locationName:"moveStatus" type:"string" enum:"MoveStatus"` // The Elastic IP address. @@ -148464,7 +156503,7 @@ type NetworkAcl struct { // Any associations between the network ACL and one or more subnets Associations []*NetworkAclAssociation `locationName:"associationSet" locationNameList:"item" type:"list"` - // One or more entries (rules) in the network ACL. + // The entries (rules) in the network ACL. Entries []*NetworkAclEntry `locationName:"entrySet" locationNameList:"item" type:"list"` // Indicates whether this is the default network ACL for the VPC. @@ -148796,6 +156835,9 @@ func (s *NetworkBandwidthGbpsRequest) SetMin(v float64) *NetworkBandwidthGbpsReq type NetworkCardInfo struct { _ struct{} `type:"structure"` + // The baseline network performance of the network card, in Gbps. + BaselineBandwidthInGbps *float64 `locationName:"baselineBandwidthInGbps" type:"double"` + // The maximum number of network interfaces for the network card. MaximumNetworkInterfaces *int64 `locationName:"maximumNetworkInterfaces" type:"integer"` @@ -148804,6 +156846,9 @@ type NetworkCardInfo struct { // The network performance of the network card. NetworkPerformance *string `locationName:"networkPerformance" type:"string"` + + // The peak (burst) network performance of the network card, in Gbps. + PeakBandwidthInGbps *float64 `locationName:"peakBandwidthInGbps" type:"double"` } // String returns the string representation. @@ -148824,6 +156869,12 @@ func (s NetworkCardInfo) GoString() string { return s.String() } +// SetBaselineBandwidthInGbps sets the BaselineBandwidthInGbps field's value. +func (s *NetworkCardInfo) SetBaselineBandwidthInGbps(v float64) *NetworkCardInfo { + s.BaselineBandwidthInGbps = &v + return s +} + // SetMaximumNetworkInterfaces sets the MaximumNetworkInterfaces field's value. func (s *NetworkCardInfo) SetMaximumNetworkInterfaces(v int64) *NetworkCardInfo { s.MaximumNetworkInterfaces = &v @@ -148842,6 +156893,12 @@ func (s *NetworkCardInfo) SetNetworkPerformance(v string) *NetworkCardInfo { return s } +// SetPeakBandwidthInGbps sets the PeakBandwidthInGbps field's value. +func (s *NetworkCardInfo) SetPeakBandwidthInGbps(v float64) *NetworkCardInfo { + s.PeakBandwidthInGbps = &v + return s +} + // Describes the networking features of the instance type. type NetworkInfo struct { _ struct{} `type:"structure"` @@ -149241,8 +157298,7 @@ type NetworkInsightsAnalysis struct { // codes (https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html). Explanations []*Explanation `locationName:"explanationSet" locationNameList:"item" type:"list"` - // The Amazon Resource Names (ARN) of the Amazon Web Services resources that - // the path must traverse. + // The Amazon Resource Names (ARN) of the resources that the path must traverse. FilterInArns []*string `locationName:"filterInArnSet" locationNameList:"item" type:"list"` // The components in the path from source to destination. @@ -149403,19 +157459,24 @@ type NetworkInsightsPath struct { // The time stamp when the path was created. CreatedDate *time.Time `locationName:"createdDate" type:"timestamp"` - // The Amazon Web Services resource that is the destination of the path. + // The ID of the destination. Destination *string `locationName:"destination" type:"string"` // The Amazon Resource Name (ARN) of the destination. DestinationArn *string `locationName:"destinationArn" min:"1" type:"string"` - // The IP address of the Amazon Web Services resource that is the destination - // of the path. + // The IP address of the destination. DestinationIp *string `locationName:"destinationIp" type:"string"` // The destination port. DestinationPort *int64 `locationName:"destinationPort" type:"integer"` + // Scopes the analysis to network paths that match specific filters at the destination. + FilterAtDestination *PathFilter `locationName:"filterAtDestination" type:"structure"` + + // Scopes the analysis to network paths that match specific filters at the source. + FilterAtSource *PathFilter `locationName:"filterAtSource" type:"structure"` + // The Amazon Resource Name (ARN) of the path. NetworkInsightsPathArn *string `locationName:"networkInsightsPathArn" min:"1" type:"string"` @@ -149425,14 +157486,13 @@ type NetworkInsightsPath struct { // The protocol. Protocol *string `locationName:"protocol" type:"string" enum:"Protocol"` - // The Amazon Web Services resource that is the source of the path. + // The ID of the source. Source *string `locationName:"source" type:"string"` // The Amazon Resource Name (ARN) of the source. SourceArn *string `locationName:"sourceArn" min:"1" type:"string"` - // The IP address of the Amazon Web Services resource that is the source of - // the path. + // The IP address of the source. SourceIp *string `locationName:"sourceIp" type:"string"` // The tags associated with the path. @@ -149487,6 +157547,18 @@ func (s *NetworkInsightsPath) SetDestinationPort(v int64) *NetworkInsightsPath { return s } +// SetFilterAtDestination sets the FilterAtDestination field's value. +func (s *NetworkInsightsPath) SetFilterAtDestination(v *PathFilter) *NetworkInsightsPath { + s.FilterAtDestination = v + return s +} + +// SetFilterAtSource sets the FilterAtSource field's value. +func (s *NetworkInsightsPath) SetFilterAtSource(v *PathFilter) *NetworkInsightsPath { + s.FilterAtSource = v + return s +} + // SetNetworkInsightsPathArn sets the NetworkInsightsPathArn field's value. func (s *NetworkInsightsPath) SetNetworkInsightsPathArn(v string) *NetworkInsightsPath { s.NetworkInsightsPathArn = &v @@ -149543,6 +157615,12 @@ type NetworkInterface struct { // The Availability Zone. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + // A security group connection tracking configuration that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingConfiguration *ConnectionTrackingConfiguration `locationName:"connectionTrackingConfiguration" type:"structure"` + // Indicates whether a network interface with an IPv6 address is unreachable // from the public internet. If the value is true, inbound traffic from the // internet is dropped and you cannot assign an elastic IP address to the network @@ -149654,6 +157732,12 @@ func (s *NetworkInterface) SetAvailabilityZone(v string) *NetworkInterface { return s } +// SetConnectionTrackingConfiguration sets the ConnectionTrackingConfiguration field's value. +func (s *NetworkInterface) SetConnectionTrackingConfiguration(v *ConnectionTrackingConfiguration) *NetworkInterface { + s.ConnectionTrackingConfiguration = v + return s +} + // SetDenyAllIgwTraffic sets the DenyAllIgwTraffic field's value. func (s *NetworkInterface) SetDenyAllIgwTraffic(v bool) *NetworkInterface { s.DenyAllIgwTraffic = &v @@ -150121,6 +158205,13 @@ type NetworkInterfaceIpv6Address struct { // The IPv6 address. Ipv6Address *string `locationName:"ipv6Address" type:"string"` + + // Determines if an IPv6 address associated with a network interface is the + // primary IPv6 address. When you enable an IPv6 GUA address to be a primary + // IPv6, the first IPv6 GUA will be made the primary IPv6 address until the + // instance is terminated or the network interface is detached. For more information, + // see ModifyNetworkInterfaceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyNetworkInterfaceAttribute.html). + IsPrimaryIpv6 *bool `locationName:"isPrimaryIpv6" type:"boolean"` } // String returns the string representation. @@ -150147,6 +158238,12 @@ func (s *NetworkInterfaceIpv6Address) SetIpv6Address(v string) *NetworkInterface return s } +// SetIsPrimaryIpv6 sets the IsPrimaryIpv6 field's value. +func (s *NetworkInterfaceIpv6Address) SetIsPrimaryIpv6(v bool) *NetworkInterfaceIpv6Address { + s.IsPrimaryIpv6 = &v + return s +} + // Describes a permission for a network interface. type NetworkInterfacePermission struct { _ struct{} `type:"structure"` @@ -150364,7 +158461,40 @@ func (s *NewDhcpConfiguration) SetValues(v []*string) *NewDhcpConfiguration { return s } -// Options for OIDC-based, user-identity type trust provider. +// Describes the supported NitroTPM versions for the instance type. +type NitroTpmInfo struct { + _ struct{} `type:"structure"` + + // Indicates the supported NitroTPM versions. + SupportedVersions []*string `locationName:"supportedVersions" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NitroTpmInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NitroTpmInfo) GoString() string { + return s.String() +} + +// SetSupportedVersions sets the SupportedVersions field's value. +func (s *NitroTpmInfo) SetSupportedVersions(v []*string) *NitroTpmInfo { + s.SupportedVersions = v + return s +} + +// Describes the options for an OpenID Connect-compatible user-identity trust +// provider. type OidcOptions struct { _ struct{} `type:"structure"` @@ -150375,7 +158505,11 @@ type OidcOptions struct { ClientId *string `locationName:"clientId" type:"string"` // The client secret. - ClientSecret *string `locationName:"clientSecret" type:"string"` + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by OidcOptions's + // String and GoString methods. + ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"` // The OIDC issuer. Issuer *string `locationName:"issuer" type:"string"` @@ -150474,6 +158608,14 @@ type OnDemandOptions struct { // The maximum amount per hour for On-Demand Instances that you're willing to // pay. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The maxTotalPrice does not account for surplus + // credits, and, if you use surplus credits, your final cost might be higher + // than what you specified for maxTotalPrice. For more information, see Surplus + // credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. MaxTotalPrice *string `locationName:"maxTotalPrice" type:"string"` // The minimum target capacity for On-Demand Instances in the fleet. If the @@ -150576,6 +158718,14 @@ type OnDemandOptionsRequest struct { // The maximum amount per hour for On-Demand Instances that you're willing to // pay. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The MaxTotalPrice does not account for surplus + // credits, and, if you use surplus credits, your final cost might be higher + // than what you specified for MaxTotalPrice. For more information, see Surplus + // credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. MaxTotalPrice *string `type:"string"` // The minimum target capacity for On-Demand Instances in the fleet. If the @@ -150851,6 +159001,12 @@ type PathComponent struct { // The explanation codes. Explanations []*Explanation `locationName:"explanationSet" locationNameList:"item" type:"list"` + // The Network Firewall stateful rule. + FirewallStatefulRule *FirewallStatefulRule `locationName:"firewallStatefulRule" type:"structure"` + + // The Network Firewall stateless rule. + FirewallStatelessRule *FirewallStatelessRule `locationName:"firewallStatelessRule" type:"structure"` + // The inbound header. InboundHeader *AnalysisPacketHeader `locationName:"inboundHeader" type:"structure"` @@ -150866,6 +159022,9 @@ type PathComponent struct { // The sequence number. SequenceNumber *int64 `locationName:"sequenceNumber" type:"integer"` + // The name of the VPC endpoint service. + ServiceName *string `locationName:"serviceName" type:"string"` + // The source VPC. SourceVpc *AnalysisComponent `locationName:"sourceVpc" type:"structure"` @@ -150942,6 +159101,18 @@ func (s *PathComponent) SetExplanations(v []*Explanation) *PathComponent { return s } +// SetFirewallStatefulRule sets the FirewallStatefulRule field's value. +func (s *PathComponent) SetFirewallStatefulRule(v *FirewallStatefulRule) *PathComponent { + s.FirewallStatefulRule = v + return s +} + +// SetFirewallStatelessRule sets the FirewallStatelessRule field's value. +func (s *PathComponent) SetFirewallStatelessRule(v *FirewallStatelessRule) *PathComponent { + s.FirewallStatelessRule = v + return s +} + // SetInboundHeader sets the InboundHeader field's value. func (s *PathComponent) SetInboundHeader(v *AnalysisPacketHeader) *PathComponent { s.InboundHeader = v @@ -150972,6 +159143,12 @@ func (s *PathComponent) SetSequenceNumber(v int64) *PathComponent { return s } +// SetServiceName sets the ServiceName field's value. +func (s *PathComponent) SetServiceName(v string) *PathComponent { + s.ServiceName = &v + return s +} + // SetSourceVpc sets the SourceVpc field's value. func (s *PathComponent) SetSourceVpc(v *AnalysisComponent) *PathComponent { s.SourceVpc = v @@ -151002,6 +159179,126 @@ func (s *PathComponent) SetVpc(v *AnalysisComponent) *PathComponent { return s } +// Describes a set of filters for a path analysis. Use path filters to scope +// the analysis when there can be multiple resulting paths. +type PathFilter struct { + _ struct{} `type:"structure"` + + // The destination IPv4 address. + DestinationAddress *string `locationName:"destinationAddress" type:"string"` + + // The destination port range. + DestinationPortRange *FilterPortRange `locationName:"destinationPortRange" type:"structure"` + + // The source IPv4 address. + SourceAddress *string `locationName:"sourceAddress" type:"string"` + + // The source port range. + SourcePortRange *FilterPortRange `locationName:"sourcePortRange" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PathFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PathFilter) GoString() string { + return s.String() +} + +// SetDestinationAddress sets the DestinationAddress field's value. +func (s *PathFilter) SetDestinationAddress(v string) *PathFilter { + s.DestinationAddress = &v + return s +} + +// SetDestinationPortRange sets the DestinationPortRange field's value. +func (s *PathFilter) SetDestinationPortRange(v *FilterPortRange) *PathFilter { + s.DestinationPortRange = v + return s +} + +// SetSourceAddress sets the SourceAddress field's value. +func (s *PathFilter) SetSourceAddress(v string) *PathFilter { + s.SourceAddress = &v + return s +} + +// SetSourcePortRange sets the SourcePortRange field's value. +func (s *PathFilter) SetSourcePortRange(v *FilterPortRange) *PathFilter { + s.SourcePortRange = v + return s +} + +// Describes a set of filters for a path analysis. Use path filters to scope +// the analysis when there can be multiple resulting paths. +type PathRequestFilter struct { + _ struct{} `type:"structure"` + + // The destination IPv4 address. + DestinationAddress *string `type:"string"` + + // The destination port range. + DestinationPortRange *RequestFilterPortRange `type:"structure"` + + // The source IPv4 address. + SourceAddress *string `type:"string"` + + // The source port range. + SourcePortRange *RequestFilterPortRange `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PathRequestFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PathRequestFilter) GoString() string { + return s.String() +} + +// SetDestinationAddress sets the DestinationAddress field's value. +func (s *PathRequestFilter) SetDestinationAddress(v string) *PathRequestFilter { + s.DestinationAddress = &v + return s +} + +// SetDestinationPortRange sets the DestinationPortRange field's value. +func (s *PathRequestFilter) SetDestinationPortRange(v *RequestFilterPortRange) *PathRequestFilter { + s.DestinationPortRange = v + return s +} + +// SetSourceAddress sets the SourceAddress field's value. +func (s *PathRequestFilter) SetSourceAddress(v string) *PathRequestFilter { + s.SourceAddress = &v + return s +} + +// SetSourcePortRange sets the SourcePortRange field's value. +func (s *PathRequestFilter) SetSourcePortRange(v *RequestFilterPortRange) *PathRequestFilter { + s.SourcePortRange = v + return s +} + // Describes a path statement. type PathStatement struct { _ struct{} `type:"structure"` @@ -151185,10 +159482,6 @@ func (s *PeeringAttachmentStatus) SetMessage(v string) *PeeringAttachmentStatus return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Describes the VPC peering connection options. type PeeringConnectionOptions struct { _ struct{} `type:"structure"` @@ -151197,12 +159490,10 @@ type PeeringConnectionOptions struct { // to private IP addresses when queried from instances in the peer VPC. AllowDnsResolutionFromRemoteVpc *bool `locationName:"allowDnsResolutionFromRemoteVpc" type:"boolean"` - // If true, enables outbound communication from an EC2-Classic instance that's - // linked to a local VPC using ClassicLink to instances in a peer VPC. + // Deprecated. AllowEgressFromLocalClassicLinkToRemoteVpc *bool `locationName:"allowEgressFromLocalClassicLinkToRemoteVpc" type:"boolean"` - // If true, enables outbound communication from instances in a local VPC to - // an EC2-Classic instance that's linked to a peer VPC using ClassicLink. + // Deprecated. AllowEgressFromLocalVpcToRemoteClassicLink *bool `locationName:"allowEgressFromLocalVpcToRemoteClassicLink" type:"boolean"` } @@ -151242,10 +159533,6 @@ func (s *PeeringConnectionOptions) SetAllowEgressFromLocalVpcToRemoteClassicLink return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // The VPC peering connection options. type PeeringConnectionOptionsRequest struct { _ struct{} `type:"structure"` @@ -151254,12 +159541,10 @@ type PeeringConnectionOptionsRequest struct { // addresses when queried from instances in the peer VPC. AllowDnsResolutionFromRemoteVpc *bool `type:"boolean"` - // If true, enables outbound communication from an EC2-Classic instance that's - // linked to a local VPC using ClassicLink to instances in a peer VPC. + // Deprecated. AllowEgressFromLocalClassicLinkToRemoteVpc *bool `type:"boolean"` - // If true, enables outbound communication from instances in a local VPC to - // an EC2-Classic instance that's linked to a peer VPC using ClassicLink. + // Deprecated. AllowEgressFromLocalVpcToRemoteClassicLink *bool `type:"boolean"` } @@ -151793,8 +160078,8 @@ type Placement struct { // Reserved for future use. SpreadDomain *string `locationName:"spreadDomain" type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. // // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). // The host tenancy is not supported for ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) @@ -152794,9 +161079,17 @@ func (s *PrivateIpAddressSpecification) SetPrivateIpAddress(v string) *PrivateIp type ProcessorInfo struct { _ struct{} `type:"structure"` + // The manufacturer of the processor. + Manufacturer *string `locationName:"manufacturer" type:"string"` + // The architectures supported by the instance type. SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"` + // Indicates whether the instance type supports AMD SEV-SNP. If the request + // returns amd-sev-snp, AMD SEV-SNP is supported. Otherwise, it is not supported. + // For more information, see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + SupportedFeatures []*string `locationName:"supportedFeatures" locationNameList:"item" type:"list" enum:"SupportedAdditionalProcessorFeature"` + // The speed of the processor, in GHz. SustainedClockSpeedInGhz *float64 `locationName:"sustainedClockSpeedInGhz" type:"double"` } @@ -152819,12 +161112,24 @@ func (s ProcessorInfo) GoString() string { return s.String() } +// SetManufacturer sets the Manufacturer field's value. +func (s *ProcessorInfo) SetManufacturer(v string) *ProcessorInfo { + s.Manufacturer = &v + return s +} + // SetSupportedArchitectures sets the SupportedArchitectures field's value. func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo { s.SupportedArchitectures = v return s } +// SetSupportedFeatures sets the SupportedFeatures field's value. +func (s *ProcessorInfo) SetSupportedFeatures(v []*string) *ProcessorInfo { + s.SupportedFeatures = v + return s +} + // SetSustainedClockSpeedInGhz sets the SustainedClockSpeedInGhz field's value. func (s *ProcessorInfo) SetSustainedClockSpeedInGhz(v float64) *ProcessorInfo { s.SustainedClockSpeedInGhz = &v @@ -152931,6 +161236,25 @@ type ProvisionByoipCidrInput struct { // Reserved. MultiRegion *bool `type:"boolean"` + // If you have Local Zones (https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html) + // enabled, you can choose a network border group for Local Zones when you provision + // and advertise a BYOIPv4 CIDR. Choose the network border group carefully as + // the EIP and the Amazon Web Services resource it is associated with must reside + // in the same network border group. + // + // You can provision BYOIP address ranges to and advertise them in the following + // Local Zone network border groups: + // + // * us-east-1-dfw-2 + // + // * us-west-2-lax-1 + // + // * us-west-2-phx-2 + // + // You cannot provision or advertise BYOIPv6 address ranges in Local Zones at + // this time. + NetworkBorderGroup *string `type:"string"` + // The tags to apply to the address pool. PoolTagSpecifications []*TagSpecification `locationName:"PoolTagSpecification" locationNameList:"item" type:"list"` @@ -153007,6 +161331,12 @@ func (s *ProvisionByoipCidrInput) SetMultiRegion(v bool) *ProvisionByoipCidrInpu return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *ProvisionByoipCidrInput) SetNetworkBorderGroup(v string) *ProvisionByoipCidrInput { + s.NetworkBorderGroup = &v + return s +} + // SetPoolTagSpecifications sets the PoolTagSpecifications field's value. func (s *ProvisionByoipCidrInput) SetPoolTagSpecifications(v []*TagSpecification) *ProvisionByoipCidrInput { s.PoolTagSpecifications = v @@ -153050,6 +161380,128 @@ func (s *ProvisionByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *ProvisionByoipCid return s } +type ProvisionIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // A public 2-byte or 4-byte ASN. + // + // Asn is a required field + Asn *string `type:"string" required:"true"` + + // An ASN authorization context. + // + // AsnAuthorizationContext is a required field + AsnAuthorizationContext *AsnAuthorizationContext `type:"structure" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // An IPAM ID. + // + // IpamId is a required field + IpamId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvisionIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvisionIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ProvisionIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ProvisionIpamByoasnInput"} + if s.Asn == nil { + invalidParams.Add(request.NewErrParamRequired("Asn")) + } + if s.AsnAuthorizationContext == nil { + invalidParams.Add(request.NewErrParamRequired("AsnAuthorizationContext")) + } + if s.IpamId == nil { + invalidParams.Add(request.NewErrParamRequired("IpamId")) + } + if s.AsnAuthorizationContext != nil { + if err := s.AsnAuthorizationContext.Validate(); err != nil { + invalidParams.AddNested("AsnAuthorizationContext", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsn sets the Asn field's value. +func (s *ProvisionIpamByoasnInput) SetAsn(v string) *ProvisionIpamByoasnInput { + s.Asn = &v + return s +} + +// SetAsnAuthorizationContext sets the AsnAuthorizationContext field's value. +func (s *ProvisionIpamByoasnInput) SetAsnAuthorizationContext(v *AsnAuthorizationContext) *ProvisionIpamByoasnInput { + s.AsnAuthorizationContext = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ProvisionIpamByoasnInput) SetDryRun(v bool) *ProvisionIpamByoasnInput { + s.DryRun = &v + return s +} + +// SetIpamId sets the IpamId field's value. +func (s *ProvisionIpamByoasnInput) SetIpamId(v string) *ProvisionIpamByoasnInput { + s.IpamId = &v + return s +} + +type ProvisionIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // An ASN and BYOIP CIDR association. + Byoasn *Byoasn `locationName:"byoasn" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvisionIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvisionIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetByoasn sets the Byoasn field's value. +func (s *ProvisionIpamByoasnOutput) SetByoasn(v *Byoasn) *ProvisionIpamByoasnOutput { + s.Byoasn = v + return s +} + type ProvisionIpamPoolCidrInput struct { _ struct{} `type:"structure"` @@ -153684,6 +162136,118 @@ func (s *Purchase) SetUpfrontPrice(v string) *Purchase { return s } +type PurchaseCapacityBlockInput struct { + _ struct{} `type:"structure"` + + // The ID of the Capacity Block offering. + // + // CapacityBlockOfferingId is a required field + CapacityBlockOfferingId *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The type of operating system for which to reserve capacity. + // + // InstancePlatform is a required field + InstancePlatform *string `type:"string" required:"true" enum:"CapacityReservationInstancePlatform"` + + // The tags to apply to the Capacity Block during launch. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurchaseCapacityBlockInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurchaseCapacityBlockInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PurchaseCapacityBlockInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PurchaseCapacityBlockInput"} + if s.CapacityBlockOfferingId == nil { + invalidParams.Add(request.NewErrParamRequired("CapacityBlockOfferingId")) + } + if s.InstancePlatform == nil { + invalidParams.Add(request.NewErrParamRequired("InstancePlatform")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCapacityBlockOfferingId sets the CapacityBlockOfferingId field's value. +func (s *PurchaseCapacityBlockInput) SetCapacityBlockOfferingId(v string) *PurchaseCapacityBlockInput { + s.CapacityBlockOfferingId = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *PurchaseCapacityBlockInput) SetDryRun(v bool) *PurchaseCapacityBlockInput { + s.DryRun = &v + return s +} + +// SetInstancePlatform sets the InstancePlatform field's value. +func (s *PurchaseCapacityBlockInput) SetInstancePlatform(v string) *PurchaseCapacityBlockInput { + s.InstancePlatform = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *PurchaseCapacityBlockInput) SetTagSpecifications(v []*TagSpecification) *PurchaseCapacityBlockInput { + s.TagSpecifications = v + return s +} + +type PurchaseCapacityBlockOutput struct { + _ struct{} `type:"structure"` + + // The Capacity Reservation. + CapacityReservation *CapacityReservation `locationName:"capacityReservation" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurchaseCapacityBlockOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurchaseCapacityBlockOutput) GoString() string { + return s.String() +} + +// SetCapacityReservation sets the CapacityReservation field's value. +func (s *PurchaseCapacityBlockOutput) SetCapacityReservation(v *CapacityReservation) *PurchaseCapacityBlockOutput { + s.CapacityReservation = v + return s +} + type PurchaseHostReservationInput struct { _ struct{} `type:"structure"` @@ -154297,7 +162861,7 @@ type ReferencedSecurityGroup struct { // The ID of the VPC. VpcId *string `locationName:"vpcId" type:"string"` - // The ID of the VPC peering connection. + // The ID of the VPC peering connection (if applicable). VpcPeeringConnectionId *string `locationName:"vpcPeeringConnectionId" type:"string"` } @@ -154699,7 +163263,9 @@ type RegisterInstanceEventNotificationAttributesInput struct { DryRun *bool `type:"boolean"` // Information about the tag keys to register. - InstanceTagAttribute *RegisterInstanceTagAttributeRequest `type:"structure"` + // + // InstanceTagAttribute is a required field + InstanceTagAttribute *RegisterInstanceTagAttributeRequest `type:"structure" required:"true"` } // String returns the string representation. @@ -154720,6 +163286,19 @@ func (s RegisterInstanceEventNotificationAttributesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *RegisterInstanceEventNotificationAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RegisterInstanceEventNotificationAttributesInput"} + if s.InstanceTagAttribute == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceTagAttribute")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *RegisterInstanceEventNotificationAttributesInput) SetDryRun(v bool) *RegisterInstanceEventNotificationAttributesInput { s.DryRun = &v @@ -155499,7 +164078,7 @@ func (s *RejectVpcPeeringConnectionOutput) SetReturn(v bool) *RejectVpcPeeringCo type ReleaseAddressInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The allocation ID. Required for EC2-VPC. + // The allocation ID. This parameter is required. AllocationId *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -155513,12 +164092,9 @@ type ReleaseAddressInput struct { // // If you provide an incorrect network border group, you receive an InvalidAddress.NotFound // error. - // - // You cannot use a network border group with EC2 Classic. If you attempt this - // operation on EC2 classic, you receive an InvalidParameterCombination error. NetworkBorderGroup *string `type:"string"` - // [EC2-Classic] The Elastic IP address. Required for EC2-Classic. + // Deprecated. PublicIp *string `type:"string"` } @@ -156827,6 +165403,118 @@ func (s *ReplaceTransitGatewayRouteOutput) SetRoute(v *TransitGatewayRoute) *Rep return s } +type ReplaceVpnTunnelInput struct { + _ struct{} `type:"structure"` + + // Trigger pending tunnel endpoint maintenance. + ApplyPendingMaintenance *bool `type:"boolean"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Site-to-Site VPN connection. + // + // VpnConnectionId is a required field + VpnConnectionId *string `type:"string" required:"true"` + + // The external IP address of the VPN tunnel. + // + // VpnTunnelOutsideIpAddress is a required field + VpnTunnelOutsideIpAddress *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplaceVpnTunnelInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplaceVpnTunnelInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReplaceVpnTunnelInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReplaceVpnTunnelInput"} + if s.VpnConnectionId == nil { + invalidParams.Add(request.NewErrParamRequired("VpnConnectionId")) + } + if s.VpnTunnelOutsideIpAddress == nil { + invalidParams.Add(request.NewErrParamRequired("VpnTunnelOutsideIpAddress")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplyPendingMaintenance sets the ApplyPendingMaintenance field's value. +func (s *ReplaceVpnTunnelInput) SetApplyPendingMaintenance(v bool) *ReplaceVpnTunnelInput { + s.ApplyPendingMaintenance = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ReplaceVpnTunnelInput) SetDryRun(v bool) *ReplaceVpnTunnelInput { + s.DryRun = &v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *ReplaceVpnTunnelInput) SetVpnConnectionId(v string) *ReplaceVpnTunnelInput { + s.VpnConnectionId = &v + return s +} + +// SetVpnTunnelOutsideIpAddress sets the VpnTunnelOutsideIpAddress field's value. +func (s *ReplaceVpnTunnelInput) SetVpnTunnelOutsideIpAddress(v string) *ReplaceVpnTunnelInput { + s.VpnTunnelOutsideIpAddress = &v + return s +} + +type ReplaceVpnTunnelOutput struct { + _ struct{} `type:"structure"` + + // Confirmation of replace tunnel operation. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplaceVpnTunnelOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplaceVpnTunnelOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *ReplaceVpnTunnelOutput) SetReturn(v bool) *ReplaceVpnTunnelOutput { + s.Return = &v + return s +} + type ReportInstanceStatusInput struct { _ struct{} `type:"structure"` @@ -156983,6 +165671,47 @@ func (s ReportInstanceStatusOutput) GoString() string { return s.String() } +// Describes a port range. +type RequestFilterPortRange struct { + _ struct{} `type:"structure"` + + // The first port in the range. + FromPort *int64 `type:"integer"` + + // The last port in the range. + ToPort *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RequestFilterPortRange) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RequestFilterPortRange) GoString() string { + return s.String() +} + +// SetFromPort sets the FromPort field's value. +func (s *RequestFilterPortRange) SetFromPort(v int64) *RequestFilterPortRange { + s.FromPort = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *RequestFilterPortRange) SetToPort(v int64) *RequestFilterPortRange { + s.ToPort = &v + return s +} + // A tag on an IPAM resource. type RequestIpamResourceTag struct { _ struct{} `type:"structure"` @@ -157029,7 +165758,7 @@ func (s *RequestIpamResourceTag) SetValue(v string) *RequestIpamResourceTag { // // You must specify at least one parameter for the launch template data. type RequestLaunchTemplateData struct { - _ struct{} `type:"structure" sensitive:"true"` + _ struct{} `type:"structure"` // The block device mapping. BlockDeviceMappings []*LaunchTemplateBlockDeviceMappingRequest `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` @@ -157070,7 +165799,19 @@ type RequestLaunchTemplateData struct { // An elastic GPU to associate with the instance. ElasticGpuSpecifications []*ElasticGpuSpecification `locationName:"ElasticGpuSpecification" locationNameList:"ElasticGpuSpecification" type:"list"` - // The elastic inference accelerator for the instance. + // An elastic inference accelerator to associate with the instance. Elastic + // inference accelerators are a resource you can attach to your Amazon EC2 instances + // to accelerate your Deep Learning (DL) inference workloads. + // + // You cannot specify accelerators from different generations in the same request. + // + // Starting April 15, 2023, Amazon Web Services will not onboard new customers + // to Amazon Elastic Inference (EI), and will help current customers migrate + // their workloads to options that offer better price and performance. After + // April 15, 2023, new customers will not be able to launch instances with Amazon + // EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, + // customers who have used Amazon EI at least once during the past 30-day period + // are considered current customers and will be able to continue using the service. ElasticInferenceAccelerators []*LaunchTemplateElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. @@ -157103,8 +165844,14 @@ type RequestLaunchTemplateData struct { // // * resolve:ssm:parameter-name:label // - // For more information, see Use a Systems Manager parameter to find an AMI - // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI) + // * resolve:ssm:public-parameter + // + // Currently, EC2 Fleet and Spot Fleet do not support specifying a Systems Manager + // parameter. If the launch template will be used by an EC2 Fleet or Spot Fleet, + // you must specify the AMI ID. + // + // For more information, see Use a Systems Manager parameter instead of an AMI + // ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id) // in the Amazon Elastic Compute Cloud User Guide. ImageId *string `type:"string"` @@ -157120,7 +165867,37 @@ type RequestLaunchTemplateData struct { // The attributes for the instance types. When you specify instance attributes, // Amazon EC2 will identify instance types with these attributes. // + // You must specify VCpuCount and MemoryMiB. All other attributes are optional. + // Any unspecified optional attribute is set to its default. + // + // When you specify multiple attributes, you get instance types that satisfy + // all of the specified attributes. If you specify multiple values for an attribute, + // you get instance types that satisfy any of the specified values. + // + // To limit the list of instance types from which Amazon EC2 can identify matching + // instance types, you can use one of the following parameters, but not both + // in the same request: + // + // * AllowedInstanceTypes - The instance types to include in the list. All + // other instance types are ignored, even if they match your specified attributes. + // + // * ExcludedInstanceTypes - The instance types to exclude from the list, + // even if they match your specified attributes. + // // If you specify InstanceRequirements, you can't specify InstanceType. + // + // Attribute-based instance type selection is only supported when using Auto + // Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan + // to use the launch template in the launch instance wizard (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), + // or with the RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) + // API or AWS::EC2::Instance (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) + // Amazon Web Services CloudFormation resource, you can't specify InstanceRequirements. + // + // For more information, see Attribute-based instance type selection for EC2 + // Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), + // Attribute-based instance type selection for Spot Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), + // and Spot placement score (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) + // in the Amazon EC2 User Guide. InstanceRequirements *InstanceRequirementsRequest `type:"structure"` // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) @@ -157177,33 +165954,14 @@ type RequestLaunchTemplateData struct { // One or more security group IDs. You can create a security group using CreateSecurityGroup // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html). - // You cannot specify both a security group ID and security name in the same - // request. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` // One or more security group names. For a nondefault VPC, you must use security - // group IDs instead. You cannot specify both a security group ID and security - // name in the same request. + // group IDs instead. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"SecurityGroup" type:"list"` // The tags to apply to the resources that are created during instance launch. - // - // You can specify tags for the following resources only: - // - // * Instances - // - // * Volumes - // - // * Elastic graphics - // - // * Spot Instance requests - // - // * Network interfaces - // - // To tag a resource after it has been created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). - // - // To tag the launch template itself, you must use the TagSpecification (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) - // parameter. + // These tags are not applied to the launch template. TagSpecifications []*LaunchTemplateTagSpecificationRequest `locationName:"TagSpecification" locationNameList:"LaunchTemplateTagSpecificationRequest" type:"list"` // The user data to make available to the instance. You must provide base64-encoded @@ -157216,7 +165974,11 @@ type RequestLaunchTemplateData struct { // must be provided in the MIME multi-part archive format (https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive). // For more information, see Amazon EC2 user data in launch templates (https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html) // in the Batch User Guide. - UserData *string `type:"string"` + // + // UserData is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RequestLaunchTemplateData's + // String and GoString methods. + UserData *string `type:"string" sensitive:"true"` } // String returns the string representation. @@ -157774,7 +166536,7 @@ func (s *RequestSpotInstancesInput) SetValidUntil(v time.Time) *RequestSpotInsta type RequestSpotInstancesOutput struct { _ struct{} `type:"structure"` - // One or more Spot Instance requests. + // The Spot Instance requests. SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -157809,8 +166571,8 @@ type RequestSpotLaunchSpecification struct { // Deprecated. AddressingType *string `locationName:"addressingType" type:"string"` - // One or more block device mapping entries. You can't specify both a snapshot - // ID and an encryption value. This is because only blank volumes can be encrypted + // The block device mapping entries. You can't specify both a snapshot ID and + // an encryption value. This is because only blank volumes can be encrypted // on creation. If a snapshot is the basis for a volume, it is not blank and // its encryption status is used for the volume encryption status. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` @@ -157844,8 +166606,8 @@ type RequestSpotLaunchSpecification struct { // Default: Disabled Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"` - // One or more network interfaces. If you specify a network interface, you must - // specify subnet IDs and security group IDs using the network interface. + // The network interfaces. If you specify a network interface, you must specify + // subnet IDs and security group IDs using the network interface. NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"NetworkInterface" locationNameList:"item" type:"list"` // The placement information for the instance. @@ -157854,12 +166616,10 @@ type RequestSpotLaunchSpecification struct { // The ID of the RAM disk. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security group IDs. + // The IDs of the security groups. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // Not supported. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"item" type:"list"` // The ID of the subnet in which to launch the instance. @@ -158009,7 +166769,7 @@ func (s *RequestSpotLaunchSpecification) SetUserData(v string) *RequestSpotLaunc type Reservation struct { _ struct{} `type:"structure"` - // [EC2-Classic only] The security groups. + // Not supported. Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The instances. @@ -158529,8 +167289,7 @@ type ReservedInstancesConfiguration struct { // The instance type for the modified Reserved Instances. InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` - // The network platform of the modified Reserved Instances, which is either - // EC2-Classic or EC2-VPC. + // The network platform of the modified Reserved Instances. Platform *string `locationName:"platform" type:"string"` // Whether the Reserved Instance is applied to instances in a Region or instances @@ -159849,7 +168608,19 @@ type ResponseLaunchTemplateData struct { // The elastic GPU specification. ElasticGpuSpecifications []*ElasticGpuSpecificationResponse `locationName:"elasticGpuSpecificationSet" locationNameList:"item" type:"list"` - // The elastic inference accelerator for the instance. + // An elastic inference accelerator to associate with the instance. Elastic + // inference accelerators are a resource you can attach to your Amazon EC2 instances + // to accelerate your Deep Learning (DL) inference workloads. + // + // You cannot specify accelerators from different generations in the same request. + // + // Starting April 15, 2023, Amazon Web Services will not onboard new customers + // to Amazon Elastic Inference (EI), and will help current customers migrate + // their workloads to options that offer better price and performance. After + // April 15, 2023, new customers will not be able to launch instances with Amazon + // EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, + // customers who have used Amazon EI at least once during the past 30-day period + // are considered current customers and will be able to continue using the service. ElasticInferenceAccelerators []*LaunchTemplateElasticInferenceAcceleratorResponse `locationName:"elasticInferenceAcceleratorSet" locationNameList:"item" type:"list"` // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. @@ -160538,6 +169309,9 @@ type RestoreSnapshotFromRecycleBinOutput struct { // The ID of the snapshot. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` + // The time stamp when the snapshot was initiated. StartTime *time.Time `locationName:"startTime" type:"timestamp"` @@ -160605,6 +169379,12 @@ func (s *RestoreSnapshotFromRecycleBinOutput) SetSnapshotId(v string) *RestoreSn return s } +// SetSseType sets the SseType field's value. +func (s *RestoreSnapshotFromRecycleBinOutput) SetSseType(v string) *RestoreSnapshotFromRecycleBinOutput { + s.SseType = &v + return s +} + // SetStartTime sets the StartTime field's value. func (s *RestoreSnapshotFromRecycleBinOutput) SetStartTime(v time.Time) *RestoreSnapshotFromRecycleBinOutput { s.StartTime = &v @@ -161087,15 +169867,12 @@ type RevokeSecurityGroupIngressInput struct { // types. FromPort *int64 `type:"integer"` - // The ID of the security group. You must specify either the security group - // ID or the security group name in the request. For security groups in a nondefault - // VPC, you must specify the security group ID. + // The ID of the security group. GroupId *string `type:"string"` - // [EC2-Classic, default VPC] The name of the security group. You must specify - // either the security group ID or the security group name in the request. For - // security groups in a nondefault VPC, you must specify the security group - // ID. + // [Default VPC] The name of the security group. You must specify either the + // security group ID or the security group name in the request. For security + // groups in a nondefault VPC, you must specify the security group ID. GroupName *string `type:"string"` // The sets of IP permissions. You can't specify a source security group and @@ -161109,20 +169886,14 @@ type RevokeSecurityGroupIngressInput struct { // The IDs of the security group rules. SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` - // [EC2-Classic, default VPC] The name of the source security group. You can't - // specify this parameter in combination with the following parameters: the - // CIDR IP address range, the start of the port range, the IP protocol, and - // the end of the port range. For EC2-VPC, the source security group must be - // in the same VPC. To revoke a specific rule for an IP protocol and port range, - // use a set of IP permissions instead. + // [Default VPC] The name of the source security group. You can't specify this + // parameter in combination with the following parameters: the CIDR IP address + // range, the start of the port range, the IP protocol, and the end of the port + // range. The source security group must be in the same VPC. To revoke a specific + // rule for an IP protocol and port range, use a set of IP permissions instead. SourceSecurityGroupName *string `type:"string"` - // [EC2-Classic] The Amazon Web Services account ID of the source security group, - // if the source security group is in a different account. You can't specify - // this parameter in combination with the following parameters: the CIDR IP - // address range, the IP protocol, the start of the port range, and the end - // of the port range. To revoke a specific rule for an IP protocol and port - // range, use a set of IP permissions instead. + // Not supported. SourceSecurityGroupOwnerId *string `type:"string"` // If the protocol is TCP or UDP, this is the end of the port range. If the @@ -161636,6 +170407,129 @@ func (s *RouteTableAssociationState) SetStatusMessage(v string) *RouteTableAssoc return s } +// Describes the rule options for a stateful rule group. +type RuleGroupRuleOptionsPair struct { + _ struct{} `type:"structure"` + + // The ARN of the rule group. + RuleGroupArn *string `locationName:"ruleGroupArn" min:"1" type:"string"` + + // The rule options. + RuleOptions []*RuleOption `locationName:"ruleOptionSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleGroupRuleOptionsPair) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleGroupRuleOptionsPair) GoString() string { + return s.String() +} + +// SetRuleGroupArn sets the RuleGroupArn field's value. +func (s *RuleGroupRuleOptionsPair) SetRuleGroupArn(v string) *RuleGroupRuleOptionsPair { + s.RuleGroupArn = &v + return s +} + +// SetRuleOptions sets the RuleOptions field's value. +func (s *RuleGroupRuleOptionsPair) SetRuleOptions(v []*RuleOption) *RuleGroupRuleOptionsPair { + s.RuleOptions = v + return s +} + +// Describes the type of a stateful rule group. +type RuleGroupTypePair struct { + _ struct{} `type:"structure"` + + // The ARN of the rule group. + RuleGroupArn *string `locationName:"ruleGroupArn" min:"1" type:"string"` + + // The rule group type. The possible values are Domain List and Suricata. + RuleGroupType *string `locationName:"ruleGroupType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleGroupTypePair) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleGroupTypePair) GoString() string { + return s.String() +} + +// SetRuleGroupArn sets the RuleGroupArn field's value. +func (s *RuleGroupTypePair) SetRuleGroupArn(v string) *RuleGroupTypePair { + s.RuleGroupArn = &v + return s +} + +// SetRuleGroupType sets the RuleGroupType field's value. +func (s *RuleGroupTypePair) SetRuleGroupType(v string) *RuleGroupTypePair { + s.RuleGroupType = &v + return s +} + +// Describes additional settings for a stateful rule. +type RuleOption struct { + _ struct{} `type:"structure"` + + // The Suricata keyword. + Keyword *string `locationName:"keyword" type:"string"` + + // The settings for the keyword. + Settings []*string `locationName:"settingSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleOption) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleOption) GoString() string { + return s.String() +} + +// SetKeyword sets the Keyword field's value. +func (s *RuleOption) SetKeyword(v string) *RuleOption { + s.Keyword = &v + return s +} + +// SetSettings sets the Settings field's value. +func (s *RuleOption) SetSettings(v []*string) *RuleOption { + s.Settings = v + return s +} + type RunInstancesInput struct { _ struct{} `type:"structure"` @@ -161718,8 +170612,31 @@ type RunInstancesInput struct { // to accelerate your Deep Learning (DL) inference workloads. // // You cannot specify accelerators from different generations in the same request. + // + // Starting April 15, 2023, Amazon Web Services will not onboard new customers + // to Amazon Elastic Inference (EI), and will help current customers migrate + // their workloads to options that offer better price and performance. After + // April 15, 2023, new customers will not be able to launch instances with Amazon + // EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, + // customers who have used Amazon EI at least once during the past 30-day period + // are considered current customers and will be able to continue using the service. ElasticInferenceAccelerators []*ElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` + // If you’re launching an instance into a dual-stack or IPv6-only subnet, + // you can enable assigning a primary IPv6 address. A primary IPv6 address is + // an IPv6 GUA address associated with an ENI that you have enabled to use a + // primary IPv6 address. Use this option if an instance relies on its IPv6 address + // not changing. When you launch the instance, Amazon Web Services will automatically + // assign an IPv6 address associated with the ENI attached to your instance + // to be the primary IPv6 address. Once you enable an IPv6 GUA address to be + // a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address + // to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address + // until the instance is terminated or the network interface is detached. If + // you have multiple IPv6 addresses associated with an ENI attached to your + // instance and you enable a primary IPv6 address, the first IPv6 GUA address + // associated with the ENI becomes the primary IPv6 address. + EnablePrimaryIpv6 *bool `type:"boolean"` + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. // For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) // in the Amazon Web Services Nitro Enclaves User Guide. @@ -161728,8 +170645,9 @@ type RunInstancesInput struct { // same instance. EnclaveOptions *EnclaveOptionsRequest `type:"structure"` - // Indicates whether an instance is enabled for hibernation. For more information, - // see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) + // Indicates whether an instance is enabled for hibernation. This parameter + // is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). + // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon EC2 User Guide. // // You can't enable hibernation and Amazon Web Services Nitro Enclaves on the @@ -161757,13 +170675,11 @@ type RunInstancesInput struct { // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) // in the Amazon EC2 User Guide. - // - // Default: m1.small InstanceType *string `type:"string" enum:"InstanceType"` - // [EC2-VPC] The number of IPv6 addresses to associate with the primary network - // interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. - // You cannot specify this option and the option to assign specific IPv6 addresses + // The number of IPv6 addresses to associate with the primary network interface. + // Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You + // cannot specify this option and the option to assign specific IPv6 addresses // in the same request. You can specify this option if you've specified a minimum // number of instances to launch. // @@ -161771,10 +170687,10 @@ type RunInstancesInput struct { // request. Ipv6AddressCount *int64 `type:"integer"` - // [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with - // the primary network interface. You cannot specify this option and the option - // to assign a number of IPv6 addresses in the same request. You cannot specify - // this option if you've specified a minimum number of instances to launch. + // The IPv6 addresses from the range of the subnet to associate with the primary + // network interface. You cannot specify this option and the option to assign + // a number of IPv6 addresses in the same request. You cannot specify this option + // if you've specified a minimum number of instances to launch. // // You cannot specify this option and the network interfaces option in the same // request. @@ -161845,11 +170761,12 @@ type RunInstancesInput struct { Placement *Placement `type:"structure"` // The options for the instance hostname. The default values are inherited from - // the subnet. + // the subnet. Applies only if creating a network interface, not attaching an + // existing one. PrivateDnsNameOptions *PrivateDnsNameOptionsRequest `type:"structure"` - // [EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 - // address range of the subnet. + // The primary IPv4 address. You must specify a value from the IPv4 address + // range of the subnet. // // Only one private IP address can be designated as primary. You can't specify // this option if you've specified the option to designate a private IP address @@ -161877,7 +170794,7 @@ type RunInstancesInput struct { // as part of the network interface. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` - // [EC2-Classic, default VPC] The names of the security groups. + // [Default VPC] The names of the security groups. // // If you specify a network interface, you must specify any security groups // as part of the network interface. @@ -161885,7 +170802,7 @@ type RunInstancesInput struct { // Default: Amazon EC2 uses the default security group. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"SecurityGroup" type:"list"` - // [EC2-VPC] The ID of the subnet to launch the instance into. + // The ID of the subnet to launch the instance into. // // If you specify a network interface, you must specify any subnets as part // of the network interface. @@ -162057,6 +170974,12 @@ func (s *RunInstancesInput) SetElasticInferenceAccelerators(v []*ElasticInferenc return s } +// SetEnablePrimaryIpv6 sets the EnablePrimaryIpv6 field's value. +func (s *RunInstancesInput) SetEnablePrimaryIpv6(v bool) *RunInstancesInput { + s.EnablePrimaryIpv6 = &v + return s +} + // SetEnclaveOptions sets the EnclaveOptions field's value. func (s *RunInstancesInput) SetEnclaveOptions(v *EnclaveOptionsRequest) *RunInstancesInput { s.EnclaveOptions = v @@ -162483,7 +171406,11 @@ type S3Storage struct { UploadPolicy []byte `locationName:"uploadPolicy" type:"blob"` // The signature of the JSON document. - UploadPolicySignature *string `locationName:"uploadPolicySignature" type:"string"` + // + // UploadPolicySignature is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by S3Storage's + // String and GoString methods. + UploadPolicySignature *string `locationName:"uploadPolicySignature" type:"string" sensitive:"true"` } // String returns the string representation. @@ -162553,7 +171480,7 @@ type ScheduledInstance struct { // The instance type. InstanceType *string `locationName:"instanceType" type:"string"` - // The network platform (EC2-Classic or EC2-VPC). + // The network platform. NetworkPlatform *string `locationName:"networkPlatform" type:"string"` // The time for the next schedule to start. @@ -162718,7 +171645,7 @@ type ScheduledInstanceAvailability struct { // The minimum term. The only possible value is 365 days. MinTermDurationInDays *int64 `locationName:"minTermDurationInDays" type:"integer"` - // The network platform (EC2-Classic or EC2-VPC). + // The network platform. NetworkPlatform *string `locationName:"networkPlatform" type:"string"` // The platform (Linux/UNIX or Windows). @@ -163060,16 +171987,8 @@ type ScheduledInstancesEbs struct { // only to instances that support them. Encrypted *bool `type:"boolean"` - // The number of I/O operations per second (IOPS) to provision for an io1 or - // io2 volume, with a maximum ratio of 50 IOPS/GiB for io1, and 500 IOPS/GiB - // for io2. Range is 100 to 64,000 IOPS for volumes in most Regions. Maximum - // IOPS of 64,000 is guaranteed only on instances built on the Nitro System - // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families guarantee performance up to 32,000 IOPS. For more - // information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) - // in the Amazon EC2 User Guide. - // - // This parameter is valid only for Provisioned IOPS SSD (io1 and io2) volumes. + // The number of I/O operations per second (IOPS) to provision for a gp3, io1, + // or io2 volume. Iops *int64 `type:"integer"` // The ID of the snapshot. @@ -163081,9 +172000,7 @@ type ScheduledInstancesEbs struct { // a volume size, the default is the snapshot size. VolumeSize *int64 `type:"integer"` - // The volume type. gp2 for General Purpose SSD, io1 or io2 for Provisioned - // IOPS SSD, Throughput Optimized HDD for st1, Cold HDD for sc1, or standard - // for Magnetic. + // The volume type. // // Default: gp2 VolumeType *string `type:"string"` @@ -164105,7 +173022,7 @@ type SecurityGroup struct { // The inbound rules associated with the security group. IpPermissions []*IpPermission `locationName:"ipPermissions" locationNameList:"item" type:"list"` - // [VPC only] The outbound rules associated with the security group. + // The outbound rules associated with the security group. IpPermissionsEgress []*IpPermission `locationName:"ipPermissionsEgress" locationNameList:"item" type:"list"` // The Amazon Web Services account ID of the owner of the security group. @@ -164114,7 +173031,7 @@ type SecurityGroup struct { // Any tags assigned to the security group. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` - // [VPC only] The ID of the VPC for the security group. + // The ID of the VPC for the security group. VpcId *string `locationName:"vpcId" type:"string"` } @@ -164184,6 +173101,83 @@ func (s *SecurityGroup) SetVpcId(v string) *SecurityGroup { return s } +// A security group that can be used by interfaces in the VPC. +type SecurityGroupForVpc struct { + _ struct{} `type:"structure"` + + // The security group's description. + Description *string `locationName:"description" type:"string"` + + // The security group ID. + GroupId *string `locationName:"groupId" type:"string"` + + // The security group name. + GroupName *string `locationName:"groupName" type:"string"` + + // The security group owner ID. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The VPC ID in which the security group was created. + PrimaryVpcId *string `locationName:"primaryVpcId" type:"string"` + + // The security group tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityGroupForVpc) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityGroupForVpc) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupForVpc) SetDescription(v string) *SecurityGroupForVpc { + s.Description = &v + return s +} + +// SetGroupId sets the GroupId field's value. +func (s *SecurityGroupForVpc) SetGroupId(v string) *SecurityGroupForVpc { + s.GroupId = &v + return s +} + +// SetGroupName sets the GroupName field's value. +func (s *SecurityGroupForVpc) SetGroupName(v string) *SecurityGroupForVpc { + s.GroupName = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *SecurityGroupForVpc) SetOwnerId(v string) *SecurityGroupForVpc { + s.OwnerId = &v + return s +} + +// SetPrimaryVpcId sets the PrimaryVpcId field's value. +func (s *SecurityGroupForVpc) SetPrimaryVpcId(v string) *SecurityGroupForVpc { + s.PrimaryVpcId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *SecurityGroupForVpc) SetTags(v []*Tag) *SecurityGroupForVpc { + s.Tags = v + return s +} + // Describes a security group. type SecurityGroupIdentifier struct { _ struct{} `type:"structure"` @@ -164235,7 +173229,16 @@ type SecurityGroupReference struct { // The ID of the VPC with the referencing security group. ReferencingVpcId *string `locationName:"referencingVpcId" type:"string"` - // The ID of the VPC peering connection. + // The ID of the transit gateway (if applicable). For more information about + // security group referencing for transit gateways, see Create a transit gateway + // attachment to a VPC (https://docs.aws.amazon.com/tgw/tgw-vpc-attachments.html#create-vpc-attachment) + // in the Amazon Web Services Transit Gateway Guide. + TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` + + // The ID of the VPC peering connection (if applicable). For more information + // about security group referencing for peering connections, see Update your + // security groups to reference peer security groups (https://docs.aws.amazon.com/peering/vpc-peering-security-groups.html) + // in the VPC Peering Guide. VpcPeeringConnectionId *string `locationName:"vpcPeeringConnectionId" type:"string"` } @@ -164269,6 +173272,12 @@ func (s *SecurityGroupReference) SetReferencingVpcId(v string) *SecurityGroupRef return s } +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *SecurityGroupReference) SetTransitGatewayId(v string) *SecurityGroupReference { + s.TransitGatewayId = &v + return s +} + // SetVpcPeeringConnectionId sets the VpcPeeringConnectionId field's value. func (s *SecurityGroupReference) SetVpcPeeringConnectionId(v string) *SecurityGroupReference { s.VpcPeeringConnectionId = &v @@ -165232,6 +174241,9 @@ type Snapshot struct { // is created. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` + // The time stamp when the snapshot was initiated. StartTime *time.Time `locationName:"startTime" type:"timestamp"` @@ -165341,6 +174353,12 @@ func (s *Snapshot) SetSnapshotId(v string) *Snapshot { return s } +// SetSseType sets the SseType field's value. +func (s *Snapshot) SetSseType(v string) *Snapshot { + s.SseType = &v + return s +} + // SetStartTime sets the StartTime field's value. func (s *Snapshot) SetStartTime(v time.Time) *Snapshot { s.StartTime = &v @@ -165412,7 +174430,11 @@ type SnapshotDetail struct { StatusMessage *string `locationName:"statusMessage" type:"string"` // The URL used to access the disk image. - Url *string `locationName:"url" type:"string"` + // + // Url is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SnapshotDetail's + // String and GoString methods. + Url *string `locationName:"url" type:"string" sensitive:"true"` // The Amazon S3 bucket for the disk image. UserBucket *UserBucketDetails `locationName:"userBucket" type:"structure"` @@ -165510,7 +174532,11 @@ type SnapshotDiskContainer struct { // The URL to the Amazon S3-based disk image being imported. It can either be // a https URL (https://..) or an Amazon S3 URL (s3://..). - Url *string `type:"string"` + // + // Url is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SnapshotDiskContainer's + // String and GoString methods. + Url *string `type:"string" sensitive:"true"` // The Amazon S3 bucket for the disk image. UserBucket *UserBucket `type:"structure"` @@ -165583,6 +174609,9 @@ type SnapshotInfo struct { // Snapshot id that can be used to describe this snapshot. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` + // Time this snapshot was started. This is the same for all snapshots initiated // by the same request. StartTime *time.Time `locationName:"startTime" type:"timestamp"` @@ -165654,6 +174683,12 @@ func (s *SnapshotInfo) SetSnapshotId(v string) *SnapshotInfo { return s } +// SetSseType sets the SseType field's value. +func (s *SnapshotInfo) SetSseType(v string) *SnapshotInfo { + s.SseType = &v + return s +} + // SetStartTime sets the StartTime field's value. func (s *SnapshotInfo) SetStartTime(v time.Time) *SnapshotInfo { s.StartTime = &v @@ -165785,7 +174820,11 @@ type SnapshotTaskDetail struct { StatusMessage *string `locationName:"statusMessage" type:"string"` // The URL of the disk image from which the snapshot is created. - Url *string `locationName:"url" type:"string"` + // + // Url is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SnapshotTaskDetail's + // String and GoString methods. + Url *string `locationName:"url" type:"string" sensitive:"true"` // The Amazon S3 bucket for the disk image. UserBucket *UserBucketDetails `locationName:"userBucket" type:"structure"` @@ -166207,9 +175246,7 @@ type SpotFleetLaunchSpecification struct { // Resource Center and search for the kernel ID. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // The security groups. SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The maximum price per unit hour that you are willing to pay for a Spot Instance. @@ -166633,6 +175670,14 @@ type SpotFleetRequestConfigData struct { // it reaches the maximum amount you're willing to pay. When the maximum amount // you're willing to pay is reached, the fleet stops launching instances even // if it hasn’t met the target capacity. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The onDemandMaxTotalPrice does not account + // for surplus credits, and, if you use surplus credits, your final cost might + // be higher than what you specified for onDemandMaxTotalPrice. For more information, + // see Surplus credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. OnDemandMaxTotalPrice *string `locationName:"onDemandMaxTotalPrice" type:"string"` // The number of On-Demand units to request. You can choose to set the target @@ -166650,13 +175695,21 @@ type SpotFleetRequestConfigData struct { SpotMaintenanceStrategies *SpotMaintenanceStrategies `locationName:"spotMaintenanceStrategies" type:"structure"` // The maximum amount per hour for Spot Instances that you're willing to pay. - // You can use the spotdMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, + // You can use the spotMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, // or both parameters to ensure that your fleet cost does not exceed your budget. // If you set a maximum price per hour for the On-Demand Instances and Spot // Instances in your request, Spot Fleet will launch instances until it reaches // the maximum amount you're willing to pay. When the maximum amount you're // willing to pay is reached, the fleet stops launching instances even if it // hasn’t met the target capacity. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The spotMaxTotalPrice does not account for + // surplus credits, and, if you use surplus credits, your final cost might be + // higher than what you specified for spotMaxTotalPrice. For more information, + // see Surplus credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. SpotMaxTotalPrice *string `locationName:"spotMaxTotalPrice" type:"string"` // The maximum price per unit hour that you are willing to pay for a Spot Instance. @@ -166675,7 +175728,7 @@ type SpotFleetRequestConfigData struct { // (valid only if you use LaunchTemplateConfigs) or in the SpotFleetTagSpecification // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotFleetTagSpecification.html) // (valid only if you use LaunchSpecifications). For information about tagging - // after launch, see Tagging Your Resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + // after launch, see Tag your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` // The number of units to request for the Spot Fleet. You can choose to set @@ -167321,7 +176374,18 @@ type SpotMarketOptions struct { // Deprecated. BlockDurationMinutes *int64 `type:"integer"` - // The behavior when a Spot Instance is interrupted. The default is terminate. + // The behavior when a Spot Instance is interrupted. + // + // If Configured (for HibernationOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html)) + // is set to true, the InstanceInterruptionBehavior parameter is automatically + // set to hibernate. If you set it to stop or terminate, you'll get an error. + // + // If Configured (for HibernationOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html)) + // is set to false or null, the InstanceInterruptionBehavior parameter is automatically + // set to terminate. You can also set it to stop or hibernate. + // + // For more information, see Interruption behavior (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interruption-behavior.html) + // in the Amazon EC2 User Guide. InstanceInterruptionBehavior *string `type:"string" enum:"InstanceInterruptionBehavior"` // The maximum hourly price that you're willing to pay for a Spot Instance. @@ -167480,6 +176544,14 @@ type SpotOptions struct { // // If you specify a maximum price, your Spot Instances will be interrupted more // frequently than if you do not specify this parameter. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The maxTotalPrice does not account for surplus + // credits, and, if you use surplus credits, your final cost might be higher + // than what you specified for maxTotalPrice. For more information, see Surplus + // credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. MaxTotalPrice *string `locationName:"maxTotalPrice" type:"string"` // The minimum target capacity for Spot Instances in the fleet. If the minimum @@ -167652,6 +176724,14 @@ type SpotOptionsRequest struct { // // If you specify a maximum price, your Spot Instances will be interrupted more // frequently than if you do not specify this parameter. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The MaxTotalPrice does not account for surplus + // credits, and, if you use surplus credits, your final cost might be higher + // than what you specified for MaxTotalPrice. For more information, see Surplus + // credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. MaxTotalPrice *string `type:"string"` // The minimum target capacity for Spot Instances in the fleet. If the minimum @@ -169256,6 +178336,68 @@ func (s *SubnetCidrReservation) SetTags(v []*Tag) *SubnetCidrReservation { return s } +// Describes the configuration of a subnet for a VPC endpoint. +type SubnetConfiguration struct { + _ struct{} `type:"structure"` + + // The IPv4 address to assign to the endpoint network interface in the subnet. + // You must provide an IPv4 address if the VPC endpoint supports IPv4. + // + // If you specify an IPv4 address when modifying a VPC endpoint, we replace + // the existing endpoint network interface with a new endpoint network interface + // with this IP address. This process temporarily disconnects the subnet and + // the VPC endpoint. + Ipv4 *string `type:"string"` + + // The IPv6 address to assign to the endpoint network interface in the subnet. + // You must provide an IPv6 address if the VPC endpoint supports IPv6. + // + // If you specify an IPv6 address when modifying a VPC endpoint, we replace + // the existing endpoint network interface with a new endpoint network interface + // with this IP address. This process temporarily disconnects the subnet and + // the VPC endpoint. + Ipv6 *string `type:"string"` + + // The ID of the subnet. + SubnetId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubnetConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubnetConfiguration) GoString() string { + return s.String() +} + +// SetIpv4 sets the Ipv4 field's value. +func (s *SubnetConfiguration) SetIpv4(v string) *SubnetConfiguration { + s.Ipv4 = &v + return s +} + +// SetIpv6 sets the Ipv6 field's value. +func (s *SubnetConfiguration) SetIpv6(v string) *SubnetConfiguration { + s.Ipv6 = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *SubnetConfiguration) SetSubnetId(v string) *SubnetConfiguration { + s.SubnetId = &v + return s +} + // Describes an association between a subnet and an IPv6 CIDR block. type SubnetIpv6CidrBlockAssociation struct { _ struct{} `type:"structure"` @@ -172375,6 +181517,20 @@ type TransitGatewayOptions struct { // The ID of the default propagation route table. PropagationDefaultRouteTableId *string `locationName:"propagationDefaultRouteTableId" type:"string"` + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // For important information about this feature, see Create a transit gateway + // (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `locationName:"securityGroupReferencingSupport" type:"string" enum:"SecurityGroupReferencingSupportValue"` + // The transit gateway CIDR blocks. TransitGatewayCidrBlocks []*string `locationName:"transitGatewayCidrBlocks" locationNameList:"item" type:"list"` @@ -172448,6 +181604,12 @@ func (s *TransitGatewayOptions) SetPropagationDefaultRouteTableId(v string) *Tra return s } +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *TransitGatewayOptions) SetSecurityGroupReferencingSupport(v string) *TransitGatewayOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // SetTransitGatewayCidrBlocks sets the TransitGatewayCidrBlocks field's value. func (s *TransitGatewayOptions) SetTransitGatewayCidrBlocks(v []*string) *TransitGatewayOptions { s.TransitGatewayCidrBlocks = v @@ -173135,6 +182297,20 @@ type TransitGatewayRequestOptions struct { // Indicates whether multicast is enabled on the transit gateway MulticastSupport *string `type:"string" enum:"MulticastSupportValue"` + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // For important information about this feature, see Create a transit gateway + // (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `type:"string" enum:"SecurityGroupReferencingSupportValue"` + // One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size // /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for // IPv6. @@ -173198,6 +182374,12 @@ func (s *TransitGatewayRequestOptions) SetMulticastSupport(v string) *TransitGat return s } +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *TransitGatewayRequestOptions) SetSecurityGroupReferencingSupport(v string) *TransitGatewayRequestOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // SetTransitGatewayCidrBlocks sets the TransitGatewayCidrBlocks field's value. func (s *TransitGatewayRequestOptions) SetTransitGatewayCidrBlocks(v []*string) *TransitGatewayRequestOptions { s.TransitGatewayCidrBlocks = v @@ -173881,6 +183063,11 @@ type TransitGatewayVpcAttachmentOptions struct { // Indicates whether IPv6 support is disabled. Ipv6Support *string `locationName:"ipv6Support" type:"string" enum:"Ipv6SupportValue"` + + // For important information about this feature, see Create a transit gateway + // attachment to a VPC (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `locationName:"securityGroupReferencingSupport" type:"string" enum:"SecurityGroupReferencingSupportValue"` } // String returns the string representation. @@ -173919,9 +183106,12 @@ func (s *TransitGatewayVpcAttachmentOptions) SetIpv6Support(v string) *TransitGa return s } -// Currently available in limited preview only. If you are interested in using -// this feature, contact your account manager. -// +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *TransitGatewayVpcAttachmentOptions) SetSecurityGroupReferencingSupport(v string) *TransitGatewayVpcAttachmentOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // Information about an association between a branch network interface with // a trunk network interface. type TrunkInterfaceAssociation struct { @@ -174019,6 +183209,9 @@ type TunnelOption struct { // The number of seconds after which a DPD timeout occurs. DpdTimeoutSeconds *int64 `locationName:"dpdTimeoutSeconds" type:"integer"` + // Status of tunnel endpoint lifecycle control feature. + EnableTunnelLifecycleControl *bool `locationName:"enableTunnelLifecycleControl" type:"boolean"` + // The IKE versions that are permitted for the VPN tunnel. IkeVersions []*IKEVersionsListValue `locationName:"ikeVersionSet" locationNameList:"item" type:"list"` @@ -174056,7 +183249,11 @@ type TunnelOption struct { // The pre-shared key (PSK) to establish initial authentication between the // virtual private gateway and the customer gateway. - PreSharedKey *string `locationName:"preSharedKey" type:"string"` + // + // PreSharedKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by TunnelOption's + // String and GoString methods. + PreSharedKey *string `locationName:"preSharedKey" type:"string" sensitive:"true"` // The percentage of the rekey window determined by RekeyMarginTimeSeconds during // which the rekey time is randomly selected. @@ -174110,6 +183307,12 @@ func (s *TunnelOption) SetDpdTimeoutSeconds(v int64) *TunnelOption { return s } +// SetEnableTunnelLifecycleControl sets the EnableTunnelLifecycleControl field's value. +func (s *TunnelOption) SetEnableTunnelLifecycleControl(v bool) *TunnelOption { + s.EnableTunnelLifecycleControl = &v + return s +} + // SetIkeVersions sets the IkeVersions field's value. func (s *TunnelOption) SetIkeVersions(v []*IKEVersionsListValue) *TunnelOption { s.IkeVersions = v @@ -174433,7 +183636,7 @@ type UnassignPrivateNatGatewayAddressInput struct { // seconds. MaxDrainDurationSeconds *int64 `min:"1" type:"integer"` - // The NAT gateway ID. + // The ID of the NAT gateway. // // NatGatewayId is a required field NatGatewayId *string `type:"string" required:"true"` @@ -174511,7 +183714,7 @@ type UnassignPrivateNatGatewayAddressOutput struct { // Information about the NAT gateway IP addresses. NatGatewayAddresses []*NatGatewayAddress `locationName:"natGatewayAddressSet" locationNameList:"item" type:"list"` - // The NAT gateway ID. + // The ID of the NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` } @@ -174545,6 +183748,95 @@ func (s *UnassignPrivateNatGatewayAddressOutput) SetNatGatewayId(v string) *Unas return s } +type UnlockSnapshotInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the snapshot to unlock. + // + // SnapshotId is a required field + SnapshotId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnlockSnapshotInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnlockSnapshotInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UnlockSnapshotInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UnlockSnapshotInput"} + if s.SnapshotId == nil { + invalidParams.Add(request.NewErrParamRequired("SnapshotId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *UnlockSnapshotInput) SetDryRun(v bool) *UnlockSnapshotInput { + s.DryRun = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *UnlockSnapshotInput) SetSnapshotId(v string) *UnlockSnapshotInput { + s.SnapshotId = &v + return s +} + +type UnlockSnapshotOutput struct { + _ struct{} `type:"structure"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnlockSnapshotOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnlockSnapshotOutput) GoString() string { + return s.String() +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *UnlockSnapshotOutput) SetSnapshotId(v string) *UnlockSnapshotOutput { + s.SnapshotId = &v + return s +} + type UnmonitorInstancesInput struct { _ struct{} `type:"structure"` @@ -174817,7 +184109,7 @@ type UpdateSecurityGroupRuleDescriptionsEgressInput struct { GroupId *string `type:"string"` // [Default VPC] The name of the security group. You must specify either the - // security group ID or the security group name in the request. + // security group ID or the security group name. GroupName *string `type:"string"` // The IP permissions for the security group rule. You must specify either the @@ -174922,18 +184214,17 @@ type UpdateSecurityGroupRuleDescriptionsIngressInput struct { // VPC, you must specify the security group ID. GroupId *string `type:"string"` - // [EC2-Classic, default VPC] The name of the security group. You must specify - // either the security group ID or the security group name in the request. For - // security groups in a nondefault VPC, you must specify the security group - // ID. + // [Default VPC] The name of the security group. You must specify either the + // security group ID or the security group name. For security groups in a nondefault + // VPC, you must specify the security group ID. GroupName *string `type:"string"` // The IP permissions for the security group rule. You must specify either IP // permissions or a description. IpPermissions []*IpPermission `locationNameList:"item" type:"list"` - // [VPC only] The description for the ingress security group rules. You must - // specify either a description or IP permissions. + // The description for the ingress security group rules. You must specify either + // a description or IP permissions. SecurityGroupRuleDescriptions []*SecurityGroupRuleDescription `locationName:"SecurityGroupRuleDescription" locationNameList:"item" type:"list"` } @@ -175133,10 +184424,6 @@ func (s *UserData) SetData(v string) *UserData { } // Describes a security group and Amazon Web Services account ID pair. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. type UserIdGroupPair struct { _ struct{} `type:"structure"` @@ -175150,8 +184437,7 @@ type UserIdGroupPair struct { // The ID of the security group. GroupId *string `locationName:"groupId" type:"string"` - // The name of the security group. In a request, use this parameter for a security - // group in EC2-Classic or a default VPC only. For a security group in a nondefault + // [Default VPC] The name of the security group. For a security group in a nondefault // VPC, use the security group ID. // // For a referenced security group in another VPC, this value is not returned @@ -175166,9 +184452,6 @@ type UserIdGroupPair struct { // For a referenced security group in another VPC, the account ID of the referenced // security group is returned in the response. If the referenced security group // is deleted, this value is not returned. - // - // [EC2-Classic] Required when adding or removing rules that reference a security - // group in another Amazon Web Services account. UserId *string `locationName:"userId" type:"string"` // The ID of the VPC for the referenced security group, if applicable. @@ -175536,6 +184819,9 @@ type VerifiedAccessEndpoint struct { // The IDs of the security groups for the endpoint. SecurityGroupIds []*string `locationName:"securityGroupIdSet" locationNameList:"item" type:"list"` + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` + // The endpoint status. Status *VerifiedAccessEndpointStatus `locationName:"status" type:"structure"` @@ -175648,6 +184934,12 @@ func (s *VerifiedAccessEndpoint) SetSecurityGroupIds(v []*string) *VerifiedAcces return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *VerifiedAccessEndpoint) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *VerifiedAccessEndpoint { + s.SseSpecification = v + return s +} + // SetStatus sets the Status field's value. func (s *VerifiedAccessEndpoint) SetStatus(v *VerifiedAccessEndpointStatus) *VerifiedAccessEndpoint { s.Status = v @@ -175848,6 +185140,9 @@ type VerifiedAccessGroup struct { // The Amazon Web Services account number that owns the group. Owner *string `locationName:"owner" type:"string"` + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` + // The tags. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` @@ -175909,6 +185204,12 @@ func (s *VerifiedAccessGroup) SetOwner(v string) *VerifiedAccessGroup { return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *VerifiedAccessGroup) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *VerifiedAccessGroup { + s.SseSpecification = v + return s +} + // SetTags sets the Tags field's value. func (s *VerifiedAccessGroup) SetTags(v []*Tag) *VerifiedAccessGroup { s.Tags = v @@ -175943,6 +185244,10 @@ type VerifiedAccessInstance struct { // A description for the Amazon Web Services Verified Access instance. Description *string `locationName:"description" type:"string"` + // Indicates whether support for Federal Information Processing Standards (FIPS) + // is enabled on the instance. + FipsEnabled *bool `locationName:"fipsEnabled" type:"boolean"` + // The last updated time. LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` @@ -175986,6 +185291,12 @@ func (s *VerifiedAccessInstance) SetDescription(v string) *VerifiedAccessInstanc return s } +// SetFipsEnabled sets the FipsEnabled field's value. +func (s *VerifiedAccessInstance) SetFipsEnabled(v bool) *VerifiedAccessInstance { + s.FipsEnabled = &v + return s +} + // SetLastUpdatedTime sets the LastUpdatedTime field's value. func (s *VerifiedAccessInstance) SetLastUpdatedTime(v string) *VerifiedAccessInstance { s.LastUpdatedTime = &v @@ -176304,16 +185615,24 @@ func (s *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) SetEnabled(v bo return s } -// Describes the destinations for Verified Access logs. +// Options for Verified Access logs. type VerifiedAccessLogOptions struct { _ struct{} `type:"structure"` // Sends Verified Access logs to CloudWatch Logs. CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestinationOptions `type:"structure"` + // Indicates whether to include trust data sent by trust providers in the logs. + IncludeTrustContext *bool `type:"boolean"` + // Sends Verified Access logs to Kinesis. KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestinationOptions `type:"structure"` + // The logging version. + // + // Valid values: ocsf-0.1 | ocsf-1.0.0-rc.2 + LogVersion *string `type:"string"` + // Sends Verified Access logs to Amazon S3. S3 *VerifiedAccessLogS3DestinationOptions `type:"structure"` } @@ -176367,12 +185686,24 @@ func (s *VerifiedAccessLogOptions) SetCloudWatchLogs(v *VerifiedAccessLogCloudWa return s } +// SetIncludeTrustContext sets the IncludeTrustContext field's value. +func (s *VerifiedAccessLogOptions) SetIncludeTrustContext(v bool) *VerifiedAccessLogOptions { + s.IncludeTrustContext = &v + return s +} + // SetKinesisDataFirehose sets the KinesisDataFirehose field's value. func (s *VerifiedAccessLogOptions) SetKinesisDataFirehose(v *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) *VerifiedAccessLogOptions { s.KinesisDataFirehose = v return s } +// SetLogVersion sets the LogVersion field's value. +func (s *VerifiedAccessLogOptions) SetLogVersion(v string) *VerifiedAccessLogOptions { + s.LogVersion = &v + return s +} + // SetS3 sets the S3 field's value. func (s *VerifiedAccessLogOptions) SetS3(v *VerifiedAccessLogS3DestinationOptions) *VerifiedAccessLogOptions { s.S3 = v @@ -176521,16 +185852,22 @@ func (s *VerifiedAccessLogS3DestinationOptions) SetPrefix(v string) *VerifiedAcc return s } -// Describes the destinations for Verified Access logs. +// Describes the options for Verified Access logs. type VerifiedAccessLogs struct { _ struct{} `type:"structure"` // CloudWatch Logs logging destination. CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestination `locationName:"cloudWatchLogs" type:"structure"` + // Indicates whether trust data is included in the logs. + IncludeTrustContext *bool `locationName:"includeTrustContext" type:"boolean"` + // Kinesis logging destination. KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestination `locationName:"kinesisDataFirehose" type:"structure"` + // The log version. + LogVersion *string `locationName:"logVersion" type:"string"` + // Amazon S3 logging options. S3 *VerifiedAccessLogS3Destination `locationName:"s3" type:"structure"` } @@ -176559,18 +185896,118 @@ func (s *VerifiedAccessLogs) SetCloudWatchLogs(v *VerifiedAccessLogCloudWatchLog return s } +// SetIncludeTrustContext sets the IncludeTrustContext field's value. +func (s *VerifiedAccessLogs) SetIncludeTrustContext(v bool) *VerifiedAccessLogs { + s.IncludeTrustContext = &v + return s +} + // SetKinesisDataFirehose sets the KinesisDataFirehose field's value. func (s *VerifiedAccessLogs) SetKinesisDataFirehose(v *VerifiedAccessLogKinesisDataFirehoseDestination) *VerifiedAccessLogs { s.KinesisDataFirehose = v return s } +// SetLogVersion sets the LogVersion field's value. +func (s *VerifiedAccessLogs) SetLogVersion(v string) *VerifiedAccessLogs { + s.LogVersion = &v + return s +} + // SetS3 sets the S3 field's value. func (s *VerifiedAccessLogs) SetS3(v *VerifiedAccessLogS3Destination) *VerifiedAccessLogs { s.S3 = v return s } +// Verified Access provides server side encryption by default to data at rest +// using Amazon Web Services-owned KMS keys. You also have the option of using +// customer managed KMS keys, which can be specified using the options below. +type VerifiedAccessSseSpecificationRequest struct { + _ struct{} `type:"structure"` + + // Enable or disable the use of customer managed KMS keys for server side encryption. + // + // Valid values: True | False + CustomerManagedKeyEnabled *bool `type:"boolean"` + + // The ARN of the KMS key. + KmsKeyArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessSseSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessSseSpecificationRequest) GoString() string { + return s.String() +} + +// SetCustomerManagedKeyEnabled sets the CustomerManagedKeyEnabled field's value. +func (s *VerifiedAccessSseSpecificationRequest) SetCustomerManagedKeyEnabled(v bool) *VerifiedAccessSseSpecificationRequest { + s.CustomerManagedKeyEnabled = &v + return s +} + +// SetKmsKeyArn sets the KmsKeyArn field's value. +func (s *VerifiedAccessSseSpecificationRequest) SetKmsKeyArn(v string) *VerifiedAccessSseSpecificationRequest { + s.KmsKeyArn = &v + return s +} + +// The options in use for server side encryption. +type VerifiedAccessSseSpecificationResponse struct { + _ struct{} `type:"structure"` + + // Indicates whether customer managed KMS keys are in use for server side encryption. + // + // Valid values: True | False + CustomerManagedKeyEnabled *bool `locationName:"customerManagedKeyEnabled" type:"boolean"` + + // The ARN of the KMS key. + KmsKeyArn *string `locationName:"kmsKeyArn" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessSseSpecificationResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessSseSpecificationResponse) GoString() string { + return s.String() +} + +// SetCustomerManagedKeyEnabled sets the CustomerManagedKeyEnabled field's value. +func (s *VerifiedAccessSseSpecificationResponse) SetCustomerManagedKeyEnabled(v bool) *VerifiedAccessSseSpecificationResponse { + s.CustomerManagedKeyEnabled = &v + return s +} + +// SetKmsKeyArn sets the KmsKeyArn field's value. +func (s *VerifiedAccessSseSpecificationResponse) SetKmsKeyArn(v string) *VerifiedAccessSseSpecificationResponse { + s.KmsKeyArn = &v + return s +} + // Describes a Verified Access trust provider. type VerifiedAccessTrustProvider struct { _ struct{} `type:"structure"` @@ -176581,7 +186018,7 @@ type VerifiedAccessTrustProvider struct { // A description for the Amazon Web Services Verified Access trust provider. Description *string `locationName:"description" type:"string"` - // The options for device-identity type trust provider. + // The options for device-identity trust provider. DeviceOptions *DeviceOptions `locationName:"deviceOptions" type:"structure"` // The type of device-based trust provider. @@ -176590,12 +186027,15 @@ type VerifiedAccessTrustProvider struct { // The last updated time. LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` - // The OpenID Connect details for an oidc-type, user-identity based trust provider. + // The options for an OpenID Connect-compatible user-identity trust provider. OidcOptions *OidcOptions `locationName:"oidcOptions" type:"structure"` // The identifier to be used when working with policy rules. PolicyReferenceName *string `locationName:"policyReferenceName" type:"string"` + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` + // The tags. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` @@ -176669,6 +186109,12 @@ func (s *VerifiedAccessTrustProvider) SetPolicyReferenceName(v string) *Verified return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *VerifiedAccessTrustProvider) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *VerifiedAccessTrustProvider { + s.SseSpecification = v + return s +} + // SetTags sets the Tags field's value. func (s *VerifiedAccessTrustProvider) SetTags(v []*Tag) *VerifiedAccessTrustProvider { s.Tags = v @@ -176771,7 +186217,8 @@ type VgwTelemetry struct { // The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate. CertificateArn *string `locationName:"certificateArn" type:"string"` - // The date and time of the last change in status. + // The date and time of the last change in status. This field is updated when + // changes in IKE (Phase 1), IPSec (Phase 2), or BGP status are detected. LastStatusChange *time.Time `locationName:"lastStatusChange" type:"timestamp"` // The Internet-routable IP address of the virtual private gateway's outside @@ -176880,6 +186327,9 @@ type Volume struct { // The snapshot from which the volume was created, if applicable. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` + // The volume state. State *string `locationName:"status" type:"string" enum:"VolumeState"` @@ -176980,6 +186430,12 @@ func (s *Volume) SetSnapshotId(v string) *Volume { return s } +// SetSseType sets the SseType field's value. +func (s *Volume) SetSseType(v string) *Volume { + s.SseType = &v + return s +} + // SetState sets the State field's value. func (s *Volume) SetState(v string) *Volume { s.State = &v @@ -177894,9 +187350,7 @@ func (s *VpcCidrBlockState) SetStatusMessage(v string) *VpcCidrBlockState { return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Deprecated. // // Describes whether a VPC is enabled for ClassicLink. type VpcClassicLink struct { @@ -178415,10 +187869,6 @@ func (s *VpcPeeringConnection) SetVpcPeeringConnectionId(v string) *VpcPeeringCo return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Describes the VPC peering connection options. type VpcPeeringConnectionOptionsDescription struct { _ struct{} `type:"structure"` @@ -178427,12 +187877,10 @@ type VpcPeeringConnectionOptionsDescription struct { // IP addresses when queried from instances in a peer VPC. AllowDnsResolutionFromRemoteVpc *bool `locationName:"allowDnsResolutionFromRemoteVpc" type:"boolean"` - // Indicates whether a local ClassicLink connection can communicate with the - // peer VPC over the VPC peering connection. + // Deprecated. AllowEgressFromLocalClassicLinkToRemoteVpc *bool `locationName:"allowEgressFromLocalClassicLinkToRemoteVpc" type:"boolean"` - // Indicates whether a local VPC can communicate with a ClassicLink connection - // in the peer VPC over the VPC peering connection. + // Deprecated. AllowEgressFromLocalVpcToRemoteClassicLink *bool `locationName:"allowEgressFromLocalVpcToRemoteClassicLink" type:"boolean"` } @@ -178619,7 +188067,11 @@ type VpnConnection struct { // the native XML format). This element is always present in the CreateVpnConnection // response; however, it's present in the DescribeVpnConnections response only // if the VPN connection is in the pending or available state. - CustomerGatewayConfiguration *string `locationName:"customerGatewayConfiguration" type:"string"` + // + // CustomerGatewayConfiguration is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by VpnConnection's + // String and GoString methods. + CustomerGatewayConfiguration *string `locationName:"customerGatewayConfiguration" type:"string" sensitive:"true"` // The ID of the customer gateway at your end of the VPN connection. CustomerGatewayId *string `locationName:"customerGatewayId" type:"string"` @@ -179301,6 +188753,9 @@ type VpnTunnelOptionsSpecification struct { // Default: 30 DPDTimeoutSeconds *int64 `type:"integer"` + // Turn on or off tunnel endpoint lifecycle control feature. + EnableTunnelLifecycleControl *bool `type:"boolean"` + // The IKE versions that are permitted for the VPN tunnel. // // Valid values: ikev1 | ikev2 @@ -179366,7 +188821,11 @@ type VpnTunnelOptionsSpecification struct { // Constraints: Allowed characters are alphanumeric characters, periods (.), // and underscores (_). Must be between 8 and 64 characters in length and cannot // start with zero (0). - PreSharedKey *string `type:"string"` + // + // PreSharedKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by VpnTunnelOptionsSpecification's + // String and GoString methods. + PreSharedKey *string `type:"string" sensitive:"true"` // The percentage of the rekey window (determined by RekeyMarginTimeSeconds) // during which the rekey time is randomly selected. @@ -179462,6 +188921,12 @@ func (s *VpnTunnelOptionsSpecification) SetDPDTimeoutSeconds(v int64) *VpnTunnel return s } +// SetEnableTunnelLifecycleControl sets the EnableTunnelLifecycleControl field's value. +func (s *VpnTunnelOptionsSpecification) SetEnableTunnelLifecycleControl(v bool) *VpnTunnelOptionsSpecification { + s.EnableTunnelLifecycleControl = &v + return s +} + // SetIKEVersions sets the IKEVersions field's value. func (s *VpnTunnelOptionsSpecification) SetIKEVersions(v []*IKEVersionsRequestListValue) *VpnTunnelOptionsSpecification { s.IKEVersions = v @@ -179654,26 +189119,30 @@ func (s *WithdrawByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *WithdrawByoipCidrO } const ( - // AcceleratorManufacturerNvidia is a AcceleratorManufacturer enum value - AcceleratorManufacturerNvidia = "nvidia" + // AcceleratorManufacturerAmazonWebServices is a AcceleratorManufacturer enum value + AcceleratorManufacturerAmazonWebServices = "amazon-web-services" // AcceleratorManufacturerAmd is a AcceleratorManufacturer enum value AcceleratorManufacturerAmd = "amd" - // AcceleratorManufacturerAmazonWebServices is a AcceleratorManufacturer enum value - AcceleratorManufacturerAmazonWebServices = "amazon-web-services" + // AcceleratorManufacturerNvidia is a AcceleratorManufacturer enum value + AcceleratorManufacturerNvidia = "nvidia" // AcceleratorManufacturerXilinx is a AcceleratorManufacturer enum value AcceleratorManufacturerXilinx = "xilinx" + + // AcceleratorManufacturerHabana is a AcceleratorManufacturer enum value + AcceleratorManufacturerHabana = "habana" ) // AcceleratorManufacturer_Values returns all elements of the AcceleratorManufacturer enum func AcceleratorManufacturer_Values() []string { return []string{ - AcceleratorManufacturerNvidia, - AcceleratorManufacturerAmd, AcceleratorManufacturerAmazonWebServices, + AcceleratorManufacturerAmd, + AcceleratorManufacturerNvidia, AcceleratorManufacturerXilinx, + AcceleratorManufacturerHabana, } } @@ -179681,43 +189150,55 @@ const ( // AcceleratorNameA100 is a AcceleratorName enum value AcceleratorNameA100 = "a100" - // AcceleratorNameV100 is a AcceleratorName enum value - AcceleratorNameV100 = "v100" + // AcceleratorNameInferentia is a AcceleratorName enum value + AcceleratorNameInferentia = "inferentia" + + // AcceleratorNameK520 is a AcceleratorName enum value + AcceleratorNameK520 = "k520" // AcceleratorNameK80 is a AcceleratorName enum value AcceleratorNameK80 = "k80" - // AcceleratorNameT4 is a AcceleratorName enum value - AcceleratorNameT4 = "t4" - // AcceleratorNameM60 is a AcceleratorName enum value AcceleratorNameM60 = "m60" // AcceleratorNameRadeonProV520 is a AcceleratorName enum value AcceleratorNameRadeonProV520 = "radeon-pro-v520" + // AcceleratorNameT4 is a AcceleratorName enum value + AcceleratorNameT4 = "t4" + // AcceleratorNameVu9p is a AcceleratorName enum value AcceleratorNameVu9p = "vu9p" - // AcceleratorNameInferentia is a AcceleratorName enum value - AcceleratorNameInferentia = "inferentia" + // AcceleratorNameV100 is a AcceleratorName enum value + AcceleratorNameV100 = "v100" - // AcceleratorNameK520 is a AcceleratorName enum value - AcceleratorNameK520 = "k520" + // AcceleratorNameA10g is a AcceleratorName enum value + AcceleratorNameA10g = "a10g" + + // AcceleratorNameH100 is a AcceleratorName enum value + AcceleratorNameH100 = "h100" + + // AcceleratorNameT4g is a AcceleratorName enum value + AcceleratorNameT4g = "t4g" ) // AcceleratorName_Values returns all elements of the AcceleratorName enum func AcceleratorName_Values() []string { return []string{ AcceleratorNameA100, - AcceleratorNameV100, + AcceleratorNameInferentia, + AcceleratorNameK520, AcceleratorNameK80, - AcceleratorNameT4, AcceleratorNameM60, AcceleratorNameRadeonProV520, + AcceleratorNameT4, AcceleratorNameVu9p, - AcceleratorNameInferentia, - AcceleratorNameK520, + AcceleratorNameV100, + AcceleratorNameA10g, + AcceleratorNameH100, + AcceleratorNameT4g, } } @@ -179933,6 +189414,22 @@ func AllowsMultipleInstanceTypes_Values() []string { } } +const ( + // AmdSevSnpSpecificationEnabled is a AmdSevSnpSpecification enum value + AmdSevSnpSpecificationEnabled = "enabled" + + // AmdSevSnpSpecificationDisabled is a AmdSevSnpSpecification enum value + AmdSevSnpSpecificationDisabled = "disabled" +) + +// AmdSevSnpSpecification_Values returns all elements of the AmdSevSnpSpecification enum +func AmdSevSnpSpecification_Values() []string { + return []string{ + AmdSevSnpSpecificationEnabled, + AmdSevSnpSpecificationDisabled, + } +} + const ( // AnalysisStatusRunning is a AnalysisStatus enum value AnalysisStatusRunning = "running" @@ -180025,6 +189522,70 @@ func ArchitectureValues_Values() []string { } } +const ( + // AsnAssociationStateDisassociated is a AsnAssociationState enum value + AsnAssociationStateDisassociated = "disassociated" + + // AsnAssociationStateFailedDisassociation is a AsnAssociationState enum value + AsnAssociationStateFailedDisassociation = "failed-disassociation" + + // AsnAssociationStateFailedAssociation is a AsnAssociationState enum value + AsnAssociationStateFailedAssociation = "failed-association" + + // AsnAssociationStatePendingDisassociation is a AsnAssociationState enum value + AsnAssociationStatePendingDisassociation = "pending-disassociation" + + // AsnAssociationStatePendingAssociation is a AsnAssociationState enum value + AsnAssociationStatePendingAssociation = "pending-association" + + // AsnAssociationStateAssociated is a AsnAssociationState enum value + AsnAssociationStateAssociated = "associated" +) + +// AsnAssociationState_Values returns all elements of the AsnAssociationState enum +func AsnAssociationState_Values() []string { + return []string{ + AsnAssociationStateDisassociated, + AsnAssociationStateFailedDisassociation, + AsnAssociationStateFailedAssociation, + AsnAssociationStatePendingDisassociation, + AsnAssociationStatePendingAssociation, + AsnAssociationStateAssociated, + } +} + +const ( + // AsnStateDeprovisioned is a AsnState enum value + AsnStateDeprovisioned = "deprovisioned" + + // AsnStateFailedDeprovision is a AsnState enum value + AsnStateFailedDeprovision = "failed-deprovision" + + // AsnStateFailedProvision is a AsnState enum value + AsnStateFailedProvision = "failed-provision" + + // AsnStatePendingDeprovision is a AsnState enum value + AsnStatePendingDeprovision = "pending-deprovision" + + // AsnStatePendingProvision is a AsnState enum value + AsnStatePendingProvision = "pending-provision" + + // AsnStateProvisioned is a AsnState enum value + AsnStateProvisioned = "provisioned" +) + +// AsnState_Values returns all elements of the AsnState enum +func AsnState_Values() []string { + return []string{ + AsnStateDeprovisioned, + AsnStateFailedDeprovision, + AsnStateFailedProvision, + AsnStatePendingDeprovision, + AsnStatePendingProvision, + AsnStateProvisioned, + } +} + const ( // AssociatedNetworkTypeVpc is a AssociatedNetworkType enum value AssociatedNetworkTypeVpc = "vpc" @@ -180532,6 +190093,9 @@ const ( // CapacityReservationInstancePlatformRhelwithHaandSqlserverEnterprise is a CapacityReservationInstancePlatform enum value CapacityReservationInstancePlatformRhelwithHaandSqlserverEnterprise = "RHEL with HA and SQL Server Enterprise" + + // CapacityReservationInstancePlatformUbuntuPro is a CapacityReservationInstancePlatform enum value + CapacityReservationInstancePlatformUbuntuPro = "Ubuntu Pro" ) // CapacityReservationInstancePlatform_Values returns all elements of the CapacityReservationInstancePlatform enum @@ -180554,6 +190118,7 @@ func CapacityReservationInstancePlatform_Values() []string { CapacityReservationInstancePlatformRhelwithHa, CapacityReservationInstancePlatformRhelwithHaandSqlserverStandard, CapacityReservationInstancePlatformRhelwithHaandSqlserverEnterprise, + CapacityReservationInstancePlatformUbuntuPro, } } @@ -180588,6 +190153,15 @@ const ( // CapacityReservationStateFailed is a CapacityReservationState enum value CapacityReservationStateFailed = "failed" + + // CapacityReservationStateScheduled is a CapacityReservationState enum value + CapacityReservationStateScheduled = "scheduled" + + // CapacityReservationStatePaymentPending is a CapacityReservationState enum value + CapacityReservationStatePaymentPending = "payment-pending" + + // CapacityReservationStatePaymentFailed is a CapacityReservationState enum value + CapacityReservationStatePaymentFailed = "payment-failed" ) // CapacityReservationState_Values returns all elements of the CapacityReservationState enum @@ -180598,6 +190172,9 @@ func CapacityReservationState_Values() []string { CapacityReservationStateCancelled, CapacityReservationStatePending, CapacityReservationStateFailed, + CapacityReservationStateScheduled, + CapacityReservationStatePaymentPending, + CapacityReservationStatePaymentFailed, } } @@ -180617,6 +190194,22 @@ func CapacityReservationTenancy_Values() []string { } } +const ( + // CapacityReservationTypeDefault is a CapacityReservationType enum value + CapacityReservationTypeDefault = "default" + + // CapacityReservationTypeCapacityBlock is a CapacityReservationType enum value + CapacityReservationTypeCapacityBlock = "capacity-block" +) + +// CapacityReservationType_Values returns all elements of the CapacityReservationType enum +func CapacityReservationType_Values() []string { + return []string{ + CapacityReservationTypeDefault, + CapacityReservationTypeCapacityBlock, + } +} + const ( // CarrierGatewayStatePending is a CarrierGatewayState enum value CarrierGatewayStatePending = "pending" @@ -180967,6 +190560,9 @@ const ( // DefaultTargetCapacityTypeOnDemand is a DefaultTargetCapacityType enum value DefaultTargetCapacityTypeOnDemand = "on-demand" + + // DefaultTargetCapacityTypeCapacityBlock is a DefaultTargetCapacityType enum value + DefaultTargetCapacityTypeCapacityBlock = "capacity-block" ) // DefaultTargetCapacityType_Values returns all elements of the DefaultTargetCapacityType enum @@ -180974,6 +190570,7 @@ func DefaultTargetCapacityType_Values() []string { return []string{ DefaultTargetCapacityTypeSpot, DefaultTargetCapacityTypeOnDemand, + DefaultTargetCapacityTypeCapacityBlock, } } @@ -181043,6 +190640,9 @@ const ( // DeviceTrustProviderTypeCrowdstrike is a DeviceTrustProviderType enum value DeviceTrustProviderTypeCrowdstrike = "crowdstrike" + + // DeviceTrustProviderTypeJumpcloud is a DeviceTrustProviderType enum value + DeviceTrustProviderTypeJumpcloud = "jumpcloud" ) // DeviceTrustProviderType_Values returns all elements of the DeviceTrustProviderType enum @@ -181050,6 +190650,7 @@ func DeviceTrustProviderType_Values() []string { return []string{ DeviceTrustProviderTypeJamf, DeviceTrustProviderTypeCrowdstrike, + DeviceTrustProviderTypeJumpcloud, } } @@ -181253,6 +190854,38 @@ func EbsOptimizedSupport_Values() []string { } } +const ( + // Ec2InstanceConnectEndpointStateCreateInProgress is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateCreateInProgress = "create-in-progress" + + // Ec2InstanceConnectEndpointStateCreateComplete is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateCreateComplete = "create-complete" + + // Ec2InstanceConnectEndpointStateCreateFailed is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateCreateFailed = "create-failed" + + // Ec2InstanceConnectEndpointStateDeleteInProgress is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateDeleteInProgress = "delete-in-progress" + + // Ec2InstanceConnectEndpointStateDeleteComplete is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateDeleteComplete = "delete-complete" + + // Ec2InstanceConnectEndpointStateDeleteFailed is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateDeleteFailed = "delete-failed" +) + +// Ec2InstanceConnectEndpointState_Values returns all elements of the Ec2InstanceConnectEndpointState enum +func Ec2InstanceConnectEndpointState_Values() []string { + return []string{ + Ec2InstanceConnectEndpointStateCreateInProgress, + Ec2InstanceConnectEndpointStateCreateComplete, + Ec2InstanceConnectEndpointStateCreateFailed, + Ec2InstanceConnectEndpointStateDeleteInProgress, + Ec2InstanceConnectEndpointStateDeleteComplete, + Ec2InstanceConnectEndpointStateDeleteFailed, + } +} + const ( // ElasticGpuStateAttached is a ElasticGpuState enum value ElasticGpuStateAttached = "ATTACHED" @@ -182029,6 +191662,30 @@ func ImageAttributeName_Values() []string { } } +const ( + // ImageBlockPublicAccessDisabledStateUnblocked is a ImageBlockPublicAccessDisabledState enum value + ImageBlockPublicAccessDisabledStateUnblocked = "unblocked" +) + +// ImageBlockPublicAccessDisabledState_Values returns all elements of the ImageBlockPublicAccessDisabledState enum +func ImageBlockPublicAccessDisabledState_Values() []string { + return []string{ + ImageBlockPublicAccessDisabledStateUnblocked, + } +} + +const ( + // ImageBlockPublicAccessEnabledStateBlockNewSharing is a ImageBlockPublicAccessEnabledState enum value + ImageBlockPublicAccessEnabledStateBlockNewSharing = "block-new-sharing" +) + +// ImageBlockPublicAccessEnabledState_Values returns all elements of the ImageBlockPublicAccessEnabledState enum +func ImageBlockPublicAccessEnabledState_Values() []string { + return []string{ + ImageBlockPublicAccessEnabledStateBlockNewSharing, + } +} + const ( // ImageStatePending is a ImageState enum value ImageStatePending = "pending" @@ -182050,6 +191707,9 @@ const ( // ImageStateError is a ImageState enum value ImageStateError = "error" + + // ImageStateDisabled is a ImageState enum value + ImageStateDisabled = "disabled" ) // ImageState_Values returns all elements of the ImageState enum @@ -182062,6 +191722,7 @@ func ImageState_Values() []string { ImageStateTransient, ImageStateFailed, ImageStateError, + ImageStateDisabled, } } @@ -182299,6 +191960,9 @@ const ( // InstanceLifecycleTypeScheduled is a InstanceLifecycleType enum value InstanceLifecycleTypeScheduled = "scheduled" + + // InstanceLifecycleTypeCapacityBlock is a InstanceLifecycleType enum value + InstanceLifecycleTypeCapacityBlock = "capacity-block" ) // InstanceLifecycleType_Values returns all elements of the InstanceLifecycleType enum @@ -182306,6 +191970,7 @@ func InstanceLifecycleType_Values() []string { return []string{ InstanceLifecycleTypeSpot, InstanceLifecycleTypeScheduled, + InstanceLifecycleTypeCapacityBlock, } } @@ -184294,6 +193959,492 @@ const ( // InstanceTypeR6idn32xlarge is a InstanceType enum value InstanceTypeR6idn32xlarge = "r6idn.32xlarge" + + // InstanceTypeC7gMetal is a InstanceType enum value + InstanceTypeC7gMetal = "c7g.metal" + + // InstanceTypeM7gMedium is a InstanceType enum value + InstanceTypeM7gMedium = "m7g.medium" + + // InstanceTypeM7gLarge is a InstanceType enum value + InstanceTypeM7gLarge = "m7g.large" + + // InstanceTypeM7gXlarge is a InstanceType enum value + InstanceTypeM7gXlarge = "m7g.xlarge" + + // InstanceTypeM7g2xlarge is a InstanceType enum value + InstanceTypeM7g2xlarge = "m7g.2xlarge" + + // InstanceTypeM7g4xlarge is a InstanceType enum value + InstanceTypeM7g4xlarge = "m7g.4xlarge" + + // InstanceTypeM7g8xlarge is a InstanceType enum value + InstanceTypeM7g8xlarge = "m7g.8xlarge" + + // InstanceTypeM7g12xlarge is a InstanceType enum value + InstanceTypeM7g12xlarge = "m7g.12xlarge" + + // InstanceTypeM7g16xlarge is a InstanceType enum value + InstanceTypeM7g16xlarge = "m7g.16xlarge" + + // InstanceTypeM7gMetal is a InstanceType enum value + InstanceTypeM7gMetal = "m7g.metal" + + // InstanceTypeR7gMedium is a InstanceType enum value + InstanceTypeR7gMedium = "r7g.medium" + + // InstanceTypeR7gLarge is a InstanceType enum value + InstanceTypeR7gLarge = "r7g.large" + + // InstanceTypeR7gXlarge is a InstanceType enum value + InstanceTypeR7gXlarge = "r7g.xlarge" + + // InstanceTypeR7g2xlarge is a InstanceType enum value + InstanceTypeR7g2xlarge = "r7g.2xlarge" + + // InstanceTypeR7g4xlarge is a InstanceType enum value + InstanceTypeR7g4xlarge = "r7g.4xlarge" + + // InstanceTypeR7g8xlarge is a InstanceType enum value + InstanceTypeR7g8xlarge = "r7g.8xlarge" + + // InstanceTypeR7g12xlarge is a InstanceType enum value + InstanceTypeR7g12xlarge = "r7g.12xlarge" + + // InstanceTypeR7g16xlarge is a InstanceType enum value + InstanceTypeR7g16xlarge = "r7g.16xlarge" + + // InstanceTypeR7gMetal is a InstanceType enum value + InstanceTypeR7gMetal = "r7g.metal" + + // InstanceTypeC6inMetal is a InstanceType enum value + InstanceTypeC6inMetal = "c6in.metal" + + // InstanceTypeM6inMetal is a InstanceType enum value + InstanceTypeM6inMetal = "m6in.metal" + + // InstanceTypeM6idnMetal is a InstanceType enum value + InstanceTypeM6idnMetal = "m6idn.metal" + + // InstanceTypeR6inMetal is a InstanceType enum value + InstanceTypeR6inMetal = "r6in.metal" + + // InstanceTypeR6idnMetal is a InstanceType enum value + InstanceTypeR6idnMetal = "r6idn.metal" + + // InstanceTypeInf2Xlarge is a InstanceType enum value + InstanceTypeInf2Xlarge = "inf2.xlarge" + + // InstanceTypeInf28xlarge is a InstanceType enum value + InstanceTypeInf28xlarge = "inf2.8xlarge" + + // InstanceTypeInf224xlarge is a InstanceType enum value + InstanceTypeInf224xlarge = "inf2.24xlarge" + + // InstanceTypeInf248xlarge is a InstanceType enum value + InstanceTypeInf248xlarge = "inf2.48xlarge" + + // InstanceTypeTrn1n32xlarge is a InstanceType enum value + InstanceTypeTrn1n32xlarge = "trn1n.32xlarge" + + // InstanceTypeI4gLarge is a InstanceType enum value + InstanceTypeI4gLarge = "i4g.large" + + // InstanceTypeI4gXlarge is a InstanceType enum value + InstanceTypeI4gXlarge = "i4g.xlarge" + + // InstanceTypeI4g2xlarge is a InstanceType enum value + InstanceTypeI4g2xlarge = "i4g.2xlarge" + + // InstanceTypeI4g4xlarge is a InstanceType enum value + InstanceTypeI4g4xlarge = "i4g.4xlarge" + + // InstanceTypeI4g8xlarge is a InstanceType enum value + InstanceTypeI4g8xlarge = "i4g.8xlarge" + + // InstanceTypeI4g16xlarge is a InstanceType enum value + InstanceTypeI4g16xlarge = "i4g.16xlarge" + + // InstanceTypeHpc7g4xlarge is a InstanceType enum value + InstanceTypeHpc7g4xlarge = "hpc7g.4xlarge" + + // InstanceTypeHpc7g8xlarge is a InstanceType enum value + InstanceTypeHpc7g8xlarge = "hpc7g.8xlarge" + + // InstanceTypeHpc7g16xlarge is a InstanceType enum value + InstanceTypeHpc7g16xlarge = "hpc7g.16xlarge" + + // InstanceTypeC7gnMedium is a InstanceType enum value + InstanceTypeC7gnMedium = "c7gn.medium" + + // InstanceTypeC7gnLarge is a InstanceType enum value + InstanceTypeC7gnLarge = "c7gn.large" + + // InstanceTypeC7gnXlarge is a InstanceType enum value + InstanceTypeC7gnXlarge = "c7gn.xlarge" + + // InstanceTypeC7gn2xlarge is a InstanceType enum value + InstanceTypeC7gn2xlarge = "c7gn.2xlarge" + + // InstanceTypeC7gn4xlarge is a InstanceType enum value + InstanceTypeC7gn4xlarge = "c7gn.4xlarge" + + // InstanceTypeC7gn8xlarge is a InstanceType enum value + InstanceTypeC7gn8xlarge = "c7gn.8xlarge" + + // InstanceTypeC7gn12xlarge is a InstanceType enum value + InstanceTypeC7gn12xlarge = "c7gn.12xlarge" + + // InstanceTypeC7gn16xlarge is a InstanceType enum value + InstanceTypeC7gn16xlarge = "c7gn.16xlarge" + + // InstanceTypeP548xlarge is a InstanceType enum value + InstanceTypeP548xlarge = "p5.48xlarge" + + // InstanceTypeM7iLarge is a InstanceType enum value + InstanceTypeM7iLarge = "m7i.large" + + // InstanceTypeM7iXlarge is a InstanceType enum value + InstanceTypeM7iXlarge = "m7i.xlarge" + + // InstanceTypeM7i2xlarge is a InstanceType enum value + InstanceTypeM7i2xlarge = "m7i.2xlarge" + + // InstanceTypeM7i4xlarge is a InstanceType enum value + InstanceTypeM7i4xlarge = "m7i.4xlarge" + + // InstanceTypeM7i8xlarge is a InstanceType enum value + InstanceTypeM7i8xlarge = "m7i.8xlarge" + + // InstanceTypeM7i12xlarge is a InstanceType enum value + InstanceTypeM7i12xlarge = "m7i.12xlarge" + + // InstanceTypeM7i16xlarge is a InstanceType enum value + InstanceTypeM7i16xlarge = "m7i.16xlarge" + + // InstanceTypeM7i24xlarge is a InstanceType enum value + InstanceTypeM7i24xlarge = "m7i.24xlarge" + + // InstanceTypeM7i48xlarge is a InstanceType enum value + InstanceTypeM7i48xlarge = "m7i.48xlarge" + + // InstanceTypeM7iFlexLarge is a InstanceType enum value + InstanceTypeM7iFlexLarge = "m7i-flex.large" + + // InstanceTypeM7iFlexXlarge is a InstanceType enum value + InstanceTypeM7iFlexXlarge = "m7i-flex.xlarge" + + // InstanceTypeM7iFlex2xlarge is a InstanceType enum value + InstanceTypeM7iFlex2xlarge = "m7i-flex.2xlarge" + + // InstanceTypeM7iFlex4xlarge is a InstanceType enum value + InstanceTypeM7iFlex4xlarge = "m7i-flex.4xlarge" + + // InstanceTypeM7iFlex8xlarge is a InstanceType enum value + InstanceTypeM7iFlex8xlarge = "m7i-flex.8xlarge" + + // InstanceTypeM7aMedium is a InstanceType enum value + InstanceTypeM7aMedium = "m7a.medium" + + // InstanceTypeM7aLarge is a InstanceType enum value + InstanceTypeM7aLarge = "m7a.large" + + // InstanceTypeM7aXlarge is a InstanceType enum value + InstanceTypeM7aXlarge = "m7a.xlarge" + + // InstanceTypeM7a2xlarge is a InstanceType enum value + InstanceTypeM7a2xlarge = "m7a.2xlarge" + + // InstanceTypeM7a4xlarge is a InstanceType enum value + InstanceTypeM7a4xlarge = "m7a.4xlarge" + + // InstanceTypeM7a8xlarge is a InstanceType enum value + InstanceTypeM7a8xlarge = "m7a.8xlarge" + + // InstanceTypeM7a12xlarge is a InstanceType enum value + InstanceTypeM7a12xlarge = "m7a.12xlarge" + + // InstanceTypeM7a16xlarge is a InstanceType enum value + InstanceTypeM7a16xlarge = "m7a.16xlarge" + + // InstanceTypeM7a24xlarge is a InstanceType enum value + InstanceTypeM7a24xlarge = "m7a.24xlarge" + + // InstanceTypeM7a32xlarge is a InstanceType enum value + InstanceTypeM7a32xlarge = "m7a.32xlarge" + + // InstanceTypeM7a48xlarge is a InstanceType enum value + InstanceTypeM7a48xlarge = "m7a.48xlarge" + + // InstanceTypeM7aMetal48xl is a InstanceType enum value + InstanceTypeM7aMetal48xl = "m7a.metal-48xl" + + // InstanceTypeHpc7a12xlarge is a InstanceType enum value + InstanceTypeHpc7a12xlarge = "hpc7a.12xlarge" + + // InstanceTypeHpc7a24xlarge is a InstanceType enum value + InstanceTypeHpc7a24xlarge = "hpc7a.24xlarge" + + // InstanceTypeHpc7a48xlarge is a InstanceType enum value + InstanceTypeHpc7a48xlarge = "hpc7a.48xlarge" + + // InstanceTypeHpc7a96xlarge is a InstanceType enum value + InstanceTypeHpc7a96xlarge = "hpc7a.96xlarge" + + // InstanceTypeC7gdMedium is a InstanceType enum value + InstanceTypeC7gdMedium = "c7gd.medium" + + // InstanceTypeC7gdLarge is a InstanceType enum value + InstanceTypeC7gdLarge = "c7gd.large" + + // InstanceTypeC7gdXlarge is a InstanceType enum value + InstanceTypeC7gdXlarge = "c7gd.xlarge" + + // InstanceTypeC7gd2xlarge is a InstanceType enum value + InstanceTypeC7gd2xlarge = "c7gd.2xlarge" + + // InstanceTypeC7gd4xlarge is a InstanceType enum value + InstanceTypeC7gd4xlarge = "c7gd.4xlarge" + + // InstanceTypeC7gd8xlarge is a InstanceType enum value + InstanceTypeC7gd8xlarge = "c7gd.8xlarge" + + // InstanceTypeC7gd12xlarge is a InstanceType enum value + InstanceTypeC7gd12xlarge = "c7gd.12xlarge" + + // InstanceTypeC7gd16xlarge is a InstanceType enum value + InstanceTypeC7gd16xlarge = "c7gd.16xlarge" + + // InstanceTypeM7gdMedium is a InstanceType enum value + InstanceTypeM7gdMedium = "m7gd.medium" + + // InstanceTypeM7gdLarge is a InstanceType enum value + InstanceTypeM7gdLarge = "m7gd.large" + + // InstanceTypeM7gdXlarge is a InstanceType enum value + InstanceTypeM7gdXlarge = "m7gd.xlarge" + + // InstanceTypeM7gd2xlarge is a InstanceType enum value + InstanceTypeM7gd2xlarge = "m7gd.2xlarge" + + // InstanceTypeM7gd4xlarge is a InstanceType enum value + InstanceTypeM7gd4xlarge = "m7gd.4xlarge" + + // InstanceTypeM7gd8xlarge is a InstanceType enum value + InstanceTypeM7gd8xlarge = "m7gd.8xlarge" + + // InstanceTypeM7gd12xlarge is a InstanceType enum value + InstanceTypeM7gd12xlarge = "m7gd.12xlarge" + + // InstanceTypeM7gd16xlarge is a InstanceType enum value + InstanceTypeM7gd16xlarge = "m7gd.16xlarge" + + // InstanceTypeR7gdMedium is a InstanceType enum value + InstanceTypeR7gdMedium = "r7gd.medium" + + // InstanceTypeR7gdLarge is a InstanceType enum value + InstanceTypeR7gdLarge = "r7gd.large" + + // InstanceTypeR7gdXlarge is a InstanceType enum value + InstanceTypeR7gdXlarge = "r7gd.xlarge" + + // InstanceTypeR7gd2xlarge is a InstanceType enum value + InstanceTypeR7gd2xlarge = "r7gd.2xlarge" + + // InstanceTypeR7gd4xlarge is a InstanceType enum value + InstanceTypeR7gd4xlarge = "r7gd.4xlarge" + + // InstanceTypeR7gd8xlarge is a InstanceType enum value + InstanceTypeR7gd8xlarge = "r7gd.8xlarge" + + // InstanceTypeR7gd12xlarge is a InstanceType enum value + InstanceTypeR7gd12xlarge = "r7gd.12xlarge" + + // InstanceTypeR7gd16xlarge is a InstanceType enum value + InstanceTypeR7gd16xlarge = "r7gd.16xlarge" + + // InstanceTypeR7aMedium is a InstanceType enum value + InstanceTypeR7aMedium = "r7a.medium" + + // InstanceTypeR7aLarge is a InstanceType enum value + InstanceTypeR7aLarge = "r7a.large" + + // InstanceTypeR7aXlarge is a InstanceType enum value + InstanceTypeR7aXlarge = "r7a.xlarge" + + // InstanceTypeR7a2xlarge is a InstanceType enum value + InstanceTypeR7a2xlarge = "r7a.2xlarge" + + // InstanceTypeR7a4xlarge is a InstanceType enum value + InstanceTypeR7a4xlarge = "r7a.4xlarge" + + // InstanceTypeR7a8xlarge is a InstanceType enum value + InstanceTypeR7a8xlarge = "r7a.8xlarge" + + // InstanceTypeR7a12xlarge is a InstanceType enum value + InstanceTypeR7a12xlarge = "r7a.12xlarge" + + // InstanceTypeR7a16xlarge is a InstanceType enum value + InstanceTypeR7a16xlarge = "r7a.16xlarge" + + // InstanceTypeR7a24xlarge is a InstanceType enum value + InstanceTypeR7a24xlarge = "r7a.24xlarge" + + // InstanceTypeR7a32xlarge is a InstanceType enum value + InstanceTypeR7a32xlarge = "r7a.32xlarge" + + // InstanceTypeR7a48xlarge is a InstanceType enum value + InstanceTypeR7a48xlarge = "r7a.48xlarge" + + // InstanceTypeC7iLarge is a InstanceType enum value + InstanceTypeC7iLarge = "c7i.large" + + // InstanceTypeC7iXlarge is a InstanceType enum value + InstanceTypeC7iXlarge = "c7i.xlarge" + + // InstanceTypeC7i2xlarge is a InstanceType enum value + InstanceTypeC7i2xlarge = "c7i.2xlarge" + + // InstanceTypeC7i4xlarge is a InstanceType enum value + InstanceTypeC7i4xlarge = "c7i.4xlarge" + + // InstanceTypeC7i8xlarge is a InstanceType enum value + InstanceTypeC7i8xlarge = "c7i.8xlarge" + + // InstanceTypeC7i12xlarge is a InstanceType enum value + InstanceTypeC7i12xlarge = "c7i.12xlarge" + + // InstanceTypeC7i16xlarge is a InstanceType enum value + InstanceTypeC7i16xlarge = "c7i.16xlarge" + + // InstanceTypeC7i24xlarge is a InstanceType enum value + InstanceTypeC7i24xlarge = "c7i.24xlarge" + + // InstanceTypeC7i48xlarge is a InstanceType enum value + InstanceTypeC7i48xlarge = "c7i.48xlarge" + + // InstanceTypeMac2M2proMetal is a InstanceType enum value + InstanceTypeMac2M2proMetal = "mac2-m2pro.metal" + + // InstanceTypeR7izLarge is a InstanceType enum value + InstanceTypeR7izLarge = "r7iz.large" + + // InstanceTypeR7izXlarge is a InstanceType enum value + InstanceTypeR7izXlarge = "r7iz.xlarge" + + // InstanceTypeR7iz2xlarge is a InstanceType enum value + InstanceTypeR7iz2xlarge = "r7iz.2xlarge" + + // InstanceTypeR7iz4xlarge is a InstanceType enum value + InstanceTypeR7iz4xlarge = "r7iz.4xlarge" + + // InstanceTypeR7iz8xlarge is a InstanceType enum value + InstanceTypeR7iz8xlarge = "r7iz.8xlarge" + + // InstanceTypeR7iz12xlarge is a InstanceType enum value + InstanceTypeR7iz12xlarge = "r7iz.12xlarge" + + // InstanceTypeR7iz16xlarge is a InstanceType enum value + InstanceTypeR7iz16xlarge = "r7iz.16xlarge" + + // InstanceTypeR7iz32xlarge is a InstanceType enum value + InstanceTypeR7iz32xlarge = "r7iz.32xlarge" + + // InstanceTypeC7aMedium is a InstanceType enum value + InstanceTypeC7aMedium = "c7a.medium" + + // InstanceTypeC7aLarge is a InstanceType enum value + InstanceTypeC7aLarge = "c7a.large" + + // InstanceTypeC7aXlarge is a InstanceType enum value + InstanceTypeC7aXlarge = "c7a.xlarge" + + // InstanceTypeC7a2xlarge is a InstanceType enum value + InstanceTypeC7a2xlarge = "c7a.2xlarge" + + // InstanceTypeC7a4xlarge is a InstanceType enum value + InstanceTypeC7a4xlarge = "c7a.4xlarge" + + // InstanceTypeC7a8xlarge is a InstanceType enum value + InstanceTypeC7a8xlarge = "c7a.8xlarge" + + // InstanceTypeC7a12xlarge is a InstanceType enum value + InstanceTypeC7a12xlarge = "c7a.12xlarge" + + // InstanceTypeC7a16xlarge is a InstanceType enum value + InstanceTypeC7a16xlarge = "c7a.16xlarge" + + // InstanceTypeC7a24xlarge is a InstanceType enum value + InstanceTypeC7a24xlarge = "c7a.24xlarge" + + // InstanceTypeC7a32xlarge is a InstanceType enum value + InstanceTypeC7a32xlarge = "c7a.32xlarge" + + // InstanceTypeC7a48xlarge is a InstanceType enum value + InstanceTypeC7a48xlarge = "c7a.48xlarge" + + // InstanceTypeC7aMetal48xl is a InstanceType enum value + InstanceTypeC7aMetal48xl = "c7a.metal-48xl" + + // InstanceTypeR7aMetal48xl is a InstanceType enum value + InstanceTypeR7aMetal48xl = "r7a.metal-48xl" + + // InstanceTypeR7iLarge is a InstanceType enum value + InstanceTypeR7iLarge = "r7i.large" + + // InstanceTypeR7iXlarge is a InstanceType enum value + InstanceTypeR7iXlarge = "r7i.xlarge" + + // InstanceTypeR7i2xlarge is a InstanceType enum value + InstanceTypeR7i2xlarge = "r7i.2xlarge" + + // InstanceTypeR7i4xlarge is a InstanceType enum value + InstanceTypeR7i4xlarge = "r7i.4xlarge" + + // InstanceTypeR7i8xlarge is a InstanceType enum value + InstanceTypeR7i8xlarge = "r7i.8xlarge" + + // InstanceTypeR7i12xlarge is a InstanceType enum value + InstanceTypeR7i12xlarge = "r7i.12xlarge" + + // InstanceTypeR7i16xlarge is a InstanceType enum value + InstanceTypeR7i16xlarge = "r7i.16xlarge" + + // InstanceTypeR7i24xlarge is a InstanceType enum value + InstanceTypeR7i24xlarge = "r7i.24xlarge" + + // InstanceTypeR7i48xlarge is a InstanceType enum value + InstanceTypeR7i48xlarge = "r7i.48xlarge" + + // InstanceTypeDl2q24xlarge is a InstanceType enum value + InstanceTypeDl2q24xlarge = "dl2q.24xlarge" + + // InstanceTypeMac2M2Metal is a InstanceType enum value + InstanceTypeMac2M2Metal = "mac2-m2.metal" + + // InstanceTypeI4i12xlarge is a InstanceType enum value + InstanceTypeI4i12xlarge = "i4i.12xlarge" + + // InstanceTypeI4i24xlarge is a InstanceType enum value + InstanceTypeI4i24xlarge = "i4i.24xlarge" + + // InstanceTypeC7iMetal24xl is a InstanceType enum value + InstanceTypeC7iMetal24xl = "c7i.metal-24xl" + + // InstanceTypeC7iMetal48xl is a InstanceType enum value + InstanceTypeC7iMetal48xl = "c7i.metal-48xl" + + // InstanceTypeM7iMetal24xl is a InstanceType enum value + InstanceTypeM7iMetal24xl = "m7i.metal-24xl" + + // InstanceTypeM7iMetal48xl is a InstanceType enum value + InstanceTypeM7iMetal48xl = "m7i.metal-48xl" + + // InstanceTypeR7iMetal24xl is a InstanceType enum value + InstanceTypeR7iMetal24xl = "r7i.metal-24xl" + + // InstanceTypeR7iMetal48xl is a InstanceType enum value + InstanceTypeR7iMetal48xl = "r7i.metal-48xl" ) // InstanceType_Values returns all elements of the InstanceType enum @@ -184918,6 +195069,168 @@ func InstanceType_Values() []string { InstanceTypeR6idn16xlarge, InstanceTypeR6idn24xlarge, InstanceTypeR6idn32xlarge, + InstanceTypeC7gMetal, + InstanceTypeM7gMedium, + InstanceTypeM7gLarge, + InstanceTypeM7gXlarge, + InstanceTypeM7g2xlarge, + InstanceTypeM7g4xlarge, + InstanceTypeM7g8xlarge, + InstanceTypeM7g12xlarge, + InstanceTypeM7g16xlarge, + InstanceTypeM7gMetal, + InstanceTypeR7gMedium, + InstanceTypeR7gLarge, + InstanceTypeR7gXlarge, + InstanceTypeR7g2xlarge, + InstanceTypeR7g4xlarge, + InstanceTypeR7g8xlarge, + InstanceTypeR7g12xlarge, + InstanceTypeR7g16xlarge, + InstanceTypeR7gMetal, + InstanceTypeC6inMetal, + InstanceTypeM6inMetal, + InstanceTypeM6idnMetal, + InstanceTypeR6inMetal, + InstanceTypeR6idnMetal, + InstanceTypeInf2Xlarge, + InstanceTypeInf28xlarge, + InstanceTypeInf224xlarge, + InstanceTypeInf248xlarge, + InstanceTypeTrn1n32xlarge, + InstanceTypeI4gLarge, + InstanceTypeI4gXlarge, + InstanceTypeI4g2xlarge, + InstanceTypeI4g4xlarge, + InstanceTypeI4g8xlarge, + InstanceTypeI4g16xlarge, + InstanceTypeHpc7g4xlarge, + InstanceTypeHpc7g8xlarge, + InstanceTypeHpc7g16xlarge, + InstanceTypeC7gnMedium, + InstanceTypeC7gnLarge, + InstanceTypeC7gnXlarge, + InstanceTypeC7gn2xlarge, + InstanceTypeC7gn4xlarge, + InstanceTypeC7gn8xlarge, + InstanceTypeC7gn12xlarge, + InstanceTypeC7gn16xlarge, + InstanceTypeP548xlarge, + InstanceTypeM7iLarge, + InstanceTypeM7iXlarge, + InstanceTypeM7i2xlarge, + InstanceTypeM7i4xlarge, + InstanceTypeM7i8xlarge, + InstanceTypeM7i12xlarge, + InstanceTypeM7i16xlarge, + InstanceTypeM7i24xlarge, + InstanceTypeM7i48xlarge, + InstanceTypeM7iFlexLarge, + InstanceTypeM7iFlexXlarge, + InstanceTypeM7iFlex2xlarge, + InstanceTypeM7iFlex4xlarge, + InstanceTypeM7iFlex8xlarge, + InstanceTypeM7aMedium, + InstanceTypeM7aLarge, + InstanceTypeM7aXlarge, + InstanceTypeM7a2xlarge, + InstanceTypeM7a4xlarge, + InstanceTypeM7a8xlarge, + InstanceTypeM7a12xlarge, + InstanceTypeM7a16xlarge, + InstanceTypeM7a24xlarge, + InstanceTypeM7a32xlarge, + InstanceTypeM7a48xlarge, + InstanceTypeM7aMetal48xl, + InstanceTypeHpc7a12xlarge, + InstanceTypeHpc7a24xlarge, + InstanceTypeHpc7a48xlarge, + InstanceTypeHpc7a96xlarge, + InstanceTypeC7gdMedium, + InstanceTypeC7gdLarge, + InstanceTypeC7gdXlarge, + InstanceTypeC7gd2xlarge, + InstanceTypeC7gd4xlarge, + InstanceTypeC7gd8xlarge, + InstanceTypeC7gd12xlarge, + InstanceTypeC7gd16xlarge, + InstanceTypeM7gdMedium, + InstanceTypeM7gdLarge, + InstanceTypeM7gdXlarge, + InstanceTypeM7gd2xlarge, + InstanceTypeM7gd4xlarge, + InstanceTypeM7gd8xlarge, + InstanceTypeM7gd12xlarge, + InstanceTypeM7gd16xlarge, + InstanceTypeR7gdMedium, + InstanceTypeR7gdLarge, + InstanceTypeR7gdXlarge, + InstanceTypeR7gd2xlarge, + InstanceTypeR7gd4xlarge, + InstanceTypeR7gd8xlarge, + InstanceTypeR7gd12xlarge, + InstanceTypeR7gd16xlarge, + InstanceTypeR7aMedium, + InstanceTypeR7aLarge, + InstanceTypeR7aXlarge, + InstanceTypeR7a2xlarge, + InstanceTypeR7a4xlarge, + InstanceTypeR7a8xlarge, + InstanceTypeR7a12xlarge, + InstanceTypeR7a16xlarge, + InstanceTypeR7a24xlarge, + InstanceTypeR7a32xlarge, + InstanceTypeR7a48xlarge, + InstanceTypeC7iLarge, + InstanceTypeC7iXlarge, + InstanceTypeC7i2xlarge, + InstanceTypeC7i4xlarge, + InstanceTypeC7i8xlarge, + InstanceTypeC7i12xlarge, + InstanceTypeC7i16xlarge, + InstanceTypeC7i24xlarge, + InstanceTypeC7i48xlarge, + InstanceTypeMac2M2proMetal, + InstanceTypeR7izLarge, + InstanceTypeR7izXlarge, + InstanceTypeR7iz2xlarge, + InstanceTypeR7iz4xlarge, + InstanceTypeR7iz8xlarge, + InstanceTypeR7iz12xlarge, + InstanceTypeR7iz16xlarge, + InstanceTypeR7iz32xlarge, + InstanceTypeC7aMedium, + InstanceTypeC7aLarge, + InstanceTypeC7aXlarge, + InstanceTypeC7a2xlarge, + InstanceTypeC7a4xlarge, + InstanceTypeC7a8xlarge, + InstanceTypeC7a12xlarge, + InstanceTypeC7a16xlarge, + InstanceTypeC7a24xlarge, + InstanceTypeC7a32xlarge, + InstanceTypeC7a48xlarge, + InstanceTypeC7aMetal48xl, + InstanceTypeR7aMetal48xl, + InstanceTypeR7iLarge, + InstanceTypeR7iXlarge, + InstanceTypeR7i2xlarge, + InstanceTypeR7i4xlarge, + InstanceTypeR7i8xlarge, + InstanceTypeR7i12xlarge, + InstanceTypeR7i16xlarge, + InstanceTypeR7i24xlarge, + InstanceTypeR7i48xlarge, + InstanceTypeDl2q24xlarge, + InstanceTypeMac2M2Metal, + InstanceTypeI4i12xlarge, + InstanceTypeI4i24xlarge, + InstanceTypeC7iMetal24xl, + InstanceTypeC7iMetal48xl, + InstanceTypeM7iMetal24xl, + InstanceTypeM7iMetal48xl, + InstanceTypeR7iMetal24xl, + InstanceTypeR7iMetal48xl, } } @@ -185129,6 +195442,9 @@ const ( // IpamPoolAllocationResourceTypeCustom is a IpamPoolAllocationResourceType enum value IpamPoolAllocationResourceTypeCustom = "custom" + + // IpamPoolAllocationResourceTypeSubnet is a IpamPoolAllocationResourceType enum value + IpamPoolAllocationResourceTypeSubnet = "subnet" ) // IpamPoolAllocationResourceType_Values returns all elements of the IpamPoolAllocationResourceType enum @@ -185138,6 +195454,7 @@ func IpamPoolAllocationResourceType_Values() []string { IpamPoolAllocationResourceTypeVpc, IpamPoolAllocationResourceTypeEc2PublicIpv4Pool, IpamPoolAllocationResourceTypeCustom, + IpamPoolAllocationResourceTypeSubnet, } } @@ -185225,6 +195542,18 @@ func IpamPoolPublicIpSource_Values() []string { } } +const ( + // IpamPoolSourceResourceTypeVpc is a IpamPoolSourceResourceType enum value + IpamPoolSourceResourceTypeVpc = "vpc" +) + +// IpamPoolSourceResourceType_Values returns all elements of the IpamPoolSourceResourceType enum +func IpamPoolSourceResourceType_Values() []string { + return []string{ + IpamPoolSourceResourceTypeVpc, + } +} + const ( // IpamPoolStateCreateInProgress is a IpamPoolState enum value IpamPoolStateCreateInProgress = "create-in-progress" @@ -185281,6 +195610,94 @@ func IpamPoolState_Values() []string { } } +const ( + // IpamPublicAddressAssociationStatusAssociated is a IpamPublicAddressAssociationStatus enum value + IpamPublicAddressAssociationStatusAssociated = "associated" + + // IpamPublicAddressAssociationStatusDisassociated is a IpamPublicAddressAssociationStatus enum value + IpamPublicAddressAssociationStatusDisassociated = "disassociated" +) + +// IpamPublicAddressAssociationStatus_Values returns all elements of the IpamPublicAddressAssociationStatus enum +func IpamPublicAddressAssociationStatus_Values() []string { + return []string{ + IpamPublicAddressAssociationStatusAssociated, + IpamPublicAddressAssociationStatusDisassociated, + } +} + +const ( + // IpamPublicAddressAwsServiceNatGateway is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceNatGateway = "nat-gateway" + + // IpamPublicAddressAwsServiceDatabaseMigrationService is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceDatabaseMigrationService = "database-migration-service" + + // IpamPublicAddressAwsServiceRedshift is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceRedshift = "redshift" + + // IpamPublicAddressAwsServiceElasticContainerService is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceElasticContainerService = "elastic-container-service" + + // IpamPublicAddressAwsServiceRelationalDatabaseService is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceRelationalDatabaseService = "relational-database-service" + + // IpamPublicAddressAwsServiceSiteToSiteVpn is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceSiteToSiteVpn = "site-to-site-vpn" + + // IpamPublicAddressAwsServiceLoadBalancer is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceLoadBalancer = "load-balancer" + + // IpamPublicAddressAwsServiceGlobalAccelerator is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceGlobalAccelerator = "global-accelerator" + + // IpamPublicAddressAwsServiceOther is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceOther = "other" +) + +// IpamPublicAddressAwsService_Values returns all elements of the IpamPublicAddressAwsService enum +func IpamPublicAddressAwsService_Values() []string { + return []string{ + IpamPublicAddressAwsServiceNatGateway, + IpamPublicAddressAwsServiceDatabaseMigrationService, + IpamPublicAddressAwsServiceRedshift, + IpamPublicAddressAwsServiceElasticContainerService, + IpamPublicAddressAwsServiceRelationalDatabaseService, + IpamPublicAddressAwsServiceSiteToSiteVpn, + IpamPublicAddressAwsServiceLoadBalancer, + IpamPublicAddressAwsServiceGlobalAccelerator, + IpamPublicAddressAwsServiceOther, + } +} + +const ( + // IpamPublicAddressTypeServiceManagedIp is a IpamPublicAddressType enum value + IpamPublicAddressTypeServiceManagedIp = "service-managed-ip" + + // IpamPublicAddressTypeServiceManagedByoip is a IpamPublicAddressType enum value + IpamPublicAddressTypeServiceManagedByoip = "service-managed-byoip" + + // IpamPublicAddressTypeAmazonOwnedEip is a IpamPublicAddressType enum value + IpamPublicAddressTypeAmazonOwnedEip = "amazon-owned-eip" + + // IpamPublicAddressTypeByoip is a IpamPublicAddressType enum value + IpamPublicAddressTypeByoip = "byoip" + + // IpamPublicAddressTypeEc2PublicIp is a IpamPublicAddressType enum value + IpamPublicAddressTypeEc2PublicIp = "ec2-public-ip" +) + +// IpamPublicAddressType_Values returns all elements of the IpamPublicAddressType enum +func IpamPublicAddressType_Values() []string { + return []string{ + IpamPublicAddressTypeServiceManagedIp, + IpamPublicAddressTypeServiceManagedByoip, + IpamPublicAddressTypeAmazonOwnedEip, + IpamPublicAddressTypeByoip, + IpamPublicAddressTypeEc2PublicIp, + } +} + const ( // IpamResourceDiscoveryAssociationStateAssociateInProgress is a IpamResourceDiscoveryAssociationState enum value IpamResourceDiscoveryAssociationStateAssociateInProgress = "associate-in-progress" @@ -185396,6 +195813,9 @@ const ( // IpamResourceTypeIpv6Pool is a IpamResourceType enum value IpamResourceTypeIpv6Pool = "ipv6-pool" + + // IpamResourceTypeEni is a IpamResourceType enum value + IpamResourceTypeEni = "eni" ) // IpamResourceType_Values returns all elements of the IpamResourceType enum @@ -185406,6 +195826,7 @@ func IpamResourceType_Values() []string { IpamResourceTypeEip, IpamResourceTypePublicIpv4Pool, IpamResourceTypeIpv6Pool, + IpamResourceTypeEni, } } @@ -185537,6 +195958,22 @@ func IpamState_Values() []string { } } +const ( + // IpamTierFree is a IpamTier enum value + IpamTierFree = "free" + + // IpamTierAdvanced is a IpamTier enum value + IpamTierAdvanced = "advanced" +) + +// IpamTier_Values returns all elements of the IpamTier enum +func IpamTier_Values() []string { + return []string{ + IpamTierFree, + IpamTierAdvanced, + } +} + const ( // Ipv6SupportValueEnable is a Ipv6SupportValue enum value Ipv6SupportValueEnable = "enable" @@ -185866,6 +196303,9 @@ const ( // LocationTypeAvailabilityZoneId is a LocationType enum value LocationTypeAvailabilityZoneId = "availability-zone-id" + + // LocationTypeOutpost is a LocationType enum value + LocationTypeOutpost = "outpost" ) // LocationType_Values returns all elements of the LocationType enum @@ -185874,6 +196314,47 @@ func LocationType_Values() []string { LocationTypeRegion, LocationTypeAvailabilityZone, LocationTypeAvailabilityZoneId, + LocationTypeOutpost, + } +} + +const ( + // LockModeCompliance is a LockMode enum value + LockModeCompliance = "compliance" + + // LockModeGovernance is a LockMode enum value + LockModeGovernance = "governance" +) + +// LockMode_Values returns all elements of the LockMode enum +func LockMode_Values() []string { + return []string{ + LockModeCompliance, + LockModeGovernance, + } +} + +const ( + // LockStateCompliance is a LockState enum value + LockStateCompliance = "compliance" + + // LockStateGovernance is a LockState enum value + LockStateGovernance = "governance" + + // LockStateComplianceCooloff is a LockState enum value + LockStateComplianceCooloff = "compliance-cooloff" + + // LockStateExpired is a LockState enum value + LockStateExpired = "expired" +) + +// LockState_Values returns all elements of the LockState enum +func LockState_Values() []string { + return []string{ + LockStateCompliance, + LockStateGovernance, + LockStateComplianceCooloff, + LockStateExpired, } } @@ -185900,12 +196381,16 @@ func LogDestinationType_Values() []string { const ( // MarketTypeSpot is a MarketType enum value MarketTypeSpot = "spot" + + // MarketTypeCapacityBlock is a MarketType enum value + MarketTypeCapacityBlock = "capacity-block" ) // MarketType_Values returns all elements of the MarketType enum func MarketType_Values() []string { return []string{ MarketTypeSpot, + MarketTypeCapacityBlock, } } @@ -186241,6 +196726,38 @@ func NetworkInterfaceType_Values() []string { } } +const ( + // NitroEnclavesSupportUnsupported is a NitroEnclavesSupport enum value + NitroEnclavesSupportUnsupported = "unsupported" + + // NitroEnclavesSupportSupported is a NitroEnclavesSupport enum value + NitroEnclavesSupportSupported = "supported" +) + +// NitroEnclavesSupport_Values returns all elements of the NitroEnclavesSupport enum +func NitroEnclavesSupport_Values() []string { + return []string{ + NitroEnclavesSupportUnsupported, + NitroEnclavesSupportSupported, + } +} + +const ( + // NitroTpmSupportUnsupported is a NitroTpmSupport enum value + NitroTpmSupportUnsupported = "unsupported" + + // NitroTpmSupportSupported is a NitroTpmSupport enum value + NitroTpmSupportSupported = "supported" +) + +// NitroTpmSupport_Values returns all elements of the NitroTpmSupport enum +func NitroTpmSupport_Values() []string { + return []string{ + NitroTpmSupportUnsupported, + NitroTpmSupportSupported, + } +} + const ( // OfferingClassTypeStandard is a OfferingClassType enum value OfferingClassTypeStandard = "standard" @@ -187108,6 +197625,9 @@ const ( // ResourceTypeIpamResourceDiscoveryAssociation is a ResourceType enum value ResourceTypeIpamResourceDiscoveryAssociation = "ipam-resource-discovery-association" + + // ResourceTypeInstanceConnectEndpoint is a ResourceType enum value + ResourceTypeInstanceConnectEndpoint = "instance-connect-endpoint" ) // ResourceType_Values returns all elements of the ResourceType enum @@ -187198,6 +197718,7 @@ func ResourceType_Values() []string { ResourceTypeVpcBlockPublicAccessExclusion, ResourceTypeIpamResourceDiscovery, ResourceTypeIpamResourceDiscoveryAssociation, + ResourceTypeInstanceConnectEndpoint, } } @@ -187297,6 +197818,26 @@ func RuleAction_Values() []string { } } +const ( + // SSETypeSseEbs is a SSEType enum value + SSETypeSseEbs = "sse-ebs" + + // SSETypeSseKms is a SSEType enum value + SSETypeSseKms = "sse-kms" + + // SSETypeNone is a SSEType enum value + SSETypeNone = "none" +) + +// SSEType_Values returns all elements of the SSEType enum +func SSEType_Values() []string { + return []string{ + SSETypeSseEbs, + SSETypeSseKms, + SSETypeNone, + } +} + const ( // ScopeAvailabilityZone is a Scope enum value ScopeAvailabilityZone = "Availability Zone" @@ -187313,6 +197854,22 @@ func Scope_Values() []string { } } +const ( + // SecurityGroupReferencingSupportValueEnable is a SecurityGroupReferencingSupportValue enum value + SecurityGroupReferencingSupportValueEnable = "enable" + + // SecurityGroupReferencingSupportValueDisable is a SecurityGroupReferencingSupportValue enum value + SecurityGroupReferencingSupportValueDisable = "disable" +) + +// SecurityGroupReferencingSupportValue_Values returns all elements of the SecurityGroupReferencingSupportValue enum +func SecurityGroupReferencingSupportValue_Values() []string { + return []string{ + SecurityGroupReferencingSupportValueEnable, + SecurityGroupReferencingSupportValueDisable, + } +} + const ( // SelfServicePortalEnabled is a SelfServicePortal enum value SelfServicePortalEnabled = "enabled" @@ -187425,6 +197982,26 @@ func SnapshotAttributeName_Values() []string { } } +const ( + // SnapshotBlockPublicAccessStateBlockAllSharing is a SnapshotBlockPublicAccessState enum value + SnapshotBlockPublicAccessStateBlockAllSharing = "block-all-sharing" + + // SnapshotBlockPublicAccessStateBlockNewSharing is a SnapshotBlockPublicAccessState enum value + SnapshotBlockPublicAccessStateBlockNewSharing = "block-new-sharing" + + // SnapshotBlockPublicAccessStateUnblocked is a SnapshotBlockPublicAccessState enum value + SnapshotBlockPublicAccessStateUnblocked = "unblocked" +) + +// SnapshotBlockPublicAccessState_Values returns all elements of the SnapshotBlockPublicAccessState enum +func SnapshotBlockPublicAccessState_Values() []string { + return []string{ + SnapshotBlockPublicAccessStateBlockAllSharing, + SnapshotBlockPublicAccessStateBlockNewSharing, + SnapshotBlockPublicAccessStateUnblocked, + } +} + const ( // SnapshotStatePending is a SnapshotState enum value SnapshotStatePending = "pending" @@ -187516,6 +198093,9 @@ const ( // SpotInstanceStateFailed is a SpotInstanceState enum value SpotInstanceStateFailed = "failed" + + // SpotInstanceStateDisabled is a SpotInstanceState enum value + SpotInstanceStateDisabled = "disabled" ) // SpotInstanceState_Values returns all elements of the SpotInstanceState enum @@ -187526,6 +198106,7 @@ func SpotInstanceState_Values() []string { SpotInstanceStateClosed, SpotInstanceStateCancelled, SpotInstanceStateFailed, + SpotInstanceStateDisabled, } } @@ -187793,6 +198374,18 @@ func SummaryStatus_Values() []string { } } +const ( + // SupportedAdditionalProcessorFeatureAmdSevSnp is a SupportedAdditionalProcessorFeature enum value + SupportedAdditionalProcessorFeatureAmdSevSnp = "amd-sev-snp" +) + +// SupportedAdditionalProcessorFeature_Values returns all elements of the SupportedAdditionalProcessorFeature enum +func SupportedAdditionalProcessorFeature_Values() []string { + return []string{ + SupportedAdditionalProcessorFeatureAmdSevSnp, + } +} + const ( // TargetCapacityUnitTypeVcpu is a TargetCapacityUnitType enum value TargetCapacityUnitTypeVcpu = "vcpu" @@ -188563,6 +199156,9 @@ const ( // UsageClassTypeOnDemand is a UsageClassType enum value UsageClassTypeOnDemand = "on-demand" + + // UsageClassTypeCapacityBlock is a UsageClassType enum value + UsageClassTypeCapacityBlock = "capacity-block" ) // UsageClassType_Values returns all elements of the UsageClassType enum @@ -188570,6 +199166,7 @@ func UsageClassType_Values() []string { return []string{ UsageClassTypeSpot, UsageClassTypeOnDemand, + UsageClassTypeCapacityBlock, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go index 5b5395356fa..621712d29f0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go @@ -11,6 +11,9 @@ import ( ) const ( + // ec2CopySnapshotPresignedUrlCustomization handler name + ec2CopySnapshotPresignedUrlCustomization = "ec2CopySnapshotPresignedUrl" + // customRetryerMinRetryDelay sets min retry delay customRetryerMinRetryDelay = 1 * time.Second @@ -21,7 +24,10 @@ const ( func init() { initRequest = func(r *request.Request) { if r.Operation.Name == opCopySnapshot { // fill the PresignedURL parameter - r.Handlers.Build.PushFront(fillPresignedURL) + r.Handlers.Build.PushFrontNamed(request.NamedHandler{ + Name: ec2CopySnapshotPresignedUrlCustomization, + Fn: fillPresignedURL, + }) } // only set the retryer on request if config doesn't have a retryer @@ -48,13 +54,15 @@ func fillPresignedURL(r *request.Request) { origParams := r.Params.(*CopySnapshotInput) - // Stop if PresignedURL/DestinationRegion is set - if origParams.PresignedUrl != nil || origParams.DestinationRegion != nil { + // Stop if PresignedURL is set + if origParams.PresignedUrl != nil { return } + // Always use config region as destination region for SDKs origParams.DestinationRegion = r.Config.Region - newParams := awsutil.CopyOf(r.Params).(*CopySnapshotInput) + + newParams := awsutil.CopyOf(origParams).(*CopySnapshotInput) // Create a new request based on the existing request. We will use this to // presign the CopySnapshot request against the source region. @@ -82,8 +90,12 @@ func fillPresignedURL(r *request.Request) { clientInfo.Endpoint = resolved.URL clientInfo.SigningRegion = resolved.SigningRegion + // Copy handlers without Presigned URL customization to avoid an infinite loop + handlersWithoutPresignCustomization := r.Handlers.Copy() + handlersWithoutPresignCustomization.Build.RemoveByName(ec2CopySnapshotPresignedUrlCustomization) + // Presign a CopySnapshot request with modified params - req := request.New(*cfg, clientInfo, r.Handlers, r.Retryer, r.Operation, newParams, r.Data) + req := request.New(*cfg, clientInfo, handlersWithoutPresignCustomization, r.Retryer, r.Operation, newParams, r.Data) url, err := req.Presign(5 * time.Minute) // 5 minutes should be enough. if err != nil { // bubble error back up to original request r.Error = err diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go index e741e7e41fe..fac6d14abc0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go @@ -144,6 +144,10 @@ type EC2API interface { AssociateInstanceEventWindowWithContext(aws.Context, *ec2.AssociateInstanceEventWindowInput, ...request.Option) (*ec2.AssociateInstanceEventWindowOutput, error) AssociateInstanceEventWindowRequest(*ec2.AssociateInstanceEventWindowInput) (*request.Request, *ec2.AssociateInstanceEventWindowOutput) + AssociateIpamByoasn(*ec2.AssociateIpamByoasnInput) (*ec2.AssociateIpamByoasnOutput, error) + AssociateIpamByoasnWithContext(aws.Context, *ec2.AssociateIpamByoasnInput, ...request.Option) (*ec2.AssociateIpamByoasnOutput, error) + AssociateIpamByoasnRequest(*ec2.AssociateIpamByoasnInput) (*request.Request, *ec2.AssociateIpamByoasnOutput) + AssociateIpamResourceDiscovery(*ec2.AssociateIpamResourceDiscoveryInput) (*ec2.AssociateIpamResourceDiscoveryOutput, error) AssociateIpamResourceDiscoveryWithContext(aws.Context, *ec2.AssociateIpamResourceDiscoveryInput, ...request.Option) (*ec2.AssociateIpamResourceDiscoveryOutput, error) AssociateIpamResourceDiscoveryRequest(*ec2.AssociateIpamResourceDiscoveryInput) (*request.Request, *ec2.AssociateIpamResourceDiscoveryOutput) @@ -340,6 +344,10 @@ type EC2API interface { CreateImageWithContext(aws.Context, *ec2.CreateImageInput, ...request.Option) (*ec2.CreateImageOutput, error) CreateImageRequest(*ec2.CreateImageInput) (*request.Request, *ec2.CreateImageOutput) + CreateInstanceConnectEndpoint(*ec2.CreateInstanceConnectEndpointInput) (*ec2.CreateInstanceConnectEndpointOutput, error) + CreateInstanceConnectEndpointWithContext(aws.Context, *ec2.CreateInstanceConnectEndpointInput, ...request.Option) (*ec2.CreateInstanceConnectEndpointOutput, error) + CreateInstanceConnectEndpointRequest(*ec2.CreateInstanceConnectEndpointInput) (*request.Request, *ec2.CreateInstanceConnectEndpointOutput) + CreateInstanceEventWindow(*ec2.CreateInstanceEventWindowInput) (*ec2.CreateInstanceEventWindowOutput, error) CreateInstanceEventWindowWithContext(aws.Context, *ec2.CreateInstanceEventWindowInput, ...request.Option) (*ec2.CreateInstanceEventWindowOutput, error) CreateInstanceEventWindowRequest(*ec2.CreateInstanceEventWindowInput) (*request.Request, *ec2.CreateInstanceEventWindowOutput) @@ -644,6 +652,10 @@ type EC2API interface { DeleteFpgaImageWithContext(aws.Context, *ec2.DeleteFpgaImageInput, ...request.Option) (*ec2.DeleteFpgaImageOutput, error) DeleteFpgaImageRequest(*ec2.DeleteFpgaImageInput) (*request.Request, *ec2.DeleteFpgaImageOutput) + DeleteInstanceConnectEndpoint(*ec2.DeleteInstanceConnectEndpointInput) (*ec2.DeleteInstanceConnectEndpointOutput, error) + DeleteInstanceConnectEndpointWithContext(aws.Context, *ec2.DeleteInstanceConnectEndpointInput, ...request.Option) (*ec2.DeleteInstanceConnectEndpointOutput, error) + DeleteInstanceConnectEndpointRequest(*ec2.DeleteInstanceConnectEndpointInput) (*request.Request, *ec2.DeleteInstanceConnectEndpointOutput) + DeleteInstanceEventWindow(*ec2.DeleteInstanceEventWindowInput) (*ec2.DeleteInstanceEventWindowOutput, error) DeleteInstanceEventWindowWithContext(aws.Context, *ec2.DeleteInstanceEventWindowInput, ...request.Option) (*ec2.DeleteInstanceEventWindowOutput, error) DeleteInstanceEventWindowRequest(*ec2.DeleteInstanceEventWindowInput) (*request.Request, *ec2.DeleteInstanceEventWindowOutput) @@ -896,6 +908,10 @@ type EC2API interface { DeprovisionByoipCidrWithContext(aws.Context, *ec2.DeprovisionByoipCidrInput, ...request.Option) (*ec2.DeprovisionByoipCidrOutput, error) DeprovisionByoipCidrRequest(*ec2.DeprovisionByoipCidrInput) (*request.Request, *ec2.DeprovisionByoipCidrOutput) + DeprovisionIpamByoasn(*ec2.DeprovisionIpamByoasnInput) (*ec2.DeprovisionIpamByoasnOutput, error) + DeprovisionIpamByoasnWithContext(aws.Context, *ec2.DeprovisionIpamByoasnInput, ...request.Option) (*ec2.DeprovisionIpamByoasnOutput, error) + DeprovisionIpamByoasnRequest(*ec2.DeprovisionIpamByoasnInput) (*request.Request, *ec2.DeprovisionIpamByoasnOutput) + DeprovisionIpamPoolCidr(*ec2.DeprovisionIpamPoolCidrInput) (*ec2.DeprovisionIpamPoolCidrOutput, error) DeprovisionIpamPoolCidrWithContext(aws.Context, *ec2.DeprovisionIpamPoolCidrInput, ...request.Option) (*ec2.DeprovisionIpamPoolCidrOutput, error) DeprovisionIpamPoolCidrRequest(*ec2.DeprovisionIpamPoolCidrInput) (*request.Request, *ec2.DeprovisionIpamPoolCidrOutput) @@ -968,6 +984,13 @@ type EC2API interface { DescribeByoipCidrsPages(*ec2.DescribeByoipCidrsInput, func(*ec2.DescribeByoipCidrsOutput, bool) bool) error DescribeByoipCidrsPagesWithContext(aws.Context, *ec2.DescribeByoipCidrsInput, func(*ec2.DescribeByoipCidrsOutput, bool) bool, ...request.Option) error + DescribeCapacityBlockOfferings(*ec2.DescribeCapacityBlockOfferingsInput) (*ec2.DescribeCapacityBlockOfferingsOutput, error) + DescribeCapacityBlockOfferingsWithContext(aws.Context, *ec2.DescribeCapacityBlockOfferingsInput, ...request.Option) (*ec2.DescribeCapacityBlockOfferingsOutput, error) + DescribeCapacityBlockOfferingsRequest(*ec2.DescribeCapacityBlockOfferingsInput) (*request.Request, *ec2.DescribeCapacityBlockOfferingsOutput) + + DescribeCapacityBlockOfferingsPages(*ec2.DescribeCapacityBlockOfferingsInput, func(*ec2.DescribeCapacityBlockOfferingsOutput, bool) bool) error + DescribeCapacityBlockOfferingsPagesWithContext(aws.Context, *ec2.DescribeCapacityBlockOfferingsInput, func(*ec2.DescribeCapacityBlockOfferingsOutput, bool) bool, ...request.Option) error + DescribeCapacityReservationFleets(*ec2.DescribeCapacityReservationFleetsInput) (*ec2.DescribeCapacityReservationFleetsOutput, error) DescribeCapacityReservationFleetsWithContext(aws.Context, *ec2.DescribeCapacityReservationFleetsInput, ...request.Option) (*ec2.DescribeCapacityReservationFleetsOutput, error) DescribeCapacityReservationFleetsRequest(*ec2.DescribeCapacityReservationFleetsInput) (*request.Request, *ec2.DescribeCapacityReservationFleetsOutput) @@ -1187,6 +1210,13 @@ type EC2API interface { DescribeInstanceAttributeWithContext(aws.Context, *ec2.DescribeInstanceAttributeInput, ...request.Option) (*ec2.DescribeInstanceAttributeOutput, error) DescribeInstanceAttributeRequest(*ec2.DescribeInstanceAttributeInput) (*request.Request, *ec2.DescribeInstanceAttributeOutput) + DescribeInstanceConnectEndpoints(*ec2.DescribeInstanceConnectEndpointsInput) (*ec2.DescribeInstanceConnectEndpointsOutput, error) + DescribeInstanceConnectEndpointsWithContext(aws.Context, *ec2.DescribeInstanceConnectEndpointsInput, ...request.Option) (*ec2.DescribeInstanceConnectEndpointsOutput, error) + DescribeInstanceConnectEndpointsRequest(*ec2.DescribeInstanceConnectEndpointsInput) (*request.Request, *ec2.DescribeInstanceConnectEndpointsOutput) + + DescribeInstanceConnectEndpointsPages(*ec2.DescribeInstanceConnectEndpointsInput, func(*ec2.DescribeInstanceConnectEndpointsOutput, bool) bool) error + DescribeInstanceConnectEndpointsPagesWithContext(aws.Context, *ec2.DescribeInstanceConnectEndpointsInput, func(*ec2.DescribeInstanceConnectEndpointsOutput, bool) bool, ...request.Option) error + DescribeInstanceCreditSpecifications(*ec2.DescribeInstanceCreditSpecificationsInput) (*ec2.DescribeInstanceCreditSpecificationsOutput, error) DescribeInstanceCreditSpecificationsWithContext(aws.Context, *ec2.DescribeInstanceCreditSpecificationsInput, ...request.Option) (*ec2.DescribeInstanceCreditSpecificationsOutput, error) DescribeInstanceCreditSpecificationsRequest(*ec2.DescribeInstanceCreditSpecificationsInput) (*request.Request, *ec2.DescribeInstanceCreditSpecificationsOutput) @@ -1212,6 +1242,13 @@ type EC2API interface { DescribeInstanceStatusPages(*ec2.DescribeInstanceStatusInput, func(*ec2.DescribeInstanceStatusOutput, bool) bool) error DescribeInstanceStatusPagesWithContext(aws.Context, *ec2.DescribeInstanceStatusInput, func(*ec2.DescribeInstanceStatusOutput, bool) bool, ...request.Option) error + DescribeInstanceTopology(*ec2.DescribeInstanceTopologyInput) (*ec2.DescribeInstanceTopologyOutput, error) + DescribeInstanceTopologyWithContext(aws.Context, *ec2.DescribeInstanceTopologyInput, ...request.Option) (*ec2.DescribeInstanceTopologyOutput, error) + DescribeInstanceTopologyRequest(*ec2.DescribeInstanceTopologyInput) (*request.Request, *ec2.DescribeInstanceTopologyOutput) + + DescribeInstanceTopologyPages(*ec2.DescribeInstanceTopologyInput, func(*ec2.DescribeInstanceTopologyOutput, bool) bool) error + DescribeInstanceTopologyPagesWithContext(aws.Context, *ec2.DescribeInstanceTopologyInput, func(*ec2.DescribeInstanceTopologyOutput, bool) bool, ...request.Option) error + DescribeInstanceTypeOfferings(*ec2.DescribeInstanceTypeOfferingsInput) (*ec2.DescribeInstanceTypeOfferingsOutput, error) DescribeInstanceTypeOfferingsWithContext(aws.Context, *ec2.DescribeInstanceTypeOfferingsInput, ...request.Option) (*ec2.DescribeInstanceTypeOfferingsOutput, error) DescribeInstanceTypeOfferingsRequest(*ec2.DescribeInstanceTypeOfferingsInput) (*request.Request, *ec2.DescribeInstanceTypeOfferingsOutput) @@ -1240,6 +1277,10 @@ type EC2API interface { DescribeInternetGatewaysPages(*ec2.DescribeInternetGatewaysInput, func(*ec2.DescribeInternetGatewaysOutput, bool) bool) error DescribeInternetGatewaysPagesWithContext(aws.Context, *ec2.DescribeInternetGatewaysInput, func(*ec2.DescribeInternetGatewaysOutput, bool) bool, ...request.Option) error + DescribeIpamByoasn(*ec2.DescribeIpamByoasnInput) (*ec2.DescribeIpamByoasnOutput, error) + DescribeIpamByoasnWithContext(aws.Context, *ec2.DescribeIpamByoasnInput, ...request.Option) (*ec2.DescribeIpamByoasnOutput, error) + DescribeIpamByoasnRequest(*ec2.DescribeIpamByoasnInput) (*request.Request, *ec2.DescribeIpamByoasnOutput) + DescribeIpamPools(*ec2.DescribeIpamPoolsInput) (*ec2.DescribeIpamPoolsOutput, error) DescribeIpamPoolsWithContext(aws.Context, *ec2.DescribeIpamPoolsInput, ...request.Option) (*ec2.DescribeIpamPoolsOutput, error) DescribeIpamPoolsRequest(*ec2.DescribeIpamPoolsInput) (*request.Request, *ec2.DescribeIpamPoolsOutput) @@ -1342,6 +1383,10 @@ type EC2API interface { DescribeLocalGatewaysPages(*ec2.DescribeLocalGatewaysInput, func(*ec2.DescribeLocalGatewaysOutput, bool) bool) error DescribeLocalGatewaysPagesWithContext(aws.Context, *ec2.DescribeLocalGatewaysInput, func(*ec2.DescribeLocalGatewaysOutput, bool) bool, ...request.Option) error + DescribeLockedSnapshots(*ec2.DescribeLockedSnapshotsInput) (*ec2.DescribeLockedSnapshotsOutput, error) + DescribeLockedSnapshotsWithContext(aws.Context, *ec2.DescribeLockedSnapshotsInput, ...request.Option) (*ec2.DescribeLockedSnapshotsOutput, error) + DescribeLockedSnapshotsRequest(*ec2.DescribeLockedSnapshotsInput) (*request.Request, *ec2.DescribeLockedSnapshotsOutput) + DescribeManagedPrefixLists(*ec2.DescribeManagedPrefixListsInput) (*ec2.DescribeManagedPrefixListsOutput, error) DescribeManagedPrefixListsWithContext(aws.Context, *ec2.DescribeManagedPrefixListsInput, ...request.Option) (*ec2.DescribeManagedPrefixListsOutput, error) DescribeManagedPrefixListsRequest(*ec2.DescribeManagedPrefixListsInput) (*request.Request, *ec2.DescribeManagedPrefixListsOutput) @@ -1870,6 +1915,14 @@ type EC2API interface { DisableFastSnapshotRestoresWithContext(aws.Context, *ec2.DisableFastSnapshotRestoresInput, ...request.Option) (*ec2.DisableFastSnapshotRestoresOutput, error) DisableFastSnapshotRestoresRequest(*ec2.DisableFastSnapshotRestoresInput) (*request.Request, *ec2.DisableFastSnapshotRestoresOutput) + DisableImage(*ec2.DisableImageInput) (*ec2.DisableImageOutput, error) + DisableImageWithContext(aws.Context, *ec2.DisableImageInput, ...request.Option) (*ec2.DisableImageOutput, error) + DisableImageRequest(*ec2.DisableImageInput) (*request.Request, *ec2.DisableImageOutput) + + DisableImageBlockPublicAccess(*ec2.DisableImageBlockPublicAccessInput) (*ec2.DisableImageBlockPublicAccessOutput, error) + DisableImageBlockPublicAccessWithContext(aws.Context, *ec2.DisableImageBlockPublicAccessInput, ...request.Option) (*ec2.DisableImageBlockPublicAccessOutput, error) + DisableImageBlockPublicAccessRequest(*ec2.DisableImageBlockPublicAccessInput) (*request.Request, *ec2.DisableImageBlockPublicAccessOutput) + DisableImageDeprecation(*ec2.DisableImageDeprecationInput) (*ec2.DisableImageDeprecationOutput, error) DisableImageDeprecationWithContext(aws.Context, *ec2.DisableImageDeprecationInput, ...request.Option) (*ec2.DisableImageDeprecationOutput, error) DisableImageDeprecationRequest(*ec2.DisableImageDeprecationInput) (*request.Request, *ec2.DisableImageDeprecationOutput) @@ -1882,6 +1935,10 @@ type EC2API interface { DisableSerialConsoleAccessWithContext(aws.Context, *ec2.DisableSerialConsoleAccessInput, ...request.Option) (*ec2.DisableSerialConsoleAccessOutput, error) DisableSerialConsoleAccessRequest(*ec2.DisableSerialConsoleAccessInput) (*request.Request, *ec2.DisableSerialConsoleAccessOutput) + DisableSnapshotBlockPublicAccess(*ec2.DisableSnapshotBlockPublicAccessInput) (*ec2.DisableSnapshotBlockPublicAccessOutput, error) + DisableSnapshotBlockPublicAccessWithContext(aws.Context, *ec2.DisableSnapshotBlockPublicAccessInput, ...request.Option) (*ec2.DisableSnapshotBlockPublicAccessOutput, error) + DisableSnapshotBlockPublicAccessRequest(*ec2.DisableSnapshotBlockPublicAccessInput) (*request.Request, *ec2.DisableSnapshotBlockPublicAccessOutput) + DisableTransitGatewayRouteTablePropagation(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error) DisableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.DisableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error) DisableTransitGatewayRouteTablePropagationRequest(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.DisableTransitGatewayRouteTablePropagationOutput) @@ -1918,6 +1975,10 @@ type EC2API interface { DisassociateInstanceEventWindowWithContext(aws.Context, *ec2.DisassociateInstanceEventWindowInput, ...request.Option) (*ec2.DisassociateInstanceEventWindowOutput, error) DisassociateInstanceEventWindowRequest(*ec2.DisassociateInstanceEventWindowInput) (*request.Request, *ec2.DisassociateInstanceEventWindowOutput) + DisassociateIpamByoasn(*ec2.DisassociateIpamByoasnInput) (*ec2.DisassociateIpamByoasnOutput, error) + DisassociateIpamByoasnWithContext(aws.Context, *ec2.DisassociateIpamByoasnInput, ...request.Option) (*ec2.DisassociateIpamByoasnOutput, error) + DisassociateIpamByoasnRequest(*ec2.DisassociateIpamByoasnInput) (*request.Request, *ec2.DisassociateIpamByoasnOutput) + DisassociateIpamResourceDiscovery(*ec2.DisassociateIpamResourceDiscoveryInput) (*ec2.DisassociateIpamResourceDiscoveryOutput, error) DisassociateIpamResourceDiscoveryWithContext(aws.Context, *ec2.DisassociateIpamResourceDiscoveryInput, ...request.Option) (*ec2.DisassociateIpamResourceDiscoveryOutput, error) DisassociateIpamResourceDiscoveryRequest(*ec2.DisassociateIpamResourceDiscoveryInput) (*request.Request, *ec2.DisassociateIpamResourceDiscoveryOutput) @@ -1974,6 +2035,14 @@ type EC2API interface { EnableFastSnapshotRestoresWithContext(aws.Context, *ec2.EnableFastSnapshotRestoresInput, ...request.Option) (*ec2.EnableFastSnapshotRestoresOutput, error) EnableFastSnapshotRestoresRequest(*ec2.EnableFastSnapshotRestoresInput) (*request.Request, *ec2.EnableFastSnapshotRestoresOutput) + EnableImage(*ec2.EnableImageInput) (*ec2.EnableImageOutput, error) + EnableImageWithContext(aws.Context, *ec2.EnableImageInput, ...request.Option) (*ec2.EnableImageOutput, error) + EnableImageRequest(*ec2.EnableImageInput) (*request.Request, *ec2.EnableImageOutput) + + EnableImageBlockPublicAccess(*ec2.EnableImageBlockPublicAccessInput) (*ec2.EnableImageBlockPublicAccessOutput, error) + EnableImageBlockPublicAccessWithContext(aws.Context, *ec2.EnableImageBlockPublicAccessInput, ...request.Option) (*ec2.EnableImageBlockPublicAccessOutput, error) + EnableImageBlockPublicAccessRequest(*ec2.EnableImageBlockPublicAccessInput) (*request.Request, *ec2.EnableImageBlockPublicAccessOutput) + EnableImageDeprecation(*ec2.EnableImageDeprecationInput) (*ec2.EnableImageDeprecationOutput, error) EnableImageDeprecationWithContext(aws.Context, *ec2.EnableImageDeprecationInput, ...request.Option) (*ec2.EnableImageDeprecationOutput, error) EnableImageDeprecationRequest(*ec2.EnableImageDeprecationInput) (*request.Request, *ec2.EnableImageDeprecationOutput) @@ -1990,6 +2059,10 @@ type EC2API interface { EnableSerialConsoleAccessWithContext(aws.Context, *ec2.EnableSerialConsoleAccessInput, ...request.Option) (*ec2.EnableSerialConsoleAccessOutput, error) EnableSerialConsoleAccessRequest(*ec2.EnableSerialConsoleAccessInput) (*request.Request, *ec2.EnableSerialConsoleAccessOutput) + EnableSnapshotBlockPublicAccess(*ec2.EnableSnapshotBlockPublicAccessInput) (*ec2.EnableSnapshotBlockPublicAccessOutput, error) + EnableSnapshotBlockPublicAccessWithContext(aws.Context, *ec2.EnableSnapshotBlockPublicAccessInput, ...request.Option) (*ec2.EnableSnapshotBlockPublicAccessOutput, error) + EnableSnapshotBlockPublicAccessRequest(*ec2.EnableSnapshotBlockPublicAccessInput) (*request.Request, *ec2.EnableSnapshotBlockPublicAccessOutput) + EnableTransitGatewayRouteTablePropagation(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error) EnableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.EnableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error) EnableTransitGatewayRouteTablePropagationRequest(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.EnableTransitGatewayRouteTablePropagationOutput) @@ -2087,6 +2160,10 @@ type EC2API interface { GetHostReservationPurchasePreviewWithContext(aws.Context, *ec2.GetHostReservationPurchasePreviewInput, ...request.Option) (*ec2.GetHostReservationPurchasePreviewOutput, error) GetHostReservationPurchasePreviewRequest(*ec2.GetHostReservationPurchasePreviewInput) (*request.Request, *ec2.GetHostReservationPurchasePreviewOutput) + GetImageBlockPublicAccessState(*ec2.GetImageBlockPublicAccessStateInput) (*ec2.GetImageBlockPublicAccessStateOutput, error) + GetImageBlockPublicAccessStateWithContext(aws.Context, *ec2.GetImageBlockPublicAccessStateInput, ...request.Option) (*ec2.GetImageBlockPublicAccessStateOutput, error) + GetImageBlockPublicAccessStateRequest(*ec2.GetImageBlockPublicAccessStateInput) (*request.Request, *ec2.GetImageBlockPublicAccessStateOutput) + GetInstanceTypesFromInstanceRequirements(*ec2.GetInstanceTypesFromInstanceRequirementsInput) (*ec2.GetInstanceTypesFromInstanceRequirementsOutput, error) GetInstanceTypesFromInstanceRequirementsWithContext(aws.Context, *ec2.GetInstanceTypesFromInstanceRequirementsInput, ...request.Option) (*ec2.GetInstanceTypesFromInstanceRequirementsOutput, error) GetInstanceTypesFromInstanceRequirementsRequest(*ec2.GetInstanceTypesFromInstanceRequirementsInput) (*request.Request, *ec2.GetInstanceTypesFromInstanceRequirementsOutput) @@ -2112,6 +2189,10 @@ type EC2API interface { GetIpamDiscoveredAccountsPages(*ec2.GetIpamDiscoveredAccountsInput, func(*ec2.GetIpamDiscoveredAccountsOutput, bool) bool) error GetIpamDiscoveredAccountsPagesWithContext(aws.Context, *ec2.GetIpamDiscoveredAccountsInput, func(*ec2.GetIpamDiscoveredAccountsOutput, bool) bool, ...request.Option) error + GetIpamDiscoveredPublicAddresses(*ec2.GetIpamDiscoveredPublicAddressesInput) (*ec2.GetIpamDiscoveredPublicAddressesOutput, error) + GetIpamDiscoveredPublicAddressesWithContext(aws.Context, *ec2.GetIpamDiscoveredPublicAddressesInput, ...request.Option) (*ec2.GetIpamDiscoveredPublicAddressesOutput, error) + GetIpamDiscoveredPublicAddressesRequest(*ec2.GetIpamDiscoveredPublicAddressesInput) (*request.Request, *ec2.GetIpamDiscoveredPublicAddressesOutput) + GetIpamDiscoveredResourceCidrs(*ec2.GetIpamDiscoveredResourceCidrsInput) (*ec2.GetIpamDiscoveredResourceCidrsOutput, error) GetIpamDiscoveredResourceCidrsWithContext(aws.Context, *ec2.GetIpamDiscoveredResourceCidrsInput, ...request.Option) (*ec2.GetIpamDiscoveredResourceCidrsOutput, error) GetIpamDiscoveredResourceCidrsRequest(*ec2.GetIpamDiscoveredResourceCidrsInput) (*request.Request, *ec2.GetIpamDiscoveredResourceCidrsOutput) @@ -2162,6 +2243,9 @@ type EC2API interface { GetNetworkInsightsAccessScopeAnalysisFindingsWithContext(aws.Context, *ec2.GetNetworkInsightsAccessScopeAnalysisFindingsInput, ...request.Option) (*ec2.GetNetworkInsightsAccessScopeAnalysisFindingsOutput, error) GetNetworkInsightsAccessScopeAnalysisFindingsRequest(*ec2.GetNetworkInsightsAccessScopeAnalysisFindingsInput) (*request.Request, *ec2.GetNetworkInsightsAccessScopeAnalysisFindingsOutput) + GetNetworkInsightsAccessScopeAnalysisFindingsPages(*ec2.GetNetworkInsightsAccessScopeAnalysisFindingsInput, func(*ec2.GetNetworkInsightsAccessScopeAnalysisFindingsOutput, bool) bool) error + GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext(aws.Context, *ec2.GetNetworkInsightsAccessScopeAnalysisFindingsInput, func(*ec2.GetNetworkInsightsAccessScopeAnalysisFindingsOutput, bool) bool, ...request.Option) error + GetNetworkInsightsAccessScopeContent(*ec2.GetNetworkInsightsAccessScopeContentInput) (*ec2.GetNetworkInsightsAccessScopeContentOutput, error) GetNetworkInsightsAccessScopeContentWithContext(aws.Context, *ec2.GetNetworkInsightsAccessScopeContentInput, ...request.Option) (*ec2.GetNetworkInsightsAccessScopeContentOutput, error) GetNetworkInsightsAccessScopeContentRequest(*ec2.GetNetworkInsightsAccessScopeContentInput) (*request.Request, *ec2.GetNetworkInsightsAccessScopeContentOutput) @@ -2174,10 +2258,21 @@ type EC2API interface { GetReservedInstancesExchangeQuoteWithContext(aws.Context, *ec2.GetReservedInstancesExchangeQuoteInput, ...request.Option) (*ec2.GetReservedInstancesExchangeQuoteOutput, error) GetReservedInstancesExchangeQuoteRequest(*ec2.GetReservedInstancesExchangeQuoteInput) (*request.Request, *ec2.GetReservedInstancesExchangeQuoteOutput) + GetSecurityGroupsForVpc(*ec2.GetSecurityGroupsForVpcInput) (*ec2.GetSecurityGroupsForVpcOutput, error) + GetSecurityGroupsForVpcWithContext(aws.Context, *ec2.GetSecurityGroupsForVpcInput, ...request.Option) (*ec2.GetSecurityGroupsForVpcOutput, error) + GetSecurityGroupsForVpcRequest(*ec2.GetSecurityGroupsForVpcInput) (*request.Request, *ec2.GetSecurityGroupsForVpcOutput) + + GetSecurityGroupsForVpcPages(*ec2.GetSecurityGroupsForVpcInput, func(*ec2.GetSecurityGroupsForVpcOutput, bool) bool) error + GetSecurityGroupsForVpcPagesWithContext(aws.Context, *ec2.GetSecurityGroupsForVpcInput, func(*ec2.GetSecurityGroupsForVpcOutput, bool) bool, ...request.Option) error + GetSerialConsoleAccessStatus(*ec2.GetSerialConsoleAccessStatusInput) (*ec2.GetSerialConsoleAccessStatusOutput, error) GetSerialConsoleAccessStatusWithContext(aws.Context, *ec2.GetSerialConsoleAccessStatusInput, ...request.Option) (*ec2.GetSerialConsoleAccessStatusOutput, error) GetSerialConsoleAccessStatusRequest(*ec2.GetSerialConsoleAccessStatusInput) (*request.Request, *ec2.GetSerialConsoleAccessStatusOutput) + GetSnapshotBlockPublicAccessState(*ec2.GetSnapshotBlockPublicAccessStateInput) (*ec2.GetSnapshotBlockPublicAccessStateOutput, error) + GetSnapshotBlockPublicAccessStateWithContext(aws.Context, *ec2.GetSnapshotBlockPublicAccessStateInput, ...request.Option) (*ec2.GetSnapshotBlockPublicAccessStateOutput, error) + GetSnapshotBlockPublicAccessStateRequest(*ec2.GetSnapshotBlockPublicAccessStateInput) (*request.Request, *ec2.GetSnapshotBlockPublicAccessStateOutput) + GetSpotPlacementScores(*ec2.GetSpotPlacementScoresInput) (*ec2.GetSpotPlacementScoresOutput, error) GetSpotPlacementScoresWithContext(aws.Context, *ec2.GetSpotPlacementScoresInput, ...request.Option) (*ec2.GetSpotPlacementScoresOutput, error) GetSpotPlacementScoresRequest(*ec2.GetSpotPlacementScoresInput) (*request.Request, *ec2.GetSpotPlacementScoresOutput) @@ -2254,6 +2349,10 @@ type EC2API interface { GetVpnConnectionDeviceTypesPages(*ec2.GetVpnConnectionDeviceTypesInput, func(*ec2.GetVpnConnectionDeviceTypesOutput, bool) bool) error GetVpnConnectionDeviceTypesPagesWithContext(aws.Context, *ec2.GetVpnConnectionDeviceTypesInput, func(*ec2.GetVpnConnectionDeviceTypesOutput, bool) bool, ...request.Option) error + GetVpnTunnelReplacementStatus(*ec2.GetVpnTunnelReplacementStatusInput) (*ec2.GetVpnTunnelReplacementStatusOutput, error) + GetVpnTunnelReplacementStatusWithContext(aws.Context, *ec2.GetVpnTunnelReplacementStatusInput, ...request.Option) (*ec2.GetVpnTunnelReplacementStatusOutput, error) + GetVpnTunnelReplacementStatusRequest(*ec2.GetVpnTunnelReplacementStatusInput) (*request.Request, *ec2.GetVpnTunnelReplacementStatusOutput) + ImportClientVpnClientCertificateRevocationList(*ec2.ImportClientVpnClientCertificateRevocationListInput) (*ec2.ImportClientVpnClientCertificateRevocationListOutput, error) ImportClientVpnClientCertificateRevocationListWithContext(aws.Context, *ec2.ImportClientVpnClientCertificateRevocationListInput, ...request.Option) (*ec2.ImportClientVpnClientCertificateRevocationListOutput, error) ImportClientVpnClientCertificateRevocationListRequest(*ec2.ImportClientVpnClientCertificateRevocationListInput) (*request.Request, *ec2.ImportClientVpnClientCertificateRevocationListOutput) @@ -2292,6 +2391,10 @@ type EC2API interface { ListSnapshotsInRecycleBinPages(*ec2.ListSnapshotsInRecycleBinInput, func(*ec2.ListSnapshotsInRecycleBinOutput, bool) bool) error ListSnapshotsInRecycleBinPagesWithContext(aws.Context, *ec2.ListSnapshotsInRecycleBinInput, func(*ec2.ListSnapshotsInRecycleBinOutput, bool) bool, ...request.Option) error + LockSnapshot(*ec2.LockSnapshotInput) (*ec2.LockSnapshotOutput, error) + LockSnapshotWithContext(aws.Context, *ec2.LockSnapshotInput, ...request.Option) (*ec2.LockSnapshotOutput, error) + LockSnapshotRequest(*ec2.LockSnapshotInput) (*request.Request, *ec2.LockSnapshotOutput) + ModifyAddressAttribute(*ec2.ModifyAddressAttributeInput) (*ec2.ModifyAddressAttributeOutput, error) ModifyAddressAttributeWithContext(aws.Context, *ec2.ModifyAddressAttributeInput, ...request.Option) (*ec2.ModifyAddressAttributeOutput, error) ModifyAddressAttributeRequest(*ec2.ModifyAddressAttributeInput) (*request.Request, *ec2.ModifyAddressAttributeOutput) @@ -2564,6 +2667,10 @@ type EC2API interface { ProvisionByoipCidrWithContext(aws.Context, *ec2.ProvisionByoipCidrInput, ...request.Option) (*ec2.ProvisionByoipCidrOutput, error) ProvisionByoipCidrRequest(*ec2.ProvisionByoipCidrInput) (*request.Request, *ec2.ProvisionByoipCidrOutput) + ProvisionIpamByoasn(*ec2.ProvisionIpamByoasnInput) (*ec2.ProvisionIpamByoasnOutput, error) + ProvisionIpamByoasnWithContext(aws.Context, *ec2.ProvisionIpamByoasnInput, ...request.Option) (*ec2.ProvisionIpamByoasnOutput, error) + ProvisionIpamByoasnRequest(*ec2.ProvisionIpamByoasnInput) (*request.Request, *ec2.ProvisionIpamByoasnOutput) + ProvisionIpamPoolCidr(*ec2.ProvisionIpamPoolCidrInput) (*ec2.ProvisionIpamPoolCidrOutput, error) ProvisionIpamPoolCidrWithContext(aws.Context, *ec2.ProvisionIpamPoolCidrInput, ...request.Option) (*ec2.ProvisionIpamPoolCidrOutput, error) ProvisionIpamPoolCidrRequest(*ec2.ProvisionIpamPoolCidrInput) (*request.Request, *ec2.ProvisionIpamPoolCidrOutput) @@ -2572,6 +2679,10 @@ type EC2API interface { ProvisionPublicIpv4PoolCidrWithContext(aws.Context, *ec2.ProvisionPublicIpv4PoolCidrInput, ...request.Option) (*ec2.ProvisionPublicIpv4PoolCidrOutput, error) ProvisionPublicIpv4PoolCidrRequest(*ec2.ProvisionPublicIpv4PoolCidrInput) (*request.Request, *ec2.ProvisionPublicIpv4PoolCidrOutput) + PurchaseCapacityBlock(*ec2.PurchaseCapacityBlockInput) (*ec2.PurchaseCapacityBlockOutput, error) + PurchaseCapacityBlockWithContext(aws.Context, *ec2.PurchaseCapacityBlockInput, ...request.Option) (*ec2.PurchaseCapacityBlockOutput, error) + PurchaseCapacityBlockRequest(*ec2.PurchaseCapacityBlockInput) (*request.Request, *ec2.PurchaseCapacityBlockOutput) + PurchaseHostReservation(*ec2.PurchaseHostReservationInput) (*ec2.PurchaseHostReservationOutput, error) PurchaseHostReservationWithContext(aws.Context, *ec2.PurchaseHostReservationInput, ...request.Option) (*ec2.PurchaseHostReservationOutput, error) PurchaseHostReservationRequest(*ec2.PurchaseHostReservationInput) (*request.Request, *ec2.PurchaseHostReservationOutput) @@ -2660,6 +2771,10 @@ type EC2API interface { ReplaceTransitGatewayRouteWithContext(aws.Context, *ec2.ReplaceTransitGatewayRouteInput, ...request.Option) (*ec2.ReplaceTransitGatewayRouteOutput, error) ReplaceTransitGatewayRouteRequest(*ec2.ReplaceTransitGatewayRouteInput) (*request.Request, *ec2.ReplaceTransitGatewayRouteOutput) + ReplaceVpnTunnel(*ec2.ReplaceVpnTunnelInput) (*ec2.ReplaceVpnTunnelOutput, error) + ReplaceVpnTunnelWithContext(aws.Context, *ec2.ReplaceVpnTunnelInput, ...request.Option) (*ec2.ReplaceVpnTunnelOutput, error) + ReplaceVpnTunnelRequest(*ec2.ReplaceVpnTunnelInput) (*request.Request, *ec2.ReplaceVpnTunnelOutput) + ReportInstanceStatus(*ec2.ReportInstanceStatusInput) (*ec2.ReportInstanceStatusOutput, error) ReportInstanceStatusWithContext(aws.Context, *ec2.ReportInstanceStatusInput, ...request.Option) (*ec2.ReportInstanceStatusOutput, error) ReportInstanceStatusRequest(*ec2.ReportInstanceStatusInput) (*request.Request, *ec2.ReportInstanceStatusOutput) @@ -2802,6 +2917,10 @@ type EC2API interface { UnassignPrivateNatGatewayAddressWithContext(aws.Context, *ec2.UnassignPrivateNatGatewayAddressInput, ...request.Option) (*ec2.UnassignPrivateNatGatewayAddressOutput, error) UnassignPrivateNatGatewayAddressRequest(*ec2.UnassignPrivateNatGatewayAddressInput) (*request.Request, *ec2.UnassignPrivateNatGatewayAddressOutput) + UnlockSnapshot(*ec2.UnlockSnapshotInput) (*ec2.UnlockSnapshotOutput, error) + UnlockSnapshotWithContext(aws.Context, *ec2.UnlockSnapshotInput, ...request.Option) (*ec2.UnlockSnapshotOutput, error) + UnlockSnapshotRequest(*ec2.UnlockSnapshotInput) (*request.Request, *ec2.UnlockSnapshotOutput) + UnmonitorInstances(*ec2.UnmonitorInstancesInput) (*ec2.UnmonitorInstancesOutput, error) UnmonitorInstancesWithContext(aws.Context, *ec2.UnmonitorInstancesInput, ...request.Option) (*ec2.UnmonitorInstancesOutput, error) UnmonitorInstancesRequest(*ec2.UnmonitorInstancesInput) (*request.Request, *ec2.UnmonitorInstancesOutput) @@ -2890,6 +3009,9 @@ type EC2API interface { WaitUntilSpotInstanceRequestFulfilled(*ec2.DescribeSpotInstanceRequestsInput) error WaitUntilSpotInstanceRequestFulfilledWithContext(aws.Context, *ec2.DescribeSpotInstanceRequestsInput, ...request.WaiterOption) error + WaitUntilStoreImageTaskComplete(*ec2.DescribeStoreImageTasksInput) error + WaitUntilStoreImageTaskCompleteWithContext(aws.Context, *ec2.DescribeStoreImageTasksInput, ...request.WaiterOption) error + WaitUntilSubnetAvailable(*ec2.DescribeSubnetsInput) error WaitUntilSubnetAvailableWithContext(aws.Context, *ec2.DescribeSubnetsInput, ...request.WaiterOption) error diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go index a970f12fbf1..6dc68faf7a8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go @@ -1283,6 +1283,62 @@ func (c *EC2) WaitUntilSpotInstanceRequestFulfilledWithContext(ctx aws.Context, return w.WaitWithContext(ctx) } +// WaitUntilStoreImageTaskComplete uses the Amazon EC2 API operation +// DescribeStoreImageTasks to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *EC2) WaitUntilStoreImageTaskComplete(input *DescribeStoreImageTasksInput) error { + return c.WaitUntilStoreImageTaskCompleteWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilStoreImageTaskCompleteWithContext is an extended version of WaitUntilStoreImageTaskComplete. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) WaitUntilStoreImageTaskCompleteWithContext(ctx aws.Context, input *DescribeStoreImageTasksInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilStoreImageTaskComplete", + MaxAttempts: 40, + Delay: request.ConstantWaiterDelay(5 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathAllWaiterMatch, Argument: "StoreImageTaskResults[].StoreTaskState", + Expected: "Completed", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "StoreImageTaskResults[].StoreTaskState", + Expected: "Failed", + }, + { + State: request.RetryWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "StoreImageTaskResults[].StoreTaskState", + Expected: "InProgress", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeStoreImageTasksInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeStoreImageTasksRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} + // WaitUntilSubnetAvailable uses the Amazon EC2 API operation // DescribeSubnets to wait for a condition to be met before returning. // If the condition is not met within the max attempt window, an error will diff --git a/vendor/github.com/aws/aws-sdk-go/service/efs/api.go b/vendor/github.com/aws/aws-sdk-go/service/efs/api.go index 8e390b290a1..4ded1692a21 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/efs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/efs/api.go @@ -66,14 +66,21 @@ func (c *EFS) CreateAccessPointRequest(input *CreateAccessPointInput) (req *requ // more, see Mounting a file system using EFS access points (https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html). // // If multiple requests to create access points on the same file system are -// sent in quick succession, and the file system is near the limit of 1000 access -// points, you may experience a throttling response for these requests. This -// is to ensure that the file system does not exceed the stated access point -// limit. +// sent in quick succession, and the file system is near the limit of 1,000 +// access points, you may experience a throttling response for these requests. +// This is to ensure that the file system does not exceed the stated access +// point limit. // // This operation requires permissions for the elasticfilesystem:CreateAccessPoint // action. // +// Access points can be tagged on creation. If tags are specified in the creation +// action, IAM performs additional authorization on the elasticfilesystem:TagResource +// action to verify if users have permissions to create tags. Therefore, you +// must grant explicit permissions to use the elasticfilesystem:TagResource +// action. For more information, see Granting permissions to tag resources during +// creation (https://docs.aws.amazon.com/efs/latest/ug/using-tags-efs.html#supported-iam-actions-tagging.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -211,12 +218,18 @@ func (c *EFS) CreateFileSystemRequest(input *CreateFileSystemInput) (req *reques // system state. // // This operation accepts an optional PerformanceMode parameter that you choose -// for your file system. We recommend generalPurpose performance mode for most -// file systems. File systems using the maxIO performance mode can scale to -// higher levels of aggregate throughput and operations per second with a tradeoff -// of slightly higher latencies for most file operations. The performance mode -// can't be changed after the file system has been created. For more information, -// see Amazon EFS performance modes (https://docs.aws.amazon.com/efs/latest/ug/performance.html#performancemodes.html). +// for your file system. We recommend generalPurpose performance mode for all +// file systems. File systems using the maxIO mode is a previous generation +// performance type that is designed for highly parallelized workloads that +// can tolerate higher latencies than the General Purpose mode. Max I/O mode +// is not supported for One Zone file systems or file systems that use Elastic +// throughput. +// +// Due to the higher per-operation latencies with Max I/O, we recommend using +// General Purpose performance mode for all file systems. +// +// The performance mode can't be changed after the file system has been created. +// For more information, see Amazon EFS performance modes (https://docs.aws.amazon.com/efs/latest/ug/performance.html#performancemodes.html). // // You can set the throughput mode for the file system using the ThroughputMode // parameter. @@ -231,6 +244,13 @@ func (c *EFS) CreateFileSystemRequest(input *CreateFileSystemInput) (req *reques // This operation requires permissions for the elasticfilesystem:CreateFileSystem // action. // +// File systems can be tagged on creation. If tags are specified in the creation +// action, IAM performs additional authorization on the elasticfilesystem:TagResource +// action to verify if users have permissions to create tags. Therefore, you +// must grant explicit permissions to use the elasticfilesystem:TagResource +// action. For more information, see Granting permissions to tag resources during +// creation (https://docs.aws.amazon.com/efs/latest/ug/using-tags-efs.html#supported-iam-actions-tagging.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -346,12 +366,12 @@ func (c *EFS) CreateMountTargetRequest(input *CreateMountTargetInput) (req *requ // need to be in the same subnet as the mount target in order to access their // file system. // -// You can create only one mount target for an EFS file system using One Zone -// storage classes. You must create that mount target in the same Availability -// Zone in which the file system is located. Use the AvailabilityZoneName and -// AvailabiltyZoneId properties in the DescribeFileSystems response object to -// get this information. Use the subnetId associated with the file system's -// Availability Zone when creating the mount target. +// You can create only one mount target for a One Zone file system. You must +// create that mount target in the same Availability Zone in which the file +// system is located. Use the AvailabilityZoneName and AvailabiltyZoneId properties +// in the DescribeFileSystems response object to get this information. Use the +// subnetId associated with the file system's Availability Zone when creating +// the mount target. // // For more information, see Amazon EFS: How it Works (https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html). // @@ -569,31 +589,39 @@ func (c *EFS) CreateReplicationConfigurationRequest(input *CreateReplicationConf // in the Amazon EFS User Guide. The replication configuration specifies the // following: // -// - Source file system - An existing EFS file system that you want replicated. +// - Source file system – The EFS file system that you want replicated. // The source file system cannot be a destination file system in an existing // replication configuration. // -// - Destination file system configuration - The configuration of the destination +// - Amazon Web Services Region – The Amazon Web Services Region in which +// the destination file system is created. Amazon EFS replication is available +// in all Amazon Web Services Regions in which EFS is available. The Region +// must be enabled. For more information, see Managing Amazon Web Services +// Regions (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable) +// in the Amazon Web Services General Reference Reference Guide. +// +// - Destination file system configuration – The configuration of the destination // file system to which the source file system will be replicated. There // can only be one destination file system in a replication configuration. -// The destination file system configuration consists of the following properties: -// Amazon Web Services Region - The Amazon Web Services Region in which the -// destination file system is created. Amazon EFS replication is available -// in all Amazon Web Services Regions that Amazon EFS is available in, except -// Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), -// Europe (Milan), and Middle East (Bahrain). Availability Zone - If you -// want the destination file system to use EFS One Zone availability and -// durability, you must specify the Availability Zone to create the file -// system in. For more information about EFS storage classes, see Amazon -// EFS storage classes (https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) -// in the Amazon EFS User Guide. Encryption - All destination file systems +// Parameters for the replication configuration include: File system ID – +// The ID of the destination file system for the replication. If no ID is +// provided, then EFS creates a new file system with the default settings. +// For existing file systems, the file system's replication overwrite protection +// must be disabled. For more information, see Replicating to an existing +// file system (https://docs.aws.amazon.com/efs/latest/ug/efs-replication#replicate-existing-destination). +// Availability Zone – If you want the destination file system to use One +// Zone storage, you must specify the Availability Zone to create the file +// system in. For more information, see EFS file system types (https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) +// in the Amazon EFS User Guide. Encryption – All destination file systems // are created with encryption at rest enabled. You can specify the Key Management // Service (KMS) key that is used to encrypt the destination file system. // If you don't specify a KMS key, your service-managed KMS key for Amazon // EFS is used. After the file system is created, you cannot change the KMS // key. // -// The following properties are set by default: +// After the file system is created, you cannot change the KMS key. +// +// For new destination file systems, the following properties are set by default: // // - Performance mode - The destination file system's performance mode matches // that of the source file system, unless the destination file system uses @@ -604,14 +632,11 @@ func (c *EFS) CreateReplicationConfigurationRequest(input *CreateReplicationConf // that of the source file system. After the file system is created, you // can modify the throughput mode. // -// The following properties are turned off by default: +// - Lifecycle management – Lifecycle management is not enabled on the +// destination file system. After the destination file system is created, +// you can enable lifecycle management. // -// - Lifecycle management - EFS lifecycle management and EFS Intelligent-Tiering -// are not enabled on the destination file system. After the destination -// file system is created, you can enable EFS lifecycle management and EFS -// Intelligent-Tiering. -// -// - Automatic backups - Automatic daily backups not enabled on the destination +// - Automatic backups – Automatic daily backups are enabled on the destination // file system. After the file system is created, you can change this setting. // // For more information, see Amazon EFS replication (https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html) @@ -664,6 +689,10 @@ func (c *EFS) CreateReplicationConfigurationRequest(input *CreateReplicationConf // Returned if the throughput mode or amount of provisioned throughput can't // be changed because the throughput limit of 1024 MiB/s has been reached. // +// - ConflictException +// Returned if the source file system in a replication is encrypted but the +// destination file system is unencrypted. +// // - InternalServerError // Returned if an error occurred on the server side. // @@ -1259,12 +1288,14 @@ func (c *EFS) DeleteReplicationConfigurationRequest(input *DeleteReplicationConf // DeleteReplicationConfiguration API operation for Amazon Elastic File System. // -// Deletes an existing replication configuration. To delete a replication configuration, -// you must make the request from the Amazon Web Services Region in which the -// destination file system is located. Deleting a replication configuration +// Deletes a replication configuration. Deleting a replication configuration // ends the replication process. After a replication configuration is deleted, -// the destination file system is no longer read-only. You can write to the -// destination file system after its status becomes Writeable. +// the destination file system becomes Writeable and its replication overwrite +// protection is re-enabled. For more information, see Delete a replication +// configuration (https://docs.aws.amazon.com/efs/latest/ug/delete-replications.html). +// +// This operation requires permissions for the elasticfilesystem:DeleteReplicationConfiguration +// action. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1617,7 +1648,7 @@ func (c *EFS) DescribeAccountPreferencesRequest(input *DescribeAccountPreference // // Returns the account preferences settings for the Amazon Web Services account // associated with the user making the request, in the current Amazon Web Services -// Region. For more information, see Managing Amazon EFS resource IDs (efs/latest/ug/manage-efs-resource-ids.html). +// Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2053,13 +2084,10 @@ func (c *EFS) DescribeLifecycleConfigurationRequest(input *DescribeLifecycleConf // DescribeLifecycleConfiguration API operation for Amazon Elastic File System. // // Returns the current LifecycleConfiguration object for the specified Amazon -// EFS file system. EFS lifecycle management uses the LifecycleConfiguration -// object to identify which files to move to the EFS Infrequent Access (IA) -// storage class. For a file system without a LifecycleConfiguration object, -// the call returns an empty array in the response. -// -// When EFS Intelligent-Tiering is enabled, TransitionToPrimaryStorageClass -// has a value of AFTER_1_ACCESS. +// EFS file system. Lifecycle management uses the LifecycleConfiguration object +// to identify when to move files between storage classes. For a file system +// without a LifecycleConfiguration object, the call returns an empty array +// in the response. // // This operation requires permissions for the elasticfilesystem:DescribeLifecycleConfiguration // operation. @@ -2236,6 +2264,12 @@ func (c *EFS) DescribeMountTargetsRequest(input *DescribeMountTargetsInput) (req Name: opDescribeMountTargets, HTTPMethod: "GET", HTTPPath: "/2015-02-01/mount-targets", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "MaxItems", + TruncationToken: "", + }, } if input == nil { @@ -2307,6 +2341,57 @@ func (c *EFS) DescribeMountTargetsWithContext(ctx aws.Context, input *DescribeMo return out, req.Send() } +// DescribeMountTargetsPages iterates over the pages of a DescribeMountTargets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeMountTargets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeMountTargets operation. +// pageNum := 0 +// err := client.DescribeMountTargetsPages(params, +// func(page *efs.DescribeMountTargetsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EFS) DescribeMountTargetsPages(input *DescribeMountTargetsInput, fn func(*DescribeMountTargetsOutput, bool) bool) error { + return c.DescribeMountTargetsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeMountTargetsPagesWithContext same as DescribeMountTargetsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EFS) DescribeMountTargetsPagesWithContext(ctx aws.Context, input *DescribeMountTargetsInput, fn func(*DescribeMountTargetsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeMountTargetsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeMountTargetsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeMountTargetsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeReplicationConfigurations = "DescribeReplicationConfigurations" // DescribeReplicationConfigurationsRequest generates a "aws/request.Request" representing the @@ -2337,6 +2422,12 @@ func (c *EFS) DescribeReplicationConfigurationsRequest(input *DescribeReplicatio Name: opDescribeReplicationConfigurations, HTTPMethod: "GET", HTTPPath: "/2015-02-01/file-systems/replication-configurations", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -2403,6 +2494,57 @@ func (c *EFS) DescribeReplicationConfigurationsWithContext(ctx aws.Context, inpu return out, req.Send() } +// DescribeReplicationConfigurationsPages iterates over the pages of a DescribeReplicationConfigurations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeReplicationConfigurations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeReplicationConfigurations operation. +// pageNum := 0 +// err := client.DescribeReplicationConfigurationsPages(params, +// func(page *efs.DescribeReplicationConfigurationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EFS) DescribeReplicationConfigurationsPages(input *DescribeReplicationConfigurationsInput, fn func(*DescribeReplicationConfigurationsOutput, bool) bool) error { + return c.DescribeReplicationConfigurationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeReplicationConfigurationsPagesWithContext same as DescribeReplicationConfigurationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EFS) DescribeReplicationConfigurationsPagesWithContext(ctx aws.Context, input *DescribeReplicationConfigurationsInput, fn func(*DescribeReplicationConfigurationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeReplicationConfigurationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeReplicationConfigurationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeReplicationConfigurationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeTags = "DescribeTags" // DescribeTagsRequest generates a "aws/request.Request" representing the @@ -3173,39 +3315,40 @@ func (c *EFS) PutLifecycleConfigurationRequest(input *PutLifecycleConfigurationI // PutLifecycleConfiguration API operation for Amazon Elastic File System. // -// Use this action to manage EFS lifecycle management and EFS Intelligent-Tiering. -// A LifecycleConfiguration consists of one or more LifecyclePolicy objects -// that define the following: +// Use this action to manage storage for your file system. A LifecycleConfiguration +// consists of one or more LifecyclePolicy objects that define the following: // -// - EFS Lifecycle management - When Amazon EFS automatically transitions -// files in a file system into the lower-cost EFS Infrequent Access (IA) -// storage class. To enable EFS Lifecycle management, set the value of TransitionToIA -// to one of the available options. +// - TransitionToIA – When to move files in the file system from primary +// storage (Standard storage class) into the Infrequent Access (IA) storage. // -// - EFS Intelligent-Tiering - When Amazon EFS automatically transitions -// files from IA back into the file system's primary storage class (EFS Standard -// or EFS One Zone Standard). To enable EFS Intelligent-Tiering, set the -// value of TransitionToPrimaryStorageClass to AFTER_1_ACCESS. +// - TransitionToArchive – When to move files in the file system from their +// current storage class (either IA or Standard storage) into the Archive +// storage. File systems cannot transition into Archive storage before transitioning +// into IA storage. Therefore, TransitionToArchive must either not be set +// or must be later than TransitionToIA. The Archive storage class is available +// only for file systems that use the Elastic Throughput mode and the General +// Purpose Performance mode. // -// For more information, see EFS Lifecycle Management (https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html). +// - TransitionToPrimaryStorageClass – Whether to move files in the file +// system back to primary storage (Standard storage class) after they are +// accessed in IA or Archive storage. +// +// For more information, see Managing file system storage (https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html). // // Each Amazon EFS file system supports one lifecycle configuration, which applies // to all files in the file system. If a LifecycleConfiguration object already // exists for the specified file system, a PutLifecycleConfiguration call modifies // the existing configuration. A PutLifecycleConfiguration call with an empty -// LifecyclePolicies array in the request body deletes any existing LifecycleConfiguration -// and turns off lifecycle management and EFS Intelligent-Tiering for the file -// system. -// +// LifecyclePolicies array in the request body deletes any existing LifecycleConfiguration. // In the request, specify the following: // // - The ID for the file system for which you are enabling, disabling, or -// modifying lifecycle management and EFS Intelligent-Tiering. +// modifying Lifecycle management. // // - A LifecyclePolicies array of LifecyclePolicy objects that define when -// files are moved into IA storage, and when they are moved back to Standard -// storage. Amazon EFS requires that each LifecyclePolicy object have only -// have a single transition, so the LifecyclePolicies array needs to be structured +// to move files to IA storage, to Archive storage, and back to primary storage. +// Amazon EFS requires that each LifecyclePolicy object have only have a +// single transition, so the LifecyclePolicies array needs to be structured // with separate LifecyclePolicy objects. See the example requests in the // following section for more information. // @@ -3560,6 +3703,118 @@ func (c *EFS) UpdateFileSystemWithContext(ctx aws.Context, input *UpdateFileSyst return out, req.Send() } +const opUpdateFileSystemProtection = "UpdateFileSystemProtection" + +// UpdateFileSystemProtectionRequest generates a "aws/request.Request" representing the +// client's request for the UpdateFileSystemProtection operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateFileSystemProtection for more information on using the UpdateFileSystemProtection +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateFileSystemProtectionRequest method. +// req, resp := client.UpdateFileSystemProtectionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticfilesystem-2015-02-01/UpdateFileSystemProtection +func (c *EFS) UpdateFileSystemProtectionRequest(input *UpdateFileSystemProtectionInput) (req *request.Request, output *UpdateFileSystemProtectionOutput) { + op := &request.Operation{ + Name: opUpdateFileSystemProtection, + HTTPMethod: "PUT", + HTTPPath: "/2015-02-01/file-systems/{FileSystemId}/protection", + } + + if input == nil { + input = &UpdateFileSystemProtectionInput{} + } + + output = &UpdateFileSystemProtectionOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateFileSystemProtection API operation for Amazon Elastic File System. +// +// Updates protection on the file system. +// +// This operation requires permissions for the elasticfilesystem:UpdateFileSystemProtection +// action. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic File System's +// API operation UpdateFileSystemProtection for usage and error information. +// +// Returned Error Types: +// +// - BadRequest +// Returned if the request is malformed or contains an error such as an invalid +// parameter value or a missing required parameter. +// +// - FileSystemNotFound +// Returned if the specified FileSystemId value doesn't exist in the requester's +// Amazon Web Services account. +// +// - IncorrectFileSystemLifeCycleState +// Returned if the file system's lifecycle state is not "available". +// +// - InsufficientThroughputCapacity +// Returned if there's not enough capacity to provision additional throughput. +// This value might be returned when you try to create a file system in provisioned +// throughput mode, when you attempt to increase the provisioned throughput +// of an existing file system, or when you attempt to change an existing file +// system from Bursting Throughput to Provisioned Throughput mode. Try again +// later. +// +// - InternalServerError +// Returned if an error occurred on the server side. +// +// - ThroughputLimitExceeded +// Returned if the throughput mode or amount of provisioned throughput can't +// be changed because the throughput limit of 1024 MiB/s has been reached. +// +// - ReplicationAlreadyExists +// Returned if the file system is already included in a replication configuration.> +// +// - TooManyRequests +// Returned if you don’t wait at least 24 hours before either changing the +// throughput mode, or decreasing the Provisioned Throughput value. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticfilesystem-2015-02-01/UpdateFileSystemProtection +func (c *EFS) UpdateFileSystemProtection(input *UpdateFileSystemProtectionInput) (*UpdateFileSystemProtectionOutput, error) { + req, out := c.UpdateFileSystemProtectionRequest(input) + return out, req.Send() +} + +// UpdateFileSystemProtectionWithContext is the same as UpdateFileSystemProtection with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateFileSystemProtection for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EFS) UpdateFileSystemProtectionWithContext(ctx aws.Context, input *UpdateFileSystemProtectionInput, opts ...request.Option) (*UpdateFileSystemProtectionOutput, error) { + req, out := c.UpdateFileSystemProtectionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + // Returned if the access point that you are trying to create already exists, // with the creation token you provided in the request. type AccessPointAlreadyExists struct { @@ -3671,8 +3926,8 @@ type AccessPointDescription struct { // using the access point. PosixUser *PosixUser `type:"structure"` - // The directory on the Amazon EFS file system that the access point exposes - // as the root directory to NFS clients using the access point. + // The directory on the EFS file system that the access point exposes as the + // root directory to NFS clients using the access point. RootDirectory *RootDirectory `type:"structure"` // The tags associated with the access point, presented as an array of Tag objects. @@ -4000,13 +4255,13 @@ type BackupPolicy struct { // Describes the status of the file system's backup policy. // - // * ENABLED - EFS is automatically backing up the file system. + // * ENABLED – EFS is automatically backing up the file system. // - // * ENABLING - EFS is turning on automatic backups for the file system. + // * ENABLING – EFS is turning on automatic backups for the file system. // - // * DISABLED - Automatic back ups are turned off for the file system. + // * DISABLED – Automatic back ups are turned off for the file system. // - // * DISABLING - EFS is turning off automatic backups for the file system. + // * DISABLING – EFS is turning off automatic backups for the file system. // // Status is a required field Status *string `type:"string" required:"true" enum:"Status"` @@ -4127,6 +4382,82 @@ func (s *BadRequest) RequestID() string { return s.RespMetadata.RequestID } +// Returned if the source file system in a replication is encrypted but the +// destination file system is unencrypted. +type ConflictException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // The error code is a string that uniquely identifies an error condition. It + // is meant to be read and understood by programs that detect and handle errors + // by type. + ErrorCode *string `min:"1" type:"string"` + + // The error message contains a generic description of the error condition in + // English. It is intended for a human audience. Simple programs display the + // message directly to the end user if they encounter an error condition they + // don't know how or don't care to handle. Sophisticated programs with more + // exhaustive error handling and proper internationalization are more likely + // to ignore the error message. + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConflictException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConflictException) GoString() string { + return s.String() +} + +func newErrorConflictException(v protocol.ResponseMetadata) error { + return &ConflictException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ConflictException) Code() string { + return "ConflictException" +} + +// Message returns the exception's message. +func (s *ConflictException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ConflictException) OrigErr() error { + return nil +} + +func (s *ConflictException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ConflictException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ConflictException) RequestID() string { + return s.RespMetadata.RequestID +} + type CreateAccessPointInput struct { _ struct{} `type:"structure"` @@ -4143,13 +4474,13 @@ type CreateAccessPointInput struct { // using the access point. PosixUser *PosixUser `type:"structure"` - // Specifies the directory on the Amazon EFS file system that the access point - // exposes as the root directory of your file system to NFS clients using the - // access point. The clients using the access point can only access the root - // directory and below. If the RootDirectory > Path specified does not exist, - // EFS creates it and applies the CreationInfo settings when a client connects - // to an access point. When specifying a RootDirectory, you must provide the - // Path, and the CreationInfo. + // Specifies the directory on the EFS file system that the access point exposes + // as the root directory of your file system to NFS clients using the access + // point. The clients using the access point can only access the root directory + // and below. If the RootDirectory > Path specified does not exist, Amazon EFS + // creates it and applies the CreationInfo settings when a client connects to + // an access point. When specifying a RootDirectory, you must provide the Path, + // and the CreationInfo. // // Amazon EFS creates a root directory only if you have provided the CreationInfo: // OwnUid, OwnGID, and permissions for the directory. If you do not provide @@ -4278,8 +4609,8 @@ type CreateAccessPointOutput struct { // using the access point. PosixUser *PosixUser `type:"structure"` - // The directory on the Amazon EFS file system that the access point exposes - // as the root directory to NFS clients using the access point. + // The directory on the EFS file system that the access point exposes as the + // root directory to NFS clients using the access point. RootDirectory *RootDirectory `type:"structure"` // The tags associated with the access point, presented as an array of Tag objects. @@ -4367,20 +4698,20 @@ func (s *CreateAccessPointOutput) SetTags(v []*Tag) *CreateAccessPointOutput { type CreateFileSystemInput struct { _ struct{} `type:"structure"` - // Used to create a file system that uses One Zone storage classes. It specifies - // the Amazon Web Services Availability Zone in which to create the file system. - // Use the format us-east-1a to specify the Availability Zone. For more information - // about One Zone storage classes, see Using EFS storage classes (https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) + // Used to create a One Zone file system. It specifies the Amazon Web Services + // Availability Zone in which to create the file system. Use the format us-east-1a + // to specify the Availability Zone. For more information about One Zone file + // systems, see Using EFS storage classes (https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) // in the Amazon EFS User Guide. // - // One Zone storage classes are not available in all Availability Zones in Amazon + // One Zone file systems are not available in all Availability Zones in Amazon // Web Services Regions where Amazon EFS is available. AvailabilityZoneName *string `min:"1" type:"string"` // Specifies whether automatic backups are enabled on the file system that you // are creating. Set the value to true to enable automatic backups. If you are - // creating a file system that uses One Zone storage classes, automatic backups - // are enabled by default. For more information, see Automatic backups (https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#automatic-backups) + // creating a One Zone file system, automatic backups are enabled by default. + // For more information, see Automatic backups (https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#automatic-backups) // in the Amazon EFS User Guide. // // Default is false. However, if you specify an AvailabilityZoneName, the default @@ -4422,21 +4753,26 @@ type CreateFileSystemInput struct { // Amazon EFS file systems. KmsKeyId *string `type:"string"` - // The performance mode of the file system. We recommend generalPurpose performance - // mode for most file systems. File systems using the maxIO performance mode + // The Performance mode of the file system. We recommend generalPurpose performance + // mode for all file systems. File systems using the maxIO performance mode // can scale to higher levels of aggregate throughput and operations per second // with a tradeoff of slightly higher latencies for most file operations. The // performance mode can't be changed after the file system has been created. + // The maxIO mode is not supported on One Zone file systems. // - // The maxIO mode is not supported on file systems using One Zone storage classes. + // Due to the higher per-operation latencies with Max I/O, we recommend using + // General Purpose performance mode for all file systems. + // + // Default is generalPurpose. PerformanceMode *string `type:"string" enum:"PerformanceMode"` - // The throughput, measured in MiB/s, that you want to provision for a file - // system that you're creating. Valid values are 1-1024. Required if ThroughputMode - // is set to provisioned. The upper limit for throughput is 1024 MiB/s. To increase - // this limit, contact Amazon Web Services Support. For more information, see - // Amazon EFS quotas that you can increase (https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) - // in the Amazon EFS User Guide. + // The throughput, measured in mebibytes per second (MiBps), that you want to + // provision for a file system that you're creating. Required if ThroughputMode + // is set to provisioned. Valid values are 1-3414 MiBps, with the upper limit + // depending on Region. To increase this limit, contact Amazon Web Services + // Support. For more information, see Amazon EFS quotas that you can increase + // (https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) in the + // Amazon EFS User Guide. ProvisionedThroughputInMibps *float64 `min:"1" type:"double"` // Use to create one or more tags associated with the file system. Each tag @@ -4449,9 +4785,9 @@ type CreateFileSystemInput struct { // Specifies the throughput mode for the file system. The mode can be bursting, // provisioned, or elastic. If you set ThroughputMode to provisioned, you must // also set a value for ProvisionedThroughputInMibps. After you create the file - // system, you can decrease your file system's throughput in Provisioned Throughput - // mode or change between the throughput modes, with certain time restrictions. - // For more information, see Specifying throughput with provisioned mode (https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) + // system, you can decrease your file system's Provisioned throughput or change + // between the throughput modes, with certain time restrictions. For more information, + // see Specifying throughput with provisioned mode (https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) // in the Amazon EFS User Guide. // // Default is bursting. @@ -4574,9 +4910,8 @@ type CreateMountTargetInput struct { // for the same VPC as subnet specified. SecurityGroups []*string `type:"list"` - // The ID of the subnet to add the mount target in. For file systems that use - // One Zone storage classes, use the subnet that is associated with the file - // system's Availability Zone. + // The ID of the subnet to add the mount target in. For One Zone file systems, + // use the subnet that is associated with the file system's Availability Zone. // // SubnetId is a required field SubnetId *string `min:"15" type:"string" required:"true"` @@ -4722,6 +5057,7 @@ func (s *CreateReplicationConfigurationInput) SetSourceFileSystemId(v string) *C return s } +// Describes the replication configuration for a specific file system. type CreateReplicationConfigurationOutput struct { _ struct{} `type:"structure"` @@ -4735,8 +5071,8 @@ type CreateReplicationConfigurationOutput struct { // Destinations is a required field Destinations []*Destination `type:"list" required:"true"` - // The Amazon Resource Name (ARN) of the original source Amazon EFS file system - // in the replication configuration. + // The Amazon Resource Name (ARN) of the original source EFS file system in + // the replication configuration. // // OriginalSourceFileSystemArn is a required field OriginalSourceFileSystemArn *string `type:"string" required:"true"` @@ -4752,8 +5088,7 @@ type CreateReplicationConfigurationOutput struct { // SourceFileSystemId is a required field SourceFileSystemId *string `type:"string" required:"true"` - // The Amazon Web Services Region in which the source Amazon EFS file system - // is located. + // The Amazon Web Services Region in which the source EFS file system is located. // // SourceFileSystemRegion is a required field SourceFileSystemRegion *string `min:"1" type:"string" required:"true"` @@ -5750,7 +6085,7 @@ func (s *DescribeAccountPreferencesOutput) SetResourceIdPreference(v *ResourceId type DescribeBackupPolicyInput struct { _ struct{} `type:"structure" nopayload:"true"` - // Specifies which EFS file system to retrieve the BackupPolicy for. + // Specifies which EFS file system for which to retrieve the BackupPolicy. // // FileSystemId is a required field FileSystemId *string `location:"uri" locationName:"FileSystemId" type:"string" required:"true"` @@ -6625,10 +6960,21 @@ type Destination struct { // Region is a required field Region *string `min:"1" type:"string" required:"true"` - // Describes the status of the destination Amazon EFS file system. If the status - // is ERROR, the destination file system in the replication configuration is - // in a failed state and is unrecoverable. To access the file system data, restore - // a backup of the failed file system to a new file system. + // Describes the status of the destination EFS file system. + // + // * The Paused state occurs as a result of opting out of the source or destination + // Region after the replication configuration was created. To resume replication + // for the file system, you need to again opt in to the Amazon Web Services + // Region. For more information, see Managing Amazon Web Services Regions + // (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable) + // in the Amazon Web Services General Reference Guide. + // + // * The Error state occurs when either the source or the destination file + // system (or both) is in a failed state and is unrecoverable. For more information, + // see Monitoring replication status (https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) + // in the Amazon EFS User Guide. You must delete the replication configuration, + // and then restore the most recent backup of the failed file system (either + // the source or the destination) to a new file system. // // Status is a required field Status *string `type:"string" required:"true" enum:"ReplicationStatus"` @@ -6676,15 +7022,21 @@ func (s *Destination) SetStatus(v string) *Destination { return s } -// Describes the destination file system to create in the replication configuration. +// Describes the new or existing destination file system for the replication +// configuration. type DestinationToCreate struct { _ struct{} `type:"structure"` - // To create a file system that uses EFS One Zone storage, specify the name - // of the Availability Zone in which to create the destination file system. + // To create a file system that uses One Zone storage, specify the name of the + // Availability Zone in which to create the destination file system. AvailabilityZoneName *string `min:"1" type:"string"` - // Specifies the Key Management Service (KMS) key that you want to use to encrypt + // The ID of the file system to use for the destination. The file system's replication + // overwrite replication must be disabled. If you do not provide an ID, then + // EFS creates a new file system for the replication destination. + FileSystemId *string `type:"string"` + + // Specify the Key Management Service (KMS) key that you want to use to encrypt // the destination file system. If you do not specify a KMS key, Amazon EFS // uses your default KMS key for Amazon EFS, /aws/elasticfilesystem. This ID // can be in one of the following formats: @@ -6744,6 +7096,12 @@ func (s *DestinationToCreate) SetAvailabilityZoneName(v string) *DestinationToCr return s } +// SetFileSystemId sets the FileSystemId field's value. +func (s *DestinationToCreate) SetFileSystemId(v string) *DestinationToCreate { + s.FileSystemId = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *DestinationToCreate) SetKmsKeyId(v string) *DestinationToCreate { s.KmsKeyId = &v @@ -6842,14 +7200,15 @@ type FileSystemDescription struct { _ struct{} `type:"structure"` // The unique and consistent identifier of the Availability Zone in which the - // file system's One Zone storage classes exist. For example, use1-az1 is an - // Availability Zone ID for the us-east-1 Amazon Web Services Region, and it - // has the same location in every Amazon Web Services account. + // file system is located, and is valid only for One Zone file systems. For + // example, use1-az1 is an Availability Zone ID for the us-east-1 Amazon Web + // Services Region, and it has the same location in every Amazon Web Services + // account. AvailabilityZoneId *string `type:"string"` // Describes the Amazon Web Services Availability Zone in which the file system - // is located, and is valid only for file systems using One Zone storage classes. - // For more information, see Using EFS storage classes (https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) + // is located, and is valid only for One Zone file systems. For more information, + // see Using EFS storage classes (https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) // in the Amazon EFS User Guide. AvailabilityZoneName *string `min:"1" type:"string"` @@ -6875,6 +7234,9 @@ type FileSystemDescription struct { // FileSystemId is a required field FileSystemId *string `type:"string" required:"true"` + // Describes the protection on the file system. + FileSystemProtection *FileSystemProtectionDescription `type:"structure"` + // The ID of an KMS key used to protect the encrypted file system. KmsKeyId *string `type:"string"` @@ -6899,12 +7261,12 @@ type FileSystemDescription struct { // OwnerId is a required field OwnerId *string `type:"string" required:"true"` - // The performance mode of the file system. + // The Performance mode of the file system. // // PerformanceMode is a required field PerformanceMode *string `type:"string" required:"true" enum:"PerformanceMode"` - // The amount of provisioned throughput, measured in MiB/s, for the file system. + // The amount of provisioned throughput, measured in MiBps, for the file system. // Valid for file systems using ThroughputMode set to provisioned. ProvisionedThroughputInMibps *float64 `min:"1" type:"double"` @@ -6992,6 +7354,12 @@ func (s *FileSystemDescription) SetFileSystemId(v string) *FileSystemDescription return s } +// SetFileSystemProtection sets the FileSystemProtection field's value. +func (s *FileSystemDescription) SetFileSystemProtection(v *FileSystemProtectionDescription) *FileSystemDescription { + s.FileSystemProtection = v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *FileSystemDescription) SetKmsKeyId(v string) *FileSystemDescription { s.KmsKeyId = &v @@ -7285,6 +7653,53 @@ func (s *FileSystemNotFound) RequestID() string { return s.RespMetadata.RequestID } +// Describes the protection on a file system. +type FileSystemProtectionDescription struct { + _ struct{} `type:"structure"` + + // The status of the file system's replication overwrite protection. + // + // * ENABLED – The file system cannot be used as the destination file system + // in a replication configuration. The file system is writeable. Replication + // overwrite protection is ENABLED by default. + // + // * DISABLED – The file system can be used as the destination file system + // in a replication configuration. The file system is read-only and can only + // be modified by EFS replication. + // + // * REPLICATING – The file system is being used as the destination file + // system in a replication configuration. The file system is read-only and + // is only modified only by EFS replication. + // + // If the replication configuration is deleted, the file system's replication + // overwrite protection is re-enabled, the file system becomes writeable. + ReplicationOverwriteProtection *string `type:"string" enum:"ReplicationOverwriteProtection"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FileSystemProtectionDescription) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FileSystemProtectionDescription) GoString() string { + return s.String() +} + +// SetReplicationOverwriteProtection sets the ReplicationOverwriteProtection field's value. +func (s *FileSystemProtectionDescription) SetReplicationOverwriteProtection(v string) *FileSystemProtectionDescription { + s.ReplicationOverwriteProtection = &v + return s +} + // The latest known metered size (in bytes) of data stored in the file system, // in its Value field, and the time at which that size was determined in its // Timestamp field. The value doesn't represent the size of a consistent snapshot @@ -7305,6 +7720,10 @@ type FileSystemSize struct { // Value is a required field Value *int64 `type:"long" required:"true"` + // The latest known metered size (in bytes) of data stored in the Archive storage + // class. + ValueInArchive *int64 `type:"long"` + // The latest known metered size (in bytes) of data stored in the Infrequent // Access storage class. ValueInIA *int64 `type:"long"` @@ -7344,6 +7763,12 @@ func (s *FileSystemSize) SetValue(v int64) *FileSystemSize { return s } +// SetValueInArchive sets the ValueInArchive field's value. +func (s *FileSystemSize) SetValueInArchive(v int64) *FileSystemSize { + s.ValueInArchive = &v + return s +} + // SetValueInIA sets the ValueInIA field's value. func (s *FileSystemSize) SetValueInIA(v int64) *FileSystemSize { s.ValueInIA = &v @@ -7824,28 +8249,33 @@ func (s *IpAddressInUse) RequestID() string { return s.RespMetadata.RequestID } -// Describes a policy used by EFS lifecycle management and EFS Intelligent-Tiering -// that specifies when to transition files into and out of the file system's -// Infrequent Access (IA) storage class. For more information, see EFS Intelligent‐Tiering -// and EFS Lifecycle Management (https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html). +// Describes a policy used by Lifecycle management that specifies when to transition +// files into and out of storage classes. For more information, see Managing +// file system storage (https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html). // // When using the put-lifecycle-configuration CLI command or the PutLifecycleConfiguration // API action, Amazon EFS requires that each LifecyclePolicy object have only // a single transition. This means that in a request body, LifecyclePolicies // must be structured as an array of LifecyclePolicy objects, one object for -// each transition, TransitionToIA, TransitionToPrimaryStorageClass. For more -// information, see the request examples in PutLifecycleConfiguration. +// each transition. For more information, see the request examples in PutLifecycleConfiguration. type LifecyclePolicy struct { _ struct{} `type:"structure"` - // Describes the period of time that a file is not accessed, after which it - // transitions to IA storage. Metadata operations such as listing the contents - // of a directory don't count as file access events. - TransitionToIA *string `type:"string" enum:"TransitionToIARules"` - - // Describes when to transition a file from IA storage to primary storage. Metadata + // The number of days after files were last accessed in primary storage (the + // Standard storage class) files at which to move them to Archive storage. Metadata // operations such as listing the contents of a directory don't count as file // access events. + TransitionToArchive *string `type:"string" enum:"TransitionToArchiveRules"` + + // The number of days after files were last accessed in primary storage (the + // Standard storage class) at which to move them to Infrequent Access (IA) storage. + // Metadata operations such as listing the contents of a directory don't count + // as file access events. + TransitionToIA *string `type:"string" enum:"TransitionToIARules"` + + // Whether to move files back to primary (Standard) storage after they are accessed + // in IA or Archive storage. Metadata operations such as listing the contents + // of a directory don't count as file access events. TransitionToPrimaryStorageClass *string `type:"string" enum:"TransitionToPrimaryStorageClassRules"` } @@ -7867,6 +8297,12 @@ func (s LifecyclePolicy) GoString() string { return s.String() } +// SetTransitionToArchive sets the TransitionToArchive field's value. +func (s *LifecyclePolicy) SetTransitionToArchive(v string) *LifecyclePolicy { + s.TransitionToArchive = &v + return s +} + // SetTransitionToIA sets the TransitionToIA field's value. func (s *LifecyclePolicy) SetTransitionToIA(v string) *LifecyclePolicy { s.TransitionToIA = &v @@ -8989,20 +9425,30 @@ type PutLifecycleConfigurationInput struct { FileSystemId *string `location:"uri" locationName:"FileSystemId" type:"string" required:"true"` // An array of LifecyclePolicy objects that define the file system's LifecycleConfiguration - // object. A LifecycleConfiguration object informs EFS lifecycle management - // and EFS Intelligent-Tiering of the following: + // object. A LifecycleConfiguration object informs EFS Lifecycle management + // of the following: // - // * When to move files in the file system from primary storage to the IA - // storage class. + // * TransitionToIA – When to move files in the file system from primary + // storage (Standard storage class) into the Infrequent Access (IA) storage. // - // * When to move files that are in IA storage to primary storage. + // * TransitionToArchive – When to move files in the file system from their + // current storage class (either IA or Standard storage) into the Archive + // storage. File systems cannot transition into Archive storage before transitioning + // into IA storage. Therefore, TransitionToArchive must either not be set + // or must be later than TransitionToIA. The Archive storage class is available + // only for file systems that use the Elastic Throughput mode and the General + // Purpose Performance mode. + // + // * TransitionToPrimaryStorageClass – Whether to move files in the file + // system back to primary storage (Standard storage class) after they are + // accessed in IA or Archive storage. // // When using the put-lifecycle-configuration CLI command or the PutLifecycleConfiguration // API action, Amazon EFS requires that each LifecyclePolicy object have only // a single transition. This means that in a request body, LifecyclePolicies // must be structured as an array of LifecyclePolicy objects, one object for - // each transition, TransitionToIA, TransitionToPrimaryStorageClass. See the - // example requests in the following section for more information. + // each storage transition. See the example requests in the following section + // for more information. // // LifecyclePolicies is a required field LifecyclePolicies []*LifecyclePolicy `type:"list" required:"true"` @@ -9089,6 +9535,82 @@ func (s *PutLifecycleConfigurationOutput) SetLifecyclePolicies(v []*LifecyclePol return s } +// Returned if the file system is already included in a replication configuration.> +type ReplicationAlreadyExists struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // The error code is a string that uniquely identifies an error condition. It + // is meant to be read and understood by programs that detect and handle errors + // by type. + ErrorCode *string `min:"1" type:"string"` + + // The error message contains a generic description of the error condition in + // English. It is intended for a human audience. Simple programs display the + // message directly to the end user if they encounter an error condition they + // don't know how or don't care to handle. Sophisticated programs with more + // exhaustive error handling and proper internationalization are more likely + // to ignore the error message. + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicationAlreadyExists) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicationAlreadyExists) GoString() string { + return s.String() +} + +func newErrorReplicationAlreadyExists(v protocol.ResponseMetadata) error { + return &ReplicationAlreadyExists{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ReplicationAlreadyExists) Code() string { + return "ReplicationAlreadyExists" +} + +// Message returns the exception's message. +func (s *ReplicationAlreadyExists) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ReplicationAlreadyExists) OrigErr() error { + return nil +} + +func (s *ReplicationAlreadyExists) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ReplicationAlreadyExists) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ReplicationAlreadyExists) RequestID() string { + return s.RespMetadata.RequestID +} + +// Describes the replication configuration for a specific file system. type ReplicationConfigurationDescription struct { _ struct{} `type:"structure"` @@ -9102,8 +9624,8 @@ type ReplicationConfigurationDescription struct { // Destinations is a required field Destinations []*Destination `type:"list" required:"true"` - // The Amazon Resource Name (ARN) of the original source Amazon EFS file system - // in the replication configuration. + // The Amazon Resource Name (ARN) of the original source EFS file system in + // the replication configuration. // // OriginalSourceFileSystemArn is a required field OriginalSourceFileSystemArn *string `type:"string" required:"true"` @@ -9119,8 +9641,7 @@ type ReplicationConfigurationDescription struct { // SourceFileSystemId is a required field SourceFileSystemId *string `type:"string" required:"true"` - // The Amazon Web Services Region in which the source Amazon EFS file system - // is located. + // The Amazon Web Services Region in which the source EFS file system is located. // // SourceFileSystemRegion is a required field SourceFileSystemRegion *string `min:"1" type:"string" required:"true"` @@ -10173,10 +10694,13 @@ type UpdateFileSystemInput struct { // FileSystemId is a required field FileSystemId *string `location:"uri" locationName:"FileSystemId" type:"string" required:"true"` - // (Optional) Sets the amount of provisioned throughput, in MiB/s, for the file - // system. Valid values are 1-1024. If you are changing the throughput mode - // to provisioned, you must also provide the amount of provisioned throughput. - // Required if ThroughputMode is changed to provisioned on update. + // (Optional) The throughput, measured in mebibytes per second (MiBps), that + // you want to provision for a file system that you're creating. Required if + // ThroughputMode is set to provisioned. Valid values are 1-3414 MiBps, with + // the upper limit depending on Region. To increase this limit, contact Amazon + // Web Services Support. For more information, see Amazon EFS quotas that you + // can increase (https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) + // in the Amazon EFS User Guide. ProvisionedThroughputInMibps *float64 `min:"1" type:"double"` // (Optional) Updates the file system's throughput mode. If you're not updating @@ -10246,14 +10770,15 @@ type UpdateFileSystemOutput struct { _ struct{} `type:"structure"` // The unique and consistent identifier of the Availability Zone in which the - // file system's One Zone storage classes exist. For example, use1-az1 is an - // Availability Zone ID for the us-east-1 Amazon Web Services Region, and it - // has the same location in every Amazon Web Services account. + // file system is located, and is valid only for One Zone file systems. For + // example, use1-az1 is an Availability Zone ID for the us-east-1 Amazon Web + // Services Region, and it has the same location in every Amazon Web Services + // account. AvailabilityZoneId *string `type:"string"` // Describes the Amazon Web Services Availability Zone in which the file system - // is located, and is valid only for file systems using One Zone storage classes. - // For more information, see Using EFS storage classes (https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) + // is located, and is valid only for One Zone file systems. For more information, + // see Using EFS storage classes (https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) // in the Amazon EFS User Guide. AvailabilityZoneName *string `min:"1" type:"string"` @@ -10279,6 +10804,9 @@ type UpdateFileSystemOutput struct { // FileSystemId is a required field FileSystemId *string `type:"string" required:"true"` + // Describes the protection on the file system. + FileSystemProtection *FileSystemProtectionDescription `type:"structure"` + // The ID of an KMS key used to protect the encrypted file system. KmsKeyId *string `type:"string"` @@ -10303,12 +10831,12 @@ type UpdateFileSystemOutput struct { // OwnerId is a required field OwnerId *string `type:"string" required:"true"` - // The performance mode of the file system. + // The Performance mode of the file system. // // PerformanceMode is a required field PerformanceMode *string `type:"string" required:"true" enum:"PerformanceMode"` - // The amount of provisioned throughput, measured in MiB/s, for the file system. + // The amount of provisioned throughput, measured in MiBps, for the file system. // Valid for file systems using ThroughputMode set to provisioned. ProvisionedThroughputInMibps *float64 `min:"1" type:"double"` @@ -10396,6 +10924,12 @@ func (s *UpdateFileSystemOutput) SetFileSystemId(v string) *UpdateFileSystemOutp return s } +// SetFileSystemProtection sets the FileSystemProtection field's value. +func (s *UpdateFileSystemOutput) SetFileSystemProtection(v *FileSystemProtectionDescription) *UpdateFileSystemOutput { + s.FileSystemProtection = v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *UpdateFileSystemOutput) SetKmsKeyId(v string) *UpdateFileSystemOutput { s.KmsKeyId = &v @@ -10456,6 +10990,126 @@ func (s *UpdateFileSystemOutput) SetThroughputMode(v string) *UpdateFileSystemOu return s } +type UpdateFileSystemProtectionInput struct { + _ struct{} `type:"structure"` + + // The ID of the file system to update. + // + // FileSystemId is a required field + FileSystemId *string `location:"uri" locationName:"FileSystemId" type:"string" required:"true"` + + // The status of the file system's replication overwrite protection. + // + // * ENABLED – The file system cannot be used as the destination file system + // in a replication configuration. The file system is writeable. Replication + // overwrite protection is ENABLED by default. + // + // * DISABLED – The file system can be used as the destination file system + // in a replication configuration. The file system is read-only and can only + // be modified by EFS replication. + // + // * REPLICATING – The file system is being used as the destination file + // system in a replication configuration. The file system is read-only and + // is only modified only by EFS replication. + // + // If the replication configuration is deleted, the file system's replication + // overwrite protection is re-enabled, the file system becomes writeable. + ReplicationOverwriteProtection *string `type:"string" enum:"ReplicationOverwriteProtection"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateFileSystemProtectionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateFileSystemProtectionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateFileSystemProtectionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateFileSystemProtectionInput"} + if s.FileSystemId == nil { + invalidParams.Add(request.NewErrParamRequired("FileSystemId")) + } + if s.FileSystemId != nil && len(*s.FileSystemId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FileSystemId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFileSystemId sets the FileSystemId field's value. +func (s *UpdateFileSystemProtectionInput) SetFileSystemId(v string) *UpdateFileSystemProtectionInput { + s.FileSystemId = &v + return s +} + +// SetReplicationOverwriteProtection sets the ReplicationOverwriteProtection field's value. +func (s *UpdateFileSystemProtectionInput) SetReplicationOverwriteProtection(v string) *UpdateFileSystemProtectionInput { + s.ReplicationOverwriteProtection = &v + return s +} + +// Describes the protection on a file system. +type UpdateFileSystemProtectionOutput struct { + _ struct{} `type:"structure"` + + // The status of the file system's replication overwrite protection. + // + // * ENABLED – The file system cannot be used as the destination file system + // in a replication configuration. The file system is writeable. Replication + // overwrite protection is ENABLED by default. + // + // * DISABLED – The file system can be used as the destination file system + // in a replication configuration. The file system is read-only and can only + // be modified by EFS replication. + // + // * REPLICATING – The file system is being used as the destination file + // system in a replication configuration. The file system is read-only and + // is only modified only by EFS replication. + // + // If the replication configuration is deleted, the file system's replication + // overwrite protection is re-enabled, the file system becomes writeable. + ReplicationOverwriteProtection *string `type:"string" enum:"ReplicationOverwriteProtection"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateFileSystemProtectionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateFileSystemProtectionOutput) GoString() string { + return s.String() +} + +// SetReplicationOverwriteProtection sets the ReplicationOverwriteProtection field's value. +func (s *UpdateFileSystemProtectionOutput) SetReplicationOverwriteProtection(v string) *UpdateFileSystemProtectionOutput { + s.ReplicationOverwriteProtection = &v + return s +} + // Returned if the Backup service is not available in the Amazon Web Services // Region in which the request was made. type ValidationException struct { @@ -10582,6 +11236,26 @@ func PerformanceMode_Values() []string { } } +const ( + // ReplicationOverwriteProtectionEnabled is a ReplicationOverwriteProtection enum value + ReplicationOverwriteProtectionEnabled = "ENABLED" + + // ReplicationOverwriteProtectionDisabled is a ReplicationOverwriteProtection enum value + ReplicationOverwriteProtectionDisabled = "DISABLED" + + // ReplicationOverwriteProtectionReplicating is a ReplicationOverwriteProtection enum value + ReplicationOverwriteProtectionReplicating = "REPLICATING" +) + +// ReplicationOverwriteProtection_Values returns all elements of the ReplicationOverwriteProtection enum +func ReplicationOverwriteProtection_Values() []string { + return []string{ + ReplicationOverwriteProtectionEnabled, + ReplicationOverwriteProtectionDisabled, + ReplicationOverwriteProtectionReplicating, + } +} + const ( // ReplicationStatusEnabled is a ReplicationStatus enum value ReplicationStatusEnabled = "ENABLED" @@ -10594,6 +11268,12 @@ const ( // ReplicationStatusError is a ReplicationStatus enum value ReplicationStatusError = "ERROR" + + // ReplicationStatusPaused is a ReplicationStatus enum value + ReplicationStatusPaused = "PAUSED" + + // ReplicationStatusPausing is a ReplicationStatus enum value + ReplicationStatusPausing = "PAUSING" ) // ReplicationStatus_Values returns all elements of the ReplicationStatus enum @@ -10603,6 +11283,8 @@ func ReplicationStatus_Values() []string { ReplicationStatusEnabling, ReplicationStatusDeleting, ReplicationStatusError, + ReplicationStatusPaused, + ReplicationStatusPausing, } } @@ -10685,6 +11367,50 @@ func ThroughputMode_Values() []string { } } +const ( + // TransitionToArchiveRulesAfter1Day is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter1Day = "AFTER_1_DAY" + + // TransitionToArchiveRulesAfter7Days is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter7Days = "AFTER_7_DAYS" + + // TransitionToArchiveRulesAfter14Days is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter14Days = "AFTER_14_DAYS" + + // TransitionToArchiveRulesAfter30Days is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter30Days = "AFTER_30_DAYS" + + // TransitionToArchiveRulesAfter60Days is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter60Days = "AFTER_60_DAYS" + + // TransitionToArchiveRulesAfter90Days is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter90Days = "AFTER_90_DAYS" + + // TransitionToArchiveRulesAfter180Days is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter180Days = "AFTER_180_DAYS" + + // TransitionToArchiveRulesAfter270Days is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter270Days = "AFTER_270_DAYS" + + // TransitionToArchiveRulesAfter365Days is a TransitionToArchiveRules enum value + TransitionToArchiveRulesAfter365Days = "AFTER_365_DAYS" +) + +// TransitionToArchiveRules_Values returns all elements of the TransitionToArchiveRules enum +func TransitionToArchiveRules_Values() []string { + return []string{ + TransitionToArchiveRulesAfter1Day, + TransitionToArchiveRulesAfter7Days, + TransitionToArchiveRulesAfter14Days, + TransitionToArchiveRulesAfter30Days, + TransitionToArchiveRulesAfter60Days, + TransitionToArchiveRulesAfter90Days, + TransitionToArchiveRulesAfter180Days, + TransitionToArchiveRulesAfter270Days, + TransitionToArchiveRulesAfter365Days, + } +} + const ( // TransitionToIARulesAfter7Days is a TransitionToIARules enum value TransitionToIARulesAfter7Days = "AFTER_7_DAYS" @@ -10703,6 +11429,15 @@ const ( // TransitionToIARulesAfter1Day is a TransitionToIARules enum value TransitionToIARulesAfter1Day = "AFTER_1_DAY" + + // TransitionToIARulesAfter180Days is a TransitionToIARules enum value + TransitionToIARulesAfter180Days = "AFTER_180_DAYS" + + // TransitionToIARulesAfter270Days is a TransitionToIARules enum value + TransitionToIARulesAfter270Days = "AFTER_270_DAYS" + + // TransitionToIARulesAfter365Days is a TransitionToIARules enum value + TransitionToIARulesAfter365Days = "AFTER_365_DAYS" ) // TransitionToIARules_Values returns all elements of the TransitionToIARules enum @@ -10714,6 +11449,9 @@ func TransitionToIARules_Values() []string { TransitionToIARulesAfter60Days, TransitionToIARulesAfter90Days, TransitionToIARulesAfter1Day, + TransitionToIARulesAfter180Days, + TransitionToIARulesAfter270Days, + TransitionToIARulesAfter365Days, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/efs/errors.go b/vendor/github.com/aws/aws-sdk-go/service/efs/errors.go index 04c23343b19..bda18785c00 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/efs/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/efs/errors.go @@ -46,6 +46,13 @@ const ( // parameter value or a missing required parameter. ErrCodeBadRequest = "BadRequest" + // ErrCodeConflictException for service response error code + // "ConflictException". + // + // Returned if the source file system in a replication is encrypted but the + // destination file system is unencrypted. + ErrCodeConflictException = "ConflictException" + // ErrCodeDependencyTimeout for service response error code // "DependencyTimeout". // @@ -163,6 +170,12 @@ const ( // system specified. ErrCodePolicyNotFound = "PolicyNotFound" + // ErrCodeReplicationAlreadyExists for service response error code + // "ReplicationAlreadyExists". + // + // Returned if the file system is already included in a replication configuration.> + ErrCodeReplicationAlreadyExists = "ReplicationAlreadyExists" + // ErrCodeReplicationNotFound for service response error code // "ReplicationNotFound". // @@ -232,6 +245,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "AccessPointNotFound": newErrorAccessPointNotFound, "AvailabilityZonesMismatch": newErrorAvailabilityZonesMismatch, "BadRequest": newErrorBadRequest, + "ConflictException": newErrorConflictException, "DependencyTimeout": newErrorDependencyTimeout, "FileSystemAlreadyExists": newErrorFileSystemAlreadyExists, "FileSystemInUse": newErrorFileSystemInUse, @@ -248,6 +262,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "NetworkInterfaceLimitExceeded": newErrorNetworkInterfaceLimitExceeded, "NoFreeAddressesInSubnet": newErrorNoFreeAddressesInSubnet, "PolicyNotFound": newErrorPolicyNotFound, + "ReplicationAlreadyExists": newErrorReplicationAlreadyExists, "ReplicationNotFound": newErrorReplicationNotFound, "SecurityGroupLimitExceeded": newErrorSecurityGroupLimitExceeded, "SecurityGroupNotFound": newErrorSecurityGroupNotFound, diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go index 643b4fb74c2..406c1bc7f01 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go @@ -152,7 +152,7 @@ func (c *ELBV2) AddTagsRequest(input *AddTagsInput) (req *request.Request, outpu // // Adds the specified tags to the specified Elastic Load Balancing resource. // You can tag your Application Load Balancers, Network Load Balancers, Gateway -// Load Balancers, target groups, listeners, and rules. +// Load Balancers, target groups, trust stores, listeners, and rules. // // Each tag consists of a key and an optional value. If a resource already has // a tag with the same key, AddTags updates its value. @@ -170,7 +170,7 @@ func (c *ELBV2) AddTagsRequest(input *AddTagsInput) (req *request.Request, outpu // A tag key was specified more than once. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. // // - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" // The specified load balancer does not exist. @@ -184,6 +184,9 @@ func (c *ELBV2) AddTagsRequest(input *AddTagsInput) (req *request.Request, outpu // - ErrCodeRuleNotFoundException "RuleNotFound" // The specified rule does not exist. // +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AddTags func (c *ELBV2) AddTags(input *AddTagsInput) (*AddTagsOutput, error) { req, out := c.AddTagsRequest(input) @@ -206,6 +209,94 @@ func (c *ELBV2) AddTagsWithContext(ctx aws.Context, input *AddTagsInput, opts .. return out, req.Send() } +const opAddTrustStoreRevocations = "AddTrustStoreRevocations" + +// AddTrustStoreRevocationsRequest generates a "aws/request.Request" representing the +// client's request for the AddTrustStoreRevocations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AddTrustStoreRevocations for more information on using the AddTrustStoreRevocations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the AddTrustStoreRevocationsRequest method. +// req, resp := client.AddTrustStoreRevocationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AddTrustStoreRevocations +func (c *ELBV2) AddTrustStoreRevocationsRequest(input *AddTrustStoreRevocationsInput) (req *request.Request, output *AddTrustStoreRevocationsOutput) { + op := &request.Operation{ + Name: opAddTrustStoreRevocations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AddTrustStoreRevocationsInput{} + } + + output = &AddTrustStoreRevocationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// AddTrustStoreRevocations API operation for Elastic Load Balancing. +// +// Adds the specified revocation file to the specified trust store. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation AddTrustStoreRevocations for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeInvalidRevocationContentException "InvalidRevocationContent" +// The provided revocation file is an invalid format, or uses an incorrect algorithm. +// +// - ErrCodeTooManyTrustStoreRevocationEntriesException "TooManyTrustStoreRevocationEntries" +// The specified trust store has too many revocation entries. +// +// - ErrCodeRevocationContentNotFoundException "RevocationContentNotFound" +// The specified revocation file does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AddTrustStoreRevocations +func (c *ELBV2) AddTrustStoreRevocations(input *AddTrustStoreRevocationsInput) (*AddTrustStoreRevocationsOutput, error) { + req, out := c.AddTrustStoreRevocationsRequest(input) + return out, req.Send() +} + +// AddTrustStoreRevocationsWithContext is the same as AddTrustStoreRevocations with the addition of +// the ability to pass a context and additional request options. +// +// See AddTrustStoreRevocations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) AddTrustStoreRevocationsWithContext(ctx aws.Context, input *AddTrustStoreRevocationsInput, opts ...request.Option) (*AddTrustStoreRevocationsOutput, error) { + req, out := c.AddTrustStoreRevocationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateListener = "CreateListener" // CreateListenerRequest generates a "aws/request.Request" representing the @@ -328,7 +419,13 @@ func (c *ELBV2) CreateListenerRequest(input *CreateListenerInput) (req *request. // The specified ALPN policy is not supported. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeTrustStoreNotReadyException "TrustStoreNotReady" +// The specified trust store is not active. // // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateListener func (c *ELBV2) CreateListener(input *CreateListenerInput) (*CreateListenerOutput, error) { @@ -442,7 +539,7 @@ func (c *ELBV2) CreateLoadBalancerRequest(input *CreateLoadBalancerInput) (req * // The requested scheme is not valid. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. // // - ErrCodeDuplicateTagKeysException "DuplicateTagKeys" // A tag key was specified more than once. @@ -590,7 +687,7 @@ func (c *ELBV2) CreateRuleRequest(input *CreateRuleInput) (req *request.Request, // load balancer, it is counted as only one use. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. // // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateRule func (c *ELBV2) CreateRule(input *CreateRuleInput) (*CreateRuleOutput, error) { @@ -691,7 +788,7 @@ func (c *ELBV2) CreateTargetGroupRequest(input *CreateTargetGroupInput) (req *re // The requested configuration is not valid. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. // // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateTargetGroup func (c *ELBV2) CreateTargetGroup(input *CreateTargetGroupInput) (*CreateTargetGroupOutput, error) { @@ -715,6 +812,101 @@ func (c *ELBV2) CreateTargetGroupWithContext(ctx aws.Context, input *CreateTarge return out, req.Send() } +const opCreateTrustStore = "CreateTrustStore" + +// CreateTrustStoreRequest generates a "aws/request.Request" representing the +// client's request for the CreateTrustStore operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTrustStore for more information on using the CreateTrustStore +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTrustStoreRequest method. +// req, resp := client.CreateTrustStoreRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateTrustStore +func (c *ELBV2) CreateTrustStoreRequest(input *CreateTrustStoreInput) (req *request.Request, output *CreateTrustStoreOutput) { + op := &request.Operation{ + Name: opCreateTrustStore, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTrustStoreInput{} + } + + output = &CreateTrustStoreOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTrustStore API operation for Elastic Load Balancing. +// +// Creates a trust store. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation CreateTrustStore for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDuplicateTrustStoreNameException "DuplicateTrustStoreName" +// A trust store with the specified name already exists. +// +// - ErrCodeTooManyTrustStoresException "TooManyTrustStores" +// You've reached the limit on the number of trust stores for your Amazon Web +// Services account. +// +// - ErrCodeInvalidCaCertificatesBundleException "InvalidCaCertificatesBundle" +// The specified ca certificate bundle is in an invalid format, or corrupt. +// +// - ErrCodeCaCertificatesBundleNotFoundException "CaCertificatesBundleNotFound" +// The specified ca certificate bundle does not exist. +// +// - ErrCodeTooManyTagsException "TooManyTags" +// You've reached the limit on the number of tags for this resource. +// +// - ErrCodeDuplicateTagKeysException "DuplicateTagKeys" +// A tag key was specified more than once. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateTrustStore +func (c *ELBV2) CreateTrustStore(input *CreateTrustStoreInput) (*CreateTrustStoreOutput, error) { + req, out := c.CreateTrustStoreRequest(input) + return out, req.Send() +} + +// CreateTrustStoreWithContext is the same as CreateTrustStore with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTrustStore for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) CreateTrustStoreWithContext(ctx aws.Context, input *CreateTrustStoreInput, opts ...request.Option) (*CreateTrustStoreOutput, error) { + req, out := c.CreateTrustStoreRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteListener = "DeleteListener" // DeleteListenerRequest generates a "aws/request.Request" representing the @@ -1065,6 +1257,89 @@ func (c *ELBV2) DeleteTargetGroupWithContext(ctx aws.Context, input *DeleteTarge return out, req.Send() } +const opDeleteTrustStore = "DeleteTrustStore" + +// DeleteTrustStoreRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTrustStore operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTrustStore for more information on using the DeleteTrustStore +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteTrustStoreRequest method. +// req, resp := client.DeleteTrustStoreRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DeleteTrustStore +func (c *ELBV2) DeleteTrustStoreRequest(input *DeleteTrustStoreInput) (req *request.Request, output *DeleteTrustStoreOutput) { + op := &request.Operation{ + Name: opDeleteTrustStore, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTrustStoreInput{} + } + + output = &DeleteTrustStoreOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteTrustStore API operation for Elastic Load Balancing. +// +// Deletes a trust store. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation DeleteTrustStore for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeTrustStoreInUseException "TrustStoreInUse" +// The specified trust store is currently in use. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DeleteTrustStore +func (c *ELBV2) DeleteTrustStore(input *DeleteTrustStoreInput) (*DeleteTrustStoreOutput, error) { + req, out := c.DeleteTrustStoreRequest(input) + return out, req.Send() +} + +// DeleteTrustStoreWithContext is the same as DeleteTrustStore with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTrustStore for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) DeleteTrustStoreWithContext(ctx aws.Context, input *DeleteTrustStoreInput, opts ...request.Option) (*DeleteTrustStoreOutput, error) { + req, out := c.DeleteTrustStoreRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeregisterTargets = "DeregisterTargets" // DeregisterTargetsRequest generates a "aws/request.Request" representing the @@ -1113,6 +1388,24 @@ func (c *ELBV2) DeregisterTargetsRequest(input *DeregisterTargetsInput) (req *re // the targets are deregistered, they no longer receive traffic from the load // balancer. // +// The load balancer stops sending requests to targets that are deregistering, +// but uses connection draining to ensure that in-flight traffic completes on +// the existing connections. This deregistration delay is configured by default +// but can be updated for each target group. +// +// For more information, see the following: +// +// - Deregistration delay (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#deregistration-delay) +// in the Application Load Balancers User Guide +// +// - Deregistration delay (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#deregistration-delay) +// in the Network Load Balancers User Guide +// +// - Deregistration delay (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#deregistration-delay) +// in the Gateway Load Balancers User Guide +// +// Note: If the specified target does not exist, the action returns successfully. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1925,6 +2218,9 @@ func (c *ELBV2) DescribeTagsRequest(input *DescribeTagsInput) (req *request.Requ // - ErrCodeRuleNotFoundException "RuleNotFound" // The specified rule does not exist. // +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTags func (c *ELBV2) DescribeTags(input *DescribeTagsInput) (*DescribeTagsOutput, error) { req, out := c.DescribeTagsRequest(input) @@ -2265,1204 +2561,2906 @@ func (c *ELBV2) DescribeTargetHealthWithContext(ctx aws.Context, input *Describe return out, req.Send() } -const opModifyListener = "ModifyListener" +const opDescribeTrustStoreAssociations = "DescribeTrustStoreAssociations" -// ModifyListenerRequest generates a "aws/request.Request" representing the -// client's request for the ModifyListener operation. The "output" return +// DescribeTrustStoreAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrustStoreAssociations operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyListener for more information on using the ModifyListener +// See DescribeTrustStoreAssociations for more information on using the DescribeTrustStoreAssociations // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyListenerRequest method. -// req, resp := client.ModifyListenerRequest(params) +// // Example sending a request using the DescribeTrustStoreAssociationsRequest method. +// req, resp := client.DescribeTrustStoreAssociationsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListener -func (c *ELBV2) ModifyListenerRequest(input *ModifyListenerInput) (req *request.Request, output *ModifyListenerOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStoreAssociations +func (c *ELBV2) DescribeTrustStoreAssociationsRequest(input *DescribeTrustStoreAssociationsInput) (req *request.Request, output *DescribeTrustStoreAssociationsOutput) { op := &request.Operation{ - Name: opModifyListener, + Name: opDescribeTrustStoreAssociations, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "PageSize", + TruncationToken: "", + }, } if input == nil { - input = &ModifyListenerInput{} + input = &DescribeTrustStoreAssociationsInput{} } - output = &ModifyListenerOutput{} + output = &DescribeTrustStoreAssociationsOutput{} req = c.newRequest(op, input, output) return } -// ModifyListener API operation for Elastic Load Balancing. -// -// Replaces the specified properties of the specified listener. Any properties -// that you do not specify remain unchanged. -// -// Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the -// security policy and default certificate properties. If you change the protocol -// from HTTP to HTTPS, or from TCP to TLS, you must add the security policy -// and default certificate properties. +// DescribeTrustStoreAssociations API operation for Elastic Load Balancing. // -// To add an item to a list, remove an item from a list, or update an item in -// a list, you must provide the entire list. For example, to add an action, -// specify a list with the current actions plus the new action. +// Describes all resources associated with the specified trust store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyListener for usage and error information. +// API operation DescribeTrustStoreAssociations for usage and error information. // // Returned Error Codes: +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeDuplicateListenerException "DuplicateListener" -// A listener with the specified port already exists. -// -// - ErrCodeTooManyListenersException "TooManyListeners" -// You've reached the limit on the number of listeners per load balancer. -// -// - ErrCodeTooManyCertificatesException "TooManyCertificates" -// You've reached the limit on the number of certificates per load balancer. +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStoreAssociations +func (c *ELBV2) DescribeTrustStoreAssociations(input *DescribeTrustStoreAssociationsInput) (*DescribeTrustStoreAssociationsOutput, error) { + req, out := c.DescribeTrustStoreAssociationsRequest(input) + return out, req.Send() +} + +// DescribeTrustStoreAssociationsWithContext is the same as DescribeTrustStoreAssociations with the addition of +// the ability to pass a context and additional request options. // -// - ErrCodeListenerNotFoundException "ListenerNotFound" -// The specified listener does not exist. +// See DescribeTrustStoreAssociations for details on how to use this API operation. // -// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" -// The specified target group does not exist. +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) DescribeTrustStoreAssociationsWithContext(ctx aws.Context, input *DescribeTrustStoreAssociationsInput, opts ...request.Option) (*DescribeTrustStoreAssociationsOutput, error) { + req, out := c.DescribeTrustStoreAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTrustStoreAssociationsPages iterates over the pages of a DescribeTrustStoreAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. // -// - ErrCodeTargetGroupAssociationLimitException "TargetGroupAssociationLimit" -// You've reached the limit on the number of load balancers per target group. +// See DescribeTrustStoreAssociations method for more information on how to use this operation. // -// - ErrCodeIncompatibleProtocolsException "IncompatibleProtocols" -// The specified configuration is not valid with this protocol. +// Note: This operation can generate multiple requests to a service. // -// - ErrCodeSSLPolicyNotFoundException "SSLPolicyNotFound" -// The specified SSL policy does not exist. -// -// - ErrCodeCertificateNotFoundException "CertificateNotFound" -// The specified certificate does not exist. -// -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. -// -// - ErrCodeUnsupportedProtocolException "UnsupportedProtocol" -// The specified protocol is not supported. -// -// - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" -// You've reached the limit on the number of times a target can be registered -// with a load balancer. -// -// - ErrCodeTooManyTargetsException "TooManyTargets" -// You've reached the limit on the number of targets. -// -// - ErrCodeTooManyActionsException "TooManyActions" -// You've reached the limit on the number of actions per rule. -// -// - ErrCodeInvalidLoadBalancerActionException "InvalidLoadBalancerAction" -// The requested action is not valid. -// -// - ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException "TooManyUniqueTargetGroupsPerLoadBalancer" -// You've reached the limit on the number of unique target groups per load balancer -// across all listeners. If a target group is used by multiple actions for a -// load balancer, it is counted as only one use. -// -// - ErrCodeALPNPolicyNotSupportedException "ALPNPolicyNotFound" -// The specified ALPN policy is not supported. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListener -func (c *ELBV2) ModifyListener(input *ModifyListenerInput) (*ModifyListenerOutput, error) { - req, out := c.ModifyListenerRequest(input) - return out, req.Send() +// // Example iterating over at most 3 pages of a DescribeTrustStoreAssociations operation. +// pageNum := 0 +// err := client.DescribeTrustStoreAssociationsPages(params, +// func(page *elbv2.DescribeTrustStoreAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *ELBV2) DescribeTrustStoreAssociationsPages(input *DescribeTrustStoreAssociationsInput, fn func(*DescribeTrustStoreAssociationsOutput, bool) bool) error { + return c.DescribeTrustStoreAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) } -// ModifyListenerWithContext is the same as ModifyListener with the addition of -// the ability to pass a context and additional request options. -// -// See ModifyListener for details on how to use this API operation. +// DescribeTrustStoreAssociationsPagesWithContext same as DescribeTrustStoreAssociationsPages except +// it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyListenerWithContext(ctx aws.Context, input *ModifyListenerInput, opts ...request.Option) (*ModifyListenerOutput, error) { - req, out := c.ModifyListenerRequest(input) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return out, req.Send() +func (c *ELBV2) DescribeTrustStoreAssociationsPagesWithContext(ctx aws.Context, input *DescribeTrustStoreAssociationsInput, fn func(*DescribeTrustStoreAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrustStoreAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrustStoreAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTrustStoreAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() } -const opModifyLoadBalancerAttributes = "ModifyLoadBalancerAttributes" +const opDescribeTrustStoreRevocations = "DescribeTrustStoreRevocations" -// ModifyLoadBalancerAttributesRequest generates a "aws/request.Request" representing the -// client's request for the ModifyLoadBalancerAttributes operation. The "output" return +// DescribeTrustStoreRevocationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrustStoreRevocations operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyLoadBalancerAttributes for more information on using the ModifyLoadBalancerAttributes +// See DescribeTrustStoreRevocations for more information on using the DescribeTrustStoreRevocations // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyLoadBalancerAttributesRequest method. -// req, resp := client.ModifyLoadBalancerAttributesRequest(params) +// // Example sending a request using the DescribeTrustStoreRevocationsRequest method. +// req, resp := client.DescribeTrustStoreRevocationsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyLoadBalancerAttributes -func (c *ELBV2) ModifyLoadBalancerAttributesRequest(input *ModifyLoadBalancerAttributesInput) (req *request.Request, output *ModifyLoadBalancerAttributesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStoreRevocations +func (c *ELBV2) DescribeTrustStoreRevocationsRequest(input *DescribeTrustStoreRevocationsInput) (req *request.Request, output *DescribeTrustStoreRevocationsOutput) { op := &request.Operation{ - Name: opModifyLoadBalancerAttributes, + Name: opDescribeTrustStoreRevocations, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "PageSize", + TruncationToken: "", + }, } if input == nil { - input = &ModifyLoadBalancerAttributesInput{} + input = &DescribeTrustStoreRevocationsInput{} } - output = &ModifyLoadBalancerAttributesOutput{} + output = &DescribeTrustStoreRevocationsOutput{} req = c.newRequest(op, input, output) return } -// ModifyLoadBalancerAttributes API operation for Elastic Load Balancing. -// -// Modifies the specified attributes of the specified Application Load Balancer, -// Network Load Balancer, or Gateway Load Balancer. +// DescribeTrustStoreRevocations API operation for Elastic Load Balancing. // -// If any of the specified attributes can't be modified as requested, the call -// fails. Any existing attributes that you do not modify retain their current -// values. +// Describes the revocation files in use by the specified trust store arn, or +// revocation ID. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyLoadBalancerAttributes for usage and error information. +// API operation DescribeTrustStoreRevocations for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. +// - ErrCodeRevocationIdNotFoundException "RevocationIdNotFound" +// The specified revocation ID does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyLoadBalancerAttributes -func (c *ELBV2) ModifyLoadBalancerAttributes(input *ModifyLoadBalancerAttributesInput) (*ModifyLoadBalancerAttributesOutput, error) { - req, out := c.ModifyLoadBalancerAttributesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStoreRevocations +func (c *ELBV2) DescribeTrustStoreRevocations(input *DescribeTrustStoreRevocationsInput) (*DescribeTrustStoreRevocationsOutput, error) { + req, out := c.DescribeTrustStoreRevocationsRequest(input) return out, req.Send() } -// ModifyLoadBalancerAttributesWithContext is the same as ModifyLoadBalancerAttributes with the addition of +// DescribeTrustStoreRevocationsWithContext is the same as DescribeTrustStoreRevocations with the addition of // the ability to pass a context and additional request options. // -// See ModifyLoadBalancerAttributes for details on how to use this API operation. +// See DescribeTrustStoreRevocations for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyLoadBalancerAttributesWithContext(ctx aws.Context, input *ModifyLoadBalancerAttributesInput, opts ...request.Option) (*ModifyLoadBalancerAttributesOutput, error) { - req, out := c.ModifyLoadBalancerAttributesRequest(input) +func (c *ELBV2) DescribeTrustStoreRevocationsWithContext(ctx aws.Context, input *DescribeTrustStoreRevocationsInput, opts ...request.Option) (*DescribeTrustStoreRevocationsOutput, error) { + req, out := c.DescribeTrustStoreRevocationsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opModifyRule = "ModifyRule" +// DescribeTrustStoreRevocationsPages iterates over the pages of a DescribeTrustStoreRevocations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrustStoreRevocations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrustStoreRevocations operation. +// pageNum := 0 +// err := client.DescribeTrustStoreRevocationsPages(params, +// func(page *elbv2.DescribeTrustStoreRevocationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *ELBV2) DescribeTrustStoreRevocationsPages(input *DescribeTrustStoreRevocationsInput, fn func(*DescribeTrustStoreRevocationsOutput, bool) bool) error { + return c.DescribeTrustStoreRevocationsPagesWithContext(aws.BackgroundContext(), input, fn) +} -// ModifyRuleRequest generates a "aws/request.Request" representing the -// client's request for the ModifyRule operation. The "output" return +// DescribeTrustStoreRevocationsPagesWithContext same as DescribeTrustStoreRevocationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) DescribeTrustStoreRevocationsPagesWithContext(ctx aws.Context, input *DescribeTrustStoreRevocationsInput, fn func(*DescribeTrustStoreRevocationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrustStoreRevocationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrustStoreRevocationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTrustStoreRevocationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeTrustStores = "DescribeTrustStores" + +// DescribeTrustStoresRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrustStores operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyRule for more information on using the ModifyRule +// See DescribeTrustStores for more information on using the DescribeTrustStores // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyRuleRequest method. -// req, resp := client.ModifyRuleRequest(params) +// // Example sending a request using the DescribeTrustStoresRequest method. +// req, resp := client.DescribeTrustStoresRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRule -func (c *ELBV2) ModifyRuleRequest(input *ModifyRuleInput) (req *request.Request, output *ModifyRuleOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStores +func (c *ELBV2) DescribeTrustStoresRequest(input *DescribeTrustStoresInput) (req *request.Request, output *DescribeTrustStoresOutput) { op := &request.Operation{ - Name: opModifyRule, + Name: opDescribeTrustStores, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "PageSize", + TruncationToken: "", + }, } if input == nil { - input = &ModifyRuleInput{} + input = &DescribeTrustStoresInput{} } - output = &ModifyRuleOutput{} + output = &DescribeTrustStoresOutput{} req = c.newRequest(op, input, output) return } -// ModifyRule API operation for Elastic Load Balancing. -// -// Replaces the specified properties of the specified rule. Any properties that -// you do not specify are unchanged. +// DescribeTrustStores API operation for Elastic Load Balancing. // -// To add an item to a list, remove an item from a list, or update an item in -// a list, you must provide the entire list. For example, to add an action, -// specify a list with the current actions plus the new action. +// Describes all trust stores for a given account by trust store arn’s or +// name. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyRule for usage and error information. +// API operation DescribeTrustStores for usage and error information. // // Returned Error Codes: +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeTargetGroupAssociationLimitException "TargetGroupAssociationLimit" -// You've reached the limit on the number of load balancers per target group. -// -// - ErrCodeIncompatibleProtocolsException "IncompatibleProtocols" -// The specified configuration is not valid with this protocol. -// -// - ErrCodeRuleNotFoundException "RuleNotFound" -// The specified rule does not exist. -// -// - ErrCodeOperationNotPermittedException "OperationNotPermitted" -// This operation is not allowed. -// -// - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" -// You've reached the limit on the number of times a target can be registered -// with a load balancer. -// -// - ErrCodeTooManyTargetsException "TooManyTargets" -// You've reached the limit on the number of targets. -// -// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" -// The specified target group does not exist. -// -// - ErrCodeUnsupportedProtocolException "UnsupportedProtocol" -// The specified protocol is not supported. -// -// - ErrCodeTooManyActionsException "TooManyActions" -// You've reached the limit on the number of actions per rule. -// -// - ErrCodeInvalidLoadBalancerActionException "InvalidLoadBalancerAction" -// The requested action is not valid. -// -// - ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException "TooManyUniqueTargetGroupsPerLoadBalancer" -// You've reached the limit on the number of unique target groups per load balancer -// across all listeners. If a target group is used by multiple actions for a -// load balancer, it is counted as only one use. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRule -func (c *ELBV2) ModifyRule(input *ModifyRuleInput) (*ModifyRuleOutput, error) { - req, out := c.ModifyRuleRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStores +func (c *ELBV2) DescribeTrustStores(input *DescribeTrustStoresInput) (*DescribeTrustStoresOutput, error) { + req, out := c.DescribeTrustStoresRequest(input) return out, req.Send() } -// ModifyRuleWithContext is the same as ModifyRule with the addition of +// DescribeTrustStoresWithContext is the same as DescribeTrustStores with the addition of // the ability to pass a context and additional request options. // -// See ModifyRule for details on how to use this API operation. +// See DescribeTrustStores for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyRuleWithContext(ctx aws.Context, input *ModifyRuleInput, opts ...request.Option) (*ModifyRuleOutput, error) { - req, out := c.ModifyRuleRequest(input) +func (c *ELBV2) DescribeTrustStoresWithContext(ctx aws.Context, input *DescribeTrustStoresInput, opts ...request.Option) (*DescribeTrustStoresOutput, error) { + req, out := c.DescribeTrustStoresRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opModifyTargetGroup = "ModifyTargetGroup" +// DescribeTrustStoresPages iterates over the pages of a DescribeTrustStores operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrustStores method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrustStores operation. +// pageNum := 0 +// err := client.DescribeTrustStoresPages(params, +// func(page *elbv2.DescribeTrustStoresOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *ELBV2) DescribeTrustStoresPages(input *DescribeTrustStoresInput, fn func(*DescribeTrustStoresOutput, bool) bool) error { + return c.DescribeTrustStoresPagesWithContext(aws.BackgroundContext(), input, fn) +} -// ModifyTargetGroupRequest generates a "aws/request.Request" representing the -// client's request for the ModifyTargetGroup operation. The "output" return +// DescribeTrustStoresPagesWithContext same as DescribeTrustStoresPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) DescribeTrustStoresPagesWithContext(ctx aws.Context, input *DescribeTrustStoresInput, fn func(*DescribeTrustStoresOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrustStoresInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrustStoresRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTrustStoresOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opGetTrustStoreCaCertificatesBundle = "GetTrustStoreCaCertificatesBundle" + +// GetTrustStoreCaCertificatesBundleRequest generates a "aws/request.Request" representing the +// client's request for the GetTrustStoreCaCertificatesBundle operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyTargetGroup for more information on using the ModifyTargetGroup +// See GetTrustStoreCaCertificatesBundle for more information on using the GetTrustStoreCaCertificatesBundle // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyTargetGroupRequest method. -// req, resp := client.ModifyTargetGroupRequest(params) +// // Example sending a request using the GetTrustStoreCaCertificatesBundleRequest method. +// req, resp := client.GetTrustStoreCaCertificatesBundleRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroup -func (c *ELBV2) ModifyTargetGroupRequest(input *ModifyTargetGroupInput) (req *request.Request, output *ModifyTargetGroupOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetTrustStoreCaCertificatesBundle +func (c *ELBV2) GetTrustStoreCaCertificatesBundleRequest(input *GetTrustStoreCaCertificatesBundleInput) (req *request.Request, output *GetTrustStoreCaCertificatesBundleOutput) { op := &request.Operation{ - Name: opModifyTargetGroup, + Name: opGetTrustStoreCaCertificatesBundle, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &ModifyTargetGroupInput{} + input = &GetTrustStoreCaCertificatesBundleInput{} } - output = &ModifyTargetGroupOutput{} + output = &GetTrustStoreCaCertificatesBundleOutput{} req = c.newRequest(op, input, output) return } -// ModifyTargetGroup API operation for Elastic Load Balancing. +// GetTrustStoreCaCertificatesBundle API operation for Elastic Load Balancing. // -// Modifies the health checks used when evaluating the health state of the targets -// in the specified target group. +// Retrieves the ca certificate bundle. +// +// This action returns a pre-signed S3 URI which is active for ten minutes. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyTargetGroup for usage and error information. +// API operation GetTrustStoreCaCertificatesBundle for usage and error information. // // Returned Error Codes: +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" -// The specified target group does not exist. -// -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroup -func (c *ELBV2) ModifyTargetGroup(input *ModifyTargetGroupInput) (*ModifyTargetGroupOutput, error) { - req, out := c.ModifyTargetGroupRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetTrustStoreCaCertificatesBundle +func (c *ELBV2) GetTrustStoreCaCertificatesBundle(input *GetTrustStoreCaCertificatesBundleInput) (*GetTrustStoreCaCertificatesBundleOutput, error) { + req, out := c.GetTrustStoreCaCertificatesBundleRequest(input) return out, req.Send() } -// ModifyTargetGroupWithContext is the same as ModifyTargetGroup with the addition of +// GetTrustStoreCaCertificatesBundleWithContext is the same as GetTrustStoreCaCertificatesBundle with the addition of // the ability to pass a context and additional request options. // -// See ModifyTargetGroup for details on how to use this API operation. +// See GetTrustStoreCaCertificatesBundle for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyTargetGroupWithContext(ctx aws.Context, input *ModifyTargetGroupInput, opts ...request.Option) (*ModifyTargetGroupOutput, error) { - req, out := c.ModifyTargetGroupRequest(input) +func (c *ELBV2) GetTrustStoreCaCertificatesBundleWithContext(ctx aws.Context, input *GetTrustStoreCaCertificatesBundleInput, opts ...request.Option) (*GetTrustStoreCaCertificatesBundleOutput, error) { + req, out := c.GetTrustStoreCaCertificatesBundleRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opModifyTargetGroupAttributes = "ModifyTargetGroupAttributes" +const opGetTrustStoreRevocationContent = "GetTrustStoreRevocationContent" -// ModifyTargetGroupAttributesRequest generates a "aws/request.Request" representing the -// client's request for the ModifyTargetGroupAttributes operation. The "output" return +// GetTrustStoreRevocationContentRequest generates a "aws/request.Request" representing the +// client's request for the GetTrustStoreRevocationContent operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyTargetGroupAttributes for more information on using the ModifyTargetGroupAttributes +// See GetTrustStoreRevocationContent for more information on using the GetTrustStoreRevocationContent // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyTargetGroupAttributesRequest method. -// req, resp := client.ModifyTargetGroupAttributesRequest(params) +// // Example sending a request using the GetTrustStoreRevocationContentRequest method. +// req, resp := client.GetTrustStoreRevocationContentRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupAttributes -func (c *ELBV2) ModifyTargetGroupAttributesRequest(input *ModifyTargetGroupAttributesInput) (req *request.Request, output *ModifyTargetGroupAttributesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetTrustStoreRevocationContent +func (c *ELBV2) GetTrustStoreRevocationContentRequest(input *GetTrustStoreRevocationContentInput) (req *request.Request, output *GetTrustStoreRevocationContentOutput) { op := &request.Operation{ - Name: opModifyTargetGroupAttributes, + Name: opGetTrustStoreRevocationContent, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &ModifyTargetGroupAttributesInput{} + input = &GetTrustStoreRevocationContentInput{} } - output = &ModifyTargetGroupAttributesOutput{} + output = &GetTrustStoreRevocationContentOutput{} req = c.newRequest(op, input, output) return } -// ModifyTargetGroupAttributes API operation for Elastic Load Balancing. +// GetTrustStoreRevocationContent API operation for Elastic Load Balancing. // -// Modifies the specified attributes of the specified target group. +// Retrieves the specified revocation file. +// +// This action returns a pre-signed S3 URI which is active for ten minutes. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyTargetGroupAttributes for usage and error information. +// API operation GetTrustStoreRevocationContent for usage and error information. // // Returned Error Codes: // -// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" -// The specified target group does not exist. +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. +// - ErrCodeRevocationIdNotFoundException "RevocationIdNotFound" +// The specified revocation ID does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupAttributes -func (c *ELBV2) ModifyTargetGroupAttributes(input *ModifyTargetGroupAttributesInput) (*ModifyTargetGroupAttributesOutput, error) { - req, out := c.ModifyTargetGroupAttributesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetTrustStoreRevocationContent +func (c *ELBV2) GetTrustStoreRevocationContent(input *GetTrustStoreRevocationContentInput) (*GetTrustStoreRevocationContentOutput, error) { + req, out := c.GetTrustStoreRevocationContentRequest(input) return out, req.Send() } -// ModifyTargetGroupAttributesWithContext is the same as ModifyTargetGroupAttributes with the addition of +// GetTrustStoreRevocationContentWithContext is the same as GetTrustStoreRevocationContent with the addition of // the ability to pass a context and additional request options. // -// See ModifyTargetGroupAttributes for details on how to use this API operation. +// See GetTrustStoreRevocationContent for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyTargetGroupAttributesWithContext(ctx aws.Context, input *ModifyTargetGroupAttributesInput, opts ...request.Option) (*ModifyTargetGroupAttributesOutput, error) { - req, out := c.ModifyTargetGroupAttributesRequest(input) +func (c *ELBV2) GetTrustStoreRevocationContentWithContext(ctx aws.Context, input *GetTrustStoreRevocationContentInput, opts ...request.Option) (*GetTrustStoreRevocationContentOutput, error) { + req, out := c.GetTrustStoreRevocationContentRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opRegisterTargets = "RegisterTargets" +const opModifyListener = "ModifyListener" -// RegisterTargetsRequest generates a "aws/request.Request" representing the -// client's request for the RegisterTargets operation. The "output" return +// ModifyListenerRequest generates a "aws/request.Request" representing the +// client's request for the ModifyListener operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See RegisterTargets for more information on using the RegisterTargets +// See ModifyListener for more information on using the ModifyListener // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the RegisterTargetsRequest method. -// req, resp := client.RegisterTargetsRequest(params) +// // Example sending a request using the ModifyListenerRequest method. +// req, resp := client.ModifyListenerRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RegisterTargets -func (c *ELBV2) RegisterTargetsRequest(input *RegisterTargetsInput) (req *request.Request, output *RegisterTargetsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListener +func (c *ELBV2) ModifyListenerRequest(input *ModifyListenerInput) (req *request.Request, output *ModifyListenerOutput) { op := &request.Operation{ - Name: opRegisterTargets, + Name: opModifyListener, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &RegisterTargetsInput{} + input = &ModifyListenerInput{} } - output = &RegisterTargetsOutput{} + output = &ModifyListenerOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// RegisterTargets API operation for Elastic Load Balancing. -// -// Registers the specified targets with the specified target group. +// ModifyListener API operation for Elastic Load Balancing. // -// If the target is an EC2 instance, it must be in the running state when you -// register it. +// Replaces the specified properties of the specified listener. Any properties +// that you do not specify remain unchanged. // -// By default, the load balancer routes requests to registered targets using -// the protocol and port for the target group. Alternatively, you can override -// the port for a target when you register it. You can register each EC2 instance -// or IP address with the same target group multiple times using different ports. +// Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the +// security policy and default certificate properties. If you change the protocol +// from HTTP to HTTPS, or from TCP to TLS, you must add the security policy +// and default certificate properties. // -// With a Network Load Balancer, you cannot register instances by instance ID -// if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, -// G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these -// types by IP address. +// To add an item to a list, remove an item from a list, or update an item in +// a list, you must provide the entire list. For example, to add an action, +// specify a list with the current actions plus the new action. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation RegisterTargets for usage and error information. +// API operation ModifyListener for usage and error information. // // Returned Error Codes: // +// - ErrCodeDuplicateListenerException "DuplicateListener" +// A listener with the specified port already exists. +// +// - ErrCodeTooManyListenersException "TooManyListeners" +// You've reached the limit on the number of listeners per load balancer. +// +// - ErrCodeTooManyCertificatesException "TooManyCertificates" +// You've reached the limit on the number of certificates per load balancer. +// +// - ErrCodeListenerNotFoundException "ListenerNotFound" +// The specified listener does not exist. +// // - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" // The specified target group does not exist. // -// - ErrCodeTooManyTargetsException "TooManyTargets" -// You've reached the limit on the number of targets. +// - ErrCodeTargetGroupAssociationLimitException "TargetGroupAssociationLimit" +// You've reached the limit on the number of load balancers per target group. // -// - ErrCodeInvalidTargetException "InvalidTarget" -// The specified target does not exist, is not in the same VPC as the target -// group, or has an unsupported instance type. +// - ErrCodeIncompatibleProtocolsException "IncompatibleProtocols" +// The specified configuration is not valid with this protocol. +// +// - ErrCodeSSLPolicyNotFoundException "SSLPolicyNotFound" +// The specified SSL policy does not exist. +// +// - ErrCodeCertificateNotFoundException "CertificateNotFound" +// The specified certificate does not exist. +// +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. +// +// - ErrCodeUnsupportedProtocolException "UnsupportedProtocol" +// The specified protocol is not supported. // // - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" // You've reached the limit on the number of times a target can be registered // with a load balancer. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RegisterTargets -func (c *ELBV2) RegisterTargets(input *RegisterTargetsInput) (*RegisterTargetsOutput, error) { - req, out := c.RegisterTargetsRequest(input) +// - ErrCodeTooManyTargetsException "TooManyTargets" +// You've reached the limit on the number of targets. +// +// - ErrCodeTooManyActionsException "TooManyActions" +// You've reached the limit on the number of actions per rule. +// +// - ErrCodeInvalidLoadBalancerActionException "InvalidLoadBalancerAction" +// The requested action is not valid. +// +// - ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException "TooManyUniqueTargetGroupsPerLoadBalancer" +// You've reached the limit on the number of unique target groups per load balancer +// across all listeners. If a target group is used by multiple actions for a +// load balancer, it is counted as only one use. +// +// - ErrCodeALPNPolicyNotSupportedException "ALPNPolicyNotFound" +// The specified ALPN policy is not supported. +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeTrustStoreNotReadyException "TrustStoreNotReady" +// The specified trust store is not active. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListener +func (c *ELBV2) ModifyListener(input *ModifyListenerInput) (*ModifyListenerOutput, error) { + req, out := c.ModifyListenerRequest(input) return out, req.Send() } -// RegisterTargetsWithContext is the same as RegisterTargets with the addition of +// ModifyListenerWithContext is the same as ModifyListener with the addition of // the ability to pass a context and additional request options. // -// See RegisterTargets for details on how to use this API operation. +// See ModifyListener for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) RegisterTargetsWithContext(ctx aws.Context, input *RegisterTargetsInput, opts ...request.Option) (*RegisterTargetsOutput, error) { - req, out := c.RegisterTargetsRequest(input) +func (c *ELBV2) ModifyListenerWithContext(ctx aws.Context, input *ModifyListenerInput, opts ...request.Option) (*ModifyListenerOutput, error) { + req, out := c.ModifyListenerRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opRemoveListenerCertificates = "RemoveListenerCertificates" +const opModifyLoadBalancerAttributes = "ModifyLoadBalancerAttributes" -// RemoveListenerCertificatesRequest generates a "aws/request.Request" representing the -// client's request for the RemoveListenerCertificates operation. The "output" return +// ModifyLoadBalancerAttributesRequest generates a "aws/request.Request" representing the +// client's request for the ModifyLoadBalancerAttributes operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See RemoveListenerCertificates for more information on using the RemoveListenerCertificates +// See ModifyLoadBalancerAttributes for more information on using the ModifyLoadBalancerAttributes // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the RemoveListenerCertificatesRequest method. -// req, resp := client.RemoveListenerCertificatesRequest(params) +// // Example sending a request using the ModifyLoadBalancerAttributesRequest method. +// req, resp := client.ModifyLoadBalancerAttributesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveListenerCertificates -func (c *ELBV2) RemoveListenerCertificatesRequest(input *RemoveListenerCertificatesInput) (req *request.Request, output *RemoveListenerCertificatesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyLoadBalancerAttributes +func (c *ELBV2) ModifyLoadBalancerAttributesRequest(input *ModifyLoadBalancerAttributesInput) (req *request.Request, output *ModifyLoadBalancerAttributesOutput) { op := &request.Operation{ - Name: opRemoveListenerCertificates, + Name: opModifyLoadBalancerAttributes, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &RemoveListenerCertificatesInput{} + input = &ModifyLoadBalancerAttributesInput{} } - output = &RemoveListenerCertificatesOutput{} + output = &ModifyLoadBalancerAttributesOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// RemoveListenerCertificates API operation for Elastic Load Balancing. +// ModifyLoadBalancerAttributes API operation for Elastic Load Balancing. // -// Removes the specified certificate from the certificate list for the specified -// HTTPS or TLS listener. +// Modifies the specified attributes of the specified Application Load Balancer, +// Network Load Balancer, or Gateway Load Balancer. +// +// If any of the specified attributes can't be modified as requested, the call +// fails. Any existing attributes that you do not modify retain their current +// values. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation RemoveListenerCertificates for usage and error information. +// API operation ModifyLoadBalancerAttributes for usage and error information. // // Returned Error Codes: // -// - ErrCodeListenerNotFoundException "ListenerNotFound" -// The specified listener does not exist. +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. // -// - ErrCodeOperationNotPermittedException "OperationNotPermitted" -// This operation is not allowed. +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveListenerCertificates -func (c *ELBV2) RemoveListenerCertificates(input *RemoveListenerCertificatesInput) (*RemoveListenerCertificatesOutput, error) { - req, out := c.RemoveListenerCertificatesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyLoadBalancerAttributes +func (c *ELBV2) ModifyLoadBalancerAttributes(input *ModifyLoadBalancerAttributesInput) (*ModifyLoadBalancerAttributesOutput, error) { + req, out := c.ModifyLoadBalancerAttributesRequest(input) return out, req.Send() } -// RemoveListenerCertificatesWithContext is the same as RemoveListenerCertificates with the addition of +// ModifyLoadBalancerAttributesWithContext is the same as ModifyLoadBalancerAttributes with the addition of // the ability to pass a context and additional request options. // -// See RemoveListenerCertificates for details on how to use this API operation. +// See ModifyLoadBalancerAttributes for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) RemoveListenerCertificatesWithContext(ctx aws.Context, input *RemoveListenerCertificatesInput, opts ...request.Option) (*RemoveListenerCertificatesOutput, error) { - req, out := c.RemoveListenerCertificatesRequest(input) +func (c *ELBV2) ModifyLoadBalancerAttributesWithContext(ctx aws.Context, input *ModifyLoadBalancerAttributesInput, opts ...request.Option) (*ModifyLoadBalancerAttributesOutput, error) { + req, out := c.ModifyLoadBalancerAttributesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opRemoveTags = "RemoveTags" +const opModifyRule = "ModifyRule" -// RemoveTagsRequest generates a "aws/request.Request" representing the -// client's request for the RemoveTags operation. The "output" return +// ModifyRuleRequest generates a "aws/request.Request" representing the +// client's request for the ModifyRule operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See RemoveTags for more information on using the RemoveTags +// See ModifyRule for more information on using the ModifyRule // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the RemoveTagsRequest method. -// req, resp := client.RemoveTagsRequest(params) +// // Example sending a request using the ModifyRuleRequest method. +// req, resp := client.ModifyRuleRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTags -func (c *ELBV2) RemoveTagsRequest(input *RemoveTagsInput) (req *request.Request, output *RemoveTagsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRule +func (c *ELBV2) ModifyRuleRequest(input *ModifyRuleInput) (req *request.Request, output *ModifyRuleOutput) { op := &request.Operation{ - Name: opRemoveTags, + Name: opModifyRule, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &RemoveTagsInput{} + input = &ModifyRuleInput{} } - output = &RemoveTagsOutput{} + output = &ModifyRuleOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// RemoveTags API operation for Elastic Load Balancing. +// ModifyRule API operation for Elastic Load Balancing. // -// Removes the specified tags from the specified Elastic Load Balancing resources. -// You can remove the tags for one or more Application Load Balancers, Network -// Load Balancers, Gateway Load Balancers, target groups, listeners, or rules. +// Replaces the specified properties of the specified rule. Any properties that +// you do not specify are unchanged. +// +// To add an item to a list, remove an item from a list, or update an item in +// a list, you must provide the entire list. For example, to add an action, +// specify a list with the current actions plus the new action. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation RemoveTags for usage and error information. +// API operation ModifyRule for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. +// - ErrCodeTargetGroupAssociationLimitException "TargetGroupAssociationLimit" +// You've reached the limit on the number of load balancers per target group. +// +// - ErrCodeIncompatibleProtocolsException "IncompatibleProtocols" +// The specified configuration is not valid with this protocol. +// +// - ErrCodeRuleNotFoundException "RuleNotFound" +// The specified rule does not exist. +// +// - ErrCodeOperationNotPermittedException "OperationNotPermitted" +// This operation is not allowed. +// +// - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" +// You've reached the limit on the number of times a target can be registered +// with a load balancer. +// +// - ErrCodeTooManyTargetsException "TooManyTargets" +// You've reached the limit on the number of targets. // // - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" // The specified target group does not exist. // -// - ErrCodeListenerNotFoundException "ListenerNotFound" -// The specified listener does not exist. +// - ErrCodeUnsupportedProtocolException "UnsupportedProtocol" +// The specified protocol is not supported. // -// - ErrCodeRuleNotFoundException "RuleNotFound" -// The specified rule does not exist. +// - ErrCodeTooManyActionsException "TooManyActions" +// You've reached the limit on the number of actions per rule. // -// - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// - ErrCodeInvalidLoadBalancerActionException "InvalidLoadBalancerAction" +// The requested action is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTags -func (c *ELBV2) RemoveTags(input *RemoveTagsInput) (*RemoveTagsOutput, error) { - req, out := c.RemoveTagsRequest(input) +// - ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException "TooManyUniqueTargetGroupsPerLoadBalancer" +// You've reached the limit on the number of unique target groups per load balancer +// across all listeners. If a target group is used by multiple actions for a +// load balancer, it is counted as only one use. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRule +func (c *ELBV2) ModifyRule(input *ModifyRuleInput) (*ModifyRuleOutput, error) { + req, out := c.ModifyRuleRequest(input) return out, req.Send() } -// RemoveTagsWithContext is the same as RemoveTags with the addition of +// ModifyRuleWithContext is the same as ModifyRule with the addition of // the ability to pass a context and additional request options. // -// See RemoveTags for details on how to use this API operation. +// See ModifyRule for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) RemoveTagsWithContext(ctx aws.Context, input *RemoveTagsInput, opts ...request.Option) (*RemoveTagsOutput, error) { - req, out := c.RemoveTagsRequest(input) +func (c *ELBV2) ModifyRuleWithContext(ctx aws.Context, input *ModifyRuleInput, opts ...request.Option) (*ModifyRuleOutput, error) { + req, out := c.ModifyRuleRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opSetIpAddressType = "SetIpAddressType" +const opModifyTargetGroup = "ModifyTargetGroup" -// SetIpAddressTypeRequest generates a "aws/request.Request" representing the -// client's request for the SetIpAddressType operation. The "output" return +// ModifyTargetGroupRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTargetGroup operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See SetIpAddressType for more information on using the SetIpAddressType +// See ModifyTargetGroup for more information on using the ModifyTargetGroup // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the SetIpAddressTypeRequest method. -// req, resp := client.SetIpAddressTypeRequest(params) +// // Example sending a request using the ModifyTargetGroupRequest method. +// req, resp := client.ModifyTargetGroupRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetIpAddressType -func (c *ELBV2) SetIpAddressTypeRequest(input *SetIpAddressTypeInput) (req *request.Request, output *SetIpAddressTypeOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroup +func (c *ELBV2) ModifyTargetGroupRequest(input *ModifyTargetGroupInput) (req *request.Request, output *ModifyTargetGroupOutput) { op := &request.Operation{ - Name: opSetIpAddressType, + Name: opModifyTargetGroup, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &SetIpAddressTypeInput{} + input = &ModifyTargetGroupInput{} } - output = &SetIpAddressTypeOutput{} + output = &ModifyTargetGroupOutput{} req = c.newRequest(op, input, output) return } -// SetIpAddressType API operation for Elastic Load Balancing. +// ModifyTargetGroup API operation for Elastic Load Balancing. // -// Sets the type of IP addresses used by the subnets of the specified load balancer. +// Modifies the health checks used when evaluating the health state of the targets +// in the specified target group. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation SetIpAddressType for usage and error information. +// API operation ModifyTargetGroup for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. +// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" +// The specified target group does not exist. // // - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" // The requested configuration is not valid. // -// - ErrCodeInvalidSubnetException "InvalidSubnet" -// The specified subnet is out of available addresses. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetIpAddressType -func (c *ELBV2) SetIpAddressType(input *SetIpAddressTypeInput) (*SetIpAddressTypeOutput, error) { - req, out := c.SetIpAddressTypeRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroup +func (c *ELBV2) ModifyTargetGroup(input *ModifyTargetGroupInput) (*ModifyTargetGroupOutput, error) { + req, out := c.ModifyTargetGroupRequest(input) return out, req.Send() } -// SetIpAddressTypeWithContext is the same as SetIpAddressType with the addition of +// ModifyTargetGroupWithContext is the same as ModifyTargetGroup with the addition of // the ability to pass a context and additional request options. // -// See SetIpAddressType for details on how to use this API operation. +// See ModifyTargetGroup for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) SetIpAddressTypeWithContext(ctx aws.Context, input *SetIpAddressTypeInput, opts ...request.Option) (*SetIpAddressTypeOutput, error) { - req, out := c.SetIpAddressTypeRequest(input) +func (c *ELBV2) ModifyTargetGroupWithContext(ctx aws.Context, input *ModifyTargetGroupInput, opts ...request.Option) (*ModifyTargetGroupOutput, error) { + req, out := c.ModifyTargetGroupRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opSetRulePriorities = "SetRulePriorities" +const opModifyTargetGroupAttributes = "ModifyTargetGroupAttributes" -// SetRulePrioritiesRequest generates a "aws/request.Request" representing the -// client's request for the SetRulePriorities operation. The "output" return +// ModifyTargetGroupAttributesRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTargetGroupAttributes operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See SetRulePriorities for more information on using the SetRulePriorities +// See ModifyTargetGroupAttributes for more information on using the ModifyTargetGroupAttributes // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the SetRulePrioritiesRequest method. -// req, resp := client.SetRulePrioritiesRequest(params) +// // Example sending a request using the ModifyTargetGroupAttributesRequest method. +// req, resp := client.ModifyTargetGroupAttributesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetRulePriorities -func (c *ELBV2) SetRulePrioritiesRequest(input *SetRulePrioritiesInput) (req *request.Request, output *SetRulePrioritiesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupAttributes +func (c *ELBV2) ModifyTargetGroupAttributesRequest(input *ModifyTargetGroupAttributesInput) (req *request.Request, output *ModifyTargetGroupAttributesOutput) { op := &request.Operation{ - Name: opSetRulePriorities, + Name: opModifyTargetGroupAttributes, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &SetRulePrioritiesInput{} + input = &ModifyTargetGroupAttributesInput{} } - output = &SetRulePrioritiesOutput{} + output = &ModifyTargetGroupAttributesOutput{} req = c.newRequest(op, input, output) return } -// SetRulePriorities API operation for Elastic Load Balancing. -// -// Sets the priorities of the specified rules. +// ModifyTargetGroupAttributes API operation for Elastic Load Balancing. // -// You can reorder the rules as long as there are no priority conflicts in the -// new order. Any existing rules that you do not specify retain their current -// priority. +// Modifies the specified attributes of the specified target group. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation SetRulePriorities for usage and error information. +// API operation ModifyTargetGroupAttributes for usage and error information. // // Returned Error Codes: // -// - ErrCodeRuleNotFoundException "RuleNotFound" -// The specified rule does not exist. -// -// - ErrCodePriorityInUseException "PriorityInUse" -// The specified priority is in use. +// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" +// The specified target group does not exist. // -// - ErrCodeOperationNotPermittedException "OperationNotPermitted" -// This operation is not allowed. +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetRulePriorities -func (c *ELBV2) SetRulePriorities(input *SetRulePrioritiesInput) (*SetRulePrioritiesOutput, error) { - req, out := c.SetRulePrioritiesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupAttributes +func (c *ELBV2) ModifyTargetGroupAttributes(input *ModifyTargetGroupAttributesInput) (*ModifyTargetGroupAttributesOutput, error) { + req, out := c.ModifyTargetGroupAttributesRequest(input) return out, req.Send() } -// SetRulePrioritiesWithContext is the same as SetRulePriorities with the addition of +// ModifyTargetGroupAttributesWithContext is the same as ModifyTargetGroupAttributes with the addition of // the ability to pass a context and additional request options. // -// See SetRulePriorities for details on how to use this API operation. +// See ModifyTargetGroupAttributes for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) SetRulePrioritiesWithContext(ctx aws.Context, input *SetRulePrioritiesInput, opts ...request.Option) (*SetRulePrioritiesOutput, error) { - req, out := c.SetRulePrioritiesRequest(input) +func (c *ELBV2) ModifyTargetGroupAttributesWithContext(ctx aws.Context, input *ModifyTargetGroupAttributesInput, opts ...request.Option) (*ModifyTargetGroupAttributesOutput, error) { + req, out := c.ModifyTargetGroupAttributesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opSetSecurityGroups = "SetSecurityGroups" +const opModifyTrustStore = "ModifyTrustStore" -// SetSecurityGroupsRequest generates a "aws/request.Request" representing the -// client's request for the SetSecurityGroups operation. The "output" return +// ModifyTrustStoreRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTrustStore operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See SetSecurityGroups for more information on using the SetSecurityGroups +// See ModifyTrustStore for more information on using the ModifyTrustStore // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the SetSecurityGroupsRequest method. -// req, resp := client.SetSecurityGroupsRequest(params) +// // Example sending a request using the ModifyTrustStoreRequest method. +// req, resp := client.ModifyTrustStoreRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroups -func (c *ELBV2) SetSecurityGroupsRequest(input *SetSecurityGroupsInput) (req *request.Request, output *SetSecurityGroupsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTrustStore +func (c *ELBV2) ModifyTrustStoreRequest(input *ModifyTrustStoreInput) (req *request.Request, output *ModifyTrustStoreOutput) { op := &request.Operation{ - Name: opSetSecurityGroups, + Name: opModifyTrustStore, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &SetSecurityGroupsInput{} + input = &ModifyTrustStoreInput{} } - output = &SetSecurityGroupsOutput{} + output = &ModifyTrustStoreOutput{} req = c.newRequest(op, input, output) return } -// SetSecurityGroups API operation for Elastic Load Balancing. -// -// Associates the specified security groups with the specified Application Load -// Balancer. The specified security groups override the previously associated -// security groups. +// ModifyTrustStore API operation for Elastic Load Balancing. // -// You can't specify a security group for a Network Load Balancer or Gateway -// Load Balancer. +// Update the ca certificate bundle for a given trust store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation SetSecurityGroups for usage and error information. +// API operation ModifyTrustStore for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. +// - ErrCodeInvalidCaCertificatesBundleException "InvalidCaCertificatesBundle" +// The specified ca certificate bundle is in an invalid format, or corrupt. // -// - ErrCodeInvalidSecurityGroupException "InvalidSecurityGroup" -// The specified security group does not exist. +// - ErrCodeCaCertificatesBundleNotFoundException "CaCertificatesBundleNotFound" +// The specified ca certificate bundle does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroups -func (c *ELBV2) SetSecurityGroups(input *SetSecurityGroupsInput) (*SetSecurityGroupsOutput, error) { - req, out := c.SetSecurityGroupsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTrustStore +func (c *ELBV2) ModifyTrustStore(input *ModifyTrustStoreInput) (*ModifyTrustStoreOutput, error) { + req, out := c.ModifyTrustStoreRequest(input) return out, req.Send() } -// SetSecurityGroupsWithContext is the same as SetSecurityGroups with the addition of +// ModifyTrustStoreWithContext is the same as ModifyTrustStore with the addition of // the ability to pass a context and additional request options. // -// See SetSecurityGroups for details on how to use this API operation. +// See ModifyTrustStore for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) SetSecurityGroupsWithContext(ctx aws.Context, input *SetSecurityGroupsInput, opts ...request.Option) (*SetSecurityGroupsOutput, error) { - req, out := c.SetSecurityGroupsRequest(input) +func (c *ELBV2) ModifyTrustStoreWithContext(ctx aws.Context, input *ModifyTrustStoreInput, opts ...request.Option) (*ModifyTrustStoreOutput, error) { + req, out := c.ModifyTrustStoreRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opSetSubnets = "SetSubnets" +const opRegisterTargets = "RegisterTargets" -// SetSubnetsRequest generates a "aws/request.Request" representing the -// client's request for the SetSubnets operation. The "output" return +// RegisterTargetsRequest generates a "aws/request.Request" representing the +// client's request for the RegisterTargets operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See SetSubnets for more information on using the SetSubnets +// See RegisterTargets for more information on using the RegisterTargets // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the SetSubnetsRequest method. -// req, resp := client.SetSubnetsRequest(params) +// // Example sending a request using the RegisterTargetsRequest method. +// req, resp := client.RegisterTargetsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSubnets -func (c *ELBV2) SetSubnetsRequest(input *SetSubnetsInput) (req *request.Request, output *SetSubnetsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RegisterTargets +func (c *ELBV2) RegisterTargetsRequest(input *RegisterTargetsInput) (req *request.Request, output *RegisterTargetsOutput) { op := &request.Operation{ - Name: opSetSubnets, + Name: opRegisterTargets, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &SetSubnetsInput{} + input = &RegisterTargetsInput{} } - output = &SetSubnetsOutput{} + output = &RegisterTargetsOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// SetSubnets API operation for Elastic Load Balancing. +// RegisterTargets API operation for Elastic Load Balancing. // -// Enables the Availability Zones for the specified public subnets for the specified -// Application Load Balancer or Network Load Balancer. The specified subnets -// replace the previously enabled subnets. +// Registers the specified targets with the specified target group. +// +// If the target is an EC2 instance, it must be in the running state when you +// register it. +// +// By default, the load balancer routes requests to registered targets using +// the protocol and port for the target group. Alternatively, you can override +// the port for a target when you register it. You can register each EC2 instance +// or IP address with the same target group multiple times using different ports. // -// When you specify subnets for a Network Load Balancer, you must include all -// subnets that were enabled previously, with their existing configurations, -// plus any additional subnets. +// With a Network Load Balancer, you cannot register instances by instance ID +// if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, +// G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these +// types by IP address. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation SetSubnets for usage and error information. +// API operation RegisterTargets for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. -// -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. -// -// - ErrCodeSubnetNotFoundException "SubnetNotFound" -// The specified subnet does not exist. +// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" +// The specified target group does not exist. // -// - ErrCodeInvalidSubnetException "InvalidSubnet" -// The specified subnet is out of available addresses. +// - ErrCodeTooManyTargetsException "TooManyTargets" +// You've reached the limit on the number of targets. // -// - ErrCodeAllocationIdNotFoundException "AllocationIdNotFound" -// The specified allocation ID does not exist. +// - ErrCodeInvalidTargetException "InvalidTarget" +// The specified target does not exist, is not in the same VPC as the target +// group, or has an unsupported instance type. // -// - ErrCodeAvailabilityZoneNotSupportedException "AvailabilityZoneNotSupported" -// The specified Availability Zone is not supported. +// - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" +// You've reached the limit on the number of times a target can be registered +// with a load balancer. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSubnets -func (c *ELBV2) SetSubnets(input *SetSubnetsInput) (*SetSubnetsOutput, error) { - req, out := c.SetSubnetsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RegisterTargets +func (c *ELBV2) RegisterTargets(input *RegisterTargetsInput) (*RegisterTargetsOutput, error) { + req, out := c.RegisterTargetsRequest(input) return out, req.Send() } -// SetSubnetsWithContext is the same as SetSubnets with the addition of +// RegisterTargetsWithContext is the same as RegisterTargets with the addition of +// the ability to pass a context and additional request options. +// +// See RegisterTargets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) RegisterTargetsWithContext(ctx aws.Context, input *RegisterTargetsInput, opts ...request.Option) (*RegisterTargetsOutput, error) { + req, out := c.RegisterTargetsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRemoveListenerCertificates = "RemoveListenerCertificates" + +// RemoveListenerCertificatesRequest generates a "aws/request.Request" representing the +// client's request for the RemoveListenerCertificates operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RemoveListenerCertificates for more information on using the RemoveListenerCertificates +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RemoveListenerCertificatesRequest method. +// req, resp := client.RemoveListenerCertificatesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveListenerCertificates +func (c *ELBV2) RemoveListenerCertificatesRequest(input *RemoveListenerCertificatesInput) (req *request.Request, output *RemoveListenerCertificatesOutput) { + op := &request.Operation{ + Name: opRemoveListenerCertificates, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RemoveListenerCertificatesInput{} + } + + output = &RemoveListenerCertificatesOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// RemoveListenerCertificates API operation for Elastic Load Balancing. +// +// Removes the specified certificate from the certificate list for the specified +// HTTPS or TLS listener. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation RemoveListenerCertificates for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeListenerNotFoundException "ListenerNotFound" +// The specified listener does not exist. +// +// - ErrCodeOperationNotPermittedException "OperationNotPermitted" +// This operation is not allowed. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveListenerCertificates +func (c *ELBV2) RemoveListenerCertificates(input *RemoveListenerCertificatesInput) (*RemoveListenerCertificatesOutput, error) { + req, out := c.RemoveListenerCertificatesRequest(input) + return out, req.Send() +} + +// RemoveListenerCertificatesWithContext is the same as RemoveListenerCertificates with the addition of +// the ability to pass a context and additional request options. +// +// See RemoveListenerCertificates for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) RemoveListenerCertificatesWithContext(ctx aws.Context, input *RemoveListenerCertificatesInput, opts ...request.Option) (*RemoveListenerCertificatesOutput, error) { + req, out := c.RemoveListenerCertificatesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRemoveTags = "RemoveTags" + +// RemoveTagsRequest generates a "aws/request.Request" representing the +// client's request for the RemoveTags operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RemoveTags for more information on using the RemoveTags +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RemoveTagsRequest method. +// req, resp := client.RemoveTagsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTags +func (c *ELBV2) RemoveTagsRequest(input *RemoveTagsInput) (req *request.Request, output *RemoveTagsOutput) { + op := &request.Operation{ + Name: opRemoveTags, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RemoveTagsInput{} + } + + output = &RemoveTagsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// RemoveTags API operation for Elastic Load Balancing. +// +// Removes the specified tags from the specified Elastic Load Balancing resources. +// You can remove the tags for one or more Application Load Balancers, Network +// Load Balancers, Gateway Load Balancers, target groups, listeners, or rules. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation RemoveTags for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. +// +// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" +// The specified target group does not exist. +// +// - ErrCodeListenerNotFoundException "ListenerNotFound" +// The specified listener does not exist. +// +// - ErrCodeRuleNotFoundException "RuleNotFound" +// The specified rule does not exist. +// +// - ErrCodeTooManyTagsException "TooManyTags" +// You've reached the limit on the number of tags for this resource. +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTags +func (c *ELBV2) RemoveTags(input *RemoveTagsInput) (*RemoveTagsOutput, error) { + req, out := c.RemoveTagsRequest(input) + return out, req.Send() +} + +// RemoveTagsWithContext is the same as RemoveTags with the addition of +// the ability to pass a context and additional request options. +// +// See RemoveTags for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) RemoveTagsWithContext(ctx aws.Context, input *RemoveTagsInput, opts ...request.Option) (*RemoveTagsOutput, error) { + req, out := c.RemoveTagsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRemoveTrustStoreRevocations = "RemoveTrustStoreRevocations" + +// RemoveTrustStoreRevocationsRequest generates a "aws/request.Request" representing the +// client's request for the RemoveTrustStoreRevocations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RemoveTrustStoreRevocations for more information on using the RemoveTrustStoreRevocations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RemoveTrustStoreRevocationsRequest method. +// req, resp := client.RemoveTrustStoreRevocationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTrustStoreRevocations +func (c *ELBV2) RemoveTrustStoreRevocationsRequest(input *RemoveTrustStoreRevocationsInput) (req *request.Request, output *RemoveTrustStoreRevocationsOutput) { + op := &request.Operation{ + Name: opRemoveTrustStoreRevocations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RemoveTrustStoreRevocationsInput{} + } + + output = &RemoveTrustStoreRevocationsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// RemoveTrustStoreRevocations API operation for Elastic Load Balancing. +// +// Removes the specified revocation file from the specified trust store. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation RemoveTrustStoreRevocations for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeRevocationIdNotFoundException "RevocationIdNotFound" +// The specified revocation ID does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTrustStoreRevocations +func (c *ELBV2) RemoveTrustStoreRevocations(input *RemoveTrustStoreRevocationsInput) (*RemoveTrustStoreRevocationsOutput, error) { + req, out := c.RemoveTrustStoreRevocationsRequest(input) + return out, req.Send() +} + +// RemoveTrustStoreRevocationsWithContext is the same as RemoveTrustStoreRevocations with the addition of +// the ability to pass a context and additional request options. +// +// See RemoveTrustStoreRevocations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) RemoveTrustStoreRevocationsWithContext(ctx aws.Context, input *RemoveTrustStoreRevocationsInput, opts ...request.Option) (*RemoveTrustStoreRevocationsOutput, error) { + req, out := c.RemoveTrustStoreRevocationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSetIpAddressType = "SetIpAddressType" + +// SetIpAddressTypeRequest generates a "aws/request.Request" representing the +// client's request for the SetIpAddressType operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetIpAddressType for more information on using the SetIpAddressType +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SetIpAddressTypeRequest method. +// req, resp := client.SetIpAddressTypeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetIpAddressType +func (c *ELBV2) SetIpAddressTypeRequest(input *SetIpAddressTypeInput) (req *request.Request, output *SetIpAddressTypeOutput) { + op := &request.Operation{ + Name: opSetIpAddressType, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetIpAddressTypeInput{} + } + + output = &SetIpAddressTypeOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetIpAddressType API operation for Elastic Load Balancing. +// +// Sets the type of IP addresses used by the subnets of the specified load balancer. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation SetIpAddressType for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. +// +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. +// +// - ErrCodeInvalidSubnetException "InvalidSubnet" +// The specified subnet is out of available addresses. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetIpAddressType +func (c *ELBV2) SetIpAddressType(input *SetIpAddressTypeInput) (*SetIpAddressTypeOutput, error) { + req, out := c.SetIpAddressTypeRequest(input) + return out, req.Send() +} + +// SetIpAddressTypeWithContext is the same as SetIpAddressType with the addition of +// the ability to pass a context and additional request options. +// +// See SetIpAddressType for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) SetIpAddressTypeWithContext(ctx aws.Context, input *SetIpAddressTypeInput, opts ...request.Option) (*SetIpAddressTypeOutput, error) { + req, out := c.SetIpAddressTypeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSetRulePriorities = "SetRulePriorities" + +// SetRulePrioritiesRequest generates a "aws/request.Request" representing the +// client's request for the SetRulePriorities operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetRulePriorities for more information on using the SetRulePriorities +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SetRulePrioritiesRequest method. +// req, resp := client.SetRulePrioritiesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetRulePriorities +func (c *ELBV2) SetRulePrioritiesRequest(input *SetRulePrioritiesInput) (req *request.Request, output *SetRulePrioritiesOutput) { + op := &request.Operation{ + Name: opSetRulePriorities, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetRulePrioritiesInput{} + } + + output = &SetRulePrioritiesOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetRulePriorities API operation for Elastic Load Balancing. +// +// Sets the priorities of the specified rules. +// +// You can reorder the rules as long as there are no priority conflicts in the +// new order. Any existing rules that you do not specify retain their current +// priority. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation SetRulePriorities for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeRuleNotFoundException "RuleNotFound" +// The specified rule does not exist. +// +// - ErrCodePriorityInUseException "PriorityInUse" +// The specified priority is in use. +// +// - ErrCodeOperationNotPermittedException "OperationNotPermitted" +// This operation is not allowed. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetRulePriorities +func (c *ELBV2) SetRulePriorities(input *SetRulePrioritiesInput) (*SetRulePrioritiesOutput, error) { + req, out := c.SetRulePrioritiesRequest(input) + return out, req.Send() +} + +// SetRulePrioritiesWithContext is the same as SetRulePriorities with the addition of +// the ability to pass a context and additional request options. +// +// See SetRulePriorities for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) SetRulePrioritiesWithContext(ctx aws.Context, input *SetRulePrioritiesInput, opts ...request.Option) (*SetRulePrioritiesOutput, error) { + req, out := c.SetRulePrioritiesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSetSecurityGroups = "SetSecurityGroups" + +// SetSecurityGroupsRequest generates a "aws/request.Request" representing the +// client's request for the SetSecurityGroups operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetSecurityGroups for more information on using the SetSecurityGroups +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SetSecurityGroupsRequest method. +// req, resp := client.SetSecurityGroupsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroups +func (c *ELBV2) SetSecurityGroupsRequest(input *SetSecurityGroupsInput) (req *request.Request, output *SetSecurityGroupsOutput) { + op := &request.Operation{ + Name: opSetSecurityGroups, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetSecurityGroupsInput{} + } + + output = &SetSecurityGroupsOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetSecurityGroups API operation for Elastic Load Balancing. +// +// Associates the specified security groups with the specified Application Load +// Balancer or Network Load Balancer. The specified security groups override +// the previously associated security groups. +// +// You can't perform this operation on a Network Load Balancer unless you specified +// a security group for the load balancer when you created it. +// +// You can't associate a security group with a Gateway Load Balancer. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation SetSecurityGroups for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. +// +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. +// +// - ErrCodeInvalidSecurityGroupException "InvalidSecurityGroup" +// The specified security group does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroups +func (c *ELBV2) SetSecurityGroups(input *SetSecurityGroupsInput) (*SetSecurityGroupsOutput, error) { + req, out := c.SetSecurityGroupsRequest(input) + return out, req.Send() +} + +// SetSecurityGroupsWithContext is the same as SetSecurityGroups with the addition of +// the ability to pass a context and additional request options. +// +// See SetSecurityGroups for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) SetSecurityGroupsWithContext(ctx aws.Context, input *SetSecurityGroupsInput, opts ...request.Option) (*SetSecurityGroupsOutput, error) { + req, out := c.SetSecurityGroupsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSetSubnets = "SetSubnets" + +// SetSubnetsRequest generates a "aws/request.Request" representing the +// client's request for the SetSubnets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetSubnets for more information on using the SetSubnets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SetSubnetsRequest method. +// req, resp := client.SetSubnetsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSubnets +func (c *ELBV2) SetSubnetsRequest(input *SetSubnetsInput) (req *request.Request, output *SetSubnetsOutput) { + op := &request.Operation{ + Name: opSetSubnets, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetSubnetsInput{} + } + + output = &SetSubnetsOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetSubnets API operation for Elastic Load Balancing. +// +// Enables the Availability Zones for the specified public subnets for the specified +// Application Load Balancer, Network Load Balancer or Gateway Load Balancer. +// The specified subnets replace the previously enabled subnets. +// +// When you specify subnets for a Network Load Balancer, or Gateway Load Balancer +// you must include all subnets that were enabled previously, with their existing +// configurations, plus any additional subnets. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation SetSubnets for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. +// +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. +// +// - ErrCodeSubnetNotFoundException "SubnetNotFound" +// The specified subnet does not exist. +// +// - ErrCodeInvalidSubnetException "InvalidSubnet" +// The specified subnet is out of available addresses. +// +// - ErrCodeAllocationIdNotFoundException "AllocationIdNotFound" +// The specified allocation ID does not exist. +// +// - ErrCodeAvailabilityZoneNotSupportedException "AvailabilityZoneNotSupported" +// The specified Availability Zone is not supported. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSubnets +func (c *ELBV2) SetSubnets(input *SetSubnetsInput) (*SetSubnetsOutput, error) { + req, out := c.SetSubnetsRequest(input) + return out, req.Send() +} + +// SetSubnetsWithContext is the same as SetSubnets with the addition of // the ability to pass a context and additional request options. // // See SetSubnets for details on how to use this API operation. // -// The context must be non-nil and will be used for request cancellation. If -// the context is nil a panic will occur. In the future the SDK may create -// sub-contexts for http.Requests. See https://golang.org/pkg/context/ -// for more information on using Contexts. -func (c *ELBV2) SetSubnetsWithContext(ctx aws.Context, input *SetSubnetsInput, opts ...request.Option) (*SetSubnetsOutput, error) { - req, out := c.SetSubnetsRequest(input) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return out, req.Send() +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) SetSubnetsWithContext(ctx aws.Context, input *SetSubnetsInput, opts ...request.Option) (*SetSubnetsOutput, error) { + req, out := c.SetSubnetsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// Information about an action. +// +// Each rule must include exactly one of the following types of actions: forward, +// fixed-response, or redirect, and it must be the last action to be performed. +type Action struct { + _ struct{} `type:"structure"` + + // [HTTPS listeners] Information for using Amazon Cognito to authenticate users. + // Specify only when Type is authenticate-cognito. + AuthenticateCognitoConfig *AuthenticateCognitoActionConfig `type:"structure"` + + // [HTTPS listeners] Information about an identity provider that is compliant + // with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc. + AuthenticateOidcConfig *AuthenticateOidcActionConfig `type:"structure"` + + // [Application Load Balancer] Information for creating an action that returns + // a custom HTTP response. Specify only when Type is fixed-response. + FixedResponseConfig *FixedResponseActionConfig `type:"structure"` + + // Information for creating an action that distributes requests among one or + // more target groups. For Network Load Balancers, you can specify a single + // target group. Specify only when Type is forward. If you specify both ForwardConfig + // and TargetGroupArn, you can specify only one target group using ForwardConfig + // and it must be the same target group specified in TargetGroupArn. + ForwardConfig *ForwardActionConfig `type:"structure"` + + // The order for the action. This value is required for rules with multiple + // actions. The action with the lowest value for order is performed first. + Order *int64 `min:"1" type:"integer"` + + // [Application Load Balancer] Information for creating a redirect action. Specify + // only when Type is redirect. + RedirectConfig *RedirectActionConfig `type:"structure"` + + // The Amazon Resource Name (ARN) of the target group. Specify only when Type + // is forward and you want to route to a single target group. To route to one + // or more target groups, use ForwardConfig instead. + TargetGroupArn *string `type:"string"` + + // The type of action. + // + // Type is a required field + Type *string `type:"string" required:"true" enum:"ActionTypeEnum"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Action) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Action) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Action) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Action"} + if s.Order != nil && *s.Order < 1 { + invalidParams.Add(request.NewErrParamMinValue("Order", 1)) + } + if s.Type == nil { + invalidParams.Add(request.NewErrParamRequired("Type")) + } + if s.AuthenticateCognitoConfig != nil { + if err := s.AuthenticateCognitoConfig.Validate(); err != nil { + invalidParams.AddNested("AuthenticateCognitoConfig", err.(request.ErrInvalidParams)) + } + } + if s.AuthenticateOidcConfig != nil { + if err := s.AuthenticateOidcConfig.Validate(); err != nil { + invalidParams.AddNested("AuthenticateOidcConfig", err.(request.ErrInvalidParams)) + } + } + if s.FixedResponseConfig != nil { + if err := s.FixedResponseConfig.Validate(); err != nil { + invalidParams.AddNested("FixedResponseConfig", err.(request.ErrInvalidParams)) + } + } + if s.RedirectConfig != nil { + if err := s.RedirectConfig.Validate(); err != nil { + invalidParams.AddNested("RedirectConfig", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthenticateCognitoConfig sets the AuthenticateCognitoConfig field's value. +func (s *Action) SetAuthenticateCognitoConfig(v *AuthenticateCognitoActionConfig) *Action { + s.AuthenticateCognitoConfig = v + return s +} + +// SetAuthenticateOidcConfig sets the AuthenticateOidcConfig field's value. +func (s *Action) SetAuthenticateOidcConfig(v *AuthenticateOidcActionConfig) *Action { + s.AuthenticateOidcConfig = v + return s +} + +// SetFixedResponseConfig sets the FixedResponseConfig field's value. +func (s *Action) SetFixedResponseConfig(v *FixedResponseActionConfig) *Action { + s.FixedResponseConfig = v + return s +} + +// SetForwardConfig sets the ForwardConfig field's value. +func (s *Action) SetForwardConfig(v *ForwardActionConfig) *Action { + s.ForwardConfig = v + return s +} + +// SetOrder sets the Order field's value. +func (s *Action) SetOrder(v int64) *Action { + s.Order = &v + return s +} + +// SetRedirectConfig sets the RedirectConfig field's value. +func (s *Action) SetRedirectConfig(v *RedirectActionConfig) *Action { + s.RedirectConfig = v + return s +} + +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *Action) SetTargetGroupArn(v string) *Action { + s.TargetGroupArn = &v + return s +} + +// SetType sets the Type field's value. +func (s *Action) SetType(v string) *Action { + s.Type = &v + return s +} + +type AddListenerCertificatesInput struct { + _ struct{} `type:"structure"` + + // The certificate to add. You can specify one certificate per call. Set CertificateArn + // to the certificate ARN but do not set IsDefault. + // + // Certificates is a required field + Certificates []*Certificate `type:"list" required:"true"` + + // The Amazon Resource Name (ARN) of the listener. + // + // ListenerArn is a required field + ListenerArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddListenerCertificatesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddListenerCertificatesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AddListenerCertificatesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AddListenerCertificatesInput"} + if s.Certificates == nil { + invalidParams.Add(request.NewErrParamRequired("Certificates")) + } + if s.ListenerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCertificates sets the Certificates field's value. +func (s *AddListenerCertificatesInput) SetCertificates(v []*Certificate) *AddListenerCertificatesInput { + s.Certificates = v + return s +} + +// SetListenerArn sets the ListenerArn field's value. +func (s *AddListenerCertificatesInput) SetListenerArn(v string) *AddListenerCertificatesInput { + s.ListenerArn = &v + return s +} + +type AddListenerCertificatesOutput struct { + _ struct{} `type:"structure"` + + // Information about the certificates in the certificate list. + Certificates []*Certificate `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddListenerCertificatesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddListenerCertificatesOutput) GoString() string { + return s.String() +} + +// SetCertificates sets the Certificates field's value. +func (s *AddListenerCertificatesOutput) SetCertificates(v []*Certificate) *AddListenerCertificatesOutput { + s.Certificates = v + return s +} + +type AddTagsInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the resource. + // + // ResourceArns is a required field + ResourceArns []*string `type:"list" required:"true"` + + // The tags. + // + // Tags is a required field + Tags []*Tag `min:"1" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTagsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTagsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AddTagsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AddTagsInput"} + if s.ResourceArns == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArns")) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArns sets the ResourceArns field's value. +func (s *AddTagsInput) SetResourceArns(v []*string) *AddTagsInput { + s.ResourceArns = v + return s +} + +// SetTags sets the Tags field's value. +func (s *AddTagsInput) SetTags(v []*Tag) *AddTagsInput { + s.Tags = v + return s +} + +type AddTagsOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTagsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTagsOutput) GoString() string { + return s.String() +} + +type AddTrustStoreRevocationsInput struct { + _ struct{} `type:"structure"` + + // The revocation file to add. + RevocationContents []*RevocationContent `type:"list"` + + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTrustStoreRevocationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTrustStoreRevocationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AddTrustStoreRevocationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AddTrustStoreRevocationsInput"} + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetRevocationContents sets the RevocationContents field's value. +func (s *AddTrustStoreRevocationsInput) SetRevocationContents(v []*RevocationContent) *AddTrustStoreRevocationsInput { + s.RevocationContents = v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *AddTrustStoreRevocationsInput) SetTrustStoreArn(v string) *AddTrustStoreRevocationsInput { + s.TrustStoreArn = &v + return s +} + +type AddTrustStoreRevocationsOutput struct { + _ struct{} `type:"structure"` + + // Information about the revocation file added to the trust store. + TrustStoreRevocations []*TrustStoreRevocation `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTrustStoreRevocationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTrustStoreRevocationsOutput) GoString() string { + return s.String() +} + +// SetTrustStoreRevocations sets the TrustStoreRevocations field's value. +func (s *AddTrustStoreRevocationsOutput) SetTrustStoreRevocations(v []*TrustStoreRevocation) *AddTrustStoreRevocationsOutput { + s.TrustStoreRevocations = v + return s +} + +// Information about anomaly detection and mitigation. +type AnomalyDetection struct { + _ struct{} `type:"structure"` + + // Indicates whether anomaly mitigation is in progress. + MitigationInEffect *string `type:"string" enum:"MitigationInEffectEnum"` + + // The latest anomaly detection result. + Result *string `type:"string" enum:"AnomalyResultEnum"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnomalyDetection) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnomalyDetection) GoString() string { + return s.String() +} + +// SetMitigationInEffect sets the MitigationInEffect field's value. +func (s *AnomalyDetection) SetMitigationInEffect(v string) *AnomalyDetection { + s.MitigationInEffect = &v + return s +} + +// SetResult sets the Result field's value. +func (s *AnomalyDetection) SetResult(v string) *AnomalyDetection { + s.Result = &v + return s +} + +// Request parameters to use when integrating with Amazon Cognito to authenticate +// users. +type AuthenticateCognitoActionConfig struct { + _ struct{} `type:"structure"` + + // The query parameters (up to 10) to include in the redirect request to the + // authorization endpoint. + AuthenticationRequestExtraParams map[string]*string `type:"map"` + + // The behavior if the user is not authenticated. The following are possible + // values: + // + // * deny - Return an HTTP 401 Unauthorized error. + // + // * allow - Allow the request to be forwarded to the target. + // + // * authenticate - Redirect the request to the IdP authorization endpoint. + // This is the default value. + OnUnauthenticatedRequest *string `type:"string" enum:"AuthenticateCognitoActionConditionalBehaviorEnum"` + + // The set of user claims to be requested from the IdP. The default is openid. + // + // To verify which scope values your IdP supports and how to separate multiple + // values, see the documentation for your IdP. + Scope *string `type:"string"` + + // The name of the cookie used to maintain session information. The default + // is AWSELBAuthSessionCookie. + SessionCookieName *string `type:"string"` + + // The maximum duration of the authentication session, in seconds. The default + // is 604800 seconds (7 days). + SessionTimeout *int64 `type:"long"` + + // The Amazon Resource Name (ARN) of the Amazon Cognito user pool. + // + // UserPoolArn is a required field + UserPoolArn *string `type:"string" required:"true"` + + // The ID of the Amazon Cognito user pool client. + // + // UserPoolClientId is a required field + UserPoolClientId *string `type:"string" required:"true"` + + // The domain prefix or fully-qualified domain name of the Amazon Cognito user + // pool. + // + // UserPoolDomain is a required field + UserPoolDomain *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthenticateCognitoActionConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthenticateCognitoActionConfig) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AuthenticateCognitoActionConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AuthenticateCognitoActionConfig"} + if s.UserPoolArn == nil { + invalidParams.Add(request.NewErrParamRequired("UserPoolArn")) + } + if s.UserPoolClientId == nil { + invalidParams.Add(request.NewErrParamRequired("UserPoolClientId")) + } + if s.UserPoolDomain == nil { + invalidParams.Add(request.NewErrParamRequired("UserPoolDomain")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value. +func (s *AuthenticateCognitoActionConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *AuthenticateCognitoActionConfig { + s.AuthenticationRequestExtraParams = v + return s +} + +// SetOnUnauthenticatedRequest sets the OnUnauthenticatedRequest field's value. +func (s *AuthenticateCognitoActionConfig) SetOnUnauthenticatedRequest(v string) *AuthenticateCognitoActionConfig { + s.OnUnauthenticatedRequest = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *AuthenticateCognitoActionConfig) SetScope(v string) *AuthenticateCognitoActionConfig { + s.Scope = &v + return s +} + +// SetSessionCookieName sets the SessionCookieName field's value. +func (s *AuthenticateCognitoActionConfig) SetSessionCookieName(v string) *AuthenticateCognitoActionConfig { + s.SessionCookieName = &v + return s +} + +// SetSessionTimeout sets the SessionTimeout field's value. +func (s *AuthenticateCognitoActionConfig) SetSessionTimeout(v int64) *AuthenticateCognitoActionConfig { + s.SessionTimeout = &v + return s +} + +// SetUserPoolArn sets the UserPoolArn field's value. +func (s *AuthenticateCognitoActionConfig) SetUserPoolArn(v string) *AuthenticateCognitoActionConfig { + s.UserPoolArn = &v + return s +} + +// SetUserPoolClientId sets the UserPoolClientId field's value. +func (s *AuthenticateCognitoActionConfig) SetUserPoolClientId(v string) *AuthenticateCognitoActionConfig { + s.UserPoolClientId = &v + return s +} + +// SetUserPoolDomain sets the UserPoolDomain field's value. +func (s *AuthenticateCognitoActionConfig) SetUserPoolDomain(v string) *AuthenticateCognitoActionConfig { + s.UserPoolDomain = &v + return s +} + +// Request parameters when using an identity provider (IdP) that is compliant +// with OpenID Connect (OIDC) to authenticate users. +type AuthenticateOidcActionConfig struct { + _ struct{} `type:"structure"` + + // The query parameters (up to 10) to include in the redirect request to the + // authorization endpoint. + AuthenticationRequestExtraParams map[string]*string `type:"map"` + + // The authorization endpoint of the IdP. This must be a full URL, including + // the HTTPS protocol, the domain, and the path. + // + // AuthorizationEndpoint is a required field + AuthorizationEndpoint *string `type:"string" required:"true"` + + // The OAuth 2.0 client identifier. + // + // ClientId is a required field + ClientId *string `type:"string" required:"true"` + + // The OAuth 2.0 client secret. This parameter is required if you are creating + // a rule. If you are modifying a rule, you can omit this parameter if you set + // UseExistingClientSecret to true. + ClientSecret *string `type:"string"` + + // The OIDC issuer identifier of the IdP. This must be a full URL, including + // the HTTPS protocol, the domain, and the path. + // + // Issuer is a required field + Issuer *string `type:"string" required:"true"` + + // The behavior if the user is not authenticated. The following are possible + // values: + // + // * deny - Return an HTTP 401 Unauthorized error. + // + // * allow - Allow the request to be forwarded to the target. + // + // * authenticate - Redirect the request to the IdP authorization endpoint. + // This is the default value. + OnUnauthenticatedRequest *string `type:"string" enum:"AuthenticateOidcActionConditionalBehaviorEnum"` + + // The set of user claims to be requested from the IdP. The default is openid. + // + // To verify which scope values your IdP supports and how to separate multiple + // values, see the documentation for your IdP. + Scope *string `type:"string"` + + // The name of the cookie used to maintain session information. The default + // is AWSELBAuthSessionCookie. + SessionCookieName *string `type:"string"` + + // The maximum duration of the authentication session, in seconds. The default + // is 604800 seconds (7 days). + SessionTimeout *int64 `type:"long"` + + // The token endpoint of the IdP. This must be a full URL, including the HTTPS + // protocol, the domain, and the path. + // + // TokenEndpoint is a required field + TokenEndpoint *string `type:"string" required:"true"` + + // Indicates whether to use the existing client secret when modifying a rule. + // If you are creating a rule, you can omit this parameter or set it to false. + UseExistingClientSecret *bool `type:"boolean"` + + // The user info endpoint of the IdP. This must be a full URL, including the + // HTTPS protocol, the domain, and the path. + // + // UserInfoEndpoint is a required field + UserInfoEndpoint *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthenticateOidcActionConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthenticateOidcActionConfig) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AuthenticateOidcActionConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AuthenticateOidcActionConfig"} + if s.AuthorizationEndpoint == nil { + invalidParams.Add(request.NewErrParamRequired("AuthorizationEndpoint")) + } + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.Issuer == nil { + invalidParams.Add(request.NewErrParamRequired("Issuer")) + } + if s.TokenEndpoint == nil { + invalidParams.Add(request.NewErrParamRequired("TokenEndpoint")) + } + if s.UserInfoEndpoint == nil { + invalidParams.Add(request.NewErrParamRequired("UserInfoEndpoint")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value. +func (s *AuthenticateOidcActionConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *AuthenticateOidcActionConfig { + s.AuthenticationRequestExtraParams = v + return s +} + +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *AuthenticateOidcActionConfig) SetAuthorizationEndpoint(v string) *AuthenticateOidcActionConfig { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *AuthenticateOidcActionConfig) SetClientId(v string) *AuthenticateOidcActionConfig { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *AuthenticateOidcActionConfig) SetClientSecret(v string) *AuthenticateOidcActionConfig { + s.ClientSecret = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *AuthenticateOidcActionConfig) SetIssuer(v string) *AuthenticateOidcActionConfig { + s.Issuer = &v + return s +} + +// SetOnUnauthenticatedRequest sets the OnUnauthenticatedRequest field's value. +func (s *AuthenticateOidcActionConfig) SetOnUnauthenticatedRequest(v string) *AuthenticateOidcActionConfig { + s.OnUnauthenticatedRequest = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *AuthenticateOidcActionConfig) SetScope(v string) *AuthenticateOidcActionConfig { + s.Scope = &v + return s +} + +// SetSessionCookieName sets the SessionCookieName field's value. +func (s *AuthenticateOidcActionConfig) SetSessionCookieName(v string) *AuthenticateOidcActionConfig { + s.SessionCookieName = &v + return s +} + +// SetSessionTimeout sets the SessionTimeout field's value. +func (s *AuthenticateOidcActionConfig) SetSessionTimeout(v int64) *AuthenticateOidcActionConfig { + s.SessionTimeout = &v + return s +} + +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *AuthenticateOidcActionConfig) SetTokenEndpoint(v string) *AuthenticateOidcActionConfig { + s.TokenEndpoint = &v + return s +} + +// SetUseExistingClientSecret sets the UseExistingClientSecret field's value. +func (s *AuthenticateOidcActionConfig) SetUseExistingClientSecret(v bool) *AuthenticateOidcActionConfig { + s.UseExistingClientSecret = &v + return s +} + +// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. +func (s *AuthenticateOidcActionConfig) SetUserInfoEndpoint(v string) *AuthenticateOidcActionConfig { + s.UserInfoEndpoint = &v + return s +} + +// Information about an Availability Zone. +type AvailabilityZone struct { + _ struct{} `type:"structure"` + + // [Network Load Balancers] If you need static IP addresses for your load balancer, + // you can specify one Elastic IP address per Availability Zone when you create + // an internal-facing load balancer. For internal load balancers, you can specify + // a private IP address from the IPv4 range of the subnet. + LoadBalancerAddresses []*LoadBalancerAddress `type:"list"` + + // [Application Load Balancers on Outposts] The ID of the Outpost. + OutpostId *string `type:"string"` + + // The ID of the subnet. You can specify one subnet per Availability Zone. + SubnetId *string `type:"string"` + + // The name of the Availability Zone. + ZoneName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AvailabilityZone) String() string { + return awsutil.Prettify(s) } -// Information about an action. +// GoString returns the string representation. // -// Each rule must include exactly one of the following types of actions: forward, -// fixed-response, or redirect, and it must be the last action to be performed. -type Action struct { +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AvailabilityZone) GoString() string { + return s.String() +} + +// SetLoadBalancerAddresses sets the LoadBalancerAddresses field's value. +func (s *AvailabilityZone) SetLoadBalancerAddresses(v []*LoadBalancerAddress) *AvailabilityZone { + s.LoadBalancerAddresses = v + return s +} + +// SetOutpostId sets the OutpostId field's value. +func (s *AvailabilityZone) SetOutpostId(v string) *AvailabilityZone { + s.OutpostId = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *AvailabilityZone) SetSubnetId(v string) *AvailabilityZone { + s.SubnetId = &v + return s +} + +// SetZoneName sets the ZoneName field's value. +func (s *AvailabilityZone) SetZoneName(v string) *AvailabilityZone { + s.ZoneName = &v + return s +} + +// Information about an SSL server certificate. +type Certificate struct { _ struct{} `type:"structure"` - // [HTTPS listeners] Information for using Amazon Cognito to authenticate users. - // Specify only when Type is authenticate-cognito. - AuthenticateCognitoConfig *AuthenticateCognitoActionConfig `type:"structure"` + // The Amazon Resource Name (ARN) of the certificate. + CertificateArn *string `type:"string"` - // [HTTPS listeners] Information about an identity provider that is compliant - // with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc. - AuthenticateOidcConfig *AuthenticateOidcActionConfig `type:"structure"` + // Indicates whether the certificate is the default certificate. Do not set + // this value when specifying a certificate as an input. This value is not included + // in the output when describing a listener, but is included when describing + // listener certificates. + IsDefault *bool `type:"boolean"` +} - // [Application Load Balancer] Information for creating an action that returns - // a custom HTTP response. Specify only when Type is fixed-response. - FixedResponseConfig *FixedResponseActionConfig `type:"structure"` +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Certificate) String() string { + return awsutil.Prettify(s) +} - // Information for creating an action that distributes requests among one or - // more target groups. For Network Load Balancers, you can specify a single - // target group. Specify only when Type is forward. If you specify both ForwardConfig - // and TargetGroupArn, you can specify only one target group using ForwardConfig - // and it must be the same target group specified in TargetGroupArn. - ForwardConfig *ForwardActionConfig `type:"structure"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Certificate) GoString() string { + return s.String() +} - // The order for the action. This value is required for rules with multiple - // actions. The action with the lowest value for order is performed first. - Order *int64 `min:"1" type:"integer"` +// SetCertificateArn sets the CertificateArn field's value. +func (s *Certificate) SetCertificateArn(v string) *Certificate { + s.CertificateArn = &v + return s +} - // [Application Load Balancer] Information for creating a redirect action. Specify - // only when Type is redirect. - RedirectConfig *RedirectActionConfig `type:"structure"` +// SetIsDefault sets the IsDefault field's value. +func (s *Certificate) SetIsDefault(v bool) *Certificate { + s.IsDefault = &v + return s +} - // The Amazon Resource Name (ARN) of the target group. Specify only when Type - // is forward and you want to route to a single target group. To route to one - // or more target groups, use ForwardConfig instead. - TargetGroupArn *string `type:"string"` +// Information about a cipher used in a policy. +type Cipher struct { + _ struct{} `type:"structure"` - // The type of action. + // The name of the cipher. + Name *string `type:"string"` + + // The priority of the cipher. + Priority *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Cipher) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Cipher) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *Cipher) SetName(v string) *Cipher { + s.Name = &v + return s +} + +// SetPriority sets the Priority field's value. +func (s *Cipher) SetPriority(v int64) *Cipher { + s.Priority = &v + return s +} + +type CreateListenerInput struct { + _ struct{} `type:"structure"` + + // [TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) + // policy. You can specify one policy name. The following are the possible values: // - // Type is a required field - Type *string `type:"string" required:"true" enum:"ActionTypeEnum"` + // * HTTP1Only + // + // * HTTP2Only + // + // * HTTP2Optional + // + // * HTTP2Preferred + // + // * None + // + // For more information, see ALPN policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#alpn-policies) + // in the Network Load Balancers Guide. + AlpnPolicy []*string `type:"list"` + + // [HTTPS and TLS listeners] The default certificate for the listener. You must + // provide exactly one certificate. Set CertificateArn to the certificate ARN + // but do not set IsDefault. + Certificates []*Certificate `type:"list"` + + // The actions for the default rule. + // + // DefaultActions is a required field + DefaultActions []*Action `type:"list" required:"true"` + + // The Amazon Resource Name (ARN) of the load balancer. + // + // LoadBalancerArn is a required field + LoadBalancerArn *string `type:"string" required:"true"` + + // The mutual authentication configuration information. + MutualAuthentication *MutualAuthenticationAttributes `type:"structure"` + + // The port on which the load balancer is listening. You cannot specify a port + // for a Gateway Load Balancer. + Port *int64 `min:"1" type:"integer"` + + // The protocol for connections from clients to the load balancer. For Application + // Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load + // Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t + // specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot + // specify a protocol for a Gateway Load Balancer. + Protocol *string `type:"string" enum:"ProtocolEnum"` + + // [HTTPS and TLS listeners] The security policy that defines which protocols + // and ciphers are supported. + // + // For more information, see Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) + // in the Application Load Balancers Guide and Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) + // in the Network Load Balancers Guide. + SslPolicy *string `type:"string"` + + // The tags to assign to the listener. + Tags []*Tag `min:"1" type:"list"` } // String returns the string representation. @@ -3470,7 +5468,7 @@ type Action struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Action) String() string { +func (s CreateListenerInput) String() string { return awsutil.Prettify(s) } @@ -3479,37 +5477,43 @@ func (s Action) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Action) GoString() string { +func (s CreateListenerInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *Action) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "Action"} - if s.Order != nil && *s.Order < 1 { - invalidParams.Add(request.NewErrParamMinValue("Order", 1)) - } - if s.Type == nil { - invalidParams.Add(request.NewErrParamRequired("Type")) +func (s *CreateListenerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateListenerInput"} + if s.DefaultActions == nil { + invalidParams.Add(request.NewErrParamRequired("DefaultActions")) } - if s.AuthenticateCognitoConfig != nil { - if err := s.AuthenticateCognitoConfig.Validate(); err != nil { - invalidParams.AddNested("AuthenticateCognitoConfig", err.(request.ErrInvalidParams)) - } + if s.LoadBalancerArn == nil { + invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) } - if s.AuthenticateOidcConfig != nil { - if err := s.AuthenticateOidcConfig.Validate(); err != nil { - invalidParams.AddNested("AuthenticateOidcConfig", err.(request.ErrInvalidParams)) - } + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) } - if s.FixedResponseConfig != nil { - if err := s.FixedResponseConfig.Validate(); err != nil { - invalidParams.AddNested("FixedResponseConfig", err.(request.ErrInvalidParams)) + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.DefaultActions != nil { + for i, v := range s.DefaultActions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "DefaultActions", i), err.(request.ErrInvalidParams)) + } } } - if s.RedirectConfig != nil { - if err := s.RedirectConfig.Validate(); err != nil { - invalidParams.AddNested("RedirectConfig", err.(request.ErrInvalidParams)) + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } } } @@ -3519,67 +5523,177 @@ func (s *Action) Validate() error { return nil } -// SetAuthenticateCognitoConfig sets the AuthenticateCognitoConfig field's value. -func (s *Action) SetAuthenticateCognitoConfig(v *AuthenticateCognitoActionConfig) *Action { - s.AuthenticateCognitoConfig = v +// SetAlpnPolicy sets the AlpnPolicy field's value. +func (s *CreateListenerInput) SetAlpnPolicy(v []*string) *CreateListenerInput { + s.AlpnPolicy = v return s } -// SetAuthenticateOidcConfig sets the AuthenticateOidcConfig field's value. -func (s *Action) SetAuthenticateOidcConfig(v *AuthenticateOidcActionConfig) *Action { - s.AuthenticateOidcConfig = v +// SetCertificates sets the Certificates field's value. +func (s *CreateListenerInput) SetCertificates(v []*Certificate) *CreateListenerInput { + s.Certificates = v return s } -// SetFixedResponseConfig sets the FixedResponseConfig field's value. -func (s *Action) SetFixedResponseConfig(v *FixedResponseActionConfig) *Action { - s.FixedResponseConfig = v +// SetDefaultActions sets the DefaultActions field's value. +func (s *CreateListenerInput) SetDefaultActions(v []*Action) *CreateListenerInput { + s.DefaultActions = v return s } -// SetForwardConfig sets the ForwardConfig field's value. -func (s *Action) SetForwardConfig(v *ForwardActionConfig) *Action { - s.ForwardConfig = v +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *CreateListenerInput) SetLoadBalancerArn(v string) *CreateListenerInput { + s.LoadBalancerArn = &v return s } -// SetOrder sets the Order field's value. -func (s *Action) SetOrder(v int64) *Action { - s.Order = &v +// SetMutualAuthentication sets the MutualAuthentication field's value. +func (s *CreateListenerInput) SetMutualAuthentication(v *MutualAuthenticationAttributes) *CreateListenerInput { + s.MutualAuthentication = v return s } -// SetRedirectConfig sets the RedirectConfig field's value. -func (s *Action) SetRedirectConfig(v *RedirectActionConfig) *Action { - s.RedirectConfig = v +// SetPort sets the Port field's value. +func (s *CreateListenerInput) SetPort(v int64) *CreateListenerInput { + s.Port = &v return s } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *Action) SetTargetGroupArn(v string) *Action { - s.TargetGroupArn = &v +// SetProtocol sets the Protocol field's value. +func (s *CreateListenerInput) SetProtocol(v string) *CreateListenerInput { + s.Protocol = &v return s } -// SetType sets the Type field's value. -func (s *Action) SetType(v string) *Action { - s.Type = &v +// SetSslPolicy sets the SslPolicy field's value. +func (s *CreateListenerInput) SetSslPolicy(v string) *CreateListenerInput { + s.SslPolicy = &v return s } -type AddListenerCertificatesInput struct { +// SetTags sets the Tags field's value. +func (s *CreateListenerInput) SetTags(v []*Tag) *CreateListenerInput { + s.Tags = v + return s +} + +type CreateListenerOutput struct { _ struct{} `type:"structure"` - // The certificate to add. You can specify one certificate per call. Set CertificateArn - // to the certificate ARN but do not set IsDefault. + // Information about the listener. + Listeners []*Listener `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateListenerOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateListenerOutput) GoString() string { + return s.String() +} + +// SetListeners sets the Listeners field's value. +func (s *CreateListenerOutput) SetListeners(v []*Listener) *CreateListenerOutput { + s.Listeners = v + return s +} + +type CreateLoadBalancerInput struct { + _ struct{} `type:"structure"` + + // [Application Load Balancers on Outposts] The ID of the customer-owned address + // pool (CoIP pool). + CustomerOwnedIpv4Pool *string `type:"string"` + + // The type of IP addresses used by the subnets for your load balancer. The + // possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and + // IPv6 addresses). + IpAddressType *string `type:"string" enum:"IpAddressType"` + + // The name of the load balancer. // - // Certificates is a required field - Certificates []*Certificate `type:"list" required:"true"` + // This name must be unique per region per account, can have a maximum of 32 + // characters, must contain only alphanumeric characters or hyphens, must not + // begin or end with a hyphen, and must not begin with "internal-". + // + // Name is a required field + Name *string `type:"string" required:"true"` - // The Amazon Resource Name (ARN) of the listener. + // The nodes of an Internet-facing load balancer have public IP addresses. The + // DNS name of an Internet-facing load balancer is publicly resolvable to the + // public IP addresses of the nodes. Therefore, Internet-facing load balancers + // can route requests from clients over the internet. // - // ListenerArn is a required field - ListenerArn *string `type:"string" required:"true"` + // The nodes of an internal load balancer have only private IP addresses. The + // DNS name of an internal load balancer is publicly resolvable to the private + // IP addresses of the nodes. Therefore, internal load balancers can route requests + // only from clients with access to the VPC for the load balancer. + // + // The default is an Internet-facing load balancer. + // + // You cannot specify a scheme for a Gateway Load Balancer. + Scheme *string `type:"string" enum:"LoadBalancerSchemeEnum"` + + // [Application Load Balancers and Network Load Balancers] The IDs of the security + // groups for the load balancer. + SecurityGroups []*string `type:"list"` + + // The IDs of the public subnets. You can specify only one subnet per Availability + // Zone. You must specify either subnets or subnet mappings, but not both. + // + // [Application Load Balancers] You must specify subnets from at least two Availability + // Zones. You cannot specify Elastic IP addresses for your subnets. + // + // [Application Load Balancers on Outposts] You must specify one Outpost subnet. + // + // [Application Load Balancers on Local Zones] You can specify subnets from + // one or more Local Zones. + // + // [Network Load Balancers] You can specify subnets from one or more Availability + // Zones. You can specify one Elastic IP address per subnet if you need static + // IP addresses for your internet-facing load balancer. For internal load balancers, + // you can specify one private IP address per subnet from the IPv4 range of + // the subnet. For internet-facing load balancer, you can specify one IPv6 address + // per subnet. + // + // [Gateway Load Balancers] You can specify subnets from one or more Availability + // Zones. You cannot specify Elastic IP addresses for your subnets. + SubnetMappings []*SubnetMapping `type:"list"` + + // The IDs of the public subnets. You can specify only one subnet per Availability + // Zone. You must specify either subnets or subnet mappings, but not both. To + // specify an Elastic IP address, specify subnet mappings instead of subnets. + // + // [Application Load Balancers] You must specify subnets from at least two Availability + // Zones. + // + // [Application Load Balancers on Outposts] You must specify one Outpost subnet. + // + // [Application Load Balancers on Local Zones] You can specify subnets from + // one or more Local Zones. + // + // [Network Load Balancers] You can specify subnets from one or more Availability + // Zones. + // + // [Gateway Load Balancers] You can specify subnets from one or more Availability + // Zones. + Subnets []*string `type:"list"` + + // The tags to assign to the load balancer. + Tags []*Tag `min:"1" type:"list"` + + // The type of load balancer. The default is application. + Type *string `type:"string" enum:"LoadBalancerTypeEnum"` } // String returns the string representation. @@ -3587,7 +5701,7 @@ type AddListenerCertificatesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddListenerCertificatesInput) String() string { +func (s CreateLoadBalancerInput) String() string { return awsutil.Prettify(s) } @@ -3596,18 +5710,28 @@ func (s AddListenerCertificatesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddListenerCertificatesInput) GoString() string { +func (s CreateLoadBalancerInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *AddListenerCertificatesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AddListenerCertificatesInput"} - if s.Certificates == nil { - invalidParams.Add(request.NewErrParamRequired("Certificates")) +func (s *CreateLoadBalancerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateLoadBalancerInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) } - if s.ListenerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -3616,23 +5740,65 @@ func (s *AddListenerCertificatesInput) Validate() error { return nil } -// SetCertificates sets the Certificates field's value. -func (s *AddListenerCertificatesInput) SetCertificates(v []*Certificate) *AddListenerCertificatesInput { - s.Certificates = v +// SetCustomerOwnedIpv4Pool sets the CustomerOwnedIpv4Pool field's value. +func (s *CreateLoadBalancerInput) SetCustomerOwnedIpv4Pool(v string) *CreateLoadBalancerInput { + s.CustomerOwnedIpv4Pool = &v + return s +} + +// SetIpAddressType sets the IpAddressType field's value. +func (s *CreateLoadBalancerInput) SetIpAddressType(v string) *CreateLoadBalancerInput { + s.IpAddressType = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateLoadBalancerInput) SetName(v string) *CreateLoadBalancerInput { + s.Name = &v + return s +} + +// SetScheme sets the Scheme field's value. +func (s *CreateLoadBalancerInput) SetScheme(v string) *CreateLoadBalancerInput { + s.Scheme = &v + return s +} + +// SetSecurityGroups sets the SecurityGroups field's value. +func (s *CreateLoadBalancerInput) SetSecurityGroups(v []*string) *CreateLoadBalancerInput { + s.SecurityGroups = v + return s +} + +// SetSubnetMappings sets the SubnetMappings field's value. +func (s *CreateLoadBalancerInput) SetSubnetMappings(v []*SubnetMapping) *CreateLoadBalancerInput { + s.SubnetMappings = v + return s +} + +// SetSubnets sets the Subnets field's value. +func (s *CreateLoadBalancerInput) SetSubnets(v []*string) *CreateLoadBalancerInput { + s.Subnets = v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateLoadBalancerInput) SetTags(v []*Tag) *CreateLoadBalancerInput { + s.Tags = v return s } -// SetListenerArn sets the ListenerArn field's value. -func (s *AddListenerCertificatesInput) SetListenerArn(v string) *AddListenerCertificatesInput { - s.ListenerArn = &v +// SetType sets the Type field's value. +func (s *CreateLoadBalancerInput) SetType(v string) *CreateLoadBalancerInput { + s.Type = &v return s } -type AddListenerCertificatesOutput struct { +type CreateLoadBalancerOutput struct { _ struct{} `type:"structure"` - // Information about the certificates in the certificate list. - Certificates []*Certificate `type:"list"` + // Information about the load balancer. + LoadBalancers []*LoadBalancer `type:"list"` } // String returns the string representation. @@ -3640,7 +5806,7 @@ type AddListenerCertificatesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddListenerCertificatesOutput) String() string { +func (s CreateLoadBalancerOutput) String() string { return awsutil.Prettify(s) } @@ -3649,28 +5815,41 @@ func (s AddListenerCertificatesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddListenerCertificatesOutput) GoString() string { +func (s CreateLoadBalancerOutput) GoString() string { return s.String() } -// SetCertificates sets the Certificates field's value. -func (s *AddListenerCertificatesOutput) SetCertificates(v []*Certificate) *AddListenerCertificatesOutput { - s.Certificates = v +// SetLoadBalancers sets the LoadBalancers field's value. +func (s *CreateLoadBalancerOutput) SetLoadBalancers(v []*LoadBalancer) *CreateLoadBalancerOutput { + s.LoadBalancers = v return s } -type AddTagsInput struct { +type CreateRuleInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the resource. + // The actions. // - // ResourceArns is a required field - ResourceArns []*string `type:"list" required:"true"` + // Actions is a required field + Actions []*Action `type:"list" required:"true"` - // The tags. + // The conditions. // - // Tags is a required field - Tags []*Tag `min:"1" type:"list" required:"true"` + // Conditions is a required field + Conditions []*RuleCondition `type:"list" required:"true"` + + // The Amazon Resource Name (ARN) of the listener. + // + // ListenerArn is a required field + ListenerArn *string `type:"string" required:"true"` + + // The rule priority. A listener can't have multiple rules with the same priority. + // + // Priority is a required field + Priority *int64 `min:"1" type:"integer" required:"true"` + + // The tags to assign to the rule. + Tags []*Tag `min:"1" type:"list"` } // String returns the string representation. @@ -3678,7 +5857,7 @@ type AddTagsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddTagsInput) String() string { +func (s CreateRuleInput) String() string { return awsutil.Prettify(s) } @@ -3687,22 +5866,41 @@ func (s AddTagsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddTagsInput) GoString() string { +func (s CreateRuleInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *AddTagsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AddTagsInput"} - if s.ResourceArns == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceArns")) +func (s *CreateRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateRuleInput"} + if s.Actions == nil { + invalidParams.Add(request.NewErrParamRequired("Actions")) } - if s.Tags == nil { - invalidParams.Add(request.NewErrParamRequired("Tags")) + if s.Conditions == nil { + invalidParams.Add(request.NewErrParamRequired("Conditions")) + } + if s.ListenerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + } + if s.Priority == nil { + invalidParams.Add(request.NewErrParamRequired("Priority")) + } + if s.Priority != nil && *s.Priority < 1 { + invalidParams.Add(request.NewErrParamMinValue("Priority", 1)) } if s.Tags != nil && len(s.Tags) < 1 { invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) } + if s.Actions != nil { + for i, v := range s.Actions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Actions", i), err.(request.ErrInvalidParams)) + } + } + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -3720,89 +5918,41 @@ func (s *AddTagsInput) Validate() error { return nil } -// SetResourceArns sets the ResourceArns field's value. -func (s *AddTagsInput) SetResourceArns(v []*string) *AddTagsInput { - s.ResourceArns = v +// SetActions sets the Actions field's value. +func (s *CreateRuleInput) SetActions(v []*Action) *CreateRuleInput { + s.Actions = v return s } -// SetTags sets the Tags field's value. -func (s *AddTagsInput) SetTags(v []*Tag) *AddTagsInput { - s.Tags = v +// SetConditions sets the Conditions field's value. +func (s *CreateRuleInput) SetConditions(v []*RuleCondition) *CreateRuleInput { + s.Conditions = v return s } -type AddTagsOutput struct { - _ struct{} `type:"structure"` +// SetListenerArn sets the ListenerArn field's value. +func (s *CreateRuleInput) SetListenerArn(v string) *CreateRuleInput { + s.ListenerArn = &v + return s } -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AddTagsOutput) String() string { - return awsutil.Prettify(s) +// SetPriority sets the Priority field's value. +func (s *CreateRuleInput) SetPriority(v int64) *CreateRuleInput { + s.Priority = &v + return s } -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AddTagsOutput) GoString() string { - return s.String() +// SetTags sets the Tags field's value. +func (s *CreateRuleInput) SetTags(v []*Tag) *CreateRuleInput { + s.Tags = v + return s } -// Request parameters to use when integrating with Amazon Cognito to authenticate -// users. -type AuthenticateCognitoActionConfig struct { +type CreateRuleOutput struct { _ struct{} `type:"structure"` - // The query parameters (up to 10) to include in the redirect request to the - // authorization endpoint. - AuthenticationRequestExtraParams map[string]*string `type:"map"` - - // The behavior if the user is not authenticated. The following are possible - // values: - // - // * deny - Return an HTTP 401 Unauthorized error. - // - // * allow - Allow the request to be forwarded to the target. - // - // * authenticate - Redirect the request to the IdP authorization endpoint. - // This is the default value. - OnUnauthenticatedRequest *string `type:"string" enum:"AuthenticateCognitoActionConditionalBehaviorEnum"` - - // The set of user claims to be requested from the IdP. The default is openid. - // - // To verify which scope values your IdP supports and how to separate multiple - // values, see the documentation for your IdP. - Scope *string `type:"string"` - - // The name of the cookie used to maintain session information. The default - // is AWSELBAuthSessionCookie. - SessionCookieName *string `type:"string"` - - // The maximum duration of the authentication session, in seconds. The default - // is 604800 seconds (7 days). - SessionTimeout *int64 `type:"long"` - - // The Amazon Resource Name (ARN) of the Amazon Cognito user pool. - // - // UserPoolArn is a required field - UserPoolArn *string `type:"string" required:"true"` - - // The ID of the Amazon Cognito user pool client. - // - // UserPoolClientId is a required field - UserPoolClientId *string `type:"string" required:"true"` - - // The domain prefix or fully-qualified domain name of the Amazon Cognito user - // pool. - // - // UserPoolDomain is a required field - UserPoolDomain *string `type:"string" required:"true"` + // Information about the rule. + Rules []*Rule `type:"list"` } // String returns the string representation. @@ -3810,7 +5960,7 @@ type AuthenticateCognitoActionConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AuthenticateCognitoActionConfig) String() string { +func (s CreateRuleOutput) String() string { return awsutil.Prettify(s) } @@ -3819,148 +5969,137 @@ func (s AuthenticateCognitoActionConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AuthenticateCognitoActionConfig) GoString() string { +func (s CreateRuleOutput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *AuthenticateCognitoActionConfig) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AuthenticateCognitoActionConfig"} - if s.UserPoolArn == nil { - invalidParams.Add(request.NewErrParamRequired("UserPoolArn")) - } - if s.UserPoolClientId == nil { - invalidParams.Add(request.NewErrParamRequired("UserPoolClientId")) - } - if s.UserPoolDomain == nil { - invalidParams.Add(request.NewErrParamRequired("UserPoolDomain")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value. -func (s *AuthenticateCognitoActionConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *AuthenticateCognitoActionConfig { - s.AuthenticationRequestExtraParams = v - return s -} - -// SetOnUnauthenticatedRequest sets the OnUnauthenticatedRequest field's value. -func (s *AuthenticateCognitoActionConfig) SetOnUnauthenticatedRequest(v string) *AuthenticateCognitoActionConfig { - s.OnUnauthenticatedRequest = &v - return s -} - -// SetScope sets the Scope field's value. -func (s *AuthenticateCognitoActionConfig) SetScope(v string) *AuthenticateCognitoActionConfig { - s.Scope = &v - return s -} - -// SetSessionCookieName sets the SessionCookieName field's value. -func (s *AuthenticateCognitoActionConfig) SetSessionCookieName(v string) *AuthenticateCognitoActionConfig { - s.SessionCookieName = &v +// SetRules sets the Rules field's value. +func (s *CreateRuleOutput) SetRules(v []*Rule) *CreateRuleOutput { + s.Rules = v return s } -// SetSessionTimeout sets the SessionTimeout field's value. -func (s *AuthenticateCognitoActionConfig) SetSessionTimeout(v int64) *AuthenticateCognitoActionConfig { - s.SessionTimeout = &v - return s -} +type CreateTargetGroupInput struct { + _ struct{} `type:"structure"` -// SetUserPoolArn sets the UserPoolArn field's value. -func (s *AuthenticateCognitoActionConfig) SetUserPoolArn(v string) *AuthenticateCognitoActionConfig { - s.UserPoolArn = &v - return s -} + // Indicates whether health checks are enabled. If the target type is lambda, + // health checks are disabled by default but can be enabled. If the target type + // is instance, ip, or alb, health checks are always enabled and cannot be disabled. + HealthCheckEnabled *bool `type:"boolean"` -// SetUserPoolClientId sets the UserPoolClientId field's value. -func (s *AuthenticateCognitoActionConfig) SetUserPoolClientId(v string) *AuthenticateCognitoActionConfig { - s.UserPoolClientId = &v - return s -} + // The approximate amount of time, in seconds, between health checks of an individual + // target. The range is 5-300. If the target group protocol is TCP, TLS, UDP, + // TCP_UDP, HTTP or HTTPS, the default is 30 seconds. If the target group protocol + // is GENEVE, the default is 10 seconds. If the target type is lambda, the default + // is 35 seconds. + HealthCheckIntervalSeconds *int64 `min:"5" type:"integer"` -// SetUserPoolDomain sets the UserPoolDomain field's value. -func (s *AuthenticateCognitoActionConfig) SetUserPoolDomain(v string) *AuthenticateCognitoActionConfig { - s.UserPoolDomain = &v - return s -} + // [HTTP/HTTPS health checks] The destination for health checks on the targets. + // + // [HTTP1 or HTTP2 protocol version] The ping path. The default is /. + // + // [GRPC protocol version] The path of a custom health check method with the + // format /package.service/method. The default is /Amazon Web Services.ALB/healthcheck. + HealthCheckPath *string `min:"1" type:"string"` -// Request parameters when using an identity provider (IdP) that is compliant -// with OpenID Connect (OIDC) to authenticate users. -type AuthenticateOidcActionConfig struct { - _ struct{} `type:"structure"` + // The port the load balancer uses when performing health checks on targets. + // If the protocol is HTTP, HTTPS, TCP, TLS, UDP, or TCP_UDP, the default is + // traffic-port, which is the port on which each target receives traffic from + // the load balancer. If the protocol is GENEVE, the default is port 80. + HealthCheckPort *string `type:"string"` - // The query parameters (up to 10) to include in the redirect request to the - // authorization endpoint. - AuthenticationRequestExtraParams map[string]*string `type:"map"` + // The protocol the load balancer uses when performing health checks on targets. + // For Application Load Balancers, the default is HTTP. For Network Load Balancers + // and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported + // for health checks if the protocol of the target group is HTTP or HTTPS. The + // GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks. + HealthCheckProtocol *string `type:"string" enum:"ProtocolEnum"` - // The authorization endpoint of the IdP. This must be a full URL, including - // the HTTPS protocol, the domain, and the path. - // - // AuthorizationEndpoint is a required field - AuthorizationEndpoint *string `type:"string" required:"true"` + // The amount of time, in seconds, during which no response from a target means + // a failed health check. The range is 2–120 seconds. For target groups with + // a protocol of HTTP, the default is 6 seconds. For target groups with a protocol + // of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a + // protocol of GENEVE, the default is 5 seconds. If the target type is lambda, + // the default is 30 seconds. + HealthCheckTimeoutSeconds *int64 `min:"2" type:"integer"` - // The OAuth 2.0 client identifier. - // - // ClientId is a required field - ClientId *string `type:"string" required:"true"` + // The number of consecutive health check successes required before considering + // a target healthy. The range is 2-10. If the target group protocol is TCP, + // TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 5. For target groups with + // a protocol of GENEVE, the default is 5. If the target type is lambda, the + // default is 5. + HealthyThresholdCount *int64 `min:"2" type:"integer"` - // The OAuth 2.0 client secret. This parameter is required if you are creating - // a rule. If you are modifying a rule, you can omit this parameter if you set - // UseExistingClientSecret to true. - ClientSecret *string `type:"string"` + // The type of IP address used for this target group. The possible values are + // ipv4 and ipv6. This is an optional parameter. If not specified, the IP address + // type defaults to ipv4. + IpAddressType *string `type:"string" enum:"TargetGroupIpAddressTypeEnum"` - // The OIDC issuer identifier of the IdP. This must be a full URL, including - // the HTTPS protocol, the domain, and the path. - // - // Issuer is a required field - Issuer *string `type:"string" required:"true"` + // [HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for + // a successful response from a target. For target groups with a protocol of + // TCP, TCP_UDP, UDP or TLS the range is 200-599. For target groups with a protocol + // of HTTP or HTTPS, the range is 200-499. For target groups with a protocol + // of GENEVE, the range is 200-399. + Matcher *Matcher `type:"structure"` - // The behavior if the user is not authenticated. The following are possible - // values: - // - // * deny - Return an HTTP 401 Unauthorized error. + // The name of the target group. // - // * allow - Allow the request to be forwarded to the target. + // This name must be unique per region per account, can have a maximum of 32 + // characters, must contain only alphanumeric characters or hyphens, and must + // not begin or end with a hyphen. // - // * authenticate - Redirect the request to the IdP authorization endpoint. - // This is the default value. - OnUnauthenticatedRequest *string `type:"string" enum:"AuthenticateOidcActionConditionalBehaviorEnum"` + // Name is a required field + Name *string `type:"string" required:"true"` - // The set of user claims to be requested from the IdP. The default is openid. - // - // To verify which scope values your IdP supports and how to separate multiple - // values, see the documentation for your IdP. - Scope *string `type:"string"` + // The port on which the targets receive traffic. This port is used unless you + // specify a port override when registering the target. If the target is a Lambda + // function, this parameter does not apply. If the protocol is GENEVE, the supported + // port is 6081. + Port *int64 `min:"1" type:"integer"` - // The name of the cookie used to maintain session information. The default - // is AWSELBAuthSessionCookie. - SessionCookieName *string `type:"string"` + // The protocol to use for routing traffic to the targets. For Application Load + // Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, + // the supported protocols are TCP, TLS, UDP, or TCP_UDP. For Gateway Load Balancers, + // the supported protocol is GENEVE. A TCP_UDP listener must be associated with + // a TCP_UDP target group. If the target is a Lambda function, this parameter + // does not apply. + Protocol *string `type:"string" enum:"ProtocolEnum"` - // The maximum duration of the authentication session, in seconds. The default - // is 604800 seconds (7 days). - SessionTimeout *int64 `type:"long"` + // [HTTP/HTTPS protocol] The protocol version. Specify GRPC to send requests + // to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. + // The default is HTTP1, which sends requests to targets using HTTP/1.1. + ProtocolVersion *string `type:"string"` - // The token endpoint of the IdP. This must be a full URL, including the HTTPS - // protocol, the domain, and the path. + // The tags to assign to the target group. + Tags []*Tag `min:"1" type:"list"` + + // The type of target that you must specify when registering targets with this + // target group. You can't specify targets for a target group using more than + // one target type. // - // TokenEndpoint is a required field - TokenEndpoint *string `type:"string" required:"true"` + // * instance - Register targets by instance ID. This is the default value. + // + // * ip - Register targets by IP address. You can specify IP addresses from + // the subnets of the virtual private cloud (VPC) for the target group, the + // RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the + // RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP + // addresses. + // + // * lambda - Register a single Lambda function as a target. + // + // * alb - Register a single Application Load Balancer as a target. + TargetType *string `type:"string" enum:"TargetTypeEnum"` - // Indicates whether to use the existing client secret when modifying a rule. - // If you are creating a rule, you can omit this parameter or set it to false. - UseExistingClientSecret *bool `type:"boolean"` + // The number of consecutive health check failures required before considering + // a target unhealthy. The range is 2-10. If the target group protocol is TCP, + // TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 2. For target groups with + // a protocol of GENEVE, the default is 2. If the target type is lambda, the + // default is 5. + UnhealthyThresholdCount *int64 `min:"2" type:"integer"` - // The user info endpoint of the IdP. This must be a full URL, including the - // HTTPS protocol, the domain, and the path. - // - // UserInfoEndpoint is a required field - UserInfoEndpoint *string `type:"string" required:"true"` + // The identifier of the virtual private cloud (VPC). If the target is a Lambda + // function, this parameter does not apply. Otherwise, this parameter is required. + VpcId *string `type:"string"` } // String returns the string representation. @@ -3968,7 +6107,7 @@ type AuthenticateOidcActionConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AuthenticateOidcActionConfig) String() string { +func (s CreateTargetGroupInput) String() string { return awsutil.Prettify(s) } @@ -3977,27 +6116,46 @@ func (s AuthenticateOidcActionConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AuthenticateOidcActionConfig) GoString() string { +func (s CreateTargetGroupInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *AuthenticateOidcActionConfig) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AuthenticateOidcActionConfig"} - if s.AuthorizationEndpoint == nil { - invalidParams.Add(request.NewErrParamRequired("AuthorizationEndpoint")) +func (s *CreateTargetGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTargetGroupInput"} + if s.HealthCheckIntervalSeconds != nil && *s.HealthCheckIntervalSeconds < 5 { + invalidParams.Add(request.NewErrParamMinValue("HealthCheckIntervalSeconds", 5)) } - if s.ClientId == nil { - invalidParams.Add(request.NewErrParamRequired("ClientId")) + if s.HealthCheckPath != nil && len(*s.HealthCheckPath) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HealthCheckPath", 1)) } - if s.Issuer == nil { - invalidParams.Add(request.NewErrParamRequired("Issuer")) + if s.HealthCheckTimeoutSeconds != nil && *s.HealthCheckTimeoutSeconds < 2 { + invalidParams.Add(request.NewErrParamMinValue("HealthCheckTimeoutSeconds", 2)) } - if s.TokenEndpoint == nil { - invalidParams.Add(request.NewErrParamRequired("TokenEndpoint")) + if s.HealthyThresholdCount != nil && *s.HealthyThresholdCount < 2 { + invalidParams.Add(request.NewErrParamMinValue("HealthyThresholdCount", 2)) } - if s.UserInfoEndpoint == nil { - invalidParams.Add(request.NewErrParamRequired("UserInfoEndpoint")) + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.UnhealthyThresholdCount != nil && *s.UnhealthyThresholdCount < 2 { + invalidParams.Add(request.NewErrParamMinValue("UnhealthyThresholdCount", 2)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -4006,193 +6164,113 @@ func (s *AuthenticateOidcActionConfig) Validate() error { return nil } -// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value. -func (s *AuthenticateOidcActionConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *AuthenticateOidcActionConfig { - s.AuthenticationRequestExtraParams = v - return s -} - -// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. -func (s *AuthenticateOidcActionConfig) SetAuthorizationEndpoint(v string) *AuthenticateOidcActionConfig { - s.AuthorizationEndpoint = &v - return s -} - -// SetClientId sets the ClientId field's value. -func (s *AuthenticateOidcActionConfig) SetClientId(v string) *AuthenticateOidcActionConfig { - s.ClientId = &v - return s -} - -// SetClientSecret sets the ClientSecret field's value. -func (s *AuthenticateOidcActionConfig) SetClientSecret(v string) *AuthenticateOidcActionConfig { - s.ClientSecret = &v - return s -} - -// SetIssuer sets the Issuer field's value. -func (s *AuthenticateOidcActionConfig) SetIssuer(v string) *AuthenticateOidcActionConfig { - s.Issuer = &v - return s -} - -// SetOnUnauthenticatedRequest sets the OnUnauthenticatedRequest field's value. -func (s *AuthenticateOidcActionConfig) SetOnUnauthenticatedRequest(v string) *AuthenticateOidcActionConfig { - s.OnUnauthenticatedRequest = &v - return s -} - -// SetScope sets the Scope field's value. -func (s *AuthenticateOidcActionConfig) SetScope(v string) *AuthenticateOidcActionConfig { - s.Scope = &v - return s -} - -// SetSessionCookieName sets the SessionCookieName field's value. -func (s *AuthenticateOidcActionConfig) SetSessionCookieName(v string) *AuthenticateOidcActionConfig { - s.SessionCookieName = &v +// SetHealthCheckEnabled sets the HealthCheckEnabled field's value. +func (s *CreateTargetGroupInput) SetHealthCheckEnabled(v bool) *CreateTargetGroupInput { + s.HealthCheckEnabled = &v return s } -// SetSessionTimeout sets the SessionTimeout field's value. -func (s *AuthenticateOidcActionConfig) SetSessionTimeout(v int64) *AuthenticateOidcActionConfig { - s.SessionTimeout = &v +// SetHealthCheckIntervalSeconds sets the HealthCheckIntervalSeconds field's value. +func (s *CreateTargetGroupInput) SetHealthCheckIntervalSeconds(v int64) *CreateTargetGroupInput { + s.HealthCheckIntervalSeconds = &v return s } -// SetTokenEndpoint sets the TokenEndpoint field's value. -func (s *AuthenticateOidcActionConfig) SetTokenEndpoint(v string) *AuthenticateOidcActionConfig { - s.TokenEndpoint = &v +// SetHealthCheckPath sets the HealthCheckPath field's value. +func (s *CreateTargetGroupInput) SetHealthCheckPath(v string) *CreateTargetGroupInput { + s.HealthCheckPath = &v return s } -// SetUseExistingClientSecret sets the UseExistingClientSecret field's value. -func (s *AuthenticateOidcActionConfig) SetUseExistingClientSecret(v bool) *AuthenticateOidcActionConfig { - s.UseExistingClientSecret = &v +// SetHealthCheckPort sets the HealthCheckPort field's value. +func (s *CreateTargetGroupInput) SetHealthCheckPort(v string) *CreateTargetGroupInput { + s.HealthCheckPort = &v return s } -// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. -func (s *AuthenticateOidcActionConfig) SetUserInfoEndpoint(v string) *AuthenticateOidcActionConfig { - s.UserInfoEndpoint = &v +// SetHealthCheckProtocol sets the HealthCheckProtocol field's value. +func (s *CreateTargetGroupInput) SetHealthCheckProtocol(v string) *CreateTargetGroupInput { + s.HealthCheckProtocol = &v return s } -// Information about an Availability Zone. -type AvailabilityZone struct { - _ struct{} `type:"structure"` - - // [Network Load Balancers] If you need static IP addresses for your load balancer, - // you can specify one Elastic IP address per Availability Zone when you create - // an internal-facing load balancer. For internal load balancers, you can specify - // a private IP address from the IPv4 range of the subnet. - LoadBalancerAddresses []*LoadBalancerAddress `type:"list"` - - // [Application Load Balancers on Outposts] The ID of the Outpost. - OutpostId *string `type:"string"` - - // The ID of the subnet. You can specify one subnet per Availability Zone. - SubnetId *string `type:"string"` - - // The name of the Availability Zone. - ZoneName *string `type:"string"` +// SetHealthCheckTimeoutSeconds sets the HealthCheckTimeoutSeconds field's value. +func (s *CreateTargetGroupInput) SetHealthCheckTimeoutSeconds(v int64) *CreateTargetGroupInput { + s.HealthCheckTimeoutSeconds = &v + return s } -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AvailabilityZone) String() string { - return awsutil.Prettify(s) +// SetHealthyThresholdCount sets the HealthyThresholdCount field's value. +func (s *CreateTargetGroupInput) SetHealthyThresholdCount(v int64) *CreateTargetGroupInput { + s.HealthyThresholdCount = &v + return s } -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AvailabilityZone) GoString() string { - return s.String() +// SetIpAddressType sets the IpAddressType field's value. +func (s *CreateTargetGroupInput) SetIpAddressType(v string) *CreateTargetGroupInput { + s.IpAddressType = &v + return s } -// SetLoadBalancerAddresses sets the LoadBalancerAddresses field's value. -func (s *AvailabilityZone) SetLoadBalancerAddresses(v []*LoadBalancerAddress) *AvailabilityZone { - s.LoadBalancerAddresses = v +// SetMatcher sets the Matcher field's value. +func (s *CreateTargetGroupInput) SetMatcher(v *Matcher) *CreateTargetGroupInput { + s.Matcher = v return s } -// SetOutpostId sets the OutpostId field's value. -func (s *AvailabilityZone) SetOutpostId(v string) *AvailabilityZone { - s.OutpostId = &v +// SetName sets the Name field's value. +func (s *CreateTargetGroupInput) SetName(v string) *CreateTargetGroupInput { + s.Name = &v return s } -// SetSubnetId sets the SubnetId field's value. -func (s *AvailabilityZone) SetSubnetId(v string) *AvailabilityZone { - s.SubnetId = &v +// SetPort sets the Port field's value. +func (s *CreateTargetGroupInput) SetPort(v int64) *CreateTargetGroupInput { + s.Port = &v return s } -// SetZoneName sets the ZoneName field's value. -func (s *AvailabilityZone) SetZoneName(v string) *AvailabilityZone { - s.ZoneName = &v +// SetProtocol sets the Protocol field's value. +func (s *CreateTargetGroupInput) SetProtocol(v string) *CreateTargetGroupInput { + s.Protocol = &v return s } -// Information about an SSL server certificate. -type Certificate struct { - _ struct{} `type:"structure"` - - // The Amazon Resource Name (ARN) of the certificate. - CertificateArn *string `type:"string"` - - // Indicates whether the certificate is the default certificate. Do not set - // this value when specifying a certificate as an input. This value is not included - // in the output when describing a listener, but is included when describing - // listener certificates. - IsDefault *bool `type:"boolean"` +// SetProtocolVersion sets the ProtocolVersion field's value. +func (s *CreateTargetGroupInput) SetProtocolVersion(v string) *CreateTargetGroupInput { + s.ProtocolVersion = &v + return s } -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s Certificate) String() string { - return awsutil.Prettify(s) +// SetTags sets the Tags field's value. +func (s *CreateTargetGroupInput) SetTags(v []*Tag) *CreateTargetGroupInput { + s.Tags = v + return s } -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s Certificate) GoString() string { - return s.String() +// SetTargetType sets the TargetType field's value. +func (s *CreateTargetGroupInput) SetTargetType(v string) *CreateTargetGroupInput { + s.TargetType = &v + return s } -// SetCertificateArn sets the CertificateArn field's value. -func (s *Certificate) SetCertificateArn(v string) *Certificate { - s.CertificateArn = &v +// SetUnhealthyThresholdCount sets the UnhealthyThresholdCount field's value. +func (s *CreateTargetGroupInput) SetUnhealthyThresholdCount(v int64) *CreateTargetGroupInput { + s.UnhealthyThresholdCount = &v return s } -// SetIsDefault sets the IsDefault field's value. -func (s *Certificate) SetIsDefault(v bool) *Certificate { - s.IsDefault = &v +// SetVpcId sets the VpcId field's value. +func (s *CreateTargetGroupInput) SetVpcId(v string) *CreateTargetGroupInput { + s.VpcId = &v return s } -// Information about a cipher used in a policy. -type Cipher struct { +type CreateTargetGroupOutput struct { _ struct{} `type:"structure"` - // The name of the cipher. - Name *string `type:"string"` - - // The priority of the cipher. - Priority *int64 `type:"integer"` + // Information about the target group. + TargetGroups []*TargetGroup `type:"list"` } // String returns the string representation. @@ -4200,7 +6278,7 @@ type Cipher struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Cipher) String() string { +func (s CreateTargetGroupOutput) String() string { return awsutil.Prettify(s) } @@ -4209,77 +6287,41 @@ func (s Cipher) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Cipher) GoString() string { +func (s CreateTargetGroupOutput) GoString() string { return s.String() } -// SetName sets the Name field's value. -func (s *Cipher) SetName(v string) *Cipher { - s.Name = &v - return s -} - -// SetPriority sets the Priority field's value. -func (s *Cipher) SetPriority(v int64) *Cipher { - s.Priority = &v +// SetTargetGroups sets the TargetGroups field's value. +func (s *CreateTargetGroupOutput) SetTargetGroups(v []*TargetGroup) *CreateTargetGroupOutput { + s.TargetGroups = v return s } -type CreateListenerInput struct { +type CreateTrustStoreInput struct { _ struct{} `type:"structure"` - // [TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) - // policy. You can specify one policy name. The following are the possible values: - // - // * HTTP1Only - // - // * HTTP2Only - // - // * HTTP2Optional - // - // * HTTP2Preferred - // - // * None - // - // For more information, see ALPN policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#alpn-policies) - // in the Network Load Balancers Guide. - AlpnPolicy []*string `type:"list"` - - // [HTTPS and TLS listeners] The default certificate for the listener. You must - // provide exactly one certificate. Set CertificateArn to the certificate ARN - // but do not set IsDefault. - Certificates []*Certificate `type:"list"` - - // The actions for the default rule. + // The Amazon S3 bucket for the ca certificates bundle. // - // DefaultActions is a required field - DefaultActions []*Action `type:"list" required:"true"` + // CaCertificatesBundleS3Bucket is a required field + CaCertificatesBundleS3Bucket *string `type:"string" required:"true"` - // The Amazon Resource Name (ARN) of the load balancer. + // The Amazon S3 path for the ca certificates bundle. // - // LoadBalancerArn is a required field - LoadBalancerArn *string `type:"string" required:"true"` - - // The port on which the load balancer is listening. You cannot specify a port - // for a Gateway Load Balancer. - Port *int64 `min:"1" type:"integer"` + // CaCertificatesBundleS3Key is a required field + CaCertificatesBundleS3Key *string `type:"string" required:"true"` - // The protocol for connections from clients to the load balancer. For Application - // Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load - // Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t - // specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot - // specify a protocol for a Gateway Load Balancer. - Protocol *string `type:"string" enum:"ProtocolEnum"` + // The Amazon S3 object version for the ca certificates bundle. If undefined + // the current version is used. + CaCertificatesBundleS3ObjectVersion *string `type:"string"` - // [HTTPS and TLS listeners] The security policy that defines which protocols - // and ciphers are supported. + // The name of the trust store. // - // For more information, see Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) - // in the Application Load Balancers Guide and Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) - // in the Network Load Balancers Guide. - SslPolicy *string `type:"string"` + // This name must be unique per region and cannot be changed after creation. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` - // The tags to assign to the listener. + // The tags to assign to the trust store. Tags []*Tag `min:"1" type:"list"` } @@ -4288,7 +6330,7 @@ type CreateListenerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateListenerInput) String() string { +func (s CreateTrustStoreInput) String() string { return awsutil.Prettify(s) } @@ -4297,35 +6339,28 @@ func (s CreateListenerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateListenerInput) GoString() string { +func (s CreateTrustStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateListenerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateListenerInput"} - if s.DefaultActions == nil { - invalidParams.Add(request.NewErrParamRequired("DefaultActions")) +func (s *CreateTrustStoreInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTrustStoreInput"} + if s.CaCertificatesBundleS3Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("CaCertificatesBundleS3Bucket")) } - if s.LoadBalancerArn == nil { - invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) + if s.CaCertificatesBundleS3Key == nil { + invalidParams.Add(request.NewErrParamRequired("CaCertificatesBundleS3Key")) } - if s.Port != nil && *s.Port < 1 { - invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } if s.Tags != nil && len(s.Tags) < 1 { invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) } - if s.DefaultActions != nil { - for i, v := range s.DefaultActions { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "DefaultActions", i), err.(request.ErrInvalidParams)) - } - } - } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -4343,59 +6378,41 @@ func (s *CreateListenerInput) Validate() error { return nil } -// SetAlpnPolicy sets the AlpnPolicy field's value. -func (s *CreateListenerInput) SetAlpnPolicy(v []*string) *CreateListenerInput { - s.AlpnPolicy = v - return s -} - -// SetCertificates sets the Certificates field's value. -func (s *CreateListenerInput) SetCertificates(v []*Certificate) *CreateListenerInput { - s.Certificates = v - return s -} - -// SetDefaultActions sets the DefaultActions field's value. -func (s *CreateListenerInput) SetDefaultActions(v []*Action) *CreateListenerInput { - s.DefaultActions = v - return s -} - -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *CreateListenerInput) SetLoadBalancerArn(v string) *CreateListenerInput { - s.LoadBalancerArn = &v +// SetCaCertificatesBundleS3Bucket sets the CaCertificatesBundleS3Bucket field's value. +func (s *CreateTrustStoreInput) SetCaCertificatesBundleS3Bucket(v string) *CreateTrustStoreInput { + s.CaCertificatesBundleS3Bucket = &v return s } -// SetPort sets the Port field's value. -func (s *CreateListenerInput) SetPort(v int64) *CreateListenerInput { - s.Port = &v +// SetCaCertificatesBundleS3Key sets the CaCertificatesBundleS3Key field's value. +func (s *CreateTrustStoreInput) SetCaCertificatesBundleS3Key(v string) *CreateTrustStoreInput { + s.CaCertificatesBundleS3Key = &v return s } -// SetProtocol sets the Protocol field's value. -func (s *CreateListenerInput) SetProtocol(v string) *CreateListenerInput { - s.Protocol = &v +// SetCaCertificatesBundleS3ObjectVersion sets the CaCertificatesBundleS3ObjectVersion field's value. +func (s *CreateTrustStoreInput) SetCaCertificatesBundleS3ObjectVersion(v string) *CreateTrustStoreInput { + s.CaCertificatesBundleS3ObjectVersion = &v return s } -// SetSslPolicy sets the SslPolicy field's value. -func (s *CreateListenerInput) SetSslPolicy(v string) *CreateListenerInput { - s.SslPolicy = &v +// SetName sets the Name field's value. +func (s *CreateTrustStoreInput) SetName(v string) *CreateTrustStoreInput { + s.Name = &v return s } // SetTags sets the Tags field's value. -func (s *CreateListenerInput) SetTags(v []*Tag) *CreateListenerInput { +func (s *CreateTrustStoreInput) SetTags(v []*Tag) *CreateTrustStoreInput { s.Tags = v return s } -type CreateListenerOutput struct { +type CreateTrustStoreOutput struct { _ struct{} `type:"structure"` - // Information about the listener. - Listeners []*Listener `type:"list"` + // Information about the trust store created. + TrustStores []*TrustStore `type:"list"` } // String returns the string representation. @@ -4403,7 +6420,7 @@ type CreateListenerOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateListenerOutput) String() string { +func (s CreateTrustStoreOutput) String() string { return awsutil.Prettify(s) } @@ -4412,102 +6429,91 @@ func (s CreateListenerOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateListenerOutput) GoString() string { +func (s CreateTrustStoreOutput) GoString() string { return s.String() } -// SetListeners sets the Listeners field's value. -func (s *CreateListenerOutput) SetListeners(v []*Listener) *CreateListenerOutput { - s.Listeners = v +// SetTrustStores sets the TrustStores field's value. +func (s *CreateTrustStoreOutput) SetTrustStores(v []*TrustStore) *CreateTrustStoreOutput { + s.TrustStores = v return s } -type CreateLoadBalancerInput struct { +type DeleteListenerInput struct { _ struct{} `type:"structure"` - // [Application Load Balancers on Outposts] The ID of the customer-owned address - // pool (CoIP pool). - CustomerOwnedIpv4Pool *string `type:"string"` + // The Amazon Resource Name (ARN) of the listener. + // + // ListenerArn is a required field + ListenerArn *string `type:"string" required:"true"` +} - // The type of IP addresses used by the subnets for your load balancer. The - // possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and - // IPv6 addresses). - IpAddressType *string `type:"string" enum:"IpAddressType"` +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteListenerInput) String() string { + return awsutil.Prettify(s) +} - // The name of the load balancer. - // - // This name must be unique per region per account, can have a maximum of 32 - // characters, must contain only alphanumeric characters or hyphens, must not - // begin or end with a hyphen, and must not begin with "internal-". - // - // Name is a required field - Name *string `type:"string" required:"true"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteListenerInput) GoString() string { + return s.String() +} - // The nodes of an Internet-facing load balancer have public IP addresses. The - // DNS name of an Internet-facing load balancer is publicly resolvable to the - // public IP addresses of the nodes. Therefore, Internet-facing load balancers - // can route requests from clients over the internet. - // - // The nodes of an internal load balancer have only private IP addresses. The - // DNS name of an internal load balancer is publicly resolvable to the private - // IP addresses of the nodes. Therefore, internal load balancers can route requests - // only from clients with access to the VPC for the load balancer. - // - // The default is an Internet-facing load balancer. - // - // You cannot specify a scheme for a Gateway Load Balancer. - Scheme *string `type:"string" enum:"LoadBalancerSchemeEnum"` +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteListenerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteListenerInput"} + if s.ListenerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + } - // [Application Load Balancers] The IDs of the security groups for the load - // balancer. - SecurityGroups []*string `type:"list"` + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} - // The IDs of the public subnets. You can specify only one subnet per Availability - // Zone. You must specify either subnets or subnet mappings, but not both. - // - // [Application Load Balancers] You must specify subnets from at least two Availability - // Zones. You cannot specify Elastic IP addresses for your subnets. - // - // [Application Load Balancers on Outposts] You must specify one Outpost subnet. - // - // [Application Load Balancers on Local Zones] You can specify subnets from - // one or more Local Zones. - // - // [Network Load Balancers] You can specify subnets from one or more Availability - // Zones. You can specify one Elastic IP address per subnet if you need static - // IP addresses for your internet-facing load balancer. For internal load balancers, - // you can specify one private IP address per subnet from the IPv4 range of - // the subnet. For internet-facing load balancer, you can specify one IPv6 address - // per subnet. - // - // [Gateway Load Balancers] You can specify subnets from one or more Availability - // Zones. You cannot specify Elastic IP addresses for your subnets. - SubnetMappings []*SubnetMapping `type:"list"` +// SetListenerArn sets the ListenerArn field's value. +func (s *DeleteListenerInput) SetListenerArn(v string) *DeleteListenerInput { + s.ListenerArn = &v + return s +} - // The IDs of the public subnets. You can specify only one subnet per Availability - // Zone. You must specify either subnets or subnet mappings, but not both. To - // specify an Elastic IP address, specify subnet mappings instead of subnets. - // - // [Application Load Balancers] You must specify subnets from at least two Availability - // Zones. - // - // [Application Load Balancers on Outposts] You must specify one Outpost subnet. - // - // [Application Load Balancers on Local Zones] You can specify subnets from - // one or more Local Zones. - // - // [Network Load Balancers] You can specify subnets from one or more Availability - // Zones. - // - // [Gateway Load Balancers] You can specify subnets from one or more Availability - // Zones. - Subnets []*string `type:"list"` +type DeleteListenerOutput struct { + _ struct{} `type:"structure"` +} - // The tags to assign to the load balancer. - Tags []*Tag `min:"1" type:"list"` +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteListenerOutput) String() string { + return awsutil.Prettify(s) +} - // The type of load balancer. The default is application. - Type *string `type:"string" enum:"LoadBalancerTypeEnum"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteListenerOutput) GoString() string { + return s.String() +} + +type DeleteLoadBalancerInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the load balancer. + // + // LoadBalancerArn is a required field + LoadBalancerArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -4515,7 +6521,7 @@ type CreateLoadBalancerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateLoadBalancerInput) String() string { +func (s DeleteLoadBalancerInput) String() string { return awsutil.Prettify(s) } @@ -4524,28 +6530,15 @@ func (s CreateLoadBalancerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateLoadBalancerInput) GoString() string { +func (s DeleteLoadBalancerInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateLoadBalancerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateLoadBalancerInput"} - if s.Name == nil { - invalidParams.Add(request.NewErrParamRequired("Name")) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) - } - if s.Tags != nil { - for i, v := range s.Tags { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) - } - } +func (s *DeleteLoadBalancerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteLoadBalancerInput"} + if s.LoadBalancerArn == nil { + invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) } if invalidParams.Len() > 0 { @@ -4554,65 +6547,82 @@ func (s *CreateLoadBalancerInput) Validate() error { return nil } -// SetCustomerOwnedIpv4Pool sets the CustomerOwnedIpv4Pool field's value. -func (s *CreateLoadBalancerInput) SetCustomerOwnedIpv4Pool(v string) *CreateLoadBalancerInput { - s.CustomerOwnedIpv4Pool = &v +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *DeleteLoadBalancerInput) SetLoadBalancerArn(v string) *DeleteLoadBalancerInput { + s.LoadBalancerArn = &v return s } -// SetIpAddressType sets the IpAddressType field's value. -func (s *CreateLoadBalancerInput) SetIpAddressType(v string) *CreateLoadBalancerInput { - s.IpAddressType = &v - return s +type DeleteLoadBalancerOutput struct { + _ struct{} `type:"structure"` } -// SetName sets the Name field's value. -func (s *CreateLoadBalancerInput) SetName(v string) *CreateLoadBalancerInput { - s.Name = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLoadBalancerOutput) String() string { + return awsutil.Prettify(s) } -// SetScheme sets the Scheme field's value. -func (s *CreateLoadBalancerInput) SetScheme(v string) *CreateLoadBalancerInput { - s.Scheme = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLoadBalancerOutput) GoString() string { + return s.String() } -// SetSecurityGroups sets the SecurityGroups field's value. -func (s *CreateLoadBalancerInput) SetSecurityGroups(v []*string) *CreateLoadBalancerInput { - s.SecurityGroups = v - return s +type DeleteRuleInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the rule. + // + // RuleArn is a required field + RuleArn *string `type:"string" required:"true"` } -// SetSubnetMappings sets the SubnetMappings field's value. -func (s *CreateLoadBalancerInput) SetSubnetMappings(v []*SubnetMapping) *CreateLoadBalancerInput { - s.SubnetMappings = v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteRuleInput) String() string { + return awsutil.Prettify(s) } -// SetSubnets sets the Subnets field's value. -func (s *CreateLoadBalancerInput) SetSubnets(v []*string) *CreateLoadBalancerInput { - s.Subnets = v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteRuleInput) GoString() string { + return s.String() } -// SetTags sets the Tags field's value. -func (s *CreateLoadBalancerInput) SetTags(v []*Tag) *CreateLoadBalancerInput { - s.Tags = v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteRuleInput"} + if s.RuleArn == nil { + invalidParams.Add(request.NewErrParamRequired("RuleArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetType sets the Type field's value. -func (s *CreateLoadBalancerInput) SetType(v string) *CreateLoadBalancerInput { - s.Type = &v +// SetRuleArn sets the RuleArn field's value. +func (s *DeleteRuleInput) SetRuleArn(v string) *DeleteRuleInput { + s.RuleArn = &v return s } -type CreateLoadBalancerOutput struct { +type DeleteRuleOutput struct { _ struct{} `type:"structure"` - - // Information about the load balancer. - LoadBalancers []*LoadBalancer `type:"list"` } // String returns the string representation. @@ -4620,7 +6630,7 @@ type CreateLoadBalancerOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateLoadBalancerOutput) String() string { +func (s DeleteRuleOutput) String() string { return awsutil.Prettify(s) } @@ -4629,41 +6639,17 @@ func (s CreateLoadBalancerOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateLoadBalancerOutput) GoString() string { +func (s DeleteRuleOutput) GoString() string { return s.String() } -// SetLoadBalancers sets the LoadBalancers field's value. -func (s *CreateLoadBalancerOutput) SetLoadBalancers(v []*LoadBalancer) *CreateLoadBalancerOutput { - s.LoadBalancers = v - return s -} - -type CreateRuleInput struct { +type DeleteTargetGroupInput struct { _ struct{} `type:"structure"` - // The actions. - // - // Actions is a required field - Actions []*Action `type:"list" required:"true"` - - // The conditions. - // - // Conditions is a required field - Conditions []*RuleCondition `type:"list" required:"true"` - - // The Amazon Resource Name (ARN) of the listener. - // - // ListenerArn is a required field - ListenerArn *string `type:"string" required:"true"` - - // The rule priority. A listener can't have multiple rules with the same priority. + // The Amazon Resource Name (ARN) of the target group. // - // Priority is a required field - Priority *int64 `min:"1" type:"integer" required:"true"` - - // The tags to assign to the rule. - Tags []*Tag `min:"1" type:"list"` + // TargetGroupArn is a required field + TargetGroupArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -4671,7 +6657,7 @@ type CreateRuleInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateRuleInput) String() string { +func (s DeleteTargetGroupInput) String() string { return awsutil.Prettify(s) } @@ -4680,50 +6666,15 @@ func (s CreateRuleInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateRuleInput) GoString() string { +func (s DeleteTargetGroupInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateRuleInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateRuleInput"} - if s.Actions == nil { - invalidParams.Add(request.NewErrParamRequired("Actions")) - } - if s.Conditions == nil { - invalidParams.Add(request.NewErrParamRequired("Conditions")) - } - if s.ListenerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ListenerArn")) - } - if s.Priority == nil { - invalidParams.Add(request.NewErrParamRequired("Priority")) - } - if s.Priority != nil && *s.Priority < 1 { - invalidParams.Add(request.NewErrParamMinValue("Priority", 1)) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) - } - if s.Actions != nil { - for i, v := range s.Actions { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Actions", i), err.(request.ErrInvalidParams)) - } - } - } - if s.Tags != nil { - for i, v := range s.Tags { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) - } - } +func (s *DeleteTargetGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTargetGroupInput"} + if s.TargetGroupArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) } if invalidParams.Len() > 0 { @@ -4732,41 +6683,14 @@ func (s *CreateRuleInput) Validate() error { return nil } -// SetActions sets the Actions field's value. -func (s *CreateRuleInput) SetActions(v []*Action) *CreateRuleInput { - s.Actions = v - return s -} - -// SetConditions sets the Conditions field's value. -func (s *CreateRuleInput) SetConditions(v []*RuleCondition) *CreateRuleInput { - s.Conditions = v - return s -} - -// SetListenerArn sets the ListenerArn field's value. -func (s *CreateRuleInput) SetListenerArn(v string) *CreateRuleInput { - s.ListenerArn = &v - return s -} - -// SetPriority sets the Priority field's value. -func (s *CreateRuleInput) SetPriority(v int64) *CreateRuleInput { - s.Priority = &v - return s -} - -// SetTags sets the Tags field's value. -func (s *CreateRuleInput) SetTags(v []*Tag) *CreateRuleInput { - s.Tags = v +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *DeleteTargetGroupInput) SetTargetGroupArn(v string) *DeleteTargetGroupInput { + s.TargetGroupArn = &v return s } -type CreateRuleOutput struct { +type DeleteTargetGroupOutput struct { _ struct{} `type:"structure"` - - // Information about the rule. - Rules []*Rule `type:"list"` } // String returns the string representation. @@ -4774,7 +6698,7 @@ type CreateRuleOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateRuleOutput) String() string { +func (s DeleteTargetGroupOutput) String() string { return awsutil.Prettify(s) } @@ -4782,138 +6706,18 @@ func (s CreateRuleOutput) String() string { // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s CreateRuleOutput) GoString() string { - return s.String() -} - -// SetRules sets the Rules field's value. -func (s *CreateRuleOutput) SetRules(v []*Rule) *CreateRuleOutput { - s.Rules = v - return s -} - -type CreateTargetGroupInput struct { - _ struct{} `type:"structure"` - - // Indicates whether health checks are enabled. If the target type is lambda, - // health checks are disabled by default but can be enabled. If the target type - // is instance, ip, or alb, health checks are always enabled and cannot be disabled. - HealthCheckEnabled *bool `type:"boolean"` - - // The approximate amount of time, in seconds, between health checks of an individual - // target. The range is 5-300. If the target group protocol is TCP, TLS, UDP, - // TCP_UDP, HTTP or HTTPS, the default is 30 seconds. If the target group protocol - // is GENEVE, the default is 10 seconds. If the target type is lambda, the default - // is 35 seconds. - HealthCheckIntervalSeconds *int64 `min:"5" type:"integer"` - - // [HTTP/HTTPS health checks] The destination for health checks on the targets. - // - // [HTTP1 or HTTP2 protocol version] The ping path. The default is /. - // - // [GRPC protocol version] The path of a custom health check method with the - // format /package.service/method. The default is /Amazon Web Services.ALB/healthcheck. - HealthCheckPath *string `min:"1" type:"string"` - - // The port the load balancer uses when performing health checks on targets. - // If the protocol is HTTP, HTTPS, TCP, TLS, UDP, or TCP_UDP, the default is - // traffic-port, which is the port on which each target receives traffic from - // the load balancer. If the protocol is GENEVE, the default is port 80. - HealthCheckPort *string `type:"string"` - - // The protocol the load balancer uses when performing health checks on targets. - // For Application Load Balancers, the default is HTTP. For Network Load Balancers - // and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported - // for health checks if the protocol of the target group is HTTP or HTTPS. The - // GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks. - HealthCheckProtocol *string `type:"string" enum:"ProtocolEnum"` - - // The amount of time, in seconds, during which no response from a target means - // a failed health check. The range is 2–120 seconds. For target groups with - // a protocol of HTTP, the default is 6 seconds. For target groups with a protocol - // of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a - // protocol of GENEVE, the default is 5 seconds. If the target type is lambda, - // the default is 30 seconds. - HealthCheckTimeoutSeconds *int64 `min:"2" type:"integer"` - - // The number of consecutive health check successes required before considering - // a target healthy. The range is 2-10. If the target group protocol is TCP, - // TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 5. For target groups with - // a protocol of GENEVE, the default is 5. If the target type is lambda, the - // default is 5. - HealthyThresholdCount *int64 `min:"2" type:"integer"` - - // The type of IP address used for this target group. The possible values are - // ipv4 and ipv6. This is an optional parameter. If not specified, the IP address - // type defaults to ipv4. - IpAddressType *string `type:"string" enum:"TargetGroupIpAddressTypeEnum"` - - // [HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for - // a successful response from a target. For target groups with a protocol of - // TCP, TCP_UDP, UDP or TLS the range is 200-599. For target groups with a protocol - // of HTTP or HTTPS, the range is 200-499. For target groups with a protocol - // of GENEVE, the range is 200-399. - Matcher *Matcher `type:"structure"` - - // The name of the target group. - // - // This name must be unique per region per account, can have a maximum of 32 - // characters, must contain only alphanumeric characters or hyphens, and must - // not begin or end with a hyphen. - // - // Name is a required field - Name *string `type:"string" required:"true"` - - // The port on which the targets receive traffic. This port is used unless you - // specify a port override when registering the target. If the target is a Lambda - // function, this parameter does not apply. If the protocol is GENEVE, the supported - // port is 6081. - Port *int64 `min:"1" type:"integer"` - - // The protocol to use for routing traffic to the targets. For Application Load - // Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, - // the supported protocols are TCP, TLS, UDP, or TCP_UDP. For Gateway Load Balancers, - // the supported protocol is GENEVE. A TCP_UDP listener must be associated with - // a TCP_UDP target group. If the target is a Lambda function, this parameter - // does not apply. - Protocol *string `type:"string" enum:"ProtocolEnum"` - - // [HTTP/HTTPS protocol] The protocol version. Specify GRPC to send requests - // to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. - // The default is HTTP1, which sends requests to targets using HTTP/1.1. - ProtocolVersion *string `type:"string"` - - // The tags to assign to the target group. - Tags []*Tag `min:"1" type:"list"` - - // The type of target that you must specify when registering targets with this - // target group. You can't specify targets for a target group using more than - // one target type. - // - // * instance - Register targets by instance ID. This is the default value. - // - // * ip - Register targets by IP address. You can specify IP addresses from - // the subnets of the virtual private cloud (VPC) for the target group, the - // RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the - // RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP - // addresses. - // - // * lambda - Register a single Lambda function as a target. - // - // * alb - Register a single Application Load Balancer as a target. - TargetType *string `type:"string" enum:"TargetTypeEnum"` +// value will be replaced with "sensitive". +func (s DeleteTargetGroupOutput) GoString() string { + return s.String() +} - // The number of consecutive health check failures required before considering - // a target unhealthy. The range is 2-10. If the target group protocol is TCP, - // TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 2. For target groups with - // a protocol of GENEVE, the default is 2. If the target type is lambda, the - // default is 5. - UnhealthyThresholdCount *int64 `min:"2" type:"integer"` +type DeleteTrustStoreInput struct { + _ struct{} `type:"structure"` - // The identifier of the virtual private cloud (VPC). If the target is a Lambda - // function, this parameter does not apply. Otherwise, this parameter is required. - VpcId *string `type:"string"` + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -4921,7 +6725,7 @@ type CreateTargetGroupInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateTargetGroupInput) String() string { +func (s DeleteTrustStoreInput) String() string { return awsutil.Prettify(s) } @@ -4930,46 +6734,15 @@ func (s CreateTargetGroupInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateTargetGroupInput) GoString() string { +func (s DeleteTrustStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateTargetGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateTargetGroupInput"} - if s.HealthCheckIntervalSeconds != nil && *s.HealthCheckIntervalSeconds < 5 { - invalidParams.Add(request.NewErrParamMinValue("HealthCheckIntervalSeconds", 5)) - } - if s.HealthCheckPath != nil && len(*s.HealthCheckPath) < 1 { - invalidParams.Add(request.NewErrParamMinLen("HealthCheckPath", 1)) - } - if s.HealthCheckTimeoutSeconds != nil && *s.HealthCheckTimeoutSeconds < 2 { - invalidParams.Add(request.NewErrParamMinValue("HealthCheckTimeoutSeconds", 2)) - } - if s.HealthyThresholdCount != nil && *s.HealthyThresholdCount < 2 { - invalidParams.Add(request.NewErrParamMinValue("HealthyThresholdCount", 2)) - } - if s.Name == nil { - invalidParams.Add(request.NewErrParamRequired("Name")) - } - if s.Port != nil && *s.Port < 1 { - invalidParams.Add(request.NewErrParamMinValue("Port", 1)) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) - } - if s.UnhealthyThresholdCount != nil && *s.UnhealthyThresholdCount < 2 { - invalidParams.Add(request.NewErrParamMinValue("UnhealthyThresholdCount", 2)) - } - if s.Tags != nil { - for i, v := range s.Tags { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) - } - } +func (s *DeleteTrustStoreInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTrustStoreInput"} + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -4978,113 +6751,107 @@ func (s *CreateTargetGroupInput) Validate() error { return nil } -// SetHealthCheckEnabled sets the HealthCheckEnabled field's value. -func (s *CreateTargetGroupInput) SetHealthCheckEnabled(v bool) *CreateTargetGroupInput { - s.HealthCheckEnabled = &v - return s -} - -// SetHealthCheckIntervalSeconds sets the HealthCheckIntervalSeconds field's value. -func (s *CreateTargetGroupInput) SetHealthCheckIntervalSeconds(v int64) *CreateTargetGroupInput { - s.HealthCheckIntervalSeconds = &v - return s -} - -// SetHealthCheckPath sets the HealthCheckPath field's value. -func (s *CreateTargetGroupInput) SetHealthCheckPath(v string) *CreateTargetGroupInput { - s.HealthCheckPath = &v - return s -} - -// SetHealthCheckPort sets the HealthCheckPort field's value. -func (s *CreateTargetGroupInput) SetHealthCheckPort(v string) *CreateTargetGroupInput { - s.HealthCheckPort = &v - return s -} - -// SetHealthCheckProtocol sets the HealthCheckProtocol field's value. -func (s *CreateTargetGroupInput) SetHealthCheckProtocol(v string) *CreateTargetGroupInput { - s.HealthCheckProtocol = &v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *DeleteTrustStoreInput) SetTrustStoreArn(v string) *DeleteTrustStoreInput { + s.TrustStoreArn = &v return s } -// SetHealthCheckTimeoutSeconds sets the HealthCheckTimeoutSeconds field's value. -func (s *CreateTargetGroupInput) SetHealthCheckTimeoutSeconds(v int64) *CreateTargetGroupInput { - s.HealthCheckTimeoutSeconds = &v - return s +type DeleteTrustStoreOutput struct { + _ struct{} `type:"structure"` } -// SetHealthyThresholdCount sets the HealthyThresholdCount field's value. -func (s *CreateTargetGroupInput) SetHealthyThresholdCount(v int64) *CreateTargetGroupInput { - s.HealthyThresholdCount = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTrustStoreOutput) String() string { + return awsutil.Prettify(s) } -// SetIpAddressType sets the IpAddressType field's value. -func (s *CreateTargetGroupInput) SetIpAddressType(v string) *CreateTargetGroupInput { - s.IpAddressType = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTrustStoreOutput) GoString() string { + return s.String() } -// SetMatcher sets the Matcher field's value. -func (s *CreateTargetGroupInput) SetMatcher(v *Matcher) *CreateTargetGroupInput { - s.Matcher = v - return s -} +type DeregisterTargetsInput struct { + _ struct{} `type:"structure"` -// SetName sets the Name field's value. -func (s *CreateTargetGroupInput) SetName(v string) *CreateTargetGroupInput { - s.Name = &v - return s -} + // The Amazon Resource Name (ARN) of the target group. + // + // TargetGroupArn is a required field + TargetGroupArn *string `type:"string" required:"true"` -// SetPort sets the Port field's value. -func (s *CreateTargetGroupInput) SetPort(v int64) *CreateTargetGroupInput { - s.Port = &v - return s + // The targets. If you specified a port override when you registered a target, + // you must specify both the target ID and the port when you deregister it. + // + // Targets is a required field + Targets []*TargetDescription `type:"list" required:"true"` } -// SetProtocol sets the Protocol field's value. -func (s *CreateTargetGroupInput) SetProtocol(v string) *CreateTargetGroupInput { - s.Protocol = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeregisterTargetsInput) String() string { + return awsutil.Prettify(s) } -// SetProtocolVersion sets the ProtocolVersion field's value. -func (s *CreateTargetGroupInput) SetProtocolVersion(v string) *CreateTargetGroupInput { - s.ProtocolVersion = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeregisterTargetsInput) GoString() string { + return s.String() } -// SetTags sets the Tags field's value. -func (s *CreateTargetGroupInput) SetTags(v []*Tag) *CreateTargetGroupInput { - s.Tags = v - return s -} +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeregisterTargetsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeregisterTargetsInput"} + if s.TargetGroupArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) + } + if s.Targets == nil { + invalidParams.Add(request.NewErrParamRequired("Targets")) + } + if s.Targets != nil { + for i, v := range s.Targets { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Targets", i), err.(request.ErrInvalidParams)) + } + } + } -// SetTargetType sets the TargetType field's value. -func (s *CreateTargetGroupInput) SetTargetType(v string) *CreateTargetGroupInput { - s.TargetType = &v - return s + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetUnhealthyThresholdCount sets the UnhealthyThresholdCount field's value. -func (s *CreateTargetGroupInput) SetUnhealthyThresholdCount(v int64) *CreateTargetGroupInput { - s.UnhealthyThresholdCount = &v +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *DeregisterTargetsInput) SetTargetGroupArn(v string) *DeregisterTargetsInput { + s.TargetGroupArn = &v return s } -// SetVpcId sets the VpcId field's value. -func (s *CreateTargetGroupInput) SetVpcId(v string) *CreateTargetGroupInput { - s.VpcId = &v +// SetTargets sets the Targets field's value. +func (s *DeregisterTargetsInput) SetTargets(v []*TargetDescription) *DeregisterTargetsInput { + s.Targets = v return s } -type CreateTargetGroupOutput struct { +type DeregisterTargetsOutput struct { _ struct{} `type:"structure"` - - // Information about the target group. - TargetGroups []*TargetGroup `type:"list"` } // String returns the string representation. @@ -5092,7 +6859,7 @@ type CreateTargetGroupOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateTargetGroupOutput) String() string { +func (s DeregisterTargetsOutput) String() string { return awsutil.Prettify(s) } @@ -5101,23 +6868,19 @@ func (s CreateTargetGroupOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateTargetGroupOutput) GoString() string { +func (s DeregisterTargetsOutput) GoString() string { return s.String() } -// SetTargetGroups sets the TargetGroups field's value. -func (s *CreateTargetGroupOutput) SetTargetGroups(v []*TargetGroup) *CreateTargetGroupOutput { - s.TargetGroups = v - return s -} - -type DeleteListenerInput struct { +type DescribeAccountLimitsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the listener. - // - // ListenerArn is a required field - ListenerArn *string `type:"string" required:"true"` + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` } // String returns the string representation. @@ -5125,7 +6888,7 @@ type DeleteListenerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteListenerInput) String() string { +func (s DescribeAccountLimitsInput) String() string { return awsutil.Prettify(s) } @@ -5134,15 +6897,15 @@ func (s DeleteListenerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteListenerInput) GoString() string { +func (s DescribeAccountLimitsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteListenerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteListenerInput"} - if s.ListenerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ListenerArn")) +func (s *DescribeAccountLimitsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeAccountLimitsInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -5151,14 +6914,27 @@ func (s *DeleteListenerInput) Validate() error { return nil } -// SetListenerArn sets the ListenerArn field's value. -func (s *DeleteListenerInput) SetListenerArn(v string) *DeleteListenerInput { - s.ListenerArn = &v +// SetMarker sets the Marker field's value. +func (s *DescribeAccountLimitsInput) SetMarker(v string) *DescribeAccountLimitsInput { + s.Marker = &v return s } -type DeleteListenerOutput struct { +// SetPageSize sets the PageSize field's value. +func (s *DescribeAccountLimitsInput) SetPageSize(v int64) *DescribeAccountLimitsInput { + s.PageSize = &v + return s +} + +type DescribeAccountLimitsOutput struct { _ struct{} `type:"structure"` + + // Information about the limits. + Limits []*Limit `type:"list"` + + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` } // String returns the string representation. @@ -5166,7 +6942,7 @@ type DeleteListenerOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteListenerOutput) String() string { +func (s DescribeAccountLimitsOutput) String() string { return awsutil.Prettify(s) } @@ -5175,17 +6951,36 @@ func (s DeleteListenerOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteListenerOutput) GoString() string { +func (s DescribeAccountLimitsOutput) GoString() string { return s.String() } -type DeleteLoadBalancerInput struct { +// SetLimits sets the Limits field's value. +func (s *DescribeAccountLimitsOutput) SetLimits(v []*Limit) *DescribeAccountLimitsOutput { + s.Limits = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeAccountLimitsOutput) SetNextMarker(v string) *DescribeAccountLimitsOutput { + s.NextMarker = &v + return s +} + +type DescribeListenerCertificatesInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the load balancer. + // The Amazon Resource Names (ARN) of the listener. // - // LoadBalancerArn is a required field - LoadBalancerArn *string `type:"string" required:"true"` + // ListenerArn is a required field + ListenerArn *string `type:"string" required:"true"` + + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` } // String returns the string representation. @@ -5193,7 +6988,7 @@ type DeleteLoadBalancerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteLoadBalancerInput) String() string { +func (s DescribeListenerCertificatesInput) String() string { return awsutil.Prettify(s) } @@ -5202,15 +6997,18 @@ func (s DeleteLoadBalancerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteLoadBalancerInput) GoString() string { +func (s DescribeListenerCertificatesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteLoadBalancerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteLoadBalancerInput"} - if s.LoadBalancerArn == nil { - invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) +func (s *DescribeListenerCertificatesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeListenerCertificatesInput"} + if s.ListenerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + } + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -5219,14 +7017,33 @@ func (s *DeleteLoadBalancerInput) Validate() error { return nil } -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *DeleteLoadBalancerInput) SetLoadBalancerArn(v string) *DeleteLoadBalancerInput { - s.LoadBalancerArn = &v +// SetListenerArn sets the ListenerArn field's value. +func (s *DescribeListenerCertificatesInput) SetListenerArn(v string) *DescribeListenerCertificatesInput { + s.ListenerArn = &v return s } -type DeleteLoadBalancerOutput struct { +// SetMarker sets the Marker field's value. +func (s *DescribeListenerCertificatesInput) SetMarker(v string) *DescribeListenerCertificatesInput { + s.Marker = &v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *DescribeListenerCertificatesInput) SetPageSize(v int64) *DescribeListenerCertificatesInput { + s.PageSize = &v + return s +} + +type DescribeListenerCertificatesOutput struct { _ struct{} `type:"structure"` + + // Information about the certificates. + Certificates []*Certificate `type:"list"` + + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` } // String returns the string representation. @@ -5234,7 +7051,7 @@ type DeleteLoadBalancerOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteLoadBalancerOutput) String() string { +func (s DescribeListenerCertificatesOutput) String() string { return awsutil.Prettify(s) } @@ -5243,17 +7060,37 @@ func (s DeleteLoadBalancerOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteLoadBalancerOutput) GoString() string { +func (s DescribeListenerCertificatesOutput) GoString() string { return s.String() } -type DeleteRuleInput struct { +// SetCertificates sets the Certificates field's value. +func (s *DescribeListenerCertificatesOutput) SetCertificates(v []*Certificate) *DescribeListenerCertificatesOutput { + s.Certificates = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeListenerCertificatesOutput) SetNextMarker(v string) *DescribeListenerCertificatesOutput { + s.NextMarker = &v + return s +} + +type DescribeListenersInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the rule. - // - // RuleArn is a required field - RuleArn *string `type:"string" required:"true"` + // The Amazon Resource Names (ARN) of the listeners. + ListenerArns []*string `type:"list"` + + // The Amazon Resource Name (ARN) of the load balancer. + LoadBalancerArn *string `type:"string"` + + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` } // String returns the string representation. @@ -5261,7 +7098,7 @@ type DeleteRuleInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteRuleInput) String() string { +func (s DescribeListenersInput) String() string { return awsutil.Prettify(s) } @@ -5270,15 +7107,15 @@ func (s DeleteRuleInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteRuleInput) GoString() string { +func (s DescribeListenersInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteRuleInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteRuleInput"} - if s.RuleArn == nil { - invalidParams.Add(request.NewErrParamRequired("RuleArn")) +func (s *DescribeListenersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeListenersInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -5287,14 +7124,39 @@ func (s *DeleteRuleInput) Validate() error { return nil } -// SetRuleArn sets the RuleArn field's value. -func (s *DeleteRuleInput) SetRuleArn(v string) *DeleteRuleInput { - s.RuleArn = &v +// SetListenerArns sets the ListenerArns field's value. +func (s *DescribeListenersInput) SetListenerArns(v []*string) *DescribeListenersInput { + s.ListenerArns = v return s } -type DeleteRuleOutput struct { +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *DescribeListenersInput) SetLoadBalancerArn(v string) *DescribeListenersInput { + s.LoadBalancerArn = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeListenersInput) SetMarker(v string) *DescribeListenersInput { + s.Marker = &v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *DescribeListenersInput) SetPageSize(v int64) *DescribeListenersInput { + s.PageSize = &v + return s +} + +type DescribeListenersOutput struct { _ struct{} `type:"structure"` + + // Information about the listeners. + Listeners []*Listener `type:"list"` + + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` } // String returns the string representation. @@ -5302,7 +7164,7 @@ type DeleteRuleOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteRuleOutput) String() string { +func (s DescribeListenersOutput) String() string { return awsutil.Prettify(s) } @@ -5311,17 +7173,29 @@ func (s DeleteRuleOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteRuleOutput) GoString() string { +func (s DescribeListenersOutput) GoString() string { return s.String() } -type DeleteTargetGroupInput struct { +// SetListeners sets the Listeners field's value. +func (s *DescribeListenersOutput) SetListeners(v []*Listener) *DescribeListenersOutput { + s.Listeners = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeListenersOutput) SetNextMarker(v string) *DescribeListenersOutput { + s.NextMarker = &v + return s +} + +type DescribeLoadBalancerAttributesInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the target group. + // The Amazon Resource Name (ARN) of the load balancer. // - // TargetGroupArn is a required field - TargetGroupArn *string `type:"string" required:"true"` + // LoadBalancerArn is a required field + LoadBalancerArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -5329,7 +7203,7 @@ type DeleteTargetGroupInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteTargetGroupInput) String() string { +func (s DescribeLoadBalancerAttributesInput) String() string { return awsutil.Prettify(s) } @@ -5338,15 +7212,15 @@ func (s DeleteTargetGroupInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteTargetGroupInput) GoString() string { +func (s DescribeLoadBalancerAttributesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteTargetGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteTargetGroupInput"} - if s.TargetGroupArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) +func (s *DescribeLoadBalancerAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLoadBalancerAttributesInput"} + if s.LoadBalancerArn == nil { + invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) } if invalidParams.Len() > 0 { @@ -5355,14 +7229,17 @@ func (s *DeleteTargetGroupInput) Validate() error { return nil } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *DeleteTargetGroupInput) SetTargetGroupArn(v string) *DeleteTargetGroupInput { - s.TargetGroupArn = &v +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *DescribeLoadBalancerAttributesInput) SetLoadBalancerArn(v string) *DescribeLoadBalancerAttributesInput { + s.LoadBalancerArn = &v return s } -type DeleteTargetGroupOutput struct { +type DescribeLoadBalancerAttributesOutput struct { _ struct{} `type:"structure"` + + // Information about the load balancer attributes. + Attributes []*LoadBalancerAttribute `type:"list"` } // String returns the string representation. @@ -5370,7 +7247,7 @@ type DeleteTargetGroupOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteTargetGroupOutput) String() string { +func (s DescribeLoadBalancerAttributesOutput) String() string { return awsutil.Prettify(s) } @@ -5379,23 +7256,32 @@ func (s DeleteTargetGroupOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteTargetGroupOutput) GoString() string { +func (s DescribeLoadBalancerAttributesOutput) GoString() string { return s.String() } -type DeregisterTargetsInput struct { +// SetAttributes sets the Attributes field's value. +func (s *DescribeLoadBalancerAttributesOutput) SetAttributes(v []*LoadBalancerAttribute) *DescribeLoadBalancerAttributesOutput { + s.Attributes = v + return s +} + +type DescribeLoadBalancersInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the target group. - // - // TargetGroupArn is a required field - TargetGroupArn *string `type:"string" required:"true"` + // The Amazon Resource Names (ARN) of the load balancers. You can specify up + // to 20 load balancers in a single call. + LoadBalancerArns []*string `type:"list"` - // The targets. If you specified a port override when you registered a target, - // you must specify both the target ID and the port when you deregister it. - // - // Targets is a required field - Targets []*TargetDescription `type:"list" required:"true"` + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The names of the load balancers. + Names []*string `type:"list"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` } // String returns the string representation. @@ -5403,7 +7289,7 @@ type DeregisterTargetsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeregisterTargetsInput) String() string { +func (s DescribeLoadBalancersInput) String() string { return awsutil.Prettify(s) } @@ -5412,28 +7298,15 @@ func (s DeregisterTargetsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeregisterTargetsInput) GoString() string { +func (s DescribeLoadBalancersInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeregisterTargetsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeregisterTargetsInput"} - if s.TargetGroupArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) - } - if s.Targets == nil { - invalidParams.Add(request.NewErrParamRequired("Targets")) - } - if s.Targets != nil { - for i, v := range s.Targets { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Targets", i), err.(request.ErrInvalidParams)) - } - } +func (s *DescribeLoadBalancersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLoadBalancersInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -5442,20 +7315,39 @@ func (s *DeregisterTargetsInput) Validate() error { return nil } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *DeregisterTargetsInput) SetTargetGroupArn(v string) *DeregisterTargetsInput { - s.TargetGroupArn = &v +// SetLoadBalancerArns sets the LoadBalancerArns field's value. +func (s *DescribeLoadBalancersInput) SetLoadBalancerArns(v []*string) *DescribeLoadBalancersInput { + s.LoadBalancerArns = v return s } -// SetTargets sets the Targets field's value. -func (s *DeregisterTargetsInput) SetTargets(v []*TargetDescription) *DeregisterTargetsInput { - s.Targets = v +// SetMarker sets the Marker field's value. +func (s *DescribeLoadBalancersInput) SetMarker(v string) *DescribeLoadBalancersInput { + s.Marker = &v return s } -type DeregisterTargetsOutput struct { +// SetNames sets the Names field's value. +func (s *DescribeLoadBalancersInput) SetNames(v []*string) *DescribeLoadBalancersInput { + s.Names = v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *DescribeLoadBalancersInput) SetPageSize(v int64) *DescribeLoadBalancersInput { + s.PageSize = &v + return s +} + +type DescribeLoadBalancersOutput struct { _ struct{} `type:"structure"` + + // Information about the load balancers. + LoadBalancers []*LoadBalancer `type:"list"` + + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` } // String returns the string representation. @@ -5463,7 +7355,7 @@ type DeregisterTargetsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeregisterTargetsOutput) String() string { +func (s DescribeLoadBalancersOutput) String() string { return awsutil.Prettify(s) } @@ -5472,19 +7364,37 @@ func (s DeregisterTargetsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeregisterTargetsOutput) GoString() string { +func (s DescribeLoadBalancersOutput) GoString() string { return s.String() } -type DescribeAccountLimitsInput struct { +// SetLoadBalancers sets the LoadBalancers field's value. +func (s *DescribeLoadBalancersOutput) SetLoadBalancers(v []*LoadBalancer) *DescribeLoadBalancersOutput { + s.LoadBalancers = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeLoadBalancersOutput) SetNextMarker(v string) *DescribeLoadBalancersOutput { + s.NextMarker = &v + return s +} + +type DescribeRulesInput struct { _ struct{} `type:"structure"` + // The Amazon Resource Name (ARN) of the listener. + ListenerArn *string `type:"string"` + // The marker for the next set of results. (You received this marker from a // previous call.) Marker *string `type:"string"` // The maximum number of results to return with this call. PageSize *int64 `min:"1" type:"integer"` + + // The Amazon Resource Names (ARN) of the rules. + RuleArns []*string `type:"list"` } // String returns the string representation. @@ -5492,7 +7402,7 @@ type DescribeAccountLimitsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeAccountLimitsInput) String() string { +func (s DescribeRulesInput) String() string { return awsutil.Prettify(s) } @@ -5501,13 +7411,13 @@ func (s DescribeAccountLimitsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeAccountLimitsInput) GoString() string { +func (s DescribeRulesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeAccountLimitsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeAccountLimitsInput"} +func (s *DescribeRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeRulesInput"} if s.PageSize != nil && *s.PageSize < 1 { invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } @@ -5518,27 +7428,39 @@ func (s *DescribeAccountLimitsInput) Validate() error { return nil } +// SetListenerArn sets the ListenerArn field's value. +func (s *DescribeRulesInput) SetListenerArn(v string) *DescribeRulesInput { + s.ListenerArn = &v + return s +} + // SetMarker sets the Marker field's value. -func (s *DescribeAccountLimitsInput) SetMarker(v string) *DescribeAccountLimitsInput { +func (s *DescribeRulesInput) SetMarker(v string) *DescribeRulesInput { s.Marker = &v return s } // SetPageSize sets the PageSize field's value. -func (s *DescribeAccountLimitsInput) SetPageSize(v int64) *DescribeAccountLimitsInput { +func (s *DescribeRulesInput) SetPageSize(v int64) *DescribeRulesInput { s.PageSize = &v return s } -type DescribeAccountLimitsOutput struct { - _ struct{} `type:"structure"` +// SetRuleArns sets the RuleArns field's value. +func (s *DescribeRulesInput) SetRuleArns(v []*string) *DescribeRulesInput { + s.RuleArns = v + return s +} - // Information about the limits. - Limits []*Limit `type:"list"` +type DescribeRulesOutput struct { + _ struct{} `type:"structure"` // If there are additional results, this is the marker for the next set of results. // Otherwise, this is null. NextMarker *string `type:"string"` + + // Information about the rules. + Rules []*Rule `type:"list"` } // String returns the string representation. @@ -5546,7 +7468,7 @@ type DescribeAccountLimitsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeAccountLimitsOutput) String() string { +func (s DescribeRulesOutput) String() string { return awsutil.Prettify(s) } @@ -5555,34 +7477,36 @@ func (s DescribeAccountLimitsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeAccountLimitsOutput) GoString() string { +func (s DescribeRulesOutput) GoString() string { return s.String() } -// SetLimits sets the Limits field's value. -func (s *DescribeAccountLimitsOutput) SetLimits(v []*Limit) *DescribeAccountLimitsOutput { - s.Limits = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeRulesOutput) SetNextMarker(v string) *DescribeRulesOutput { + s.NextMarker = &v return s } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeAccountLimitsOutput) SetNextMarker(v string) *DescribeAccountLimitsOutput { - s.NextMarker = &v +// SetRules sets the Rules field's value. +func (s *DescribeRulesOutput) SetRules(v []*Rule) *DescribeRulesOutput { + s.Rules = v return s } -type DescribeListenerCertificatesInput struct { +type DescribeSSLPoliciesInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the listener. - // - // ListenerArn is a required field - ListenerArn *string `type:"string" required:"true"` + // The type of load balancer. The default lists the SSL policies for all load + // balancers. + LoadBalancerType *string `type:"string" enum:"LoadBalancerTypeEnum"` // The marker for the next set of results. (You received this marker from a // previous call.) Marker *string `type:"string"` + // The names of the policies. + Names []*string `type:"list"` + // The maximum number of results to return with this call. PageSize *int64 `min:"1" type:"integer"` } @@ -5592,7 +7516,7 @@ type DescribeListenerCertificatesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenerCertificatesInput) String() string { +func (s DescribeSSLPoliciesInput) String() string { return awsutil.Prettify(s) } @@ -5601,16 +7525,13 @@ func (s DescribeListenerCertificatesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenerCertificatesInput) GoString() string { +func (s DescribeSSLPoliciesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeListenerCertificatesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeListenerCertificatesInput"} - if s.ListenerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ListenerArn")) - } +func (s *DescribeSSLPoliciesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSSLPoliciesInput"} if s.PageSize != nil && *s.PageSize < 1 { invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } @@ -5621,33 +7542,39 @@ func (s *DescribeListenerCertificatesInput) Validate() error { return nil } -// SetListenerArn sets the ListenerArn field's value. -func (s *DescribeListenerCertificatesInput) SetListenerArn(v string) *DescribeListenerCertificatesInput { - s.ListenerArn = &v +// SetLoadBalancerType sets the LoadBalancerType field's value. +func (s *DescribeSSLPoliciesInput) SetLoadBalancerType(v string) *DescribeSSLPoliciesInput { + s.LoadBalancerType = &v return s } // SetMarker sets the Marker field's value. -func (s *DescribeListenerCertificatesInput) SetMarker(v string) *DescribeListenerCertificatesInput { +func (s *DescribeSSLPoliciesInput) SetMarker(v string) *DescribeSSLPoliciesInput { s.Marker = &v return s } +// SetNames sets the Names field's value. +func (s *DescribeSSLPoliciesInput) SetNames(v []*string) *DescribeSSLPoliciesInput { + s.Names = v + return s +} + // SetPageSize sets the PageSize field's value. -func (s *DescribeListenerCertificatesInput) SetPageSize(v int64) *DescribeListenerCertificatesInput { +func (s *DescribeSSLPoliciesInput) SetPageSize(v int64) *DescribeSSLPoliciesInput { s.PageSize = &v return s } -type DescribeListenerCertificatesOutput struct { +type DescribeSSLPoliciesOutput struct { _ struct{} `type:"structure"` - // Information about the certificates. - Certificates []*Certificate `type:"list"` - // If there are additional results, this is the marker for the next set of results. // Otherwise, this is null. NextMarker *string `type:"string"` + + // Information about the security policies. + SslPolicies []*SslPolicy `type:"list"` } // String returns the string representation. @@ -5655,7 +7582,7 @@ type DescribeListenerCertificatesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenerCertificatesOutput) String() string { +func (s DescribeSSLPoliciesOutput) String() string { return awsutil.Prettify(s) } @@ -5664,37 +7591,30 @@ func (s DescribeListenerCertificatesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenerCertificatesOutput) GoString() string { +func (s DescribeSSLPoliciesOutput) GoString() string { return s.String() } -// SetCertificates sets the Certificates field's value. -func (s *DescribeListenerCertificatesOutput) SetCertificates(v []*Certificate) *DescribeListenerCertificatesOutput { - s.Certificates = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeSSLPoliciesOutput) SetNextMarker(v string) *DescribeSSLPoliciesOutput { + s.NextMarker = &v return s } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeListenerCertificatesOutput) SetNextMarker(v string) *DescribeListenerCertificatesOutput { - s.NextMarker = &v +// SetSslPolicies sets the SslPolicies field's value. +func (s *DescribeSSLPoliciesOutput) SetSslPolicies(v []*SslPolicy) *DescribeSSLPoliciesOutput { + s.SslPolicies = v return s } -type DescribeListenersInput struct { +type DescribeTagsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the listeners. - ListenerArns []*string `type:"list"` - - // The Amazon Resource Name (ARN) of the load balancer. - LoadBalancerArn *string `type:"string"` - - // The marker for the next set of results. (You received this marker from a - // previous call.) - Marker *string `type:"string"` - - // The maximum number of results to return with this call. - PageSize *int64 `min:"1" type:"integer"` + // The Amazon Resource Names (ARN) of the resources. You can specify up to 20 + // resources in a single call. + // + // ResourceArns is a required field + ResourceArns []*string `type:"list" required:"true"` } // String returns the string representation. @@ -5702,7 +7622,7 @@ type DescribeListenersInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenersInput) String() string { +func (s DescribeTagsInput) String() string { return awsutil.Prettify(s) } @@ -5711,15 +7631,15 @@ func (s DescribeListenersInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenersInput) GoString() string { +func (s DescribeTagsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeListenersInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeListenersInput"} - if s.PageSize != nil && *s.PageSize < 1 { - invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) +func (s *DescribeTagsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTagsInput"} + if s.ResourceArns == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArns")) } if invalidParams.Len() > 0 { @@ -5728,39 +7648,17 @@ func (s *DescribeListenersInput) Validate() error { return nil } -// SetListenerArns sets the ListenerArns field's value. -func (s *DescribeListenersInput) SetListenerArns(v []*string) *DescribeListenersInput { - s.ListenerArns = v - return s -} - -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *DescribeListenersInput) SetLoadBalancerArn(v string) *DescribeListenersInput { - s.LoadBalancerArn = &v - return s -} - -// SetMarker sets the Marker field's value. -func (s *DescribeListenersInput) SetMarker(v string) *DescribeListenersInput { - s.Marker = &v - return s -} - -// SetPageSize sets the PageSize field's value. -func (s *DescribeListenersInput) SetPageSize(v int64) *DescribeListenersInput { - s.PageSize = &v +// SetResourceArns sets the ResourceArns field's value. +func (s *DescribeTagsInput) SetResourceArns(v []*string) *DescribeTagsInput { + s.ResourceArns = v return s } -type DescribeListenersOutput struct { +type DescribeTagsOutput struct { _ struct{} `type:"structure"` - // Information about the listeners. - Listeners []*Listener `type:"list"` - - // If there are additional results, this is the marker for the next set of results. - // Otherwise, this is null. - NextMarker *string `type:"string"` + // Information about the tags. + TagDescriptions []*TagDescription `type:"list"` } // String returns the string representation. @@ -5768,7 +7666,7 @@ type DescribeListenersOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenersOutput) String() string { +func (s DescribeTagsOutput) String() string { return awsutil.Prettify(s) } @@ -5777,29 +7675,23 @@ func (s DescribeListenersOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenersOutput) GoString() string { +func (s DescribeTagsOutput) GoString() string { return s.String() } -// SetListeners sets the Listeners field's value. -func (s *DescribeListenersOutput) SetListeners(v []*Listener) *DescribeListenersOutput { - s.Listeners = v - return s -} - -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeListenersOutput) SetNextMarker(v string) *DescribeListenersOutput { - s.NextMarker = &v +// SetTagDescriptions sets the TagDescriptions field's value. +func (s *DescribeTagsOutput) SetTagDescriptions(v []*TagDescription) *DescribeTagsOutput { + s.TagDescriptions = v return s } -type DescribeLoadBalancerAttributesInput struct { +type DescribeTargetGroupAttributesInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the load balancer. - // - // LoadBalancerArn is a required field - LoadBalancerArn *string `type:"string" required:"true"` + // The Amazon Resource Name (ARN) of the target group. + // + // TargetGroupArn is a required field + TargetGroupArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -5807,7 +7699,7 @@ type DescribeLoadBalancerAttributesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancerAttributesInput) String() string { +func (s DescribeTargetGroupAttributesInput) String() string { return awsutil.Prettify(s) } @@ -5816,15 +7708,15 @@ func (s DescribeLoadBalancerAttributesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancerAttributesInput) GoString() string { +func (s DescribeTargetGroupAttributesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeLoadBalancerAttributesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeLoadBalancerAttributesInput"} - if s.LoadBalancerArn == nil { - invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) +func (s *DescribeTargetGroupAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTargetGroupAttributesInput"} + if s.TargetGroupArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) } if invalidParams.Len() > 0 { @@ -5833,17 +7725,17 @@ func (s *DescribeLoadBalancerAttributesInput) Validate() error { return nil } -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *DescribeLoadBalancerAttributesInput) SetLoadBalancerArn(v string) *DescribeLoadBalancerAttributesInput { - s.LoadBalancerArn = &v +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *DescribeTargetGroupAttributesInput) SetTargetGroupArn(v string) *DescribeTargetGroupAttributesInput { + s.TargetGroupArn = &v return s } -type DescribeLoadBalancerAttributesOutput struct { +type DescribeTargetGroupAttributesOutput struct { _ struct{} `type:"structure"` - // Information about the load balancer attributes. - Attributes []*LoadBalancerAttribute `type:"list"` + // Information about the target group attributes + Attributes []*TargetGroupAttribute `type:"list"` } // String returns the string representation. @@ -5851,7 +7743,7 @@ type DescribeLoadBalancerAttributesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancerAttributesOutput) String() string { +func (s DescribeTargetGroupAttributesOutput) String() string { return awsutil.Prettify(s) } @@ -5860,32 +7752,34 @@ func (s DescribeLoadBalancerAttributesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancerAttributesOutput) GoString() string { +func (s DescribeTargetGroupAttributesOutput) GoString() string { return s.String() } // SetAttributes sets the Attributes field's value. -func (s *DescribeLoadBalancerAttributesOutput) SetAttributes(v []*LoadBalancerAttribute) *DescribeLoadBalancerAttributesOutput { +func (s *DescribeTargetGroupAttributesOutput) SetAttributes(v []*TargetGroupAttribute) *DescribeTargetGroupAttributesOutput { s.Attributes = v return s } -type DescribeLoadBalancersInput struct { +type DescribeTargetGroupsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the load balancers. You can specify up - // to 20 load balancers in a single call. - LoadBalancerArns []*string `type:"list"` + // The Amazon Resource Name (ARN) of the load balancer. + LoadBalancerArn *string `type:"string"` // The marker for the next set of results. (You received this marker from a // previous call.) Marker *string `type:"string"` - // The names of the load balancers. + // The names of the target groups. Names []*string `type:"list"` // The maximum number of results to return with this call. PageSize *int64 `min:"1" type:"integer"` + + // The Amazon Resource Names (ARN) of the target groups. + TargetGroupArns []*string `type:"list"` } // String returns the string representation. @@ -5893,7 +7787,7 @@ type DescribeLoadBalancersInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancersInput) String() string { +func (s DescribeTargetGroupsInput) String() string { return awsutil.Prettify(s) } @@ -5902,13 +7796,13 @@ func (s DescribeLoadBalancersInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancersInput) GoString() string { +func (s DescribeTargetGroupsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeLoadBalancersInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeLoadBalancersInput"} +func (s *DescribeTargetGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTargetGroupsInput"} if s.PageSize != nil && *s.PageSize < 1 { invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } @@ -5919,39 +7813,45 @@ func (s *DescribeLoadBalancersInput) Validate() error { return nil } -// SetLoadBalancerArns sets the LoadBalancerArns field's value. -func (s *DescribeLoadBalancersInput) SetLoadBalancerArns(v []*string) *DescribeLoadBalancersInput { - s.LoadBalancerArns = v +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *DescribeTargetGroupsInput) SetLoadBalancerArn(v string) *DescribeTargetGroupsInput { + s.LoadBalancerArn = &v return s } // SetMarker sets the Marker field's value. -func (s *DescribeLoadBalancersInput) SetMarker(v string) *DescribeLoadBalancersInput { +func (s *DescribeTargetGroupsInput) SetMarker(v string) *DescribeTargetGroupsInput { s.Marker = &v return s } // SetNames sets the Names field's value. -func (s *DescribeLoadBalancersInput) SetNames(v []*string) *DescribeLoadBalancersInput { +func (s *DescribeTargetGroupsInput) SetNames(v []*string) *DescribeTargetGroupsInput { s.Names = v return s } // SetPageSize sets the PageSize field's value. -func (s *DescribeLoadBalancersInput) SetPageSize(v int64) *DescribeLoadBalancersInput { +func (s *DescribeTargetGroupsInput) SetPageSize(v int64) *DescribeTargetGroupsInput { s.PageSize = &v return s } -type DescribeLoadBalancersOutput struct { - _ struct{} `type:"structure"` +// SetTargetGroupArns sets the TargetGroupArns field's value. +func (s *DescribeTargetGroupsInput) SetTargetGroupArns(v []*string) *DescribeTargetGroupsInput { + s.TargetGroupArns = v + return s +} - // Information about the load balancers. - LoadBalancers []*LoadBalancer `type:"list"` +type DescribeTargetGroupsOutput struct { + _ struct{} `type:"structure"` // If there are additional results, this is the marker for the next set of results. // Otherwise, this is null. NextMarker *string `type:"string"` + + // Information about the target groups. + TargetGroups []*TargetGroup `type:"list"` } // String returns the string representation. @@ -5959,7 +7859,7 @@ type DescribeLoadBalancersOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancersOutput) String() string { +func (s DescribeTargetGroupsOutput) String() string { return awsutil.Prettify(s) } @@ -5968,37 +7868,35 @@ func (s DescribeLoadBalancersOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancersOutput) GoString() string { +func (s DescribeTargetGroupsOutput) GoString() string { return s.String() } -// SetLoadBalancers sets the LoadBalancers field's value. -func (s *DescribeLoadBalancersOutput) SetLoadBalancers(v []*LoadBalancer) *DescribeLoadBalancersOutput { - s.LoadBalancers = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeTargetGroupsOutput) SetNextMarker(v string) *DescribeTargetGroupsOutput { + s.NextMarker = &v return s } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeLoadBalancersOutput) SetNextMarker(v string) *DescribeLoadBalancersOutput { - s.NextMarker = &v +// SetTargetGroups sets the TargetGroups field's value. +func (s *DescribeTargetGroupsOutput) SetTargetGroups(v []*TargetGroup) *DescribeTargetGroupsOutput { + s.TargetGroups = v return s } -type DescribeRulesInput struct { +type DescribeTargetHealthInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the listener. - ListenerArn *string `type:"string"` - - // The marker for the next set of results. (You received this marker from a - // previous call.) - Marker *string `type:"string"` + // Used to inclue anomaly detection information. + Include []*string `type:"list" enum:"DescribeTargetHealthInputIncludeEnum"` - // The maximum number of results to return with this call. - PageSize *int64 `min:"1" type:"integer"` + // The Amazon Resource Name (ARN) of the target group. + // + // TargetGroupArn is a required field + TargetGroupArn *string `type:"string" required:"true"` - // The Amazon Resource Names (ARN) of the rules. - RuleArns []*string `type:"list"` + // The targets. + Targets []*TargetDescription `type:"list"` } // String returns the string representation. @@ -6006,7 +7904,7 @@ type DescribeRulesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeRulesInput) String() string { +func (s DescribeTargetHealthInput) String() string { return awsutil.Prettify(s) } @@ -6015,15 +7913,25 @@ func (s DescribeRulesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeRulesInput) GoString() string { +func (s DescribeTargetHealthInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeRulesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeRulesInput"} - if s.PageSize != nil && *s.PageSize < 1 { - invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) +func (s *DescribeTargetHealthInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTargetHealthInput"} + if s.TargetGroupArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) + } + if s.Targets != nil { + for i, v := range s.Targets { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Targets", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -6032,39 +7940,29 @@ func (s *DescribeRulesInput) Validate() error { return nil } -// SetListenerArn sets the ListenerArn field's value. -func (s *DescribeRulesInput) SetListenerArn(v string) *DescribeRulesInput { - s.ListenerArn = &v - return s -} - -// SetMarker sets the Marker field's value. -func (s *DescribeRulesInput) SetMarker(v string) *DescribeRulesInput { - s.Marker = &v +// SetInclude sets the Include field's value. +func (s *DescribeTargetHealthInput) SetInclude(v []*string) *DescribeTargetHealthInput { + s.Include = v return s } -// SetPageSize sets the PageSize field's value. -func (s *DescribeRulesInput) SetPageSize(v int64) *DescribeRulesInput { - s.PageSize = &v +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *DescribeTargetHealthInput) SetTargetGroupArn(v string) *DescribeTargetHealthInput { + s.TargetGroupArn = &v return s } -// SetRuleArns sets the RuleArns field's value. -func (s *DescribeRulesInput) SetRuleArns(v []*string) *DescribeRulesInput { - s.RuleArns = v +// SetTargets sets the Targets field's value. +func (s *DescribeTargetHealthInput) SetTargets(v []*TargetDescription) *DescribeTargetHealthInput { + s.Targets = v return s } -type DescribeRulesOutput struct { +type DescribeTargetHealthOutput struct { _ struct{} `type:"structure"` - // If there are additional results, this is the marker for the next set of results. - // Otherwise, this is null. - NextMarker *string `type:"string"` - - // Information about the rules. - Rules []*Rule `type:"list"` + // Information about the health of the targets. + TargetHealthDescriptions []*TargetHealthDescription `type:"list"` } // String returns the string representation. @@ -6072,7 +7970,7 @@ type DescribeRulesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeRulesOutput) String() string { +func (s DescribeTargetHealthOutput) String() string { return awsutil.Prettify(s) } @@ -6081,38 +7979,30 @@ func (s DescribeRulesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeRulesOutput) GoString() string { +func (s DescribeTargetHealthOutput) GoString() string { return s.String() } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeRulesOutput) SetNextMarker(v string) *DescribeRulesOutput { - s.NextMarker = &v - return s -} - -// SetRules sets the Rules field's value. -func (s *DescribeRulesOutput) SetRules(v []*Rule) *DescribeRulesOutput { - s.Rules = v +// SetTargetHealthDescriptions sets the TargetHealthDescriptions field's value. +func (s *DescribeTargetHealthOutput) SetTargetHealthDescriptions(v []*TargetHealthDescription) *DescribeTargetHealthOutput { + s.TargetHealthDescriptions = v return s } -type DescribeSSLPoliciesInput struct { +type DescribeTrustStoreAssociationsInput struct { _ struct{} `type:"structure"` - // The type of load balancer. The default lists the SSL policies for all load - // balancers. - LoadBalancerType *string `type:"string" enum:"LoadBalancerTypeEnum"` - // The marker for the next set of results. (You received this marker from a // previous call.) Marker *string `type:"string"` - // The names of the policies. - Names []*string `type:"list"` - // The maximum number of results to return with this call. PageSize *int64 `min:"1" type:"integer"` + + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -6120,7 +8010,7 @@ type DescribeSSLPoliciesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeSSLPoliciesInput) String() string { +func (s DescribeTrustStoreAssociationsInput) String() string { return awsutil.Prettify(s) } @@ -6129,16 +8019,19 @@ func (s DescribeSSLPoliciesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeSSLPoliciesInput) GoString() string { +func (s DescribeTrustStoreAssociationsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeSSLPoliciesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeSSLPoliciesInput"} +func (s *DescribeTrustStoreAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrustStoreAssociationsInput"} if s.PageSize != nil && *s.PageSize < 1 { invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) + } if invalidParams.Len() > 0 { return invalidParams @@ -6146,39 +8039,33 @@ func (s *DescribeSSLPoliciesInput) Validate() error { return nil } -// SetLoadBalancerType sets the LoadBalancerType field's value. -func (s *DescribeSSLPoliciesInput) SetLoadBalancerType(v string) *DescribeSSLPoliciesInput { - s.LoadBalancerType = &v - return s -} - // SetMarker sets the Marker field's value. -func (s *DescribeSSLPoliciesInput) SetMarker(v string) *DescribeSSLPoliciesInput { +func (s *DescribeTrustStoreAssociationsInput) SetMarker(v string) *DescribeTrustStoreAssociationsInput { s.Marker = &v return s } -// SetNames sets the Names field's value. -func (s *DescribeSSLPoliciesInput) SetNames(v []*string) *DescribeSSLPoliciesInput { - s.Names = v +// SetPageSize sets the PageSize field's value. +func (s *DescribeTrustStoreAssociationsInput) SetPageSize(v int64) *DescribeTrustStoreAssociationsInput { + s.PageSize = &v return s } -// SetPageSize sets the PageSize field's value. -func (s *DescribeSSLPoliciesInput) SetPageSize(v int64) *DescribeSSLPoliciesInput { - s.PageSize = &v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *DescribeTrustStoreAssociationsInput) SetTrustStoreArn(v string) *DescribeTrustStoreAssociationsInput { + s.TrustStoreArn = &v return s } -type DescribeSSLPoliciesOutput struct { +type DescribeTrustStoreAssociationsOutput struct { _ struct{} `type:"structure"` // If there are additional results, this is the marker for the next set of results. // Otherwise, this is null. NextMarker *string `type:"string"` - // Information about the security policies. - SslPolicies []*SslPolicy `type:"list"` + // Information about the resources the trust store is associated to. + TrustStoreAssociations []*TrustStoreAssociation `type:"list"` } // String returns the string representation. @@ -6186,7 +8073,7 @@ type DescribeSSLPoliciesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeSSLPoliciesOutput) String() string { +func (s DescribeTrustStoreAssociationsOutput) String() string { return awsutil.Prettify(s) } @@ -6195,30 +8082,98 @@ func (s DescribeSSLPoliciesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeSSLPoliciesOutput) GoString() string { +func (s DescribeTrustStoreAssociationsOutput) GoString() string { return s.String() } // SetNextMarker sets the NextMarker field's value. -func (s *DescribeSSLPoliciesOutput) SetNextMarker(v string) *DescribeSSLPoliciesOutput { +func (s *DescribeTrustStoreAssociationsOutput) SetNextMarker(v string) *DescribeTrustStoreAssociationsOutput { s.NextMarker = &v return s } -// SetSslPolicies sets the SslPolicies field's value. -func (s *DescribeSSLPoliciesOutput) SetSslPolicies(v []*SslPolicy) *DescribeSSLPoliciesOutput { - s.SslPolicies = v +// SetTrustStoreAssociations sets the TrustStoreAssociations field's value. +func (s *DescribeTrustStoreAssociationsOutput) SetTrustStoreAssociations(v []*TrustStoreAssociation) *DescribeTrustStoreAssociationsOutput { + s.TrustStoreAssociations = v + return s +} + +// Information about the revocations used by a trust store. +type DescribeTrustStoreRevocation struct { + _ struct{} `type:"structure"` + + // The number of revoked certificates. + NumberOfRevokedEntries *int64 `type:"long"` + + // The revocation ID of a revocation file in use. + RevocationId *int64 `type:"long"` + + // The type of revocation file. + RevocationType *string `type:"string" enum:"RevocationType"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeTrustStoreRevocation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeTrustStoreRevocation) GoString() string { + return s.String() +} + +// SetNumberOfRevokedEntries sets the NumberOfRevokedEntries field's value. +func (s *DescribeTrustStoreRevocation) SetNumberOfRevokedEntries(v int64) *DescribeTrustStoreRevocation { + s.NumberOfRevokedEntries = &v + return s +} + +// SetRevocationId sets the RevocationId field's value. +func (s *DescribeTrustStoreRevocation) SetRevocationId(v int64) *DescribeTrustStoreRevocation { + s.RevocationId = &v + return s +} + +// SetRevocationType sets the RevocationType field's value. +func (s *DescribeTrustStoreRevocation) SetRevocationType(v string) *DescribeTrustStoreRevocation { + s.RevocationType = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *DescribeTrustStoreRevocation) SetTrustStoreArn(v string) *DescribeTrustStoreRevocation { + s.TrustStoreArn = &v return s } -type DescribeTagsInput struct { +type DescribeTrustStoreRevocationsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the resources. You can specify up to 20 - // resources in a single call. + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` + + // The revocation IDs of the revocation files you want to describe. + RevocationIds []*int64 `type:"list"` + + // The Amazon Resource Name (ARN) of the trust store. // - // ResourceArns is a required field - ResourceArns []*string `type:"list" required:"true"` + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -6226,7 +8181,7 @@ type DescribeTagsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTagsInput) String() string { +func (s DescribeTrustStoreRevocationsInput) String() string { return awsutil.Prettify(s) } @@ -6235,15 +8190,18 @@ func (s DescribeTagsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTagsInput) GoString() string { +func (s DescribeTrustStoreRevocationsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeTagsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeTagsInput"} - if s.ResourceArns == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceArns")) +func (s *DescribeTrustStoreRevocationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrustStoreRevocationsInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) + } + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -6252,17 +8210,39 @@ func (s *DescribeTagsInput) Validate() error { return nil } -// SetResourceArns sets the ResourceArns field's value. -func (s *DescribeTagsInput) SetResourceArns(v []*string) *DescribeTagsInput { - s.ResourceArns = v +// SetMarker sets the Marker field's value. +func (s *DescribeTrustStoreRevocationsInput) SetMarker(v string) *DescribeTrustStoreRevocationsInput { + s.Marker = &v return s } -type DescribeTagsOutput struct { +// SetPageSize sets the PageSize field's value. +func (s *DescribeTrustStoreRevocationsInput) SetPageSize(v int64) *DescribeTrustStoreRevocationsInput { + s.PageSize = &v + return s +} + +// SetRevocationIds sets the RevocationIds field's value. +func (s *DescribeTrustStoreRevocationsInput) SetRevocationIds(v []*int64) *DescribeTrustStoreRevocationsInput { + s.RevocationIds = v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *DescribeTrustStoreRevocationsInput) SetTrustStoreArn(v string) *DescribeTrustStoreRevocationsInput { + s.TrustStoreArn = &v + return s +} + +type DescribeTrustStoreRevocationsOutput struct { _ struct{} `type:"structure"` - // Information about the tags. - TagDescriptions []*TagDescription `type:"list"` + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` + + // Information about the revocation file in the trust store. + TrustStoreRevocations []*DescribeTrustStoreRevocation `type:"list"` } // String returns the string representation. @@ -6270,7 +8250,7 @@ type DescribeTagsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTagsOutput) String() string { +func (s DescribeTrustStoreRevocationsOutput) String() string { return awsutil.Prettify(s) } @@ -6279,23 +8259,37 @@ func (s DescribeTagsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTagsOutput) GoString() string { +func (s DescribeTrustStoreRevocationsOutput) GoString() string { return s.String() } -// SetTagDescriptions sets the TagDescriptions field's value. -func (s *DescribeTagsOutput) SetTagDescriptions(v []*TagDescription) *DescribeTagsOutput { - s.TagDescriptions = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeTrustStoreRevocationsOutput) SetNextMarker(v string) *DescribeTrustStoreRevocationsOutput { + s.NextMarker = &v return s } -type DescribeTargetGroupAttributesInput struct { +// SetTrustStoreRevocations sets the TrustStoreRevocations field's value. +func (s *DescribeTrustStoreRevocationsOutput) SetTrustStoreRevocations(v []*DescribeTrustStoreRevocation) *DescribeTrustStoreRevocationsOutput { + s.TrustStoreRevocations = v + return s +} + +type DescribeTrustStoresInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the target group. - // - // TargetGroupArn is a required field - TargetGroupArn *string `type:"string" required:"true"` + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The names of the trust stores. + Names []*string `type:"list"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArns []*string `type:"list"` } // String returns the string representation. @@ -6303,7 +8297,7 @@ type DescribeTargetGroupAttributesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupAttributesInput) String() string { +func (s DescribeTrustStoresInput) String() string { return awsutil.Prettify(s) } @@ -6312,15 +8306,15 @@ func (s DescribeTargetGroupAttributesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupAttributesInput) GoString() string { +func (s DescribeTrustStoresInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeTargetGroupAttributesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeTargetGroupAttributesInput"} - if s.TargetGroupArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) +func (s *DescribeTrustStoresInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrustStoresInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -6329,17 +8323,39 @@ func (s *DescribeTargetGroupAttributesInput) Validate() error { return nil } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *DescribeTargetGroupAttributesInput) SetTargetGroupArn(v string) *DescribeTargetGroupAttributesInput { - s.TargetGroupArn = &v +// SetMarker sets the Marker field's value. +func (s *DescribeTrustStoresInput) SetMarker(v string) *DescribeTrustStoresInput { + s.Marker = &v return s } -type DescribeTargetGroupAttributesOutput struct { +// SetNames sets the Names field's value. +func (s *DescribeTrustStoresInput) SetNames(v []*string) *DescribeTrustStoresInput { + s.Names = v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *DescribeTrustStoresInput) SetPageSize(v int64) *DescribeTrustStoresInput { + s.PageSize = &v + return s +} + +// SetTrustStoreArns sets the TrustStoreArns field's value. +func (s *DescribeTrustStoresInput) SetTrustStoreArns(v []*string) *DescribeTrustStoresInput { + s.TrustStoreArns = v + return s +} + +type DescribeTrustStoresOutput struct { _ struct{} `type:"structure"` - // Information about the target group attributes - Attributes []*TargetGroupAttribute `type:"list"` + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` + + // Information about the trust stores. + TrustStores []*TrustStore `type:"list"` } // String returns the string representation. @@ -6347,7 +8363,7 @@ type DescribeTargetGroupAttributesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupAttributesOutput) String() string { +func (s DescribeTrustStoresOutput) String() string { return awsutil.Prettify(s) } @@ -6356,34 +8372,39 @@ func (s DescribeTargetGroupAttributesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupAttributesOutput) GoString() string { +func (s DescribeTrustStoresOutput) GoString() string { return s.String() } -// SetAttributes sets the Attributes field's value. -func (s *DescribeTargetGroupAttributesOutput) SetAttributes(v []*TargetGroupAttribute) *DescribeTargetGroupAttributesOutput { - s.Attributes = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeTrustStoresOutput) SetNextMarker(v string) *DescribeTrustStoresOutput { + s.NextMarker = &v return s } -type DescribeTargetGroupsInput struct { - _ struct{} `type:"structure"` - - // The Amazon Resource Name (ARN) of the load balancer. - LoadBalancerArn *string `type:"string"` +// SetTrustStores sets the TrustStores field's value. +func (s *DescribeTrustStoresOutput) SetTrustStores(v []*TrustStore) *DescribeTrustStoresOutput { + s.TrustStores = v + return s +} - // The marker for the next set of results. (You received this marker from a - // previous call.) - Marker *string `type:"string"` +// Information about an action that returns a custom HTTP response. +type FixedResponseActionConfig struct { + _ struct{} `type:"structure"` - // The names of the target groups. - Names []*string `type:"list"` + // The content type. + // + // Valid Values: text/plain | text/css | text/html | application/javascript + // | application/json + ContentType *string `type:"string"` - // The maximum number of results to return with this call. - PageSize *int64 `min:"1" type:"integer"` + // The message. + MessageBody *string `type:"string"` - // The Amazon Resource Names (ARN) of the target groups. - TargetGroupArns []*string `type:"list"` + // The HTTP response code (2XX, 4XX, or 5XX). + // + // StatusCode is a required field + StatusCode *string `type:"string" required:"true"` } // String returns the string representation. @@ -6391,7 +8412,7 @@ type DescribeTargetGroupsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupsInput) String() string { +func (s FixedResponseActionConfig) String() string { return awsutil.Prettify(s) } @@ -6400,15 +8421,15 @@ func (s DescribeTargetGroupsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupsInput) GoString() string { +func (s FixedResponseActionConfig) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeTargetGroupsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeTargetGroupsInput"} - if s.PageSize != nil && *s.PageSize < 1 { - invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) +func (s *FixedResponseActionConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "FixedResponseActionConfig"} + if s.StatusCode == nil { + invalidParams.Add(request.NewErrParamRequired("StatusCode")) } if invalidParams.Len() > 0 { @@ -6417,45 +8438,34 @@ func (s *DescribeTargetGroupsInput) Validate() error { return nil } -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *DescribeTargetGroupsInput) SetLoadBalancerArn(v string) *DescribeTargetGroupsInput { - s.LoadBalancerArn = &v - return s -} - -// SetMarker sets the Marker field's value. -func (s *DescribeTargetGroupsInput) SetMarker(v string) *DescribeTargetGroupsInput { - s.Marker = &v - return s -} - -// SetNames sets the Names field's value. -func (s *DescribeTargetGroupsInput) SetNames(v []*string) *DescribeTargetGroupsInput { - s.Names = v +// SetContentType sets the ContentType field's value. +func (s *FixedResponseActionConfig) SetContentType(v string) *FixedResponseActionConfig { + s.ContentType = &v return s } -// SetPageSize sets the PageSize field's value. -func (s *DescribeTargetGroupsInput) SetPageSize(v int64) *DescribeTargetGroupsInput { - s.PageSize = &v +// SetMessageBody sets the MessageBody field's value. +func (s *FixedResponseActionConfig) SetMessageBody(v string) *FixedResponseActionConfig { + s.MessageBody = &v return s } -// SetTargetGroupArns sets the TargetGroupArns field's value. -func (s *DescribeTargetGroupsInput) SetTargetGroupArns(v []*string) *DescribeTargetGroupsInput { - s.TargetGroupArns = v +// SetStatusCode sets the StatusCode field's value. +func (s *FixedResponseActionConfig) SetStatusCode(v string) *FixedResponseActionConfig { + s.StatusCode = &v return s } -type DescribeTargetGroupsOutput struct { +// Information about a forward action. +type ForwardActionConfig struct { _ struct{} `type:"structure"` - // If there are additional results, this is the marker for the next set of results. - // Otherwise, this is null. - NextMarker *string `type:"string"` + // The target group stickiness for the rule. + TargetGroupStickinessConfig *TargetGroupStickinessConfig `type:"structure"` - // Information about the target groups. - TargetGroups []*TargetGroup `type:"list"` + // The target groups. For Network Load Balancers, you can specify a single target + // group. + TargetGroups []*TargetGroupTuple `type:"list"` } // String returns the string representation. @@ -6463,7 +8473,7 @@ type DescribeTargetGroupsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupsOutput) String() string { +func (s ForwardActionConfig) String() string { return awsutil.Prettify(s) } @@ -6472,32 +8482,29 @@ func (s DescribeTargetGroupsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupsOutput) GoString() string { +func (s ForwardActionConfig) GoString() string { return s.String() } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeTargetGroupsOutput) SetNextMarker(v string) *DescribeTargetGroupsOutput { - s.NextMarker = &v +// SetTargetGroupStickinessConfig sets the TargetGroupStickinessConfig field's value. +func (s *ForwardActionConfig) SetTargetGroupStickinessConfig(v *TargetGroupStickinessConfig) *ForwardActionConfig { + s.TargetGroupStickinessConfig = v return s } // SetTargetGroups sets the TargetGroups field's value. -func (s *DescribeTargetGroupsOutput) SetTargetGroups(v []*TargetGroup) *DescribeTargetGroupsOutput { +func (s *ForwardActionConfig) SetTargetGroups(v []*TargetGroupTuple) *ForwardActionConfig { s.TargetGroups = v return s } -type DescribeTargetHealthInput struct { +type GetTrustStoreCaCertificatesBundleInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the target group. + // The Amazon Resource Name (ARN) of the trust store. // - // TargetGroupArn is a required field - TargetGroupArn *string `type:"string" required:"true"` - - // The targets. - Targets []*TargetDescription `type:"list"` + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -6505,7 +8512,7 @@ type DescribeTargetHealthInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetHealthInput) String() string { +func (s GetTrustStoreCaCertificatesBundleInput) String() string { return awsutil.Prettify(s) } @@ -6514,25 +8521,15 @@ func (s DescribeTargetHealthInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetHealthInput) GoString() string { +func (s GetTrustStoreCaCertificatesBundleInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeTargetHealthInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeTargetHealthInput"} - if s.TargetGroupArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) - } - if s.Targets != nil { - for i, v := range s.Targets { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Targets", i), err.(request.ErrInvalidParams)) - } - } +func (s *GetTrustStoreCaCertificatesBundleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetTrustStoreCaCertificatesBundleInput"} + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -6541,23 +8538,17 @@ func (s *DescribeTargetHealthInput) Validate() error { return nil } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *DescribeTargetHealthInput) SetTargetGroupArn(v string) *DescribeTargetHealthInput { - s.TargetGroupArn = &v - return s -} - -// SetTargets sets the Targets field's value. -func (s *DescribeTargetHealthInput) SetTargets(v []*TargetDescription) *DescribeTargetHealthInput { - s.Targets = v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *GetTrustStoreCaCertificatesBundleInput) SetTrustStoreArn(v string) *GetTrustStoreCaCertificatesBundleInput { + s.TrustStoreArn = &v return s } -type DescribeTargetHealthOutput struct { +type GetTrustStoreCaCertificatesBundleOutput struct { _ struct{} `type:"structure"` - // Information about the health of the targets. - TargetHealthDescriptions []*TargetHealthDescription `type:"list"` + // The ca certificate bundles Amazon S3 URI. + Location *string `type:"string"` } // String returns the string representation. @@ -6565,7 +8556,7 @@ type DescribeTargetHealthOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetHealthOutput) String() string { +func (s GetTrustStoreCaCertificatesBundleOutput) String() string { return awsutil.Prettify(s) } @@ -6574,33 +8565,28 @@ func (s DescribeTargetHealthOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetHealthOutput) GoString() string { +func (s GetTrustStoreCaCertificatesBundleOutput) GoString() string { return s.String() } -// SetTargetHealthDescriptions sets the TargetHealthDescriptions field's value. -func (s *DescribeTargetHealthOutput) SetTargetHealthDescriptions(v []*TargetHealthDescription) *DescribeTargetHealthOutput { - s.TargetHealthDescriptions = v +// SetLocation sets the Location field's value. +func (s *GetTrustStoreCaCertificatesBundleOutput) SetLocation(v string) *GetTrustStoreCaCertificatesBundleOutput { + s.Location = &v return s } -// Information about an action that returns a custom HTTP response. -type FixedResponseActionConfig struct { - _ struct{} `type:"structure"` - - // The content type. - // - // Valid Values: text/plain | text/css | text/html | application/javascript - // | application/json - ContentType *string `type:"string"` - - // The message. - MessageBody *string `type:"string"` +type GetTrustStoreRevocationContentInput struct { + _ struct{} `type:"structure"` - // The HTTP response code (2XX, 4XX, or 5XX). + // The revocation ID of the revocation file. // - // StatusCode is a required field - StatusCode *string `type:"string" required:"true"` + // RevocationId is a required field + RevocationId *int64 `type:"long" required:"true"` + + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -6608,7 +8594,7 @@ type FixedResponseActionConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s FixedResponseActionConfig) String() string { +func (s GetTrustStoreRevocationContentInput) String() string { return awsutil.Prettify(s) } @@ -6617,15 +8603,18 @@ func (s FixedResponseActionConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s FixedResponseActionConfig) GoString() string { +func (s GetTrustStoreRevocationContentInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *FixedResponseActionConfig) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "FixedResponseActionConfig"} - if s.StatusCode == nil { - invalidParams.Add(request.NewErrParamRequired("StatusCode")) +func (s *GetTrustStoreRevocationContentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetTrustStoreRevocationContentInput"} + if s.RevocationId == nil { + invalidParams.Add(request.NewErrParamRequired("RevocationId")) + } + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -6634,34 +8623,23 @@ func (s *FixedResponseActionConfig) Validate() error { return nil } -// SetContentType sets the ContentType field's value. -func (s *FixedResponseActionConfig) SetContentType(v string) *FixedResponseActionConfig { - s.ContentType = &v - return s -} - -// SetMessageBody sets the MessageBody field's value. -func (s *FixedResponseActionConfig) SetMessageBody(v string) *FixedResponseActionConfig { - s.MessageBody = &v +// SetRevocationId sets the RevocationId field's value. +func (s *GetTrustStoreRevocationContentInput) SetRevocationId(v int64) *GetTrustStoreRevocationContentInput { + s.RevocationId = &v return s } -// SetStatusCode sets the StatusCode field's value. -func (s *FixedResponseActionConfig) SetStatusCode(v string) *FixedResponseActionConfig { - s.StatusCode = &v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *GetTrustStoreRevocationContentInput) SetTrustStoreArn(v string) *GetTrustStoreRevocationContentInput { + s.TrustStoreArn = &v return s } -// Information about a forward action. -type ForwardActionConfig struct { +type GetTrustStoreRevocationContentOutput struct { _ struct{} `type:"structure"` - // The target group stickiness for the rule. - TargetGroupStickinessConfig *TargetGroupStickinessConfig `type:"structure"` - - // The target groups. For Network Load Balancers, you can specify a single target - // group. - TargetGroups []*TargetGroupTuple `type:"list"` + // The revocation files Amazon S3 URI. + Location *string `type:"string"` } // String returns the string representation. @@ -6669,7 +8647,7 @@ type ForwardActionConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ForwardActionConfig) String() string { +func (s GetTrustStoreRevocationContentOutput) String() string { return awsutil.Prettify(s) } @@ -6678,19 +8656,13 @@ func (s ForwardActionConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ForwardActionConfig) GoString() string { +func (s GetTrustStoreRevocationContentOutput) GoString() string { return s.String() } -// SetTargetGroupStickinessConfig sets the TargetGroupStickinessConfig field's value. -func (s *ForwardActionConfig) SetTargetGroupStickinessConfig(v *TargetGroupStickinessConfig) *ForwardActionConfig { - s.TargetGroupStickinessConfig = v - return s -} - -// SetTargetGroups sets the TargetGroups field's value. -func (s *ForwardActionConfig) SetTargetGroups(v []*TargetGroupTuple) *ForwardActionConfig { - s.TargetGroups = v +// SetLocation sets the Location field's value. +func (s *GetTrustStoreRevocationContentOutput) SetLocation(v string) *GetTrustStoreRevocationContentOutput { + s.Location = &v return s } @@ -6836,6 +8808,14 @@ func (s *HttpRequestMethodConditionConfig) SetValues(v []*string) *HttpRequestMe // Information about an Elastic Load Balancing resource limit for your Amazon // Web Services account. +// +// For more information, see the following: +// +// - Quotas for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) +// +// - Quotas for your Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html) +// +// - Quotas for your Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html) type Limit struct { _ struct{} `type:"structure"` @@ -6932,6 +8912,9 @@ type Listener struct { // The Amazon Resource Name (ARN) of the load balancer. LoadBalancerArn *string `type:"string"` + // The mutual authentication configuration information. + MutualAuthentication *MutualAuthenticationAttributes `type:"structure"` + // The port on which the load balancer is listening. Port *int64 `min:"1" type:"integer"` @@ -6991,6 +8974,12 @@ func (s *Listener) SetLoadBalancerArn(v string) *Listener { return s } +// SetMutualAuthentication sets the MutualAuthentication field's value. +func (s *Listener) SetMutualAuthentication(v *MutualAuthenticationAttributes) *Listener { + s.MutualAuthentication = v + return s +} + // SetPort sets the Port field's value. func (s *Listener) SetPort(v int64) *Listener { s.Port = &v @@ -7029,6 +9018,10 @@ type LoadBalancer struct { // The public DNS name of the load balancer. DNSName *string `type:"string"` + // Indicates whether to evaluate inbound security group rules for traffic sent + // to a Network Load Balancer through Amazon Web Services PrivateLink. + EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic *string `type:"string"` + // The type of IP addresses used by the subnets for your load balancer. The // possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and // IPv6 addresses). @@ -7112,6 +9105,12 @@ func (s *LoadBalancer) SetDNSName(v string) *LoadBalancer { return s } +// SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic sets the EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic field's value. +func (s *LoadBalancer) SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(v string) *LoadBalancer { + s.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = &v + return s +} + // SetIpAddressType sets the IpAddressType field's value. func (s *LoadBalancer) SetIpAddressType(v string) *LoadBalancer { s.IpAddressType = &v @@ -7260,6 +9259,17 @@ type LoadBalancerAttribute struct { // * idle_timeout.timeout_seconds - The idle timeout value, in seconds. The // valid range is 1-4000 seconds. The default is 60 seconds. // + // * connection_logs.s3.enabled - Indicates whether connection logs are enabled. + // The value is true or false. The default is false. + // + // * connection_logs.s3.bucket - The name of the S3 bucket for the connection + // logs. This attribute is required if connection logs are enabled. The bucket + // must exist in the same region as the load balancer and have a bucket policy + // that grants Elastic Load Balancing permissions to write to the bucket. + // + // * connection_logs.s3.prefix - The prefix for the location in the S3 bucket + // for the connection logs. + // // * routing.http.desync_mitigation_mode - Determines how the load balancer // handles requests that might pose a security risk to your application. // The possible values are monitor, defensive, and strictest. The default @@ -7310,6 +9320,14 @@ type LoadBalancerAttribute struct { // balancer to route requests to targets if it is unable to forward the request // to Amazon Web Services WAF. The possible values are true and false. The // default is false. + // + // The following attributes are supported by only Network Load Balancers: + // + // * dns_record.client_routing_policy - Indicates how traffic is distributed + // among the load balancer Availability Zones. The possible values are availability_zone_affinity + // with 100 percent zonal affinity, partial_availability_zone_affinity with + // 85 percent zonal affinity, and any_availability_zone with 0 percent zonal + // affinity. Key *string `type:"string"` // The value of the attribute. @@ -7480,6 +9498,9 @@ type ModifyListenerInput struct { // ListenerArn is a required field ListenerArn *string `type:"string" required:"true"` + // The mutual authentication configuration information. + MutualAuthentication *MutualAuthenticationAttributes `type:"structure"` + // The port for connections from clients to the load balancer. You cannot specify // a port for a Gateway Load Balancer. Port *int64 `min:"1" type:"integer"` @@ -7568,6 +9589,12 @@ func (s *ModifyListenerInput) SetListenerArn(v string) *ModifyListenerInput { return s } +// SetMutualAuthentication sets the MutualAuthentication field's value. +func (s *ModifyListenerInput) SetMutualAuthentication(v *MutualAuthenticationAttributes) *ModifyListenerInput { + s.MutualAuthentication = v + return s +} + // SetPort sets the Port field's value. func (s *ModifyListenerInput) SetPort(v int64) *ModifyListenerInput { s.Port = &v @@ -8096,6 +10123,172 @@ func (s *ModifyTargetGroupOutput) SetTargetGroups(v []*TargetGroup) *ModifyTarge return s } +type ModifyTrustStoreInput struct { + _ struct{} `type:"structure"` + + // The Amazon S3 bucket for the ca certificates bundle. + // + // CaCertificatesBundleS3Bucket is a required field + CaCertificatesBundleS3Bucket *string `type:"string" required:"true"` + + // The Amazon S3 path for the ca certificates bundle. + // + // CaCertificatesBundleS3Key is a required field + CaCertificatesBundleS3Key *string `type:"string" required:"true"` + + // The Amazon S3 object version for the ca certificates bundle. If undefined + // the current version is used. + CaCertificatesBundleS3ObjectVersion *string `type:"string"` + + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTrustStoreInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTrustStoreInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyTrustStoreInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyTrustStoreInput"} + if s.CaCertificatesBundleS3Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("CaCertificatesBundleS3Bucket")) + } + if s.CaCertificatesBundleS3Key == nil { + invalidParams.Add(request.NewErrParamRequired("CaCertificatesBundleS3Key")) + } + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCaCertificatesBundleS3Bucket sets the CaCertificatesBundleS3Bucket field's value. +func (s *ModifyTrustStoreInput) SetCaCertificatesBundleS3Bucket(v string) *ModifyTrustStoreInput { + s.CaCertificatesBundleS3Bucket = &v + return s +} + +// SetCaCertificatesBundleS3Key sets the CaCertificatesBundleS3Key field's value. +func (s *ModifyTrustStoreInput) SetCaCertificatesBundleS3Key(v string) *ModifyTrustStoreInput { + s.CaCertificatesBundleS3Key = &v + return s +} + +// SetCaCertificatesBundleS3ObjectVersion sets the CaCertificatesBundleS3ObjectVersion field's value. +func (s *ModifyTrustStoreInput) SetCaCertificatesBundleS3ObjectVersion(v string) *ModifyTrustStoreInput { + s.CaCertificatesBundleS3ObjectVersion = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *ModifyTrustStoreInput) SetTrustStoreArn(v string) *ModifyTrustStoreInput { + s.TrustStoreArn = &v + return s +} + +type ModifyTrustStoreOutput struct { + _ struct{} `type:"structure"` + + // Information about the modified trust store. + TrustStores []*TrustStore `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTrustStoreOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTrustStoreOutput) GoString() string { + return s.String() +} + +// SetTrustStores sets the TrustStores field's value. +func (s *ModifyTrustStoreOutput) SetTrustStores(v []*TrustStore) *ModifyTrustStoreOutput { + s.TrustStores = v + return s +} + +// Information about the mutual authentication attributes of a listener. +type MutualAuthenticationAttributes struct { + _ struct{} `type:"structure"` + + // Indicates whether expired client certificates are ignored. + IgnoreClientCertificateExpiry *bool `type:"boolean"` + + // The client certificate handling method. Options are off, passthrough or verify. + // The default value is off. + Mode *string `type:"string"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MutualAuthenticationAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MutualAuthenticationAttributes) GoString() string { + return s.String() +} + +// SetIgnoreClientCertificateExpiry sets the IgnoreClientCertificateExpiry field's value. +func (s *MutualAuthenticationAttributes) SetIgnoreClientCertificateExpiry(v bool) *MutualAuthenticationAttributes { + s.IgnoreClientCertificateExpiry = &v + return s +} + +// SetMode sets the Mode field's value. +func (s *MutualAuthenticationAttributes) SetMode(v string) *MutualAuthenticationAttributes { + s.Mode = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *MutualAuthenticationAttributes) SetTrustStoreArn(v string) *MutualAuthenticationAttributes { + s.TrustStoreArn = &v + return s +} + // Information about a path pattern condition. type PathPatternConditionConfig struct { _ struct{} `type:"structure"` @@ -8488,19 +10681,101 @@ func (s *RemoveListenerCertificatesInput) Validate() error { return nil } -// SetCertificates sets the Certificates field's value. -func (s *RemoveListenerCertificatesInput) SetCertificates(v []*Certificate) *RemoveListenerCertificatesInput { - s.Certificates = v +// SetCertificates sets the Certificates field's value. +func (s *RemoveListenerCertificatesInput) SetCertificates(v []*Certificate) *RemoveListenerCertificatesInput { + s.Certificates = v + return s +} + +// SetListenerArn sets the ListenerArn field's value. +func (s *RemoveListenerCertificatesInput) SetListenerArn(v string) *RemoveListenerCertificatesInput { + s.ListenerArn = &v + return s +} + +type RemoveListenerCertificatesOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveListenerCertificatesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveListenerCertificatesOutput) GoString() string { + return s.String() +} + +type RemoveTagsInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the resource. + // + // ResourceArns is a required field + ResourceArns []*string `type:"list" required:"true"` + + // The tag keys for the tags to remove. + // + // TagKeys is a required field + TagKeys []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveTagsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveTagsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RemoveTagsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RemoveTagsInput"} + if s.ResourceArns == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArns")) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArns sets the ResourceArns field's value. +func (s *RemoveTagsInput) SetResourceArns(v []*string) *RemoveTagsInput { + s.ResourceArns = v return s } -// SetListenerArn sets the ListenerArn field's value. -func (s *RemoveListenerCertificatesInput) SetListenerArn(v string) *RemoveListenerCertificatesInput { - s.ListenerArn = &v +// SetTagKeys sets the TagKeys field's value. +func (s *RemoveTagsInput) SetTagKeys(v []*string) *RemoveTagsInput { + s.TagKeys = v return s } -type RemoveListenerCertificatesOutput struct { +type RemoveTagsOutput struct { _ struct{} `type:"structure"` } @@ -8509,7 +10784,7 @@ type RemoveListenerCertificatesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveListenerCertificatesOutput) String() string { +func (s RemoveTagsOutput) String() string { return awsutil.Prettify(s) } @@ -8518,22 +10793,22 @@ func (s RemoveListenerCertificatesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveListenerCertificatesOutput) GoString() string { +func (s RemoveTagsOutput) GoString() string { return s.String() } -type RemoveTagsInput struct { +type RemoveTrustStoreRevocationsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the resource. + // The revocation IDs of the revocation files you want to remove. // - // ResourceArns is a required field - ResourceArns []*string `type:"list" required:"true"` + // RevocationIds is a required field + RevocationIds []*int64 `type:"list" required:"true"` - // The tag keys for the tags to remove. + // The Amazon Resource Name (ARN) of the trust store. // - // TagKeys is a required field - TagKeys []*string `type:"list" required:"true"` + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -8541,7 +10816,7 @@ type RemoveTagsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveTagsInput) String() string { +func (s RemoveTrustStoreRevocationsInput) String() string { return awsutil.Prettify(s) } @@ -8550,18 +10825,18 @@ func (s RemoveTagsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveTagsInput) GoString() string { +func (s RemoveTrustStoreRevocationsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *RemoveTagsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "RemoveTagsInput"} - if s.ResourceArns == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceArns")) +func (s *RemoveTrustStoreRevocationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RemoveTrustStoreRevocationsInput"} + if s.RevocationIds == nil { + invalidParams.Add(request.NewErrParamRequired("RevocationIds")) } - if s.TagKeys == nil { - invalidParams.Add(request.NewErrParamRequired("TagKeys")) + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -8570,19 +10845,19 @@ func (s *RemoveTagsInput) Validate() error { return nil } -// SetResourceArns sets the ResourceArns field's value. -func (s *RemoveTagsInput) SetResourceArns(v []*string) *RemoveTagsInput { - s.ResourceArns = v +// SetRevocationIds sets the RevocationIds field's value. +func (s *RemoveTrustStoreRevocationsInput) SetRevocationIds(v []*int64) *RemoveTrustStoreRevocationsInput { + s.RevocationIds = v return s } -// SetTagKeys sets the TagKeys field's value. -func (s *RemoveTagsInput) SetTagKeys(v []*string) *RemoveTagsInput { - s.TagKeys = v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *RemoveTrustStoreRevocationsInput) SetTrustStoreArn(v string) *RemoveTrustStoreRevocationsInput { + s.TrustStoreArn = &v return s } -type RemoveTagsOutput struct { +type RemoveTrustStoreRevocationsOutput struct { _ struct{} `type:"structure"` } @@ -8591,7 +10866,7 @@ type RemoveTagsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveTagsOutput) String() string { +func (s RemoveTrustStoreRevocationsOutput) String() string { return awsutil.Prettify(s) } @@ -8600,10 +10875,69 @@ func (s RemoveTagsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveTagsOutput) GoString() string { +func (s RemoveTrustStoreRevocationsOutput) GoString() string { + return s.String() +} + +// Information about a revocation file. +type RevocationContent struct { + _ struct{} `type:"structure"` + + // The type of revocation file. + RevocationType *string `type:"string" enum:"RevocationType"` + + // The Amazon S3 bucket for the revocation file. + S3Bucket *string `type:"string"` + + // The Amazon S3 path for the revocation file. + S3Key *string `type:"string"` + + // The Amazon S3 object version of the revocation file. + S3ObjectVersion *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RevocationContent) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RevocationContent) GoString() string { return s.String() } +// SetRevocationType sets the RevocationType field's value. +func (s *RevocationContent) SetRevocationType(v string) *RevocationContent { + s.RevocationType = &v + return s +} + +// SetS3Bucket sets the S3Bucket field's value. +func (s *RevocationContent) SetS3Bucket(v string) *RevocationContent { + s.S3Bucket = &v + return s +} + +// SetS3Key sets the S3Key field's value. +func (s *RevocationContent) SetS3Key(v string) *RevocationContent { + s.S3Key = &v + return s +} + +// SetS3ObjectVersion sets the S3ObjectVersion field's value. +func (s *RevocationContent) SetS3ObjectVersion(v string) *RevocationContent { + s.S3ObjectVersion = &v + return s +} + // Information about a rule. type Rule struct { _ struct{} `type:"structure"` @@ -8683,6 +11017,8 @@ func (s *Rule) SetRuleArn(v string) *Rule { // can also optionally include one or more of each of the following conditions: // http-header and query-string. Note that the value for a condition cannot // be empty. +// +// For more information, see Quotas for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html). type RuleCondition struct { _ struct{} `type:"structure"` @@ -9056,6 +11392,11 @@ func (s *SetRulePrioritiesOutput) SetRules(v []*Rule) *SetRulePrioritiesOutput { type SetSecurityGroupsInput struct { _ struct{} `type:"structure"` + // Indicates whether to evaluate inbound security group rules for traffic sent + // to a Network Load Balancer through Amazon Web Services PrivateLink. The default + // is on. + EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic *string `type:"string" enum:"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum"` + // The Amazon Resource Name (ARN) of the load balancer. // // LoadBalancerArn is a required field @@ -9101,6 +11442,12 @@ func (s *SetSecurityGroupsInput) Validate() error { return nil } +// SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic sets the EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic field's value. +func (s *SetSecurityGroupsInput) SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(v string) *SetSecurityGroupsInput { + s.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = &v + return s +} + // SetLoadBalancerArn sets the LoadBalancerArn field's value. func (s *SetSecurityGroupsInput) SetLoadBalancerArn(v string) *SetSecurityGroupsInput { s.LoadBalancerArn = &v @@ -9116,6 +11463,10 @@ func (s *SetSecurityGroupsInput) SetSecurityGroups(v []*string) *SetSecurityGrou type SetSecurityGroupsOutput struct { _ struct{} `type:"structure"` + // Indicates whether to evaluate inbound security group rules for traffic sent + // to a Network Load Balancer through Amazon Web Services PrivateLink. + EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic *string `type:"string" enum:"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum"` + // The IDs of the security groups associated with the load balancer. SecurityGroupIds []*string `type:"list"` } @@ -9138,6 +11489,12 @@ func (s SetSecurityGroupsOutput) GoString() string { return s.String() } +// SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic sets the EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic field's value. +func (s *SetSecurityGroupsOutput) SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(v string) *SetSecurityGroupsOutput { + s.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = &v + return s +} + // SetSecurityGroupIds sets the SecurityGroupIds field's value. func (s *SetSecurityGroupsOutput) SetSecurityGroupIds(v []*string) *SetSecurityGroupsOutput { s.SecurityGroupIds = v @@ -9150,7 +11507,11 @@ type SetSubnetsInput struct { // [Network Load Balancers] The type of IP addresses used by the subnets for // your load balancer. The possible values are ipv4 (for IPv4 addresses) and // dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for - // a load balancer with a UDP or TCP_UDP listener. . + // a load balancer with a UDP or TCP_UDP listener. + // + // [Gateway Load Balancers] The type of IP addresses used by the subnets for + // your load balancer. The possible values are ipv4 (for IPv4 addresses) and + // dualstack (for IPv4 and IPv6 addresses). IpAddressType *string `type:"string" enum:"IpAddressType"` // The Amazon Resource Name (ARN) of the load balancer. @@ -9175,6 +11536,9 @@ type SetSubnetsInput struct { // you can specify one private IP address per subnet from the IPv4 range of // the subnet. For internet-facing load balancer, you can specify one IPv6 address // per subnet. + // + // [Gateway Load Balancers] You can specify subnets from one or more Availability + // Zones. SubnetMappings []*SubnetMapping `type:"list"` // The IDs of the public subnets. You can specify only one subnet per Availability @@ -9190,6 +11554,9 @@ type SetSubnetsInput struct { // // [Network Load Balancers] You can specify subnets from one or more Availability // Zones. + // + // [Gateway Load Balancers] You can specify subnets from one or more Availability + // Zones. Subnets []*string `type:"list"` } @@ -9255,6 +11622,8 @@ type SetSubnetsOutput struct { AvailabilityZones []*AvailabilityZone `type:"list"` // [Network Load Balancers] The IP address type. + // + // [Gateway Load Balancers] The IP address type. IpAddressType *string `type:"string" enum:"IpAddressType"` } @@ -9590,7 +11959,8 @@ type TargetDescription struct { // The port on which the target is listening. If the target group protocol is // GENEVE, the supported port is 6081. If the target type is alb, the targeted // Application Load Balancer must have at least one listener whose port matches - // the target group port. Not used if the target is a Lambda function. + // the target group port. This parameter is not used if the target is a Lambda + // function. Port *int64 `min:"1" type:"integer"` } @@ -9680,16 +12050,16 @@ type TargetGroup struct { // type defaults to ipv4. IpAddressType *string `type:"string" enum:"TargetGroupIpAddressTypeEnum"` - // The Amazon Resource Names (ARN) of the load balancers that route traffic - // to this target group. + // The Amazon Resource Name (ARN) of the load balancer that routes traffic to + // this target group. You can use each target group with only one load balancer. LoadBalancerArns []*string `type:"list"` // The HTTP or gRPC codes to use when checking for a successful response from // a target. Matcher *Matcher `type:"structure"` - // The port on which the targets are listening. Not used if the target is a - // Lambda function. + // The port on which the targets are listening. This parameter is not used if + // the target is a Lambda function. Port *int64 `min:"1" type:"integer"` // The protocol to use for routing traffic to the targets. @@ -9904,7 +12274,12 @@ type TargetGroupAttribute struct { // // * load_balancing.algorithm.type - The load balancing algorithm determines // how the load balancer selects targets when routing requests. The value - // is round_robin or least_outstanding_requests. The default is round_robin. + // is round_robin, least_outstanding_requests, or weighted_random. The default + // is round_robin. + // + // * load_balancing.algorithm.anomaly_mitigation - Only available when load_balancing.algorithm.type + // is weighted_random. Indicates whether anomaly mitigation is enabled. The + // value is on or off. The default is off. // // * slow_start.duration_seconds - The time period, in seconds, during which // a newly registered target receives an increasing share of the traffic @@ -9943,7 +12318,8 @@ type TargetGroupAttribute struct { // // * deregistration_delay.connection_termination.enabled - Indicates whether // the load balancer terminates connections at the end of the deregistration - // timeout. The value is true or false. The default is false. + // timeout. The value is true or false. For new UDP/TCP_UDP target groups + // the default is true. Otherwise, the default is false. // // * preserve_client_ip.enabled - Indicates whether client IP preservation // is enabled. The value is true or false. The default is disabled if the @@ -9954,6 +12330,10 @@ type TargetGroupAttribute struct { // * proxy_protocol_v2.enabled - Indicates whether Proxy Protocol version // 2 is enabled. The value is true or false. The default is false. // + // * target_health_state.unhealthy.connection_termination.enabled - Indicates + // whether the load balancer terminates connections to unhealthy targets. + // The value is true or false. The default is true. + // // The following attributes are supported only by Gateway Load Balancers: // // * target_failover.on_deregistration - Indicates how the Gateway Load Balancer @@ -10200,6 +12580,13 @@ func (s *TargetHealth) SetState(v string) *TargetHealth { type TargetHealthDescription struct { _ struct{} `type:"structure"` + // The anomaly detection result for the target. + // + // If no anomalies were detected, the result is normal. + // + // If anomalies were detected, the result is anomalous. + AnomalyDetection *AnomalyDetection `type:"structure"` + // The port to use to connect with the target. HealthCheckPort *string `type:"string"` @@ -10228,6 +12615,12 @@ func (s TargetHealthDescription) GoString() string { return s.String() } +// SetAnomalyDetection sets the AnomalyDetection field's value. +func (s *TargetHealthDescription) SetAnomalyDetection(v *AnomalyDetection) *TargetHealthDescription { + s.AnomalyDetection = v + return s +} + // SetHealthCheckPort sets the HealthCheckPort field's value. func (s *TargetHealthDescription) SetHealthCheckPort(v string) *TargetHealthDescription { s.HealthCheckPort = &v @@ -10246,6 +12639,165 @@ func (s *TargetHealthDescription) SetTargetHealth(v *TargetHealth) *TargetHealth return s } +// Information about a trust store. +type TrustStore struct { + _ struct{} `type:"structure"` + + // The name of the trust store. + Name *string `min:"1" type:"string"` + + // The number of ca certificates in the trust store. + NumberOfCaCertificates *int64 `type:"integer"` + + // The current status of the trust store. + Status *string `type:"string" enum:"TrustStoreStatus"` + + // The number of revoked certificates in the trust store. + TotalRevokedEntries *int64 `type:"long"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStore) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStore) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *TrustStore) SetName(v string) *TrustStore { + s.Name = &v + return s +} + +// SetNumberOfCaCertificates sets the NumberOfCaCertificates field's value. +func (s *TrustStore) SetNumberOfCaCertificates(v int64) *TrustStore { + s.NumberOfCaCertificates = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *TrustStore) SetStatus(v string) *TrustStore { + s.Status = &v + return s +} + +// SetTotalRevokedEntries sets the TotalRevokedEntries field's value. +func (s *TrustStore) SetTotalRevokedEntries(v int64) *TrustStore { + s.TotalRevokedEntries = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *TrustStore) SetTrustStoreArn(v string) *TrustStore { + s.TrustStoreArn = &v + return s +} + +// Information about the resources a trust store is associated with. +type TrustStoreAssociation struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the resource. + ResourceArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStoreAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStoreAssociation) GoString() string { + return s.String() +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *TrustStoreAssociation) SetResourceArn(v string) *TrustStoreAssociation { + s.ResourceArn = &v + return s +} + +// Information about a revocation file in use by a trust store. +type TrustStoreRevocation struct { + _ struct{} `type:"structure"` + + // The number of revoked certificates. + NumberOfRevokedEntries *int64 `type:"long"` + + // The revocation ID of the revocation file. + RevocationId *int64 `type:"long"` + + // The type of revocation file. + RevocationType *string `type:"string" enum:"RevocationType"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStoreRevocation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStoreRevocation) GoString() string { + return s.String() +} + +// SetNumberOfRevokedEntries sets the NumberOfRevokedEntries field's value. +func (s *TrustStoreRevocation) SetNumberOfRevokedEntries(v int64) *TrustStoreRevocation { + s.NumberOfRevokedEntries = &v + return s +} + +// SetRevocationId sets the RevocationId field's value. +func (s *TrustStoreRevocation) SetRevocationId(v int64) *TrustStoreRevocation { + s.RevocationId = &v + return s +} + +// SetRevocationType sets the RevocationType field's value. +func (s *TrustStoreRevocation) SetRevocationType(v string) *TrustStoreRevocation { + s.RevocationType = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *TrustStoreRevocation) SetTrustStoreArn(v string) *TrustStoreRevocation { + s.TrustStoreArn = &v + return s +} + const ( // ActionTypeEnumForward is a ActionTypeEnum enum value ActionTypeEnumForward = "forward" @@ -10274,6 +12826,22 @@ func ActionTypeEnum_Values() []string { } } +const ( + // AnomalyResultEnumAnomalous is a AnomalyResultEnum enum value + AnomalyResultEnumAnomalous = "anomalous" + + // AnomalyResultEnumNormal is a AnomalyResultEnum enum value + AnomalyResultEnumNormal = "normal" +) + +// AnomalyResultEnum_Values returns all elements of the AnomalyResultEnum enum +func AnomalyResultEnum_Values() []string { + return []string{ + AnomalyResultEnumAnomalous, + AnomalyResultEnumNormal, + } +} + const ( // AuthenticateCognitoActionConditionalBehaviorEnumDeny is a AuthenticateCognitoActionConditionalBehaviorEnum enum value AuthenticateCognitoActionConditionalBehaviorEnumDeny = "deny" @@ -10314,6 +12882,38 @@ func AuthenticateOidcActionConditionalBehaviorEnum_Values() []string { } } +const ( + // DescribeTargetHealthInputIncludeEnumAnomalyDetection is a DescribeTargetHealthInputIncludeEnum enum value + DescribeTargetHealthInputIncludeEnumAnomalyDetection = "AnomalyDetection" + + // DescribeTargetHealthInputIncludeEnumAll is a DescribeTargetHealthInputIncludeEnum enum value + DescribeTargetHealthInputIncludeEnumAll = "All" +) + +// DescribeTargetHealthInputIncludeEnum_Values returns all elements of the DescribeTargetHealthInputIncludeEnum enum +func DescribeTargetHealthInputIncludeEnum_Values() []string { + return []string{ + DescribeTargetHealthInputIncludeEnumAnomalyDetection, + DescribeTargetHealthInputIncludeEnumAll, + } +} + +const ( + // EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOn is a EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum enum value + EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOn = "on" + + // EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOff is a EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum enum value + EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOff = "off" +) + +// EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum_Values returns all elements of the EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum enum +func EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum_Values() []string { + return []string{ + EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOn, + EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOff, + } +} + const ( // IpAddressTypeIpv4 is a IpAddressType enum value IpAddressTypeIpv4 = "ipv4" @@ -10390,6 +12990,22 @@ func LoadBalancerTypeEnum_Values() []string { } } +const ( + // MitigationInEffectEnumYes is a MitigationInEffectEnum enum value + MitigationInEffectEnumYes = "yes" + + // MitigationInEffectEnumNo is a MitigationInEffectEnum enum value + MitigationInEffectEnumNo = "no" +) + +// MitigationInEffectEnum_Values returns all elements of the MitigationInEffectEnum enum +func MitigationInEffectEnum_Values() []string { + return []string{ + MitigationInEffectEnumYes, + MitigationInEffectEnumNo, + } +} + const ( // ProtocolEnumHttp is a ProtocolEnum enum value ProtocolEnumHttp = "HTTP" @@ -10442,6 +13058,18 @@ func RedirectActionStatusCodeEnum_Values() []string { } } +const ( + // RevocationTypeCrl is a RevocationType enum value + RevocationTypeCrl = "CRL" +) + +// RevocationType_Values returns all elements of the RevocationType enum +func RevocationType_Values() []string { + return []string{ + RevocationTypeCrl, + } +} + const ( // TargetGroupIpAddressTypeEnumIpv4 is a TargetGroupIpAddressTypeEnum enum value TargetGroupIpAddressTypeEnumIpv4 = "ipv4" @@ -10569,3 +13197,19 @@ func TargetTypeEnum_Values() []string { TargetTypeEnumAlb, } } + +const ( + // TrustStoreStatusActive is a TrustStoreStatus enum value + TrustStoreStatusActive = "ACTIVE" + + // TrustStoreStatusCreating is a TrustStoreStatus enum value + TrustStoreStatusCreating = "CREATING" +) + +// TrustStoreStatus_Values returns all elements of the TrustStoreStatus enum +func TrustStoreStatus_Values() []string { + return []string{ + TrustStoreStatusActive, + TrustStoreStatusCreating, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go index a80cdb1f530..90aefdc62b8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go @@ -68,6 +68,10 @@ type ELBV2API interface { AddTagsWithContext(aws.Context, *elbv2.AddTagsInput, ...request.Option) (*elbv2.AddTagsOutput, error) AddTagsRequest(*elbv2.AddTagsInput) (*request.Request, *elbv2.AddTagsOutput) + AddTrustStoreRevocations(*elbv2.AddTrustStoreRevocationsInput) (*elbv2.AddTrustStoreRevocationsOutput, error) + AddTrustStoreRevocationsWithContext(aws.Context, *elbv2.AddTrustStoreRevocationsInput, ...request.Option) (*elbv2.AddTrustStoreRevocationsOutput, error) + AddTrustStoreRevocationsRequest(*elbv2.AddTrustStoreRevocationsInput) (*request.Request, *elbv2.AddTrustStoreRevocationsOutput) + CreateListener(*elbv2.CreateListenerInput) (*elbv2.CreateListenerOutput, error) CreateListenerWithContext(aws.Context, *elbv2.CreateListenerInput, ...request.Option) (*elbv2.CreateListenerOutput, error) CreateListenerRequest(*elbv2.CreateListenerInput) (*request.Request, *elbv2.CreateListenerOutput) @@ -84,6 +88,10 @@ type ELBV2API interface { CreateTargetGroupWithContext(aws.Context, *elbv2.CreateTargetGroupInput, ...request.Option) (*elbv2.CreateTargetGroupOutput, error) CreateTargetGroupRequest(*elbv2.CreateTargetGroupInput) (*request.Request, *elbv2.CreateTargetGroupOutput) + CreateTrustStore(*elbv2.CreateTrustStoreInput) (*elbv2.CreateTrustStoreOutput, error) + CreateTrustStoreWithContext(aws.Context, *elbv2.CreateTrustStoreInput, ...request.Option) (*elbv2.CreateTrustStoreOutput, error) + CreateTrustStoreRequest(*elbv2.CreateTrustStoreInput) (*request.Request, *elbv2.CreateTrustStoreOutput) + DeleteListener(*elbv2.DeleteListenerInput) (*elbv2.DeleteListenerOutput, error) DeleteListenerWithContext(aws.Context, *elbv2.DeleteListenerInput, ...request.Option) (*elbv2.DeleteListenerOutput, error) DeleteListenerRequest(*elbv2.DeleteListenerInput) (*request.Request, *elbv2.DeleteListenerOutput) @@ -100,6 +108,10 @@ type ELBV2API interface { DeleteTargetGroupWithContext(aws.Context, *elbv2.DeleteTargetGroupInput, ...request.Option) (*elbv2.DeleteTargetGroupOutput, error) DeleteTargetGroupRequest(*elbv2.DeleteTargetGroupInput) (*request.Request, *elbv2.DeleteTargetGroupOutput) + DeleteTrustStore(*elbv2.DeleteTrustStoreInput) (*elbv2.DeleteTrustStoreOutput, error) + DeleteTrustStoreWithContext(aws.Context, *elbv2.DeleteTrustStoreInput, ...request.Option) (*elbv2.DeleteTrustStoreOutput, error) + DeleteTrustStoreRequest(*elbv2.DeleteTrustStoreInput) (*request.Request, *elbv2.DeleteTrustStoreOutput) + DeregisterTargets(*elbv2.DeregisterTargetsInput) (*elbv2.DeregisterTargetsOutput, error) DeregisterTargetsWithContext(aws.Context, *elbv2.DeregisterTargetsInput, ...request.Option) (*elbv2.DeregisterTargetsOutput, error) DeregisterTargetsRequest(*elbv2.DeregisterTargetsInput) (*request.Request, *elbv2.DeregisterTargetsOutput) @@ -157,6 +169,35 @@ type ELBV2API interface { DescribeTargetHealthWithContext(aws.Context, *elbv2.DescribeTargetHealthInput, ...request.Option) (*elbv2.DescribeTargetHealthOutput, error) DescribeTargetHealthRequest(*elbv2.DescribeTargetHealthInput) (*request.Request, *elbv2.DescribeTargetHealthOutput) + DescribeTrustStoreAssociations(*elbv2.DescribeTrustStoreAssociationsInput) (*elbv2.DescribeTrustStoreAssociationsOutput, error) + DescribeTrustStoreAssociationsWithContext(aws.Context, *elbv2.DescribeTrustStoreAssociationsInput, ...request.Option) (*elbv2.DescribeTrustStoreAssociationsOutput, error) + DescribeTrustStoreAssociationsRequest(*elbv2.DescribeTrustStoreAssociationsInput) (*request.Request, *elbv2.DescribeTrustStoreAssociationsOutput) + + DescribeTrustStoreAssociationsPages(*elbv2.DescribeTrustStoreAssociationsInput, func(*elbv2.DescribeTrustStoreAssociationsOutput, bool) bool) error + DescribeTrustStoreAssociationsPagesWithContext(aws.Context, *elbv2.DescribeTrustStoreAssociationsInput, func(*elbv2.DescribeTrustStoreAssociationsOutput, bool) bool, ...request.Option) error + + DescribeTrustStoreRevocations(*elbv2.DescribeTrustStoreRevocationsInput) (*elbv2.DescribeTrustStoreRevocationsOutput, error) + DescribeTrustStoreRevocationsWithContext(aws.Context, *elbv2.DescribeTrustStoreRevocationsInput, ...request.Option) (*elbv2.DescribeTrustStoreRevocationsOutput, error) + DescribeTrustStoreRevocationsRequest(*elbv2.DescribeTrustStoreRevocationsInput) (*request.Request, *elbv2.DescribeTrustStoreRevocationsOutput) + + DescribeTrustStoreRevocationsPages(*elbv2.DescribeTrustStoreRevocationsInput, func(*elbv2.DescribeTrustStoreRevocationsOutput, bool) bool) error + DescribeTrustStoreRevocationsPagesWithContext(aws.Context, *elbv2.DescribeTrustStoreRevocationsInput, func(*elbv2.DescribeTrustStoreRevocationsOutput, bool) bool, ...request.Option) error + + DescribeTrustStores(*elbv2.DescribeTrustStoresInput) (*elbv2.DescribeTrustStoresOutput, error) + DescribeTrustStoresWithContext(aws.Context, *elbv2.DescribeTrustStoresInput, ...request.Option) (*elbv2.DescribeTrustStoresOutput, error) + DescribeTrustStoresRequest(*elbv2.DescribeTrustStoresInput) (*request.Request, *elbv2.DescribeTrustStoresOutput) + + DescribeTrustStoresPages(*elbv2.DescribeTrustStoresInput, func(*elbv2.DescribeTrustStoresOutput, bool) bool) error + DescribeTrustStoresPagesWithContext(aws.Context, *elbv2.DescribeTrustStoresInput, func(*elbv2.DescribeTrustStoresOutput, bool) bool, ...request.Option) error + + GetTrustStoreCaCertificatesBundle(*elbv2.GetTrustStoreCaCertificatesBundleInput) (*elbv2.GetTrustStoreCaCertificatesBundleOutput, error) + GetTrustStoreCaCertificatesBundleWithContext(aws.Context, *elbv2.GetTrustStoreCaCertificatesBundleInput, ...request.Option) (*elbv2.GetTrustStoreCaCertificatesBundleOutput, error) + GetTrustStoreCaCertificatesBundleRequest(*elbv2.GetTrustStoreCaCertificatesBundleInput) (*request.Request, *elbv2.GetTrustStoreCaCertificatesBundleOutput) + + GetTrustStoreRevocationContent(*elbv2.GetTrustStoreRevocationContentInput) (*elbv2.GetTrustStoreRevocationContentOutput, error) + GetTrustStoreRevocationContentWithContext(aws.Context, *elbv2.GetTrustStoreRevocationContentInput, ...request.Option) (*elbv2.GetTrustStoreRevocationContentOutput, error) + GetTrustStoreRevocationContentRequest(*elbv2.GetTrustStoreRevocationContentInput) (*request.Request, *elbv2.GetTrustStoreRevocationContentOutput) + ModifyListener(*elbv2.ModifyListenerInput) (*elbv2.ModifyListenerOutput, error) ModifyListenerWithContext(aws.Context, *elbv2.ModifyListenerInput, ...request.Option) (*elbv2.ModifyListenerOutput, error) ModifyListenerRequest(*elbv2.ModifyListenerInput) (*request.Request, *elbv2.ModifyListenerOutput) @@ -177,6 +218,10 @@ type ELBV2API interface { ModifyTargetGroupAttributesWithContext(aws.Context, *elbv2.ModifyTargetGroupAttributesInput, ...request.Option) (*elbv2.ModifyTargetGroupAttributesOutput, error) ModifyTargetGroupAttributesRequest(*elbv2.ModifyTargetGroupAttributesInput) (*request.Request, *elbv2.ModifyTargetGroupAttributesOutput) + ModifyTrustStore(*elbv2.ModifyTrustStoreInput) (*elbv2.ModifyTrustStoreOutput, error) + ModifyTrustStoreWithContext(aws.Context, *elbv2.ModifyTrustStoreInput, ...request.Option) (*elbv2.ModifyTrustStoreOutput, error) + ModifyTrustStoreRequest(*elbv2.ModifyTrustStoreInput) (*request.Request, *elbv2.ModifyTrustStoreOutput) + RegisterTargets(*elbv2.RegisterTargetsInput) (*elbv2.RegisterTargetsOutput, error) RegisterTargetsWithContext(aws.Context, *elbv2.RegisterTargetsInput, ...request.Option) (*elbv2.RegisterTargetsOutput, error) RegisterTargetsRequest(*elbv2.RegisterTargetsInput) (*request.Request, *elbv2.RegisterTargetsOutput) @@ -189,6 +234,10 @@ type ELBV2API interface { RemoveTagsWithContext(aws.Context, *elbv2.RemoveTagsInput, ...request.Option) (*elbv2.RemoveTagsOutput, error) RemoveTagsRequest(*elbv2.RemoveTagsInput) (*request.Request, *elbv2.RemoveTagsOutput) + RemoveTrustStoreRevocations(*elbv2.RemoveTrustStoreRevocationsInput) (*elbv2.RemoveTrustStoreRevocationsOutput, error) + RemoveTrustStoreRevocationsWithContext(aws.Context, *elbv2.RemoveTrustStoreRevocationsInput, ...request.Option) (*elbv2.RemoveTrustStoreRevocationsOutput, error) + RemoveTrustStoreRevocationsRequest(*elbv2.RemoveTrustStoreRevocationsInput) (*request.Request, *elbv2.RemoveTrustStoreRevocationsOutput) + SetIpAddressType(*elbv2.SetIpAddressTypeInput) (*elbv2.SetIpAddressTypeOutput, error) SetIpAddressTypeWithContext(aws.Context, *elbv2.SetIpAddressTypeInput, ...request.Option) (*elbv2.SetIpAddressTypeOutput, error) SetIpAddressTypeRequest(*elbv2.SetIpAddressTypeInput) (*request.Request, *elbv2.SetIpAddressTypeOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go index 7ac5a2ff964..2b8ccd93ed5 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go @@ -22,6 +22,12 @@ const ( // The specified Availability Zone is not supported. ErrCodeAvailabilityZoneNotSupportedException = "AvailabilityZoneNotSupported" + // ErrCodeCaCertificatesBundleNotFoundException for service response error code + // "CaCertificatesBundleNotFound". + // + // The specified ca certificate bundle does not exist. + ErrCodeCaCertificatesBundleNotFoundException = "CaCertificatesBundleNotFound" + // ErrCodeCertificateNotFoundException for service response error code // "CertificateNotFound". // @@ -52,6 +58,12 @@ const ( // A target group with the specified name already exists. ErrCodeDuplicateTargetGroupNameException = "DuplicateTargetGroupName" + // ErrCodeDuplicateTrustStoreNameException for service response error code + // "DuplicateTrustStoreName". + // + // A trust store with the specified name already exists. + ErrCodeDuplicateTrustStoreNameException = "DuplicateTrustStoreName" + // ErrCodeHealthUnavailableException for service response error code // "HealthUnavailable". // @@ -65,6 +77,12 @@ const ( // The specified configuration is not valid with this protocol. ErrCodeIncompatibleProtocolsException = "IncompatibleProtocols" + // ErrCodeInvalidCaCertificatesBundleException for service response error code + // "InvalidCaCertificatesBundle". + // + // The specified ca certificate bundle is in an invalid format, or corrupt. + ErrCodeInvalidCaCertificatesBundleException = "InvalidCaCertificatesBundle" + // ErrCodeInvalidConfigurationRequestException for service response error code // "InvalidConfigurationRequest". // @@ -77,6 +95,12 @@ const ( // The requested action is not valid. ErrCodeInvalidLoadBalancerActionException = "InvalidLoadBalancerAction" + // ErrCodeInvalidRevocationContentException for service response error code + // "InvalidRevocationContent". + // + // The provided revocation file is an invalid format, or uses an incorrect algorithm. + ErrCodeInvalidRevocationContentException = "InvalidRevocationContent" + // ErrCodeInvalidSchemeException for service response error code // "InvalidScheme". // @@ -132,6 +156,18 @@ const ( // A specified resource is in use. ErrCodeResourceInUseException = "ResourceInUse" + // ErrCodeRevocationContentNotFoundException for service response error code + // "RevocationContentNotFound". + // + // The specified revocation file does not exist. + ErrCodeRevocationContentNotFoundException = "RevocationContentNotFound" + + // ErrCodeRevocationIdNotFoundException for service response error code + // "RevocationIdNotFound". + // + // The specified revocation ID does not exist. + ErrCodeRevocationIdNotFoundException = "RevocationIdNotFound" + // ErrCodeRuleNotFoundException for service response error code // "RuleNotFound". // @@ -203,7 +239,7 @@ const ( // ErrCodeTooManyTagsException for service response error code // "TooManyTags". // - // You've reached the limit on the number of tags per load balancer. + // You've reached the limit on the number of tags for this resource. ErrCodeTooManyTagsException = "TooManyTags" // ErrCodeTooManyTargetGroupsException for service response error code @@ -219,6 +255,19 @@ const ( // You've reached the limit on the number of targets. ErrCodeTooManyTargetsException = "TooManyTargets" + // ErrCodeTooManyTrustStoreRevocationEntriesException for service response error code + // "TooManyTrustStoreRevocationEntries". + // + // The specified trust store has too many revocation entries. + ErrCodeTooManyTrustStoreRevocationEntriesException = "TooManyTrustStoreRevocationEntries" + + // ErrCodeTooManyTrustStoresException for service response error code + // "TooManyTrustStores". + // + // You've reached the limit on the number of trust stores for your Amazon Web + // Services account. + ErrCodeTooManyTrustStoresException = "TooManyTrustStores" + // ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException for service response error code // "TooManyUniqueTargetGroupsPerLoadBalancer". // @@ -227,6 +276,24 @@ const ( // load balancer, it is counted as only one use. ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException = "TooManyUniqueTargetGroupsPerLoadBalancer" + // ErrCodeTrustStoreInUseException for service response error code + // "TrustStoreInUse". + // + // The specified trust store is currently in use. + ErrCodeTrustStoreInUseException = "TrustStoreInUse" + + // ErrCodeTrustStoreNotFoundException for service response error code + // "TrustStoreNotFound". + // + // The specified trust store does not exist. + ErrCodeTrustStoreNotFoundException = "TrustStoreNotFound" + + // ErrCodeTrustStoreNotReadyException for service response error code + // "TrustStoreNotReady". + // + // The specified trust store is not active. + ErrCodeTrustStoreNotReadyException = "TrustStoreNotReady" + // ErrCodeUnsupportedProtocolException for service response error code // "UnsupportedProtocol". // diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go index 04a2b6d7dff..fa9401a0eab 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go @@ -167,9 +167,10 @@ func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInp // The caller of this operation must be granted the PassRole permission on the // IAM role by a permissions policy. // -// For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). -// For more information about instance profiles, see About instance profiles -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. For more information about instance profiles, see +// Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -194,7 +195,8 @@ func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInp // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -362,7 +364,7 @@ func (c *IAM) AttachGroupPolicyRequest(input *AttachGroupPolicyInput) (req *requ // Attaches the specified managed policy to the specified IAM group. // // You use this operation to attach a managed policy to a group. To embed an -// inline policy in a group, use PutGroupPolicy. +// inline policy in a group, use PutGroupPolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html). // // As a best practice, you can validate your IAM policies. To learn more, see // Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) @@ -473,12 +475,13 @@ func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *reques // role's permission (access) policy. // // You cannot use a managed policy as the role's trust policy. The role's trust -// policy is created at the same time as the role, using CreateRole. You can -// update a role's trust policy using UpdateAssumeRolePolicy. +// policy is created at the same time as the role, using CreateRole (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). +// You can update a role's trust policy using UpdateAssumerolePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). // // Use this operation to attach a managed policy to a role. To embed an inline -// policy in a role, use PutRolePolicy. For more information about policies, -// see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) +// policy in a role, use PutRolePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html). +// For more information about policies, see Managed policies and inline policies +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. // // As a best practice, you can validate your IAM policies. To learn more, see @@ -508,7 +511,8 @@ func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *reques // for an input parameter. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -590,7 +594,7 @@ func (c *IAM) AttachUserPolicyRequest(input *AttachUserPolicyInput) (req *reques // Attaches the specified managed policy to the specified user. // // You use this operation to attach a managed policy to a user. To embed an -// inline policy in a user, use PutUserPolicy. +// inline policy in a user, use PutUserPolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html). // // As a best practice, you can validate your IAM policies. To learn more, see // Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) @@ -918,9 +922,9 @@ func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *re // CreateAccountAlias API operation for AWS Identity and Access Management. // // Creates an alias for your Amazon Web Services account. For information about -// using an Amazon Web Services account alias, see Using an alias for your Amazon -// Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) -// in the IAM User Guide. +// using an Amazon Web Services account alias, see Creating, deleting, and listing +// an Amazon Web Services account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) +// in the Amazon Web Services Sign-In User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -931,6 +935,11 @@ func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *re // // Returned Error Codes: // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // - ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already // exists. @@ -1340,6 +1349,8 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // - A list of client IDs (also known as audiences) that identify the application // or applications allowed to authenticate using the OIDC provider // +// - A list of tags that are attached to the specified IAM OIDC provider +// // - A list of thumbprints of one or more server certificates that the IdP // uses // @@ -1347,11 +1358,12 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // Amazon Web Services. // // Amazon Web Services secures communication with some OIDC identity providers -// (IdPs) through our library of trusted certificate authorities (CAs) instead -// of using a certificate thumbprint to verify your IdP server certificate. -// These OIDC IdPs include Google, Auth0, and those that use an Amazon S3 bucket -// to host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint -// remains in your configuration, but is no longer used for validation. +// (IdPs) through our library of trusted root certificate authorities (CAs) +// instead of using a certificate thumbprint to verify your IdP server certificate. +// These OIDC IdPs include Auth0, GitHub, Google, and those that use an Amazon +// S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these cases, your +// legacy thumbprint remains in your configuration, but is no longer used for +// validation. // // The trust for the OIDC provider is derived from the IAM provider that this // operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider @@ -1676,10 +1688,11 @@ func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *request.Request, o // CreateRole API operation for AWS Identity and Access Management. // -// Creates a new role for your Amazon Web Services account. For more information -// about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). -// For information about quotas for role names and the number of roles you can -// create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) +// Creates a new role for your Amazon Web Services account. +// +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. For information about quotas for role names and the +// number of roles you can create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2361,6 +2374,11 @@ func (c *IAM) DeactivateMFADeviceRequest(input *DeactivateMFADeviceInput) (req * // The request processing has failed because of an unknown error, exception // or failure. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeactivateMFADevice func (c *IAM) DeactivateMFADevice(input *DeactivateMFADeviceInput) (*DeactivateMFADeviceOutput, error) { req, out := c.DeactivateMFADeviceRequest(input) @@ -2524,9 +2542,9 @@ func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *re // DeleteAccountAlias API operation for AWS Identity and Access Management. // // Deletes the specified Amazon Web Services account alias. For information -// about using an Amazon Web Services account alias, see Using an alias for -// your Amazon Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) -// in the IAM User Guide. +// about using an Amazon Web Services account alias, see Creating, deleting, +// and listing an Amazon Web Services account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) +// in the Amazon Web Services Sign-In User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2537,6 +2555,11 @@ func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *re // // Returned Error Codes: // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // - ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does // not exist. The error message describes the resource. @@ -2906,8 +2929,9 @@ func (c *IAM) DeleteInstanceProfileRequest(input *DeleteInstanceProfileInput) (r // that is associated with a running instance will break any applications running // on the instance. // -// For more information about instance profiles, see About instance profiles -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// For more information about instance profiles, see Using instance profiles +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3474,7 +3498,8 @@ func (c *IAM) DeleteRoleRequest(input *DeleteRoleInput) (req *request.Request, o // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -3556,6 +3581,8 @@ func (c *IAM) DeleteRolePermissionsBoundaryRequest(input *DeleteRolePermissionsB // // Deletes the permissions boundary for the specified IAM role. // +// You cannot set the boundary for a service-linked role. +// // Deleting the permissions boundary for a role might increase its permissions. // For example, it might allow anyone who assumes the role to perform all the // actions granted in its permissions policies. @@ -3574,7 +3601,8 @@ func (c *IAM) DeleteRolePermissionsBoundaryRequest(input *DeleteRolePermissionsB // not exist. The error message describes the resource. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -3676,7 +3704,8 @@ func (c *IAM) DeleteRolePolicyRequest(input *DeleteRolePolicyInput) (req *reques // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -4262,6 +4291,11 @@ func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInp // the current Amazon Web Services account limits. The error message describes // the limit exceeded. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // - ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception // or failure. @@ -4669,6 +4703,11 @@ func (c *IAM) DeleteVirtualMFADeviceRequest(input *DeleteVirtualMFADeviceInput) // The request processing has failed because of an unknown error, exception // or failure. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteVirtualMFADevice func (c *IAM) DeleteVirtualMFADevice(input *DeleteVirtualMFADeviceInput) (*DeleteVirtualMFADeviceOutput, error) { req, out := c.DeleteVirtualMFADeviceRequest(input) @@ -4864,7 +4903,8 @@ func (c *IAM) DetachRolePolicyRequest(input *DetachRolePolicyInput) (req *reques // for an input parameter. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -5078,6 +5118,11 @@ func (c *IAM) EnableMFADeviceRequest(input *EnableMFADeviceInput) (req *request. // The request processing has failed because of an unknown error, exception // or failure. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableMFADevice func (c *IAM) EnableMFADevice(input *EnableMFADeviceInput) (*EnableMFADeviceOutput, error) { req, out := c.EnableMFADeviceRequest(input) @@ -5431,6 +5476,9 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // reports activity for at least the last 400 days, or less if your Region began // supporting this feature within the last year. For more information, see Regions // where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). +// For more information about services and actions for which action last accessed +// information is displayed, see IAM action last accessed information services +// and actions (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-action-last-accessed.html). // // The service last accessed data includes all attempts to access an Amazon // Web Services API, not just the successful ones. This includes all attempts @@ -5572,12 +5620,6 @@ func (c *IAM) GetAccessKeyLastUsedRequest(input *GetAccessKeyLastUsedInput) (req // // See the AWS API reference guide for AWS Identity and Access Management's // API operation GetAccessKeyLastUsed for usage and error information. -// -// Returned Error Codes: -// - ErrCodeNoSuchEntityException "NoSuchEntity" -// The request was rejected because it referenced a resource entity that does -// not exist. The error message describes the resource. -// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccessKeyLastUsed func (c *IAM) GetAccessKeyLastUsed(input *GetAccessKeyLastUsedInput) (*GetAccessKeyLastUsedOutput, error) { req, out := c.GetAccessKeyLastUsedRequest(input) @@ -6490,7 +6532,7 @@ func (c *IAM) GetInstanceProfileRequest(input *GetInstanceProfileInput) (req *re // // Retrieves information about the specified instance profile, including the // instance profile's path, GUID, ARN, and role. For more information about -// instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) +// instance profiles, see Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6628,6 +6670,90 @@ func (c *IAM) GetLoginProfileWithContext(ctx aws.Context, input *GetLoginProfile return out, req.Send() } +const opGetMFADevice = "GetMFADevice" + +// GetMFADeviceRequest generates a "aws/request.Request" representing the +// client's request for the GetMFADevice operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetMFADevice for more information on using the GetMFADevice +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetMFADeviceRequest method. +// req, resp := client.GetMFADeviceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetMFADevice +func (c *IAM) GetMFADeviceRequest(input *GetMFADeviceInput) (req *request.Request, output *GetMFADeviceOutput) { + op := &request.Operation{ + Name: opGetMFADevice, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetMFADeviceInput{} + } + + output = &GetMFADeviceOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetMFADevice API operation for AWS Identity and Access Management. +// +// Retrieves information about an MFA device for a specified user. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Identity and Access Management's +// API operation GetMFADevice for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeNoSuchEntityException "NoSuchEntity" +// The request was rejected because it referenced a resource entity that does +// not exist. The error message describes the resource. +// +// - ErrCodeServiceFailureException "ServiceFailure" +// The request processing has failed because of an unknown error, exception +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetMFADevice +func (c *IAM) GetMFADevice(input *GetMFADeviceInput) (*GetMFADeviceOutput, error) { + req, out := c.GetMFADeviceRequest(input) + return out, req.Send() +} + +// GetMFADeviceWithContext is the same as GetMFADevice with the addition of +// the ability to pass a context and additional request options. +// +// See GetMFADevice for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) GetMFADeviceWithContext(ctx aws.Context, input *GetMFADeviceInput, opts ...request.Option) (*GetMFADeviceOutput, error) { + req, out := c.GetMFADeviceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetOpenIDConnectProvider = "GetOpenIDConnectProvider" // GetOpenIDConnectProviderRequest generates a "aws/request.Request" representing the @@ -6773,7 +6899,7 @@ func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessR // permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. // -// For each service that principals in an account (root users, IAM users, or +// For each service that principals in an account (root user, IAM users, or // IAM roles) could access using SCPs, the operation returns details about the // most recent access attempt. If there was no attempt, the service is listed // without details about the most recent attempt to access the service. If the @@ -7070,7 +7196,8 @@ func (c *IAM) GetRoleRequest(input *GetRoleInput) (req *request.Request, output // // Retrieves information about the specified role, including the role's path, // GUID, ARN, and the role's trust policy that grants permission to assume the -// role. For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). +// role. For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. // // Policies returned by this operation are URL-encoded compliant with RFC 3986 // (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method @@ -7178,8 +7305,8 @@ func (c *IAM) GetRolePolicyRequest(input *GetRolePolicyInput) (req *request.Requ // (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. // -// For more information about roles, see Using roles to delegate permissions -// and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8065,10 +8192,11 @@ func (c *IAM) ListAccessKeysRequest(input *ListAccessKeysInput) (req *request.Re // If the UserName is not specified, the user name is determined implicitly // based on the Amazon Web Services access key ID used to sign the request. // If a temporary access key is used, then UserName is required. If a long-term -// key is assigned to the user, then UserName is not required. This operation -// works for access keys under the Amazon Web Services account. Consequently, -// you can use this operation to manage Amazon Web Services account root user -// credentials even if the Amazon Web Services account has no associated users. +// key is assigned to the user, then UserName is not required. +// +// This operation works for access keys under the Amazon Web Services account. +// If the Amazon Web Services account has no associated users, the root user +// returns it's own access key IDs by running this command. // // To ensure the security of your Amazon Web Services account, the secret access // key is accessible only during key and user creation. @@ -8214,9 +8342,9 @@ func (c *IAM) ListAccountAliasesRequest(input *ListAccountAliasesInput) (req *re // // Lists the account alias associated with the Amazon Web Services account (Note: // you can have only one). For information about using an Amazon Web Services -// account alias, see Using an alias for your Amazon Web Services account ID -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) in the -// IAM User Guide. +// account alias, see Creating, deleting, and listing an Amazon Web Services +// account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) +// in the Amazon Web Services Sign-In User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9387,6 +9515,12 @@ func (c *IAM) ListInstanceProfileTagsRequest(input *ListInstanceProfileTagsInput Name: opListInstanceProfileTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxItems", + TruncationToken: "IsTruncated", + }, } if input == nil { @@ -9444,6 +9578,57 @@ func (c *IAM) ListInstanceProfileTagsWithContext(ctx aws.Context, input *ListIns return out, req.Send() } +// ListInstanceProfileTagsPages iterates over the pages of a ListInstanceProfileTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListInstanceProfileTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListInstanceProfileTags operation. +// pageNum := 0 +// err := client.ListInstanceProfileTagsPages(params, +// func(page *iam.ListInstanceProfileTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *IAM) ListInstanceProfileTagsPages(input *ListInstanceProfileTagsInput, fn func(*ListInstanceProfileTagsOutput, bool) bool) error { + return c.ListInstanceProfileTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListInstanceProfileTagsPagesWithContext same as ListInstanceProfileTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) ListInstanceProfileTagsPagesWithContext(ctx aws.Context, input *ListInstanceProfileTagsInput, fn func(*ListInstanceProfileTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListInstanceProfileTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListInstanceProfileTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListInstanceProfileTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListInstanceProfiles = "ListInstanceProfiles" // ListInstanceProfilesRequest generates a "aws/request.Request" representing the @@ -9495,7 +9680,8 @@ func (c *IAM) ListInstanceProfilesRequest(input *ListInstanceProfilesInput) (req // // Lists the instance profiles that have the specified path prefix. If there // are none, the operation returns an empty list. For more information about -// instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// instance profiles, see Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even @@ -9640,7 +9826,8 @@ func (c *IAM) ListInstanceProfilesForRoleRequest(input *ListInstanceProfilesForR // // Lists the instance profiles that have the specified associated IAM role. // If there are none, the operation returns an empty list. For more information -// about instance profiles, go to About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// about instance profiles, go to Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -9764,6 +9951,12 @@ func (c *IAM) ListMFADeviceTagsRequest(input *ListMFADeviceTagsInput) (req *requ Name: opListMFADeviceTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxItems", + TruncationToken: "IsTruncated", + }, } if input == nil { @@ -9825,6 +10018,57 @@ func (c *IAM) ListMFADeviceTagsWithContext(ctx aws.Context, input *ListMFADevice return out, req.Send() } +// ListMFADeviceTagsPages iterates over the pages of a ListMFADeviceTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListMFADeviceTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListMFADeviceTags operation. +// pageNum := 0 +// err := client.ListMFADeviceTagsPages(params, +// func(page *iam.ListMFADeviceTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *IAM) ListMFADeviceTagsPages(input *ListMFADeviceTagsInput, fn func(*ListMFADeviceTagsOutput, bool) bool) error { + return c.ListMFADeviceTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListMFADeviceTagsPagesWithContext same as ListMFADeviceTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) ListMFADeviceTagsPagesWithContext(ctx aws.Context, input *ListMFADeviceTagsInput, fn func(*ListMFADeviceTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListMFADeviceTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListMFADeviceTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListMFADeviceTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListMFADevices = "ListMFADevices" // ListMFADevicesRequest generates a "aws/request.Request" representing the @@ -10002,6 +10246,12 @@ func (c *IAM) ListOpenIDConnectProviderTagsRequest(input *ListOpenIDConnectProvi Name: opListOpenIDConnectProviderTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxItems", + TruncationToken: "IsTruncated", + }, } if input == nil { @@ -10065,6 +10315,57 @@ func (c *IAM) ListOpenIDConnectProviderTagsWithContext(ctx aws.Context, input *L return out, req.Send() } +// ListOpenIDConnectProviderTagsPages iterates over the pages of a ListOpenIDConnectProviderTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListOpenIDConnectProviderTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListOpenIDConnectProviderTags operation. +// pageNum := 0 +// err := client.ListOpenIDConnectProviderTagsPages(params, +// func(page *iam.ListOpenIDConnectProviderTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *IAM) ListOpenIDConnectProviderTagsPages(input *ListOpenIDConnectProviderTagsInput, fn func(*ListOpenIDConnectProviderTagsOutput, bool) bool) error { + return c.ListOpenIDConnectProviderTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListOpenIDConnectProviderTagsPagesWithContext same as ListOpenIDConnectProviderTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) ListOpenIDConnectProviderTagsPagesWithContext(ctx aws.Context, input *ListOpenIDConnectProviderTagsInput, fn func(*ListOpenIDConnectProviderTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListOpenIDConnectProviderTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListOpenIDConnectProviderTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListOpenIDConnectProviderTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListOpenIDConnectProviders = "ListOpenIDConnectProviders" // ListOpenIDConnectProvidersRequest generates a "aws/request.Request" representing the @@ -10451,6 +10752,12 @@ func (c *IAM) ListPolicyTagsRequest(input *ListPolicyTagsInput) (req *request.Re Name: opListPolicyTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxItems", + TruncationToken: "IsTruncated", + }, } if input == nil { @@ -10512,6 +10819,57 @@ func (c *IAM) ListPolicyTagsWithContext(ctx aws.Context, input *ListPolicyTagsIn return out, req.Send() } +// ListPolicyTagsPages iterates over the pages of a ListPolicyTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListPolicyTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListPolicyTags operation. +// pageNum := 0 +// err := client.ListPolicyTagsPages(params, +// func(page *iam.ListPolicyTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *IAM) ListPolicyTagsPages(input *ListPolicyTagsInput, fn func(*ListPolicyTagsOutput, bool) bool) error { + return c.ListPolicyTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListPolicyTagsPagesWithContext same as ListPolicyTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) ListPolicyTagsPagesWithContext(ctx aws.Context, input *ListPolicyTagsInput, fn func(*ListPolicyTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListPolicyTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListPolicyTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListPolicyTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListPolicyVersions = "ListPolicyVersions" // ListPolicyVersionsRequest generates a "aws/request.Request" representing the @@ -10843,6 +11201,12 @@ func (c *IAM) ListRoleTagsRequest(input *ListRoleTagsInput) (req *request.Reques Name: opListRoleTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxItems", + TruncationToken: "IsTruncated", + }, } if input == nil { @@ -10900,6 +11264,57 @@ func (c *IAM) ListRoleTagsWithContext(ctx aws.Context, input *ListRoleTagsInput, return out, req.Send() } +// ListRoleTagsPages iterates over the pages of a ListRoleTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListRoleTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListRoleTags operation. +// pageNum := 0 +// err := client.ListRoleTagsPages(params, +// func(page *iam.ListRoleTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *IAM) ListRoleTagsPages(input *ListRoleTagsInput, fn func(*ListRoleTagsOutput, bool) bool) error { + return c.ListRoleTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListRoleTagsPagesWithContext same as ListRoleTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) ListRoleTagsPagesWithContext(ctx aws.Context, input *ListRoleTagsInput, fn func(*ListRoleTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListRoleTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListRoleTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListRoleTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListRoles = "ListRoles" // ListRolesRequest generates a "aws/request.Request" representing the @@ -10951,12 +11366,20 @@ func (c *IAM) ListRolesRequest(input *ListRolesInput) (req *request.Request, out // // Lists the IAM roles that have the specified path prefix. If there are none, // the operation returns an empty list. For more information about roles, see -// Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). +// IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. // // IAM resource-listing operations return a subset of the available attributes -// for the resource. For example, this operation does not return tags, even -// though they are an attribute of the returned object. To view all of the information -// for a role, see GetRole. +// for the resource. This operation does not return the following attributes, +// even though they are an attribute of the returned object: +// +// - PermissionsBoundary +// +// - RoleLastUsed +// +// - Tags +// +// To view all of the information for a role, see GetRole. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -11075,6 +11498,12 @@ func (c *IAM) ListSAMLProviderTagsRequest(input *ListSAMLProviderTagsInput) (req Name: opListSAMLProviderTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxItems", + TruncationToken: "IsTruncated", + }, } if input == nil { @@ -11138,6 +11567,57 @@ func (c *IAM) ListSAMLProviderTagsWithContext(ctx aws.Context, input *ListSAMLPr return out, req.Send() } +// ListSAMLProviderTagsPages iterates over the pages of a ListSAMLProviderTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListSAMLProviderTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListSAMLProviderTags operation. +// pageNum := 0 +// err := client.ListSAMLProviderTagsPages(params, +// func(page *iam.ListSAMLProviderTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *IAM) ListSAMLProviderTagsPages(input *ListSAMLProviderTagsInput, fn func(*ListSAMLProviderTagsOutput, bool) bool) error { + return c.ListSAMLProviderTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListSAMLProviderTagsPagesWithContext same as ListSAMLProviderTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) ListSAMLProviderTagsPagesWithContext(ctx aws.Context, input *ListSAMLProviderTagsInput, fn func(*ListSAMLProviderTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListSAMLProviderTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListSAMLProviderTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListSAMLProviderTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListSAMLProviders = "ListSAMLProviders" // ListSAMLProvidersRequest generates a "aws/request.Request" representing the @@ -11399,6 +11879,12 @@ func (c *IAM) ListServerCertificateTagsRequest(input *ListServerCertificateTagsI Name: opListServerCertificateTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxItems", + TruncationToken: "IsTruncated", + }, } if input == nil { @@ -11462,6 +11948,57 @@ func (c *IAM) ListServerCertificateTagsWithContext(ctx aws.Context, input *ListS return out, req.Send() } +// ListServerCertificateTagsPages iterates over the pages of a ListServerCertificateTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListServerCertificateTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListServerCertificateTags operation. +// pageNum := 0 +// err := client.ListServerCertificateTagsPages(params, +// func(page *iam.ListServerCertificateTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *IAM) ListServerCertificateTagsPages(input *ListServerCertificateTagsInput, fn func(*ListServerCertificateTagsOutput, bool) bool) error { + return c.ListServerCertificateTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListServerCertificateTagsPagesWithContext same as ListServerCertificateTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) ListServerCertificateTagsPagesWithContext(ctx aws.Context, input *ListServerCertificateTagsInput, fn func(*ListServerCertificateTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListServerCertificateTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListServerCertificateTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListServerCertificateTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListServerCertificates = "ListServerCertificates" // ListServerCertificatesRequest generates a "aws/request.Request" representing the @@ -12200,9 +12737,14 @@ func (c *IAM) ListUsersRequest(input *ListUsersInput) (req *request.Request, out // account. If there are none, the operation returns an empty list. // // IAM resource-listing operations return a subset of the available attributes -// for the resource. For example, this operation does not return tags, even -// though they are an attribute of the returned object. To view all of the information -// for a user, see GetUser. +// for the resource. This operation does not return the following attributes, +// even though they are an attribute of the returned object: +// +// - PermissionsBoundary +// +// - Tags +// +// To view all of the information for a user, see GetUser. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -12479,9 +13021,10 @@ func (c *IAM) PutGroupPolicyRequest(input *PutGroupPolicyInput) (req *request.Re // IAM group. // // A user can also have managed policies attached to it. To attach a managed -// policy to a group, use AttachGroupPolicy. To create a new managed policy, -// use CreatePolicy. For information about policies, see Managed policies and -// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) +// policy to a group, use AttachGroupPolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html). +// To create a new managed policy, use CreatePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html). +// For information about policies, see Managed policies and inline policies +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. // // For information about the maximum number of inline policies that you can @@ -12617,7 +13160,8 @@ func (c *IAM) PutRolePermissionsBoundaryRequest(input *PutRolePermissionsBoundar // for an input parameter. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -12701,14 +13245,16 @@ func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *request.Requ // // When you embed an inline policy in a role, the inline policy is used as part // of the role's access (permissions) policy. The role's trust policy is created -// at the same time as the role, using CreateRole. You can update a role's trust -// policy using UpdateAssumeRolePolicy. For more information about IAM roles, -// see Using roles to delegate permissions and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). +// at the same time as the role, using CreateRole (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). +// You can update a role's trust policy using UpdateAssumeRolePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) +// in the IAM User Guide. // // A role can also have a managed policy attached to it. To attach a managed -// policy to a role, use AttachRolePolicy. To create a new managed policy, use -// CreatePolicy. For information about policies, see Managed policies and inline -// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) +// policy to a role, use AttachRolePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html). +// To create a new managed policy, use CreatePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html). +// For information about policies, see Managed policies and inline policies +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. // // For information about the maximum number of inline policies that you can @@ -12743,7 +13289,8 @@ func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *request.Requ // not exist. The error message describes the resource. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -12925,9 +13472,10 @@ func (c *IAM) PutUserPolicyRequest(input *PutUserPolicyInput) (req *request.Requ // IAM user. // // An IAM user can also have a managed policy attached to it. To attach a managed -// policy to a user, use AttachUserPolicy. To create a new managed policy, use -// CreatePolicy. For information about policies, see Managed policies and inline -// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) +// policy to a user, use AttachUserPolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html). +// To create a new managed policy, use CreatePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html). +// For information about policies, see Managed policies and inline policies +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. // // For information about the maximum number of inline policies that you can @@ -13132,9 +13680,10 @@ func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstance // an instance profile that is associated with a running instance might break // any applications running on the instance. // -// For more information about IAM roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). -// For more information about instance profiles, see About instance profiles -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. For more information about instance profiles, see +// Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13155,7 +13704,8 @@ func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstance // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -13435,6 +13985,11 @@ func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *request. // The request processing has failed because of an unknown error, exception // or failure. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResyncMFADevice func (c *IAM) ResyncMFADevice(input *ResyncMFADeviceInput) (*ResyncMFADeviceOutput, error) { req, out := c.ResyncMFADeviceRequest(input) @@ -14323,10 +14878,10 @@ func (c *IAM) TagOpenIDConnectProviderRequest(input *TagOpenIDConnectProviderInp // Or search for all resources with the key name Cost Center and the value // 41200. // -// - Access control - Include tags in IAM user-based and resource-based policies. -// You can use tags to restrict access to only an OIDC provider that has -// a specified tag attached. For examples of policies that show how to use -// tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) +// - Access control - Include tags in IAM identity-based and resource-based +// policies. You can use tags to restrict access to only an OIDC provider +// that has a specified tag attached. For examples of policies that show +// how to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - If any one of the tags is invalid or if you exceed the allowed maximum @@ -14968,13 +15523,13 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // Or search for all resources with the key name Cost Center and the value // 41200. // -// - Access control - Include tags in IAM user-based and resource-based policies. -// You can use tags to restrict access to only an IAM requesting user that -// has a specified tag attached. You can also restrict access to only those -// resources that have a certain tag attached. For examples of policies that -// show how to use tags to control access, see Control access using IAM tags -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in -// the IAM User Guide. +// - Access control - Include tags in IAM identity-based and resource-based +// policies. You can use tags to restrict access to only an IAM requesting +// user that has a specified tag attached. You can also restrict access to +// only those resources that have a certain tag attached. For examples of +// policies that show how to use tags to control access, see Control access +// using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) +// in the IAM User Guide. // // - Cost allocation - Use tags to help track which individuals and teams // are using which Amazon Web Services resources. @@ -16096,7 +16651,8 @@ func (c *IAM) UpdateAssumeRolePolicyRequest(input *UpdateAssumeRolePolicyInput) // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -16395,11 +16951,12 @@ func (c *IAM) UpdateOpenIDConnectProviderThumbprintRequest(input *UpdateOpenIDCo // as a principal fails until the certificate thumbprint is updated. // // Amazon Web Services secures communication with some OIDC identity providers -// (IdPs) through our library of trusted certificate authorities (CAs) instead -// of using a certificate thumbprint to verify your IdP server certificate. -// These OIDC IdPs include Google, Auth0, and those that use an Amazon S3 bucket -// to host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint -// remains in your configuration, but is no longer used for validation. +// (IdPs) through our library of trusted root certificate authorities (CAs) +// instead of using a certificate thumbprint to verify your IdP server certificate. +// These OIDC IdPs include Auth0, GitHub, Google, and those that use an Amazon +// S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these cases, your +// legacy thumbprint remains in your configuration, but is no longer used for +// validation. // // Trust for the OIDC provider is derived from the provider certificate and // is validated by the thumbprint. Therefore, it is best to limit access to @@ -16505,7 +17062,8 @@ func (c *IAM) UpdateRoleRequest(input *UpdateRoleInput) (req *request.Request, o // Returned Error Codes: // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -16602,7 +17160,8 @@ func (c *IAM) UpdateRoleDescriptionRequest(input *UpdateRoleDescriptionInput) (r // not exist. The error message describes the resource. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -17564,6 +18123,11 @@ func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInp // The request was rejected because it referenced a resource entity that does // not exist. The error message describes the resource. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // - ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception // or failure. @@ -17604,7 +18168,7 @@ type AccessDetail struct { // from which an authenticated principal last attempted to access the service. // Amazon Web Services does not report unauthenticated requests. // - // This field is null if no principals (IAM users, IAM roles, or root users) + // This field is null if no principals (IAM users, IAM roles, or root user) // in the reported Organizations entity attempted to access the service within // the tracking period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). EntityPath *string `min:"19" type:"string"` @@ -17641,7 +18205,7 @@ type AccessDetail struct { // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` - // The number of accounts with authenticated principals (root users, IAM users, + // The number of accounts with authenticated principals (root user, IAM users, // and IAM roles) that attempted to access the service in the tracking period. TotalAuthenticatedEntities *int64 `type:"integer"` } @@ -19368,7 +19932,7 @@ type CreateOpenIDConnectProviderInput struct { // // For more information about obtaining the OIDC provider thumbprint, see Obtaining // the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html) - // in the IAM User Guide. + // in the IAM user Guide. // // ThumbprintList is a required field ThumbprintList []*string `type:"list" required:"true"` @@ -19924,6 +20488,10 @@ type CreateRoleInput struct { // Names are not distinguished by case. For example, you cannot create resources // named both "MyResource" and "myresource". // + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- + // // RoleName is a required field RoleName *string `min:"1" type:"string" required:"true"` @@ -20626,8 +21194,8 @@ type CreateVirtualMFADeviceInput struct { // of tags, then the entire request fails and the resource is not created. Tags []*Tag `type:"list"` - // The name of the virtual MFA device. Use with path to uniquely identify a - // virtual MFA device. + // The name of the virtual MFA device, which must be unique. Use with path to + // uniquely identify a virtual MFA device. // // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) // a string of characters consisting of upper and lowercase alphanumeric characters @@ -24842,6 +25410,131 @@ func (s *GetLoginProfileOutput) SetLoginProfile(v *LoginProfile) *GetLoginProfil return s } +type GetMFADeviceInput struct { + _ struct{} `type:"structure"` + + // Serial number that uniquely identifies the MFA device. For this API, we only + // accept FIDO security key ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). + // + // SerialNumber is a required field + SerialNumber *string `min:"9" type:"string" required:"true"` + + // The friendly name identifying the user. + UserName *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetMFADeviceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetMFADeviceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetMFADeviceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetMFADeviceInput"} + if s.SerialNumber == nil { + invalidParams.Add(request.NewErrParamRequired("SerialNumber")) + } + if s.SerialNumber != nil && len(*s.SerialNumber) < 9 { + invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9)) + } + if s.UserName != nil && len(*s.UserName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("UserName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSerialNumber sets the SerialNumber field's value. +func (s *GetMFADeviceInput) SetSerialNumber(v string) *GetMFADeviceInput { + s.SerialNumber = &v + return s +} + +// SetUserName sets the UserName field's value. +func (s *GetMFADeviceInput) SetUserName(v string) *GetMFADeviceInput { + s.UserName = &v + return s +} + +type GetMFADeviceOutput struct { + _ struct{} `type:"structure"` + + // The certifications of a specified user's MFA device. We currently provide + // FIPS-140-2, FIPS-140-3, and FIDO certification levels obtained from FIDO + // Alliance Metadata Service (MDS) (https://fidoalliance.org/metadata/). + Certifications map[string]*string `type:"map"` + + // The date that a specified user's MFA device was first enabled. + EnableDate *time.Time `type:"timestamp"` + + // Serial number that uniquely identifies the MFA device. For this API, we only + // accept FIDO security key ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). + // + // SerialNumber is a required field + SerialNumber *string `min:"9" type:"string" required:"true"` + + // The friendly name identifying the user. + UserName *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetMFADeviceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetMFADeviceOutput) GoString() string { + return s.String() +} + +// SetCertifications sets the Certifications field's value. +func (s *GetMFADeviceOutput) SetCertifications(v map[string]*string) *GetMFADeviceOutput { + s.Certifications = v + return s +} + +// SetEnableDate sets the EnableDate field's value. +func (s *GetMFADeviceOutput) SetEnableDate(v time.Time) *GetMFADeviceOutput { + s.EnableDate = &v + return s +} + +// SetSerialNumber sets the SerialNumber field's value. +func (s *GetMFADeviceOutput) SetSerialNumber(v string) *GetMFADeviceOutput { + s.SerialNumber = &v + return s +} + +// SetUserName sets the UserName field's value. +func (s *GetMFADeviceOutput) SetUserName(v string) *GetMFADeviceOutput { + s.UserName = &v + return s +} + type GetOpenIDConnectProviderInput struct { _ struct{} `type:"structure"` @@ -33015,7 +33708,7 @@ type PutGroupPolicyInput struct { // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. // CloudFormation always converts a YAML policy to JSON format before submitting - // it to = IAM. + // it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: @@ -34270,7 +34963,7 @@ type Role struct { // if your Region began supporting these features within the last year. The // role might have been used more than 400 days ago. For more information, see // Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) - // in the IAM User Guide. + // in the IAM user Guide. RoleLastUsed *RoleLastUsed `type:"structure"` // The friendly name that identifies the role. @@ -34531,7 +35224,7 @@ func (s *RoleDetail) SetTags(v []*Tag) *RoleDetail { // if your Region began supporting these features within the last year. The // role might have been used more than 400 days ago. For more information, see // Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) -// in the IAM User Guide. +// in the IAM user Guide. // // This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails // operations. @@ -40361,7 +41054,7 @@ type VirtualMFADevice struct { _ struct{} `type:"structure"` // The base32 seed defined as specified in RFC3548 (https://tools.ietf.org/html/rfc3548.txt). - // The Base32StringSeed is base64-encoded. + // The Base32StringSeed is base32-encoded. // // Base32StringSeed is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by VirtualMFADevice's diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go index 376c9710ee7..de6dfec0225 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go @@ -186,7 +186,8 @@ const ( // ErrCodeUnmodifiableEntityException for service response error code // "UnmodifiableEntity". // - // The request was rejected because only the service that depends on the service-linked + // The request was rejected because service-linked roles are protected Amazon + // Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go index f8b3ca0019f..4d8e8ec02f4 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go @@ -318,6 +318,10 @@ type IAMAPI interface { GetLoginProfileWithContext(aws.Context, *iam.GetLoginProfileInput, ...request.Option) (*iam.GetLoginProfileOutput, error) GetLoginProfileRequest(*iam.GetLoginProfileInput) (*request.Request, *iam.GetLoginProfileOutput) + GetMFADevice(*iam.GetMFADeviceInput) (*iam.GetMFADeviceOutput, error) + GetMFADeviceWithContext(aws.Context, *iam.GetMFADeviceInput, ...request.Option) (*iam.GetMFADeviceOutput, error) + GetMFADeviceRequest(*iam.GetMFADeviceInput) (*request.Request, *iam.GetMFADeviceOutput) + GetOpenIDConnectProvider(*iam.GetOpenIDConnectProviderInput) (*iam.GetOpenIDConnectProviderOutput, error) GetOpenIDConnectProviderWithContext(aws.Context, *iam.GetOpenIDConnectProviderInput, ...request.Option) (*iam.GetOpenIDConnectProviderOutput, error) GetOpenIDConnectProviderRequest(*iam.GetOpenIDConnectProviderInput) (*request.Request, *iam.GetOpenIDConnectProviderOutput) @@ -441,6 +445,9 @@ type IAMAPI interface { ListInstanceProfileTagsWithContext(aws.Context, *iam.ListInstanceProfileTagsInput, ...request.Option) (*iam.ListInstanceProfileTagsOutput, error) ListInstanceProfileTagsRequest(*iam.ListInstanceProfileTagsInput) (*request.Request, *iam.ListInstanceProfileTagsOutput) + ListInstanceProfileTagsPages(*iam.ListInstanceProfileTagsInput, func(*iam.ListInstanceProfileTagsOutput, bool) bool) error + ListInstanceProfileTagsPagesWithContext(aws.Context, *iam.ListInstanceProfileTagsInput, func(*iam.ListInstanceProfileTagsOutput, bool) bool, ...request.Option) error + ListInstanceProfiles(*iam.ListInstanceProfilesInput) (*iam.ListInstanceProfilesOutput, error) ListInstanceProfilesWithContext(aws.Context, *iam.ListInstanceProfilesInput, ...request.Option) (*iam.ListInstanceProfilesOutput, error) ListInstanceProfilesRequest(*iam.ListInstanceProfilesInput) (*request.Request, *iam.ListInstanceProfilesOutput) @@ -459,6 +466,9 @@ type IAMAPI interface { ListMFADeviceTagsWithContext(aws.Context, *iam.ListMFADeviceTagsInput, ...request.Option) (*iam.ListMFADeviceTagsOutput, error) ListMFADeviceTagsRequest(*iam.ListMFADeviceTagsInput) (*request.Request, *iam.ListMFADeviceTagsOutput) + ListMFADeviceTagsPages(*iam.ListMFADeviceTagsInput, func(*iam.ListMFADeviceTagsOutput, bool) bool) error + ListMFADeviceTagsPagesWithContext(aws.Context, *iam.ListMFADeviceTagsInput, func(*iam.ListMFADeviceTagsOutput, bool) bool, ...request.Option) error + ListMFADevices(*iam.ListMFADevicesInput) (*iam.ListMFADevicesOutput, error) ListMFADevicesWithContext(aws.Context, *iam.ListMFADevicesInput, ...request.Option) (*iam.ListMFADevicesOutput, error) ListMFADevicesRequest(*iam.ListMFADevicesInput) (*request.Request, *iam.ListMFADevicesOutput) @@ -470,6 +480,9 @@ type IAMAPI interface { ListOpenIDConnectProviderTagsWithContext(aws.Context, *iam.ListOpenIDConnectProviderTagsInput, ...request.Option) (*iam.ListOpenIDConnectProviderTagsOutput, error) ListOpenIDConnectProviderTagsRequest(*iam.ListOpenIDConnectProviderTagsInput) (*request.Request, *iam.ListOpenIDConnectProviderTagsOutput) + ListOpenIDConnectProviderTagsPages(*iam.ListOpenIDConnectProviderTagsInput, func(*iam.ListOpenIDConnectProviderTagsOutput, bool) bool) error + ListOpenIDConnectProviderTagsPagesWithContext(aws.Context, *iam.ListOpenIDConnectProviderTagsInput, func(*iam.ListOpenIDConnectProviderTagsOutput, bool) bool, ...request.Option) error + ListOpenIDConnectProviders(*iam.ListOpenIDConnectProvidersInput) (*iam.ListOpenIDConnectProvidersOutput, error) ListOpenIDConnectProvidersWithContext(aws.Context, *iam.ListOpenIDConnectProvidersInput, ...request.Option) (*iam.ListOpenIDConnectProvidersOutput, error) ListOpenIDConnectProvidersRequest(*iam.ListOpenIDConnectProvidersInput) (*request.Request, *iam.ListOpenIDConnectProvidersOutput) @@ -489,6 +502,9 @@ type IAMAPI interface { ListPolicyTagsWithContext(aws.Context, *iam.ListPolicyTagsInput, ...request.Option) (*iam.ListPolicyTagsOutput, error) ListPolicyTagsRequest(*iam.ListPolicyTagsInput) (*request.Request, *iam.ListPolicyTagsOutput) + ListPolicyTagsPages(*iam.ListPolicyTagsInput, func(*iam.ListPolicyTagsOutput, bool) bool) error + ListPolicyTagsPagesWithContext(aws.Context, *iam.ListPolicyTagsInput, func(*iam.ListPolicyTagsOutput, bool) bool, ...request.Option) error + ListPolicyVersions(*iam.ListPolicyVersionsInput) (*iam.ListPolicyVersionsOutput, error) ListPolicyVersionsWithContext(aws.Context, *iam.ListPolicyVersionsInput, ...request.Option) (*iam.ListPolicyVersionsOutput, error) ListPolicyVersionsRequest(*iam.ListPolicyVersionsInput) (*request.Request, *iam.ListPolicyVersionsOutput) @@ -507,6 +523,9 @@ type IAMAPI interface { ListRoleTagsWithContext(aws.Context, *iam.ListRoleTagsInput, ...request.Option) (*iam.ListRoleTagsOutput, error) ListRoleTagsRequest(*iam.ListRoleTagsInput) (*request.Request, *iam.ListRoleTagsOutput) + ListRoleTagsPages(*iam.ListRoleTagsInput, func(*iam.ListRoleTagsOutput, bool) bool) error + ListRoleTagsPagesWithContext(aws.Context, *iam.ListRoleTagsInput, func(*iam.ListRoleTagsOutput, bool) bool, ...request.Option) error + ListRoles(*iam.ListRolesInput) (*iam.ListRolesOutput, error) ListRolesWithContext(aws.Context, *iam.ListRolesInput, ...request.Option) (*iam.ListRolesOutput, error) ListRolesRequest(*iam.ListRolesInput) (*request.Request, *iam.ListRolesOutput) @@ -518,6 +537,9 @@ type IAMAPI interface { ListSAMLProviderTagsWithContext(aws.Context, *iam.ListSAMLProviderTagsInput, ...request.Option) (*iam.ListSAMLProviderTagsOutput, error) ListSAMLProviderTagsRequest(*iam.ListSAMLProviderTagsInput) (*request.Request, *iam.ListSAMLProviderTagsOutput) + ListSAMLProviderTagsPages(*iam.ListSAMLProviderTagsInput, func(*iam.ListSAMLProviderTagsOutput, bool) bool) error + ListSAMLProviderTagsPagesWithContext(aws.Context, *iam.ListSAMLProviderTagsInput, func(*iam.ListSAMLProviderTagsOutput, bool) bool, ...request.Option) error + ListSAMLProviders(*iam.ListSAMLProvidersInput) (*iam.ListSAMLProvidersOutput, error) ListSAMLProvidersWithContext(aws.Context, *iam.ListSAMLProvidersInput, ...request.Option) (*iam.ListSAMLProvidersOutput, error) ListSAMLProvidersRequest(*iam.ListSAMLProvidersInput) (*request.Request, *iam.ListSAMLProvidersOutput) @@ -533,6 +555,9 @@ type IAMAPI interface { ListServerCertificateTagsWithContext(aws.Context, *iam.ListServerCertificateTagsInput, ...request.Option) (*iam.ListServerCertificateTagsOutput, error) ListServerCertificateTagsRequest(*iam.ListServerCertificateTagsInput) (*request.Request, *iam.ListServerCertificateTagsOutput) + ListServerCertificateTagsPages(*iam.ListServerCertificateTagsInput, func(*iam.ListServerCertificateTagsOutput, bool) bool) error + ListServerCertificateTagsPagesWithContext(aws.Context, *iam.ListServerCertificateTagsInput, func(*iam.ListServerCertificateTagsOutput, bool) bool, ...request.Option) error + ListServerCertificates(*iam.ListServerCertificatesInput) (*iam.ListServerCertificatesOutput, error) ListServerCertificatesWithContext(aws.Context, *iam.ListServerCertificatesInput, ...request.Option) (*iam.ListServerCertificatesOutput, error) ListServerCertificatesRequest(*iam.ListServerCertificatesInput) (*request.Request, *iam.ListServerCertificatesOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kinesis/api.go b/vendor/github.com/aws/aws-sdk-go/service/kinesis/api.go index 7bf240e0d41..39ec9a84e11 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kinesis/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kinesis/api.go @@ -68,8 +68,9 @@ func (c *Kinesis) AddTagsToStreamRequest(input *AddTagsToStreamInput) (req *requ // Adds or updates tags for the specified Kinesis data stream. You can assign // up to 50 tags to a data stream. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // If tags have already been assigned to the stream, AddTagsToStream overwrites // any existing tags that correspond to the specified tag keys. @@ -307,8 +308,9 @@ func (c *Kinesis) DecreaseStreamRetentionPeriodRequest(input *DecreaseStreamRete // of time data records are accessible after they are added to the stream. The // minimum value of a stream's retention period is 24 hours. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // This operation may result in lost data. For example, if the stream's retention // period is 48 hours and is decreased to 24 hours, any data already in the @@ -364,6 +366,107 @@ func (c *Kinesis) DecreaseStreamRetentionPeriodWithContext(ctx aws.Context, inpu return out, req.Send() } +const opDeleteResourcePolicy = "DeleteResourcePolicy" + +// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteResourcePolicyRequest method. +// req, resp := client.DeleteResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kinesis-2013-12-02/DeleteResourcePolicy +func (c *Kinesis) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { + op := &request.Operation{ + Name: opDeleteResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteResourcePolicyInput{} + } + + output = &DeleteResourcePolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteResourcePolicy API operation for Amazon Kinesis. +// +// Delete a policy for the specified data stream or consumer. Request patterns +// can be one of the following: +// +// - Data stream pattern: arn:aws.*:kinesis:.*:\d{12}:.*stream/\S+ +// +// - Consumer pattern: ^(arn):aws.*:kinesis:.*:\d{12}:.*stream\/[a-zA-Z0-9_.-]+\/consumer\/[a-zA-Z0-9_.-]+:[0-9]+ +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Kinesis's +// API operation DeleteResourcePolicy for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// Specifies that you do not have the permissions required to perform this operation. +// +// - ResourceNotFoundException +// The requested resource could not be found. The stream might not be specified +// correctly. +// +// - LimitExceededException +// The requested resource exceeds the maximum number allowed, or the number +// of concurrent stream requests exceeds the maximum number allowed. +// +// - InvalidArgumentException +// A specified parameter exceeds its restrictions, is not supported, or can't +// be used. For more information, see the returned message. +// +// - ResourceInUseException +// The resource is not available for this operation. For successful operation, +// the resource must be in the ACTIVE state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kinesis-2013-12-02/DeleteResourcePolicy +func (c *Kinesis) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { + req, out := c.DeleteResourcePolicyRequest(input) + return out, req.Send() +} + +// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Kinesis) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { + req, out := c.DeleteResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteStream = "DeleteStream" // DeleteStreamRequest generates a "aws/request.Request" representing the @@ -413,8 +516,9 @@ func (c *Kinesis) DeleteStreamRequest(input *DeleteStreamInput) (req *request.Re // the stream. If an application attempts to operate on a deleted stream, it // receives the exception ResourceNotFoundException. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // If the stream is in the ACTIVE state, you can delete it. After a DeleteStream // request, the specified stream is in the DELETING state until Kinesis Data @@ -720,8 +824,9 @@ func (c *Kinesis) DescribeStreamRequest(input *DescribeStreamInput) (req *reques // and the ListShards API to list the shards in a specified data stream and // obtain information about each shard. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // The information returned includes the stream name, Amazon Resource Name (ARN), // creation time, enhanced metric configuration, and shard map. The shard map @@ -891,6 +996,9 @@ func (c *Kinesis) DescribeStreamConsumerRequest(input *DescribeStreamConsumerInp // // This operation has a limit of 20 transactions per second per stream. // +// When making a cross-account call with DescribeStreamConsumer, make sure to +// provide the ARN of the consumer. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -980,8 +1088,9 @@ func (c *Kinesis) DescribeStreamSummaryRequest(input *DescribeStreamSummaryInput // Provides a summarized description of the specified Kinesis data stream without // the shard list. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // The information returned includes the stream name, Amazon Resource Name (ARN), // status, record retention period, approximate creation time, monitoring, encryption @@ -1080,8 +1189,9 @@ func (c *Kinesis) DisableEnhancedMonitoringRequest(input *DisableEnhancedMonitor // // Disables enhanced monitoring. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1178,8 +1288,9 @@ func (c *Kinesis) EnableEnhancedMonitoringRequest(input *EnableEnhancedMonitorin // // Enables enhanced Kinesis data stream monitoring for shard-level metrics. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1276,8 +1387,9 @@ func (c *Kinesis) GetRecordsRequest(input *GetRecordsInput) (req *request.Reques // // Gets data records from a Kinesis data stream's shard. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// in addition to the ShardIterator parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // Specify a shard iterator using the ShardIterator parameter. The shard iterator // specifies the position in the shard from which you want to start reading @@ -1416,6 +1528,102 @@ func (c *Kinesis) GetRecordsWithContext(ctx aws.Context, input *GetRecordsInput, return out, req.Send() } +const opGetResourcePolicy = "GetResourcePolicy" + +// GetResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetResourcePolicy for more information on using the GetResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetResourcePolicyRequest method. +// req, resp := client.GetResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kinesis-2013-12-02/GetResourcePolicy +func (c *Kinesis) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput) { + op := &request.Operation{ + Name: opGetResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetResourcePolicyInput{} + } + + output = &GetResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetResourcePolicy API operation for Amazon Kinesis. +// +// Returns a policy attached to the specified data stream or consumer. Request +// patterns can be one of the following: +// +// - Data stream pattern: arn:aws.*:kinesis:.*:\d{12}:.*stream/\S+ +// +// - Consumer pattern: ^(arn):aws.*:kinesis:.*:\d{12}:.*stream\/[a-zA-Z0-9_.-]+\/consumer\/[a-zA-Z0-9_.-]+:[0-9]+ +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Kinesis's +// API operation GetResourcePolicy for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// Specifies that you do not have the permissions required to perform this operation. +// +// - ResourceNotFoundException +// The requested resource could not be found. The stream might not be specified +// correctly. +// +// - LimitExceededException +// The requested resource exceeds the maximum number allowed, or the number +// of concurrent stream requests exceeds the maximum number allowed. +// +// - InvalidArgumentException +// A specified parameter exceeds its restrictions, is not supported, or can't +// be used. For more information, see the returned message. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kinesis-2013-12-02/GetResourcePolicy +func (c *Kinesis) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error) { + req, out := c.GetResourcePolicyRequest(input) + return out, req.Send() +} + +// GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Kinesis) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error) { + req, out := c.GetResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetShardIterator = "GetShardIterator" // GetShardIteratorRequest generates a "aws/request.Request" representing the @@ -1462,8 +1670,9 @@ func (c *Kinesis) GetShardIteratorRequest(input *GetShardIteratorInput) (req *re // Gets an Amazon Kinesis shard iterator. A shard iterator expires 5 minutes // after it is returned to the requester. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // A shard iterator specifies the shard position from which to start reading // data records sequentially. The position is specified using the sequence number @@ -1600,8 +1809,9 @@ func (c *Kinesis) IncreaseStreamRetentionPeriodRequest(input *IncreaseStreamRete // of time data records are accessible after they are added to the stream. The // maximum value of a stream's retention period is 8760 hours (365 days). // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // If you choose a longer stream retention period, this operation increases // the time period during which records that have not yet expired are accessible. @@ -1707,8 +1917,9 @@ func (c *Kinesis) ListShardsRequest(input *ListShardsInput) (req *request.Reques // Lists the shards in a stream and provides information about each shard. This // operation has a limit of 1000 transactions per second per data stream. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // This action does not list expired shards. For information about expired shards, // see Data Routing, Data Persistence, and Shard State after a Reshard (https://docs.aws.amazon.com/streams/latest/dev/kinesis-using-sdk-java-after-resharding.html#kinesis-using-sdk-java-resharding-data-routing). @@ -2132,8 +2343,9 @@ func (c *Kinesis) ListTagsForStreamRequest(input *ListTagsForStreamInput) (req * // Lists the tags for the specified Kinesis data stream. This operation has // a limit of five transactions per second per account. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2236,8 +2448,9 @@ func (c *Kinesis) MergeShardsRequest(input *MergeShardsInput) (req *request.Requ // the single child shard receives data for all hash key values covered by the // two parent shards. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // MergeShards is called when there is a need to reduce the overall capacity // of a stream because of excess capacity that is not being used. You must specify @@ -2369,8 +2582,9 @@ func (c *Kinesis) PutRecordRequest(input *PutRecordInput) (req *request.Request, // one record at a time. Each shard can support writes up to 1,000 records per // second, up to a maximum data write total of 1 MiB per second. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // You must specify the name of the stream that captures, stores, and transports // the data; a partition key; and the data blob itself. @@ -2533,8 +2747,9 @@ func (c *Kinesis) PutRecordsRequest(input *PutRecordsInput) (req *request.Reques // (also referred to as a PutRecords request). Use this operation to send data // into the stream for data ingestion and processing. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // Each PutRecords request can support up to 500 records. Each record in the // request can be as large as 1 MiB, up to a limit of 5 MiB for the entire request, @@ -2674,6 +2889,118 @@ func (c *Kinesis) PutRecordsWithContext(ctx aws.Context, input *PutRecordsInput, return out, req.Send() } +const opPutResourcePolicy = "PutResourcePolicy" + +// PutResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutResourcePolicy for more information on using the PutResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutResourcePolicyRequest method. +// req, resp := client.PutResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kinesis-2013-12-02/PutResourcePolicy +func (c *Kinesis) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { + op := &request.Operation{ + Name: opPutResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutResourcePolicyInput{} + } + + output = &PutResourcePolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// PutResourcePolicy API operation for Amazon Kinesis. +// +// Attaches a resource-based policy to a data stream or registered consumer. +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the resource, the calling identity must have the PutResourcePolicy +// permissions on the specified Kinesis Data Streams resource and belong to +// the owner's account in order to use this operation. If you don't have PutResourcePolicy +// permissions, Amazon Kinesis Data Streams returns a 403 Access Denied error. +// If you receive a ResourceNotFoundException, check to see if you passed a +// valid stream or consumer resource. +// +// Request patterns can be one of the following: +// +// - Data stream pattern: arn:aws.*:kinesis:.*:\d{12}:.*stream/\S+ +// +// - Consumer pattern: ^(arn):aws.*:kinesis:.*:\d{12}:.*stream\/[a-zA-Z0-9_.-]+\/consumer\/[a-zA-Z0-9_.-]+:[0-9]+ +// +// For more information, see Controlling Access to Amazon Kinesis Data Streams +// Resources Using IAM (https://docs.aws.amazon.com/streams/latest/dev/controlling-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Kinesis's +// API operation PutResourcePolicy for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// Specifies that you do not have the permissions required to perform this operation. +// +// - ResourceNotFoundException +// The requested resource could not be found. The stream might not be specified +// correctly. +// +// - LimitExceededException +// The requested resource exceeds the maximum number allowed, or the number +// of concurrent stream requests exceeds the maximum number allowed. +// +// - InvalidArgumentException +// A specified parameter exceeds its restrictions, is not supported, or can't +// be used. For more information, see the returned message. +// +// - ResourceInUseException +// The resource is not available for this operation. For successful operation, +// the resource must be in the ACTIVE state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kinesis-2013-12-02/PutResourcePolicy +func (c *Kinesis) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { + req, out := c.PutResourcePolicyRequest(input) + return out, req.Send() +} + +// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Kinesis) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { + req, out := c.PutResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRegisterStreamConsumer = "RegisterStreamConsumer" // RegisterStreamConsumerRequest generates a "aws/request.Request" representing the @@ -2829,8 +3156,9 @@ func (c *Kinesis) RemoveTagsFromStreamRequest(input *RemoveTagsFromStreamInput) // Removes tags from the specified Kinesis data stream. Removed tags are deleted // and cannot be recovered after this operation successfully completes. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // If you specify a tag that does not exist, it is ignored. // @@ -2937,8 +3265,9 @@ func (c *Kinesis) SplitShardRequest(input *SplitShardInput) (req *request.Reques // API is only supported for the data streams with the provisioned capacity // mode. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // You can also use SplitShard when a shard appears to be approaching its maximum // utilization; for example, the producers sending data into the specific shard @@ -3083,6 +3412,10 @@ func (c *Kinesis) StartStreamEncryptionRequest(input *StartStreamEncryptionInput // Enables or updates server-side encryption using an Amazon Web Services KMS // key for a specified stream. // +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. +// // Starting encryption is an asynchronous operation. Upon receiving the request, // Kinesis Data Streams returns immediately and sets the status of the stream // to UPDATING. After the update is complete, Kinesis Data Streams sets the @@ -3100,9 +3433,6 @@ func (c *Kinesis) StartStreamEncryptionRequest(input *StartStreamEncryptionInput // encryption, you can verify that encryption is applied by inspecting the API // response from PutRecord or PutRecords. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3225,8 +3555,9 @@ func (c *Kinesis) StopStreamEncryptionRequest(input *StopStreamEncryptionInput) // // Disables server-side encryption for a specified stream. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // Stopping encryption is an asynchronous operation. Upon receiving the request, // Kinesis Data Streams returns immediately and sets the status of the stream @@ -3427,6 +3758,7 @@ func (c *Kinesis) SubscribeToShardWithContext(ctx aws.Context, input *SubscribeT } var _ awserr.Error +var _ time.Time // SubscribeToShardEventStream provides the event stream handling for the SubscribeToShard. // @@ -3677,8 +4009,9 @@ func (c *Kinesis) UpdateShardCountRequest(input *UpdateShardCountInput) (req *re // shards. This API is only supported for the data streams with the provisioned // capacity mode. // -// When invoking this API, it is recommended you use the StreamARN input parameter -// rather than the StreamName input parameter. +// When invoking this API, you must use either the StreamARN or the StreamName +// parameter, or both. It is recommended that you use the StreamARN input parameter +// when you invoke this API. // // Updating the shard count is an asynchronous operation. Upon receiving the // request, Kinesis Data Streams returns immediately and sets the status of @@ -3713,6 +4046,8 @@ func (c *Kinesis) UpdateShardCountRequest(input *UpdateShardCountInput) (req *re // // - Scale up to more than the shard limit for your account // +// - Make over 10 TPS. TPS over 10 will trigger the LimitExceededException +// // For the default limits for an Amazon Web Services account, see Streams Limits // (https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html) // in the Amazon Kinesis Data Streams Developer Guide. To request an increase @@ -4443,6 +4778,77 @@ func (s DecreaseStreamRetentionPeriodOutput) GoString() string { return s.String() } +type DeleteResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the data stream or consumer. + // + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteResourcePolicyInput"} + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) + } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceARN sets the ResourceARN field's value. +func (s *DeleteResourcePolicyInput) SetResourceARN(v string) *DeleteResourcePolicyInput { + s.ResourceARN = &v + return s +} + +type DeleteResourcePolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyOutput) GoString() string { + return s.String() +} + // Represents the input for DeleteStream. type DeleteStreamInput struct { _ struct{} `type:"structure"` @@ -5617,6 +6023,88 @@ func (s *GetRecordsOutput) SetRecords(v []*Record) *GetRecordsOutput { return s } +type GetResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the data stream or consumer. + // + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetResourcePolicyInput"} + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) + } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceARN sets the ResourceARN field's value. +func (s *GetResourcePolicyInput) SetResourceARN(v string) *GetResourcePolicyInput { + s.ResourceARN = &v + return s +} + +type GetResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // Details of the resource policy. This is formatted as a JSON string. + // + // Policy is a required field + Policy *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetResourcePolicyOutput) GoString() string { + return s.String() +} + +// SetPolicy sets the Policy field's value. +func (s *GetResourcePolicyOutput) SetPolicy(v string) *GetResourcePolicyOutput { + s.Policy = &v + return s +} + // Represents the input for GetShardIterator. type GetShardIteratorInput struct { _ struct{} `type:"structure"` @@ -8035,6 +8523,92 @@ func (s *PutRecordsResultEntry) SetShardId(v string) *PutRecordsResultEntry { return s } +type PutResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // Details of the resource policy. It must include the identity of the principal + // and the actions allowed on this resource. This is formatted as a JSON string. + // + // Policy is a required field + Policy *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) of the data stream or consumer. + // + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} + if s.Policy == nil { + invalidParams.Add(request.NewErrParamRequired("Policy")) + } + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) + } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicy sets the Policy field's value. +func (s *PutResourcePolicyInput) SetPolicy(v string) *PutResourcePolicyInput { + s.Policy = &v + return s +} + +// SetResourceARN sets the ResourceARN field's value. +func (s *PutResourcePolicyInput) SetResourceARN(v string) *PutResourcePolicyInput { + s.ResourceARN = &v + return s +} + +type PutResourcePolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyOutput) GoString() string { + return s.String() +} + // The unit of data of the Kinesis data stream, which is composed of a sequence // number, a partition key, and a data blob. type Record struct { diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/api.go b/vendor/github.com/aws/aws-sdk-go/service/route53/api.go index 046397c6116..af72699ef9e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/route53/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/route53/api.go @@ -474,8 +474,8 @@ func (c *Route53) ChangeResourceRecordSetsRequest(input *ChangeResourceRecordSet // - DELETE: Deletes an existing resource record set that has the specified // values. // -// - UPSERT: If a resource set exists Route 53 updates it with the values -// in the request. +// - UPSERT: If a resource set doesn't exist, Route 53 creates it. If a resource +// set exists Route 53 updates it with the values in the request. // // # Syntaxes for Creating, Updating, and Deleting Resource Record Sets // @@ -492,11 +492,11 @@ func (c *Route53) ChangeResourceRecordSetsRequest(input *ChangeResourceRecordSet // # Change Propagation to Route 53 DNS Servers // // When you submit a ChangeResourceRecordSets request, Route 53 propagates your -// changes to all of the Route 53 authoritative DNS servers. While your changes -// are propagating, GetChange returns a status of PENDING. When propagation -// is complete, GetChange returns a status of INSYNC. Changes generally propagate -// to all Route 53 name servers within 60 seconds. For more information, see -// GetChange (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GetChange.html). +// changes to all of the Route 53 authoritative DNS servers managing the hosted +// zone. While your changes are propagating, GetChange returns a status of PENDING. +// When propagation is complete, GetChange returns a status of INSYNC. Changes +// generally propagate to all Route 53 name servers managing the hosted zone +// within 60 seconds. For more information, see GetChange (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GetChange.html). // // # Limits on ChangeResourceRecordSets Requests // @@ -1728,6 +1728,13 @@ func (c *Route53) CreateTrafficPolicyInstanceRequest(input *CreateTrafficPolicyI // responds to DNS queries for the domain or subdomain name by using the resource // record sets that CreateTrafficPolicyInstance created. // +// After you submit an CreateTrafficPolicyInstance request, there's a brief +// delay while Amazon Route 53 creates the resource record sets that are specified +// in the traffic policy definition. Use GetTrafficPolicyInstance with the id +// of new traffic policy instance to confirm that the CreateTrafficPolicyInstance +// request completed successfully. For more information, see the State response +// element. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3500,11 +3507,11 @@ func (c *Route53) GetChangeRequest(input *GetChangeInput) (req *request.Request, // the following values: // // - PENDING indicates that the changes in this request have not propagated -// to all Amazon Route 53 DNS servers. This is the initial status of all -// change batch requests. +// to all Amazon Route 53 DNS servers managing the hosted zone. This is the +// initial status of all change batch requests. // // - INSYNC indicates that the changes have propagated to all Route 53 DNS -// servers. +// servers managing the hosted zone. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4780,10 +4787,10 @@ func (c *Route53) GetTrafficPolicyInstanceRequest(input *GetTrafficPolicyInstanc // // Gets information about a specified traffic policy instance. // -// After you submit a CreateTrafficPolicyInstance or an UpdateTrafficPolicyInstance -// request, there's a brief delay while Amazon Route 53 creates the resource -// record sets that are specified in the traffic policy definition. For more -// information, see the State response element. +// Use GetTrafficPolicyInstance with the id of new traffic policy instance to +// confirm that the CreateTrafficPolicyInstance or an UpdateTrafficPolicyInstance +// request completed successfully. For more information, see the State response +// element. // // In the Route 53 console, traffic policy instances are known as policy records. // @@ -7155,6 +7162,11 @@ func (c *Route53) TestDNSAnswerRequest(input *TestDNSAnswerInput) (req *request. // // This call only supports querying public hosted zones. // +// The TestDnsAnswer returns information similar to what you would expect from +// the answer section of the dig command. Therefore, if you query for the name +// servers of a subdomain that point to the parent name servers, those will +// not be returned. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7500,6 +7512,12 @@ func (c *Route53) UpdateTrafficPolicyInstanceRequest(input *UpdateTrafficPolicyI // UpdateTrafficPolicyInstance API operation for Amazon Route 53. // +// After you submit a UpdateTrafficPolicyInstance request, there's a brief delay +// while Route 53 creates the resource record sets that are specified in the +// traffic policy definition. Use GetTrafficPolicyInstance with the id of updated +// traffic policy instance confirm that the UpdateTrafficPolicyInstance request +// completed successfully. For more information, see the State response element. +// // Updates the resource record sets in a specified hosted zone that were created // based on the settings in a specified traffic policy version. // @@ -9448,6 +9466,10 @@ type CreateHealthCheckInput struct { // but settings identical to an existing health check, Route 53 creates the // health check. // + // Route 53 does not store the CallerReference for a deleted health check indefinitely. + // The CallerReference for a deleted health check will be deleted after a number + // of days. + // // CallerReference is a required field CallerReference *string `min:"1" type:"string" required:"true"` @@ -9574,6 +9596,11 @@ type CreateHostedZoneInput struct { // the ID that Amazon Route 53 assigned to the reusable delegation set when // you created it. For more information about reusable delegation sets, see // CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html). + // + // If you are using a reusable delegation set to create a public hosted zone + // for a subdomain, make sure that the parent hosted zone doesn't use one or + // more of the same name servers. If you have overlapping nameservers, the operation + // will cause a ConflictingDomainsExist error. DelegationSetId *string `type:"string"` // (Optional) A complex type that contains the following optional values: @@ -12035,6 +12062,8 @@ type GeoLocation struct { // // Amazon Route 53 uses the two-letter country codes that are specified in ISO // standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). + // + // Route 53 also supports the contry code UA forr Ukraine. CountryCode *string `min:"1" type:"string"` // For geolocation resource record sets, the two-letter code for a state of @@ -12567,6 +12596,8 @@ type GetGeoLocationInput struct { // Amazon Route 53 uses the two-letter country codes that are specified in ISO // standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). + // + // Route 53 also supports the contry code UA forr Ukraine. CountryCode *string `location:"querystring" locationName:"countrycode" min:"1" type:"string"` // The code for the subdivision, such as a particular state within the United @@ -15569,8 +15600,8 @@ type ListHealthChecksInput struct { // The maximum number of health checks that you want ListHealthChecks to return // in response to the current request. Amazon Route 53 returns a maximum of - // 100 items. If you set MaxItems to a value greater than 100, Route 53 returns - // only the first 100 health checks. + // 1000 items. If you set MaxItems to a value greater than 1000, Route 53 returns + // only the first 1000 health checks. MaxItems *string `location:"querystring" locationName:"maxitems" type:"string"` } @@ -16030,6 +16061,9 @@ type ListHostedZonesInput struct { // the ID of that reusable delegation set. DelegationSetId *string `location:"querystring" locationName:"delegationsetid" type:"string"` + // (Optional) Specifies if the hosted zone is private. + HostedZoneType *string `location:"querystring" locationName:"hostedzonetype" type:"string" enum:"HostedZoneType"` + // If the value of IsTruncated in the previous response was true, you have more // hosted zones. To get more hosted zones, submit another ListHostedZones request. // @@ -16073,6 +16107,12 @@ func (s *ListHostedZonesInput) SetDelegationSetId(v string) *ListHostedZonesInpu return s } +// SetHostedZoneType sets the HostedZoneType field's value. +func (s *ListHostedZonesInput) SetHostedZoneType(v string) *ListHostedZonesInput { + s.HostedZoneType = &v + return s +} + // SetMarker sets the Marker field's value. func (s *ListHostedZonesInput) SetMarker(v string) *ListHostedZonesInput { s.Marker = &v @@ -18302,11 +18342,6 @@ type ResourceRecordSet struct { // You can't use the * wildcard for resource records sets that have a type // of NS. // - // You can use the * wildcard as the leftmost label in a domain name, for example, - // *.example.com. You can't use an * for one of the middle labels, for example, - // marketing.*.example.com. In addition, the * must replace the entire label; - // for example, you can't specify prod*.example.com. - // // Name is a required field Name *string `type:"string" required:"true"` @@ -20427,6 +20462,12 @@ const ( // CloudWatchRegionApSoutheast4 is a CloudWatchRegion enum value CloudWatchRegionApSoutheast4 = "ap-southeast-4" + + // CloudWatchRegionIlCentral1 is a CloudWatchRegion enum value + CloudWatchRegionIlCentral1 = "il-central-1" + + // CloudWatchRegionCaWest1 is a CloudWatchRegion enum value + CloudWatchRegionCaWest1 = "ca-west-1" ) // CloudWatchRegion_Values returns all elements of the CloudWatchRegion enum @@ -20466,6 +20507,8 @@ func CloudWatchRegion_Values() []string { CloudWatchRegionUsIsoWest1, CloudWatchRegionUsIsobEast1, CloudWatchRegionApSoutheast4, + CloudWatchRegionIlCentral1, + CloudWatchRegionCaWest1, } } @@ -20589,6 +20632,18 @@ func HostedZoneLimitType_Values() []string { } } +const ( + // HostedZoneTypePrivateHostedZone is a HostedZoneType enum value + HostedZoneTypePrivateHostedZone = "PrivateHostedZone" +) + +// HostedZoneType_Values returns all elements of the HostedZoneType enum +func HostedZoneType_Values() []string { + return []string{ + HostedZoneTypePrivateHostedZone, + } +} + const ( // InsufficientDataHealthStatusHealthy is a InsufficientDataHealthStatus enum value InsufficientDataHealthStatusHealthy = "Healthy" @@ -20796,6 +20851,12 @@ const ( // ResourceRecordSetRegionApSoutheast4 is a ResourceRecordSetRegion enum value ResourceRecordSetRegionApSoutheast4 = "ap-southeast-4" + + // ResourceRecordSetRegionIlCentral1 is a ResourceRecordSetRegion enum value + ResourceRecordSetRegionIlCentral1 = "il-central-1" + + // ResourceRecordSetRegionCaWest1 is a ResourceRecordSetRegion enum value + ResourceRecordSetRegionCaWest1 = "ca-west-1" ) // ResourceRecordSetRegion_Values returns all elements of the ResourceRecordSetRegion enum @@ -20830,6 +20891,8 @@ func ResourceRecordSetRegion_Values() []string { ResourceRecordSetRegionEuSouth1, ResourceRecordSetRegionEuSouth2, ResourceRecordSetRegionApSoutheast4, + ResourceRecordSetRegionIlCentral1, + ResourceRecordSetRegionCaWest1, } } @@ -20988,6 +21051,12 @@ const ( // VPCRegionApSoutheast4 is a VPCRegion enum value VPCRegionApSoutheast4 = "ap-southeast-4" + + // VPCRegionIlCentral1 is a VPCRegion enum value + VPCRegionIlCentral1 = "il-central-1" + + // VPCRegionCaWest1 is a VPCRegion enum value + VPCRegionCaWest1 = "ca-west-1" ) // VPCRegion_Values returns all elements of the VPCRegion enum @@ -21026,5 +21095,7 @@ func VPCRegion_Values() []string { VPCRegionEuSouth1, VPCRegionEuSouth2, VPCRegionApSoutheast4, + VPCRegionIlCentral1, + VPCRegionCaWest1, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index a9c653a00d4..01ec8099e47 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -67,19 +67,47 @@ func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req // AbortMultipartUpload API operation for Amazon Simple Storage Service. // -// This action aborts a multipart upload. After a multipart upload is aborted, +// This operation aborts a multipart upload. After a multipart upload is aborted, // no additional parts can be uploaded using that upload ID. The storage consumed // by any previously uploaded parts will be freed. However, if any part uploads // are currently in progress, those part uploads might or might not succeed. // As a result, it might be necessary to abort a given multipart upload multiple // times in order to completely free all storage consumed by all parts. // -// To verify that all parts have been removed, so you don't get charged for +// To verify that all parts have been removed and prevent getting charged for // the part storage, you should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) -// action and ensure that the parts list is empty. +// API operation and ensure that the parts list is empty. // -// For information about permissions required to use the multipart upload, see -// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to AbortMultipartUpload: // @@ -173,54 +201,93 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) // // You first initiate the multipart upload and then upload all parts using the // UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// operation or the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. After successfully uploading all relevant parts of an upload, -// you call this action to complete the upload. Upon receiving this request, -// Amazon S3 concatenates all the parts in ascending order by part number to -// create a new object. In the Complete Multipart Upload request, you must provide -// the parts list. You must ensure that the parts list is complete. This action -// concatenates the parts that you provide in the list. For each part in the -// list, you must provide the part number and the ETag value, returned after -// that part was uploaded. -// -// Processing of a Complete Multipart Upload request could take several minutes -// to complete. After Amazon S3 begins processing the request, it sends an HTTP +// you call this CompleteMultipartUpload operation to complete the upload. Upon +// receiving this request, Amazon S3 concatenates all the parts in ascending +// order by part number to create a new object. In the CompleteMultipartUpload +// request, you must provide the parts list and ensure that the parts list is +// complete. The CompleteMultipartUpload API operation concatenates the parts +// that you provide in the list. For each part in the list, you must provide +// the PartNumber value and the ETag value that are returned after that part +// was uploaded. +// +// The processing of a CompleteMultipartUpload request could take several minutes +// to finalize. After Amazon S3 begins processing the request, it sends an HTTP // response header that specifies a 200 OK response. While processing is in // progress, Amazon S3 periodically sends white space characters to keep the -// connection from timing out. Because a request could fail after the initial -// 200 OK response has been sent, it is important that you check the response -// body to determine whether the request succeeded. +// connection from timing out. A request could fail after the initial 200 OK +// response has been sent. This means that a 200 OK response can contain either +// a success or an error. The error response might be embedded in the 200 OK +// response. If you call this API operation directly, make sure to design your +// application to parse the contents of the response and handle it appropriately. +// If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs +// detect the embedded error and apply error handling per your configuration +// settings (including automatically retrying the request as appropriate). If +// the condition persists, the SDKs throw an exception (or, for the SDKs that +// don't use exceptions, they return an error). // // Note that if CompleteMultipartUpload fails, applications should be prepared // to retry the failed requests. For more information, see Amazon S3 Error Best // Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). // -// You cannot use Content-Type: application/x-www-form-urlencoded with Complete -// Multipart Upload requests. Also, if you do not provide a Content-Type header, -// CompleteMultipartUpload returns a 200 OK response. +// You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload +// requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload +// can still return a 200 OK response. // // For more information about multipart uploads, see Uploading Objects Using -// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. // -// For information about permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions // -// CompleteMultipartUpload has the following special errors: +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. // -// - Error code: EntityTooSmall Description: Your proposed upload is smaller +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Special errors +// +// - Error Code: EntityTooSmall Description: Your proposed upload is smaller // than the minimum allowed object size. Each part must be at least 5 MB -// in size, except the last part. 400 Bad Request +// in size, except the last part. HTTP Status Code: 400 Bad Request // -// - Error code: InvalidPart Description: One or more of the specified parts +// - Error Code: InvalidPart Description: One or more of the specified parts // could not be found. The part might not have been uploaded, or the specified -// entity tag might not have matched the part's entity tag. 400 Bad Request +// ETag might not have matched the uploaded part's ETag. HTTP Status Code: +// 400 Bad Request // -// - Error code: InvalidPartOrder Description: The list of parts was not +// - Error Code: InvalidPartOrder Description: The list of parts was not // in ascending order. The parts list must be specified in order by part -// number. 400 Bad Request +// number. HTTP Status Code: 400 Bad Request // -// - Error code: NoSuchUpload Description: The specified multipart upload +// - Error Code: NoSuchUpload Description: The specified multipart upload // does not exist. The upload ID might be invalid, or the multipart upload -// might have been aborted or completed. 404 Not Found +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CompleteMultipartUpload: // @@ -313,157 +380,108 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // upload Upload Part - Copy (UploadPartCopy) API. For more information, see // Copy Object Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html). // -// All copy requests must be authenticated. Additionally, you must have read -// access to the source object and write access to the destination bucket. For -// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). -// Both the Region that you want to copy the object from and the Region that -// you want to copy the object to must be enabled for your account. +// You can copy individual objects between general purpose buckets, between +// directory buckets, and between general purpose buckets and directory buckets. // -// A copy request might return an error when Amazon S3 receives the copy request -// or while Amazon S3 is copying the files. If the error occurs before the copy -// action starts, you receive a standard Amazon S3 error. If the error occurs -// during the copy operation, the error response is embedded in the 200 OK response. -// This means that a 200 OK response can contain either a success or an error. -// Design your application to parse the contents of the response and handle -// it appropriately. -// -// If the copy is successful, you receive a response with information about -// the copied object. -// -// If the request is an HTTP 1.1 request, the response is chunk encoded. If -// it were not, it would not contain the content-length, and you would need -// to read the entire body. +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// The copy request charge is based on the storage class and Region that you -// specify for the destination object. For pricing information, see Amazon S3 -// pricing (http://aws.amazon.com/s3/pricing/). +// Both the Region that you want to copy the object from and the Region that +// you want to copy the object to must be enabled for your account. // // Amazon S3 transfer acceleration does not support cross-Region copies. If // you request a cross-Region copy using a transfer acceleration endpoint, you // get a 400 Bad Request error. For more information, see Transfer Acceleration // (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html). // -// # Metadata -// -// When copying an object, you can preserve all metadata (default) or specify -// new metadata. However, the ACL is not preserved and is set to private for -// the user making the request. To override the default ACL setting, specify -// a new ACL when generating a copy request. For more information, see Using -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// -// To specify whether you want the object metadata copied from the source object -// or replaced with metadata provided in the request, you can optionally add -// the x-amz-metadata-directive header. When you grant permissions, you can -// use the s3:x-amz-metadata-directive condition key to enforce certain metadata -// behavior when objects are uploaded. For more information, see Specifying -// Conditions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) -// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition -// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). -// -// x-amz-copy-source-if Headers -// -// To only copy an object under certain conditions, such as whether the Etag -// matches or whether the object was modified before or after a specified date, -// use the following request parameters: -// -// - x-amz-copy-source-if-match -// -// - x-amz-copy-source-if-none-match -// -// - x-amz-copy-source-if-unmodified-since -// -// - x-amz-copy-source-if-modified-since -// -// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// 200 OK and copies the data: +// # Authentication and authorization // -// - x-amz-copy-source-if-match condition evaluates to true -// -// - x-amz-copy-source-if-unmodified-since condition evaluates to false -// -// If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// the 412 Precondition Failed response code: -// -// - x-amz-copy-source-if-none-match condition evaluates to false -// -// - x-amz-copy-source-if-modified-since condition evaluates to true -// -// All headers with the x-amz- prefix, including x-amz-copy-source, must be -// signed. -// -// # Server-side encryption -// -// When you perform a CopyObject operation, you can optionally use the appropriate -// encryption-related headers to encrypt the object using server-side encryption -// with Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS) or a -// customer-provided encryption key. With server-side encryption, Amazon S3 -// encrypts your data as it writes it to disks in its data centers and decrypts -// the data when you access it. For more information about server-side encryption, -// see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). -// -// If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the -// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. -// -// # Access Control List (ACL)-Specific Request Headers -// -// When copying an object, you can optionally use headers to grant ACL-based -// permissions. By default, all objects are private. Only the owner has full -// access control. When adding a new object, you can grant permissions to individual -// Amazon Web Services accounts or to predefined groups defined by Amazon S3. -// These permissions are then added to the ACL on the object. For more information, -// see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). -// -// If the bucket that you're copying objects to uses the bucket owner enforced -// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. -// Buckets that use this setting only accept PUT requests that don't specify -// an ACL or PUT requests that specify bucket owner full control ACLs, such -// as the bucket-owner-full-control canned ACL or an equivalent form of this -// ACL expressed in the XML format. -// -// For more information, see Controlling ownership of objects and disabling -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. -// -// If your bucket uses the bucket owner enforced setting for Object Ownership, -// all objects written to the bucket by any account will be owned by the bucket -// owner. +// All CopyObject requests must be authenticated and signed by using IAM credentials +// (access key ID and secret access key for the IAM identities). All headers +// with the x-amz- prefix, including x-amz-copy-source, must be signed. For +// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). // -// # Checksums +// Directory buckets - You must use the IAM credentials to authenticate and +// authorize your access to the CopyObject API operation, instead of using the +// temporary security credentials through the CreateSession API operation. // -// When copying an object, if it has a checksum, that checksum will be copied -// to the new object by default. When you copy the object over, you may optionally -// specify a different checksum algorithm to use with the x-amz-checksum-algorithm -// header. +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. // -// # Storage Class Options +// # Permissions // -// You can use the CopyObject action to change the storage class of an object -// that is already stored in Amazon S3 using the StorageClass parameter. For -// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 User Guide. +// You must have read access to the source object and write access to the destination +// bucket. // -// # Versioning +// - General purpose bucket permissions - You must have permissions in an +// IAM policy based on the source and destination bucket types in a CopyObject +// operation. If the source object is in a general purpose bucket, you must +// have s3:GetObject permission to read the source object that is being copied. +// If the destination bucket is a general purpose bucket, you must have s3:PubObject +// permission to write the object copy to the destination bucket. +// +// - Directory bucket permissions - You must have permissions in a bucket +// policy or an IAM identity-based policy based on the source and destination +// bucket types in a CopyObject operation. If the source object that you +// want to copy is in a directory bucket, you must have the s3express:CreateSession +// permission in the Action element of a policy to read the object. By default, +// the session is in the ReadWrite mode. If you want to restrict the access, +// you can explicitly set the s3express:SessionMode condition key to ReadOnly +// on the copy source bucket. If the copy destination is a directory bucket, +// you must have the s3express:CreateSession permission in the Action element +// of a policy to write the object to the destination. The s3express:SessionMode +// condition key can't be set to ReadOnly on the copy destination bucket. +// For example policies, see Example bucket policies for S3 Express One Zone +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. // -// By default, x-amz-copy-source identifies the current version of an object -// to copy. If the current version is a delete marker, Amazon S3 behaves as -// if the object was deleted. To copy a different version, use the versionId -// subresource. +// # Response and special errors +// +// When the request is an HTTP 1.1 request, the response is chunk encoded. When +// the request is not an HTTP 1.1 request, the response would not contain the +// Content-Length. You always need to read the entire response body to check +// if the copy succeeds. to keep the connection alive while we copy the data. +// +// - If the copy is successful, you receive a response with information about +// the copied object. +// +// - A copy request might return an error when Amazon S3 receives the copy +// request or while Amazon S3 is copying the files. A 200 OK response can +// contain either a success or an error. If the error occurs before the copy +// action starts, you receive a standard Amazon S3 error. If the error occurs +// during the copy operation, the error response is embedded in the 200 OK +// response. For example, in a cross-region copy, you may encounter throttling +// and receive a 200 OK response. For more information, see Resolve the Error +// 200 response when copying objects to Amazon S3 (repost.aws/knowledge-center/s3-resolve-200-internalerror). +// The 200 OK status code means the copy was accepted, but it doesn't mean +// the copy is complete. Another example is when you disconnect from Amazon +// S3 before the copy is complete, Amazon S3 might cancel the copy and you +// may receive a 200 OK response. You must stay connected to Amazon S3 until +// the entire response is successfully received and processed. If you call +// this API operation directly, make sure to design your application to parse +// the content of the response and handle it appropriately. If you use Amazon +// Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded +// error and apply error handling per your configuration settings (including +// automatically retrying the request as appropriate). If the condition persists, +// the SDKs throw an exception (or, for the SDKs that don't use exceptions, +// they return an error). +// +// # Charge // -// If you enable versioning on the target bucket, Amazon S3 generates a unique -// version ID for the object being copied. This version ID is different from -// the version ID of the source object. Amazon S3 returns the version ID of -// the copied object in the x-amz-version-id response header in the response. +// The copy request charge is based on the storage class and Region that you +// specify for the destination object. The request can also result in a data +// retrieval charge for the source if the source storage class bills for data +// retrieval. For pricing information, see Amazon S3 pricing (http://aws.amazon.com/s3/pricing/). // -// If you do not enable versioning or suspend it on the target bucket, the version -// ID that Amazon S3 generates is always null. +// # HTTP Host header syntax // -// If the source object's storage class is GLACIER, you must restore a copy -// of this object before you can use it as a source object for the copy operation. -// For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CopyObject: // @@ -471,8 +489,6 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html). -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -550,94 +566,89 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // CreateBucket API operation for Amazon Simple Storage Service. // -// Creates a new S3 bucket. To create a bucket, you must register with Amazon -// S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. +// This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts +// bucket, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). +// +// Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and +// have a valid Amazon Web Services Access Key ID to authenticate requests. // Anonymous requests are never allowed to create buckets. By creating the bucket, // you become the bucket owner. // -// Not every string is an acceptable bucket name. For information about bucket -// naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html). -// -// If you want to create an Amazon S3 on Outposts bucket, see Create Bucket -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). -// -// By default, the bucket is created in the US East (N. Virginia) Region. You -// can optionally specify a Region in the request body. You might choose a Region -// to optimize latency, minimize costs, or address regulatory requirements. -// For example, if you reside in Europe, you will probably find it advantageous -// to create buckets in the Europe (Ireland) Region. For more information, see -// Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro). -// -// If you send your create bucket request to the s3.amazonaws.com endpoint, -// the request goes to the us-east-1 Region. Accordingly, the signature calculations -// in Signature Version 4 must use us-east-1 as the Region, even if the location -// constraint in the request specifies another Region where the bucket is to -// be created. If you create a bucket in a Region other than US East (N. Virginia), -// your application must be able to handle 307 redirect. For more information, -// see Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html). -// -// Access control lists (ACLs) -// -// When creating a bucket using this operation, you can optionally configure -// the bucket ACL to specify the accounts or groups that should be granted specific -// permissions on the bucket. -// -// If your CreateBucket request sets bucket owner enforced for S3 Object Ownership -// and specifies a bucket ACL that provides access to an external Amazon Web -// Services account, your request fails with a 400 error and returns the InvalidBucketAclWithObjectOwnership -// error code. For more information, see Controlling object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// There are two types of buckets: general purpose buckets and directory buckets. +// For more information about these bucket types, see Creating, configuring, +// and working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) // in the Amazon S3 User Guide. // -// There are two ways to grant the appropriate permissions using the request -// headers. -// -// - Specify a canned ACL using the x-amz-acl request header. Amazon S3 supports -// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a -// predefined set of grantees and permissions. For more information, see -// Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// - Specify access permissions explicitly using the x-amz-grant-read, x-amz-grant-write, -// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control -// headers. These headers map to the set of permissions Amazon S3 supports -// in an ACL. For more information, see Access control list (ACL) overview -// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html). -// You specify each grantee as a type=value pair, where the type is one of -// the following: id – if the value specified is the canonical user ID -// of an Amazon Web Services account uri – if you are granting permissions -// to a predefined group emailAddress – if the value specified is the email -// address of an Amazon Web Services account Using email addresses to specify -// a grantee is only supported in the following Amazon Web Services Regions: -// US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific -// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) -// South America (São Paulo) For a list of all the Amazon S3 supported Regions -// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) -// in the Amazon Web Services General Reference. For example, the following -// x-amz-grant-read header grants the Amazon Web Services accounts identified -// by account IDs permissions to read object data and its metadata: x-amz-grant-read: -// id="11112222333", id="444455556666" -// -// You can use either a canned ACL or specify access permissions explicitly. -// You cannot do both. +// - General purpose buckets - If you send your CreateBucket request to the +// s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. +// So the signature calculations in Signature Version 4 must use us-east-1 +// as the Region, even if the location constraint in the request specifies +// another Region where the bucket is to be created. If you create a bucket +// in a Region other than US East (N. Virginia), your application must be +// able to handle 307 redirect. For more information, see Virtual hosting +// of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html) +// in the Amazon S3 User Guide. // -// # Permissions +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, +// see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// In addition to s3:CreateBucket, the following permissions are required when -// your CreateBucket includes specific headers: +// Permissions +// +// - General purpose bucket permissions - In addition to the s3:CreateBucket +// permission, the following permissions are required in a policy when your +// CreateBucket request includes specific headers: Access control lists (ACLs) +// +// - In your CreateBucket request, if you specify an access control list +// (ACL) and set it to public-read, public-read-write, authenticated-read, +// or if you explicitly specify any other custom ACLs, both s3:CreateBucket +// and s3:PutBucketAcl permissions are required. In your CreateBucket request, +// if you set the ACL to private, or if you don't specify any ACLs, only +// the s3:CreateBucket permission is required. Object Lock - In your CreateBucket +// request, if you set x-amz-bucket-object-lock-enabled to true, the s3:PutBucketObjectLockConfiguration +// and s3:PutBucketVersioning permissions are required. S3 Object Ownership +// +// - If your CreateBucket request includes the x-amz-object-ownership header, +// then the s3:PutBucketOwnershipControls permission is required. If your +// CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object Ownership +// and specifies a bucket ACL that provides access to an external Amazon +// Web Services account, your request fails with a 400 error and returns +// the InvalidBucketAcLWithObjectOwnership error code. For more information, +// see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html) +// in the Amazon S3 User Guide. S3 Block Public Access - If your specific +// use case requires granting public access to your S3 resources, you can +// disable Block Public Access. Specifically, you can create a new bucket +// with Block Public Access enabled, then separately call the DeletePublicAccessBlock +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// API. To use this operation, you must have the s3:PutBucketPublicAccessBlock +// permission. For more information about S3 Block Public Access, see Blocking +// public access to your Amazon S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) +// in the Amazon S3 User Guide. // -// - ACLs - If your CreateBucket request specifies ACL permissions and the -// ACL is public-read, public-read-write, authenticated-read, or if you specify -// access permissions explicitly through any other ACL, both s3:CreateBucket -// and s3:PutBucketAcl permissions are needed. If the ACL the CreateBucket -// request is private or doesn't specify any ACLs, only s3:CreateBucket permission -// is needed. +// - Directory bucket permissions - You must have the s3express:CreateBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation +// can only be performed by the Amazon Web Services account that owns the +// resource. For more information about directory bucket policies and permissions, +// see Amazon Web Services Identity and Access Management (IAM) for S3 Express +// One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. The permissions for ACLs, Object Lock, S3 +// Object Ownership, and S3 Block Public Access are not supported for directory +// buckets. For directory buckets, all Block Public Access settings are enabled +// at the bucket level and S3 Object Ownership is set to Bucket owner enforced +// (ACLs disabled). These settings can't be modified. For more information +// about permissions for creating and working with directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. For more information about supported S3 features +// for directory buckets, see Features of S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-one-zone.html#s3-express-features) +// in the Amazon S3 User Guide. // -// - Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket -// request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning -// permissions are required. +// # HTTP Host header syntax // -// - S3 Object Ownership - If your CreateBucket request includes the the -// x-amz-object-ownership header, s3:PutBucketOwnershipControls permission -// is required. +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to CreateBucket: // @@ -735,143 +746,139 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // You specify this upload ID in each of your subsequent upload part requests // (see UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)). // You also include this upload ID in the final request to either complete or -// abort the multipart upload request. +// abort the multipart upload request. For more information about multipart +// uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) +// in the Amazon S3 User Guide. // -// For more information about multipart uploads, see Multipart Upload Overview -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html). +// After you initiate a multipart upload and upload one or more parts, to stop +// being charged for storing the uploaded parts, you must either complete or +// abort the multipart upload. Amazon S3 frees up the space used to store the +// parts and stops charging you for storing them only after you either complete +// or abort a multipart upload. // // If you have configured a lifecycle rule to abort incomplete multipart uploads, -// the upload must complete within the number of days specified in the bucket -// lifecycle configuration. Otherwise, the incomplete multipart upload becomes -// eligible for an abort action and Amazon S3 aborts the multipart upload. For -// more information, see Aborting Incomplete Multipart Uploads Using a Bucket -// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). +// the created multipart upload must be completed within the number of days +// specified in the bucket lifecycle configuration. Otherwise, the incomplete +// multipart upload becomes eligible for an abort action and Amazon S3 aborts +// the multipart upload. For more information, see Aborting Incomplete Multipart +// Uploads Using a Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). +// +// - Directory buckets - S3 Lifecycle is not supported by directory buckets. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// For information about the permissions required to use the multipart upload -// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// # Request signing // // For request signing, multipart upload is just a series of regular requests. // You initiate a multipart upload, send one or more requests to upload parts, // and then complete the multipart upload process. You sign each request individually. // There is nothing special about signing multipart upload requests. For more // information about signing, see Authenticating Requests (Amazon Web Services -// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). -// -// After you initiate a multipart upload and upload one or more parts, to stop -// being charged for storing the uploaded parts, you must either complete or -// abort the multipart upload. Amazon S3 frees up the space used to store the -// parts and stop charging you for storing them only after you either complete -// or abort a multipart upload. -// -// You can optionally request server-side encryption. For server-side encryption, -// Amazon S3 encrypts your data as it writes it to disks in its data centers -// and decrypts it when you access it. You can provide your own encryption key, -// or use Amazon Web Services KMS keys or Amazon S3-managed encryption keys. -// If you choose to provide your own encryption key, the request headers you -// provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) -// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) -// requests must match the headers you used in the request to initiate the upload -// by using CreateMultipartUpload. -// -// To perform a multipart upload with encryption using an Amazon Web Services -// KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* -// actions on the key. These permissions are required because Amazon S3 must -// decrypt and read data from the encrypted file parts before it completes the -// multipart upload. For more information, see Multipart upload API and permissions -// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) // in the Amazon S3 User Guide. // -// If your Identity and Access Management (IAM) user or role is in the same -// Amazon Web Services account as the KMS key, then you must have these permissions -// on the key policy. If your IAM user or role belongs to a different account -// than the key, then you must have the permissions on both the key policy and -// your IAM user or role. -// -// For more information, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). -// -// # Access Permissions -// -// When copying an object, you can optionally specify the accounts or groups -// that should be granted specific permissions on the new object. There are -// two ways to grant the permissions using the request headers: -// -// - Specify a canned ACL with the x-amz-acl request header. For more information, -// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, -// x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters -// map to the set of permissions that Amazon S3 supports in an ACL. For more -// information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// -// You can use either a canned ACL or specify access permissions explicitly. -// You cannot do both. -// -// # Server-Side- Encryption-Specific Request Headers -// -// You can optionally tell Amazon S3 to encrypt data at rest using server-side -// encryption. Server-side encryption is for data encryption at rest. Amazon -// S3 encrypts your data as it writes it to disks in its data centers and decrypts -// it when you access it. The option you use depends on whether you want to -// use Amazon Web Services managed encryption keys or provide your own encryption -// key. +// Permissions +// +// - General purpose bucket permissions - For information about the permissions +// required to use the multipart upload API, see Multipart upload and permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. To perform a multipart upload with encryption +// by using an Amazon Web Services KMS key, the requester must have permission +// to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These +// permissions are required because Amazon S3 must decrypt and read data +// from the encrypted file parts before it completes the multipart upload. +// For more information, see Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. // -// - Use encryption keys managed by Amazon S3 or customer managed key stored -// in Amazon Web Services Key Management Service (Amazon Web Services KMS) -// – If you want Amazon Web Services to manage the keys used to encrypt +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Encryption +// +// - General purpose buckets - Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its +// data centers and decrypts it when you access it. Amazon S3 automatically +// encrypts all new objects that are uploaded to an S3 bucket. When doing +// a multipart upload, if you don't specify encryption information in your +// request, the encryption setting of the uploaded parts is set to the default +// encryption configuration of the destination bucket. By default, all buckets +// have a base level of encryption configuration that uses server-side encryption +// with Amazon S3 managed keys (SSE-S3). If the destination bucket has a +// default encryption configuration that uses server-side encryption with +// an Key Management Service (KMS) key (SSE-KMS), or a customer-provided +// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a +// customer-provided key to encrypt the uploaded parts. When you perform +// a CreateMultipartUpload operation, if you want to use a different type +// of encryption setting for the uploaded parts, you can request that Amazon +// S3 encrypts the object with a different encryption key (such as an Amazon +// S3 managed key, a KMS key, or a customer-provided key). When the encryption +// setting in your request is different from the default encryption configuration +// of the destination bucket, the encryption setting in your request takes +// precedence. If you choose to provide your own encryption key, the request +// headers you provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// requests must match the headers you used in the CreateMultipartUpload +// request. Use KMS keys (SSE-KMS) that include the Amazon Web Services managed +// key (aws/s3) and KMS customer managed keys stored in Key Management Service +// (KMS) – If you want Amazon Web Services to manage the keys used to encrypt // data, specify the following headers in the request. x-amz-server-side-encryption // x-amz-server-side-encryption-aws-kms-key-id x-amz-server-side-encryption-context // If you specify x-amz-server-side-encryption:aws:kms, but don't provide // x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon -// Web Services managed key in Amazon Web Services KMS to protect the data. -// All GET and PUT requests for an object protected by Amazon Web Services -// KMS fail if you don't make them with SSL or by using SigV4. For more information -// about server-side encryption with KMS key (SSE-KMS), see Protecting Data -// Using Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). -// -// - Use customer-provided encryption keys – If you want to manage your -// own encryption keys, provide all the following headers in the request. -// x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key -// x-amz-server-side-encryption-customer-key-MD5 For more information about -// server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using -// Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). -// -// # Access-Control-List (ACL)-Specific Request Headers -// -// You also can use the following access control–related headers with this -// operation. By default, all objects are private. Only the owner has full access -// control. When adding a new object, you can grant permissions to individual -// Amazon Web Services accounts or to predefined groups defined by Amazon S3. -// These permissions are then added to the access control list (ACL) on the -// object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// With this operation, you can grant access permissions using one of the following -// two methods: -// -// - Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined -// ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees -// and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// - Specify access permissions explicitly — To explicitly grant access -// permissions to specific Amazon Web Services accounts or groups, use the -// following headers. Each header maps to specific permissions that Amazon -// S3 supports in an ACL. For more information, see Access Control List (ACL) -// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// In the header, you specify a list of grantees who get the specific permission. -// To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write -// x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You -// specify each grantee as a type=value pair, where the type is one of the -// following: id – if the value specified is the canonical user ID of an -// Amazon Web Services account uri – if you are granting permissions to -// a predefined group emailAddress – if the value specified is the email -// address of an Amazon Web Services account Using email addresses to specify -// a grantee is only supported in the following Amazon Web Services Regions: -// US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific -// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) -// South America (São Paulo) For a list of all the Amazon S3 supported Regions -// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) -// in the Amazon Web Services General Reference. For example, the following -// x-amz-grant-read header grants the Amazon Web Services accounts identified -// by account IDs permissions to read object data and its metadata: x-amz-grant-read: -// id="11112222333", id="444455556666" +// Web Services managed key (aws/s3 key) in KMS to protect the data. To perform +// a multipart upload with encryption by using an Amazon Web Services KMS +// key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* +// actions on the key. These permissions are required because Amazon S3 must +// decrypt and read data from the encrypted file parts before it completes +// the multipart upload. For more information, see Multipart upload API and +// permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. If your Identity and Access Management (IAM) +// user or role is in the same Amazon Web Services account as the KMS key, +// then you must have these permissions on the key policy. If your IAM user +// or role is in a different account from the key, then you must have the +// permissions on both the key policy and your IAM user or role. All GET +// and PUT requests for an object protected by KMS fail if you don't make +// them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), +// or Signature Version 4. For information about configuring any of the officially +// supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying +// the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) +// in the Amazon S3 User Guide. For more information about server-side encryption +// with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption +// with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. Use customer-provided encryption keys (SSE-C) +// – If you want to manage your own encryption keys, provide all the following +// headers in the request. x-amz-server-side-encryption-customer-algorithm +// x-amz-server-side-encryption-customer-key x-amz-server-side-encryption-customer-key-MD5 +// For more information about server-side encryption with customer-provided +// encryption keys (SSE-C), see Protecting data using server-side encryption +// with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. +// +// - Directory buckets -For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CreateMultipartUpload: // @@ -913,6 +920,152 @@ func (c *S3) CreateMultipartUploadWithContext(ctx aws.Context, input *CreateMult return out, req.Send() } +const opCreateSession = "CreateSession" + +// CreateSessionRequest generates a "aws/request.Request" representing the +// client's request for the CreateSession operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSession for more information on using the CreateSession +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateSessionRequest method. +// req, resp := client.CreateSessionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSession +func (c *S3) CreateSessionRequest(input *CreateSessionInput) (req *request.Request, output *CreateSessionOutput) { + op := &request.Operation{ + Name: opCreateSession, + HTTPMethod: "GET", + HTTPPath: "/{Bucket}?session", + } + + if input == nil { + input = &CreateSessionInput{} + } + + output = &CreateSessionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSession API operation for Amazon Simple Storage Service. +// +// Creates a session that establishes temporary security credentials to support +// fast authentication and authorization for the Zonal endpoint APIs on directory +// buckets. For more information about Zonal endpoint APIs that include the +// Availability Zone in the request endpoint, see S3 Express One Zone APIs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html) +// in the Amazon S3 User Guide. +// +// To make Zonal endpoint API requests on a directory bucket, use the CreateSession +// API operation. Specifically, you grant s3express:CreateSession permission +// to a bucket in a bucket policy or an IAM identity-based policy. Then, you +// use IAM credentials to make the CreateSession API request on the bucket, +// which returns temporary security credentials that include the access key +// ID, secret access key, session token, and expiration. These credentials have +// associated permissions to access the Zonal endpoint APIs. After the session +// is created, you don’t need to use other policies to grant permissions to +// each Zonal endpoint API individually. Instead, in your Zonal endpoint API +// requests, you sign your requests by applying the temporary security credentials +// of the session to the request headers and following the SigV4 protocol for +// authentication. You also apply the session token to the x-amz-s3session-token +// request header for authorization. Temporary security credentials are scoped +// to the bucket and expire after 5 minutes. After the expiration time, any +// calls that you make with those credentials will fail. You must use IAM credentials +// again to make a CreateSession API request that generates a new set of temporary +// credentials for use. Temporary credentials cannot be extended or refreshed +// beyond the original specified interval. +// +// If you use Amazon Web Services SDKs, SDKs handle the session token refreshes +// automatically to avoid service interruptions when a session expires. We recommend +// that you use the Amazon Web Services SDKs to initiate and manage requests +// to the CreateSession API. For more information, see Performance guidelines +// and design patterns (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication) +// in the Amazon S3 User Guide. +// +// - You must make requests for this API operation to the Zonal endpoint. +// These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com. +// Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// - CopyObject API operation - Unlike other Zonal endpoint APIs, the CopyObject +// API operation doesn't use the temporary security credentials returned +// from the CreateSession API operation for authentication and authorization. +// For information about authentication and authorization of the CopyObject +// API operation on directory buckets, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). +// +// - HeadBucket API operation - Unlike other Zonal endpoint APIs, the HeadBucket +// API operation doesn't use the temporary security credentials returned +// from the CreateSession API operation for authentication and authorization. +// For information about authentication and authorization of the HeadBucket +// API operation on directory buckets, see HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html). +// +// # Permissions +// +// To obtain temporary security credentials, you must create a bucket policy +// or an IAM identity-based policy that grants s3express:CreateSession permission +// to the bucket. In a policy, you can have the s3express:SessionMode condition +// key to control who can create a ReadWrite or ReadOnly session. For more information +// about ReadWrite or ReadOnly sessions, see x-amz-create-session-mode (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters). +// For example policies, see Example bucket policies for S3 Express One Zone +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// To grant cross-account access to Zonal endpoint APIs, the bucket policy should +// also grant both accounts the s3express:CreateSession permission. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation CreateSession for usage and error information. +// +// Returned Error Codes: +// - ErrCodeNoSuchBucket "NoSuchBucket" +// The specified bucket does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSession +func (c *S3) CreateSession(input *CreateSessionInput) (*CreateSessionOutput, error) { + req, out := c.CreateSessionRequest(input) + return out, req.Send() +} + +// CreateSessionWithContext is the same as CreateSession with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSession for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) CreateSessionWithContext(ctx aws.Context, input *CreateSessionInput, opts ...request.Option) (*CreateSessionOutput, error) { + req, out := c.CreateSessionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteBucket = "DeleteBucket" // DeleteBucketRequest generates a "aws/request.Request" representing the @@ -960,7 +1113,36 @@ func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request // Deletes the S3 bucket. All objects (including all object versions and delete // markers) in the bucket must be deleted before the bucket itself can be deleted. // -// Related Resources +// - Directory buckets - If multipart uploads in a directory bucket are in +// progress, you can't delete the bucket until all the in-progress multipart +// uploads are aborted or completed. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, +// see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - You must have the s3:DeleteBucket +// permission on the specified bucket in a policy. +// +// - Directory bucket permissions - You must have the s3express:DeleteBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation +// can only be performed by the Amazon Web Services account that owns the +// resource. For more information about directory bucket policies and permissions, +// see Amazon Web Services Identity and Access Management (IAM) for S3 Express +// One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// +// The following operations are related to DeleteBucket: // // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // @@ -1038,6 +1220,8 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt // DeleteBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes an analytics configuration for the bucket (specified by the analytics // configuration ID). // @@ -1130,6 +1314,8 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request // DeleteBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the cors configuration information set for the bucket. // // To use this operation, you must have permission to perform the s3:PutBucketCORS @@ -1139,7 +1325,7 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request // For information about cors, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) // in the Amazon S3 User Guide. // -// Related Resources: +// Related Resources // // - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) // @@ -1217,9 +1403,12 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) ( // DeleteBucketEncryption API operation for Amazon Simple Storage Service. // -// This implementation of the DELETE action removes default encryption from -// the bucket. For information about the Amazon S3 default encryption feature, -// see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// This operation is not supported by directory buckets. +// +// This implementation of the DELETE action resets the default encryption for +// the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). +// For information about the bucket default encryption feature, see Amazon S3 +// Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) // in the Amazon S3 User Guide. // // To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration @@ -1229,7 +1418,7 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) ( // and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to DeleteBucketEncryption: // // - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) // @@ -1307,6 +1496,8 @@ func (c *S3) DeleteBucketIntelligentTieringConfigurationRequest(input *DeleteBuc // DeleteBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -1406,6 +1597,8 @@ func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInvent // DeleteBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes an inventory configuration (identified by the inventory ID) from // the bucket. // @@ -1498,6 +1691,8 @@ func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (re // DeleteBucketLifecycle API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the lifecycle configuration from the specified bucket. Amazon S3 // removes all the lifecycle configuration rules in the lifecycle subresource // associated with the bucket. Your objects never expire, and Amazon S3 no longer @@ -1592,6 +1787,8 @@ func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsC // DeleteBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes a metrics configuration for the Amazon CloudWatch request metrics // (specified by the metrics configuration ID) from the bucket. Note that this // doesn't include the daily storage metrics. @@ -1687,6 +1884,8 @@ func (c *S3) DeleteBucketOwnershipControlsRequest(input *DeleteBucketOwnershipCo // DeleteBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes OwnershipControls for an Amazon S3 bucket. To use this operation, // you must have the s3:PutBucketOwnershipControls permission. For more information // about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). @@ -1772,23 +1971,52 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req // DeleteBucketPolicy API operation for Amazon Simple Storage Service. // -// This implementation of the DELETE action uses the policy subresource to delete -// the policy of a specified bucket. If you are using an identity other than -// the root user of the Amazon Web Services account that owns the bucket, the -// calling identity must have the DeleteBucketPolicy permissions on the specified -// bucket and belong to the bucket owner's account to use this operation. +// Deletes the policy of a specified bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the DeleteBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 // Access Denied error. If you have the correct permissions, but you're not // using an identity that belongs to the bucket owner's account, Amazon S3 returns // a 405 Method Not Allowed error. // -// As a security precaution, the root user of the Amazon Web Services account -// that owns a bucket can always use this operation, even if the policy explicitly -// denies the root user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. +// +// - General purpose bucket permissions - The s3:DeleteBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:DeleteBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax // -// For more information about bucket policies, see Using Bucket Policies and -// UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to DeleteBucketPolicy // @@ -1868,6 +2096,8 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) // DeleteBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the replication configuration from the bucket. // // To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration @@ -1960,6 +2190,8 @@ func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *r // DeleteBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the tags from the bucket. // // To use this operation, you must have permission to perform the s3:PutBucketTagging @@ -2044,6 +2276,8 @@ func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *r // DeleteBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action removes the website configuration for a bucket. Amazon S3 returns // a 200 OK response upon successfully deleting a website configuration on the // specified bucket. You will get a 200 OK response if the website configuration @@ -2136,31 +2370,79 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request // DeleteObject API operation for Amazon Simple Storage Service. // -// Removes the null version (if there is one) of an object and inserts a delete -// marker, which becomes the latest version of the object. If there isn't a -// null version, Amazon S3 does not remove any objects but will still respond -// that the command was successful. +// Removes an object from a bucket. The behavior depends on the bucket's versioning +// state: +// +// - If versioning is enabled, the operation removes the null version (if +// there is one) of an object and inserts a delete marker, which becomes +// the latest version of the object. If there isn't a null version, Amazon +// S3 does not remove any objects but will still respond that the command +// was successful. +// +// - If versioning is suspended or not enabled, the operation permanently +// deletes the object. // -// To remove a specific version, you must be the bucket owner and you must use -// the version Id subresource. Using this subresource permanently deletes the -// version. If the object deleted is a delete marker, Amazon S3 sets the response -// header, x-amz-delete-marker, to true. +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID +// is supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// To remove a specific version, you must use the versionId query parameter. +// Using this query parameter permanently deletes the version. If the object +// deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker +// to true. // // If the object you want to delete is in a bucket where the bucket versioning // configuration is MFA Delete enabled, you must include the x-amz-mfa request // header in the DELETE versionId request. Requests that include x-amz-mfa must -// use HTTPS. +// use HTTPS. For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html) +// in the Amazon S3 User Guide. To see sample requests that use versioning, +// see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). // -// For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html). -// To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). +// Directory buckets - MFA delete is not supported by directory buckets. // -// You can delete objects by explicitly calling DELETE Object or configure its -// lifecycle (PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) +// You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) // to enable Amazon S3 to remove them for you. If you want to block users or // accounts from removing or deleting objects from your bucket, you must deny // them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration // actions. // +// Directory buckets - S3 Lifecycle is not supported by directory buckets. +// +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// s3:DeleteObject - To delete an object from a bucket, you must always have +// the s3:DeleteObject permission. s3:DeleteObjectVersion - To delete a specific +// version of an object from a versiong-enabled bucket, you must have the +// s3:DeleteObjectVersion permission. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// // The following action is related to DeleteObject: // // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) @@ -2236,6 +2518,8 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // DeleteObjectTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes the entire tag set from the specified object. For more information // about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). // @@ -2246,7 +2530,7 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // in the request. You will need permission for the s3:DeleteObjectVersionTagging // action. // -// The following operations are related to DeleteBucketMetricsConfiguration: +// The following operations are related to DeleteObjectTagging: // // - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) // @@ -2327,36 +2611,82 @@ func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Reque // DeleteObjects API operation for Amazon Simple Storage Service. // -// This action enables you to delete multiple objects from a bucket using a -// single HTTP request. If you know the object keys that you want to delete, -// then this action provides a suitable alternative to sending individual delete -// requests, reducing per-request overhead. +// This operation enables you to delete multiple objects from a bucket using +// a single HTTP request. If you know the object keys that you want to delete, +// then this operation provides a suitable alternative to sending individual +// delete requests, reducing per-request overhead. // -// The request contains a list of up to 1000 keys that you want to delete. In -// the XML, you provide the object key names, and optionally, version IDs if -// you want to delete a specific version of the object from a versioning-enabled -// bucket. For each key, Amazon S3 performs a delete action and returns the -// result of that delete, success, or failure, in the response. Note that if +// The request can contain a list of up to 1000 keys that you want to delete. +// In the XML, you provide the object key names, and optionally, version IDs +// if you want to delete a specific version of the object from a versioning-enabled +// bucket. For each key, Amazon S3 performs a delete operation and returns the +// result of that delete, success or failure, in the response. Note that if // the object specified in the request is not found, Amazon S3 returns the result // as deleted. // -// The action supports two modes for the response: verbose and quiet. By default, -// the action uses verbose mode in which the response includes the result of -// deletion of each key in your request. In quiet mode the response includes -// only keys where the delete action encountered an error. For a successful -// deletion, the action does not return any information about the delete in -// the response body. +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// The operation supports two modes for the response: verbose and quiet. By +// default, the operation uses verbose mode in which the response includes the +// result of deletion of each key in your request. In quiet mode the response +// includes only keys where the delete operation encountered an error. For a +// successful deletion in a quiet mode, the operation does not return any information +// about the delete in the response body. // // When performing this action on an MFA Delete enabled bucket, that attempts // to delete any versioned objects, you must include an MFA token. If you do // not provide one, the entire request will fail, even if there are non-versioned // objects you are trying to delete. If you provide an invalid token, whether // there are versioned keys in the request or not, the entire Multi-Object Delete -// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete). +// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) +// in the Amazon S3 User Guide. +// +// Directory buckets - MFA delete is not supported by directory buckets. // -// Finally, the Content-MD5 header is required for all Multi-Object Delete requests. -// Amazon S3 uses the header value to ensure that your request body has not -// been altered in transit. +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// s3:DeleteObject - To delete an object from a bucket, you must always specify +// the s3:DeleteObject permission. s3:DeleteObjectVersion - To delete a specific +// version of an object from a versiong-enabled bucket, you must specify +// the s3:DeleteObjectVersion permission. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Content-MD5 request header +// +// - General purpose bucket - The Content-MD5 request header is required +// for all Multi-Object Delete requests. Amazon S3 uses the header value +// to ensure that your request body has not been altered in transit. +// +// - Directory bucket - The Content-MD5 request header or a additional checksum +// request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, +// x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object +// Delete requests. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to DeleteObjects: // @@ -2442,6 +2772,8 @@ func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) // DeletePublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use // this operation, you must have the s3:PutBucketPublicAccessBlock permission. // For more information about permissions, see Permissions Related to Bucket @@ -2529,6 +2861,8 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC // GetBucketAccelerateConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action uses the accelerate subresource to // return the Transfer Acceleration state of a bucket, which is either Enabled // or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that @@ -2553,7 +2887,7 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC // (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to GetBucketAccelerateConfiguration: // // - PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) // @@ -2628,11 +2962,22 @@ func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request // GetBucketAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action uses the acl subresource to return // the access control list (ACL) of a bucket. To use GET to return the ACL of -// the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission -// is granted to the anonymous user, you can return the ACL of the bucket without -// using an authorization header. +// the bucket, you must have the READ_ACP access to the bucket. If READ_ACP +// permission is granted to the anonymous user, you can return the ACL of the +// bucket without using an authorization header. +// +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. +// +// When you use this API operation with an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). // // If your bucket uses the bucket owner enforced setting for S3 Object Ownership, // requests to read ACLs are still supported and return the bucket-owner-full-control @@ -2640,7 +2985,7 @@ func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request // see Controlling object ownership and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to GetBucketAcl: // // - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) // @@ -2715,6 +3060,8 @@ func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsCon // GetBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action returns an analytics configuration // (identified by the analytics configuration ID) from the bucket. // @@ -2729,7 +3076,7 @@ func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsCon // – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to GetBucketAnalyticsConfiguration: // // - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) // @@ -2808,6 +3155,8 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // GetBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the Cross-Origin Resource Sharing (CORS) configuration information // set for the bucket. // @@ -2815,6 +3164,15 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // action. By default, the bucket owner has this permission and can grant it // to others. // +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. +// +// When you use this API operation with an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// // For more information about CORS, see Enabling Cross-Origin Resource Sharing // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html). // @@ -2895,12 +3253,14 @@ func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *r // GetBucketEncryption API operation for Amazon Simple Storage Service. // -// Returns the default encryption configuration for an Amazon S3 bucket. If -// the bucket does not have a default encryption configuration, GetBucketEncryption -// returns ServerSideEncryptionConfigurationNotFoundError. +// This operation is not supported by directory buckets. // -// For information about the Amazon S3 default encryption feature, see Amazon -// S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html). +// Returns the default encryption configuration for an Amazon S3 bucket. By +// default, all buckets have a default encryption configuration that uses server-side +// encryption with Amazon S3 managed keys (SSE-S3). For information about the +// bucket default encryption feature, see Amazon S3 Bucket Default Encryption +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// in the Amazon S3 User Guide. // // To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration // action. The bucket owner has this permission by default. The bucket owner @@ -2985,6 +3345,8 @@ func (c *S3) GetBucketIntelligentTieringConfigurationRequest(input *GetBucketInt // GetBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -3083,6 +3445,8 @@ func (c *S3) GetBucketInventoryConfigurationRequest(input *GetBucketInventoryCon // GetBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns an inventory configuration (identified by the inventory configuration // ID) from the bucket. // @@ -3184,6 +3548,8 @@ func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *req // see the updated version of this topic. This topic is provided for backward // compatibility. // +// This operation is not supported by directory buckets. +// // Returns the lifecycle configuration information set on the bucket. For information // about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). // @@ -3282,6 +3648,8 @@ func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleCon // GetBucketLifecycleConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Bucket lifecycle configuration now supports specifying a lifecycle rule using // an object key name prefix, one or more object tags, or a combination of both. // Accordingly, this section describes the latest API. The response describes @@ -3384,14 +3752,24 @@ func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *reque // GetBucketLocation API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the Region the bucket resides in. You set the bucket's Region using // the LocationConstraint request parameter in a CreateBucket request. For more // information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). // -// To use this implementation of the operation, you must be the bucket owner. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. +// +// When you use this API operation with an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). // -// To use this API against an access point, provide the alias of the access -// point in place of the bucket name. +// We recommend that you use HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html) +// to return the Region that a bucket resides in. For backward compatibility, +// Amazon S3 continues to support GetBucketLocation. // // The following operations are related to GetBucketLocation: // @@ -3470,8 +3848,10 @@ func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request // GetBucketLogging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the logging status of a bucket and the permissions users have to -// view and modify that status. To use GET, you must be the bucket owner. +// view and modify that status. // // The following operations are related to GetBucketLogging: // @@ -3550,6 +3930,8 @@ func (c *S3) GetBucketMetricsConfigurationRequest(input *GetBucketMetricsConfigu // GetBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets a metrics configuration (specified by the metrics configuration ID) // from the bucket. Note that this doesn't include the daily storage metrics. // @@ -3648,6 +4030,8 @@ func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurat // GetBucketNotification API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // No longer used, see GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3725,6 +4109,8 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat // GetBucketNotificationConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the notification configuration of a bucket. // // If notifications are not enabled on the bucket, the action returns an empty @@ -3735,6 +4121,15 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat // to other users to read this configuration with the s3:GetBucketNotification // permission. // +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. +// +// When you use this API operation with an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// // For more information about setting and reading the notification configuration // on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). // For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). @@ -3814,6 +4209,8 @@ func (c *S3) GetBucketOwnershipControlsRequest(input *GetBucketOwnershipControls // GetBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, // you must have the s3:GetBucketOwnershipControls permission. For more information // about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html). @@ -3898,22 +4295,62 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R // GetBucketPolicy API operation for Amazon Simple Storage Service. // -// Returns the policy of a specified bucket. If you are using an identity other -// than the root user of the Amazon Web Services account that owns the bucket, -// the calling identity must have the GetBucketPolicy permissions on the specified -// bucket and belong to the bucket owner's account in order to use this operation. +// Returns the policy of a specified bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the GetBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access // Denied error. If you have the correct permissions, but you're not using an // identity that belongs to the bucket owner's account, Amazon S3 returns a // 405 Method Not Allowed error. // -// As a security precaution, the root user of the Amazon Web Services account -// that owns a bucket can always use this operation, even if the policy explicitly -// denies the root user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. +// +// - General purpose bucket permissions - The s3:GetBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:GetBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. // -// For more information about bucket policies, see Using Bucket Policies and -// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// # Example bucket policies +// +// General purpose buckets example bucket policies - See Bucket policy examples +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// Directory bucket example bucket policies - See Example bucket policies for +// S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following action is related to GetBucketPolicy: // @@ -3990,6 +4427,8 @@ func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (re // GetBucketPolicyStatus API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves the policy status for an Amazon S3 bucket, indicating whether the // bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus // permission. For more information about Amazon S3 permissions, see Specifying @@ -4079,6 +4518,8 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req // GetBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the replication configuration of a bucket. // // It can take a while to propagate the put or delete a replication configuration @@ -4176,6 +4617,8 @@ func (c *S3) GetBucketRequestPaymentRequest(input *GetBucketRequestPaymentInput) // GetBucketRequestPayment API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the request payment configuration of a bucket. To use this version // of the operation, you must be the bucket owner. For more information, see // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). @@ -4255,6 +4698,8 @@ func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request // GetBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the tag set associated with the bucket. // // To use this operation, you must have permission to perform the s3:GetBucketTagging @@ -4343,6 +4788,8 @@ func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *r // GetBucketVersioning API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the versioning state of a bucket. // // To retrieve the versioning state of a bucket, you must be the bucket owner. @@ -4430,6 +4877,8 @@ func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request // GetBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the website configuration for a bucket. To host website on Amazon // S3, you can configure a bucket as website by adding a website configuration. // For more information about hosting websites, see Hosting Websites on Amazon @@ -4440,7 +4889,7 @@ func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request // bucket owners can allow other users to read the website configuration by // writing a bucket policy granting them the S3:GetBucketWebsite permission. // -// The following operations are related to DeleteBucketWebsite: +// The following operations are related to GetBucketWebsite: // // - DeleteBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html) // @@ -4517,110 +4966,106 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // GetObject API operation for Amazon Simple Storage Service. // -// Retrieves objects from Amazon S3. To use GET, you must have READ access to -// the object. If you grant READ access to the anonymous user, you can return -// the object without using an authorization header. -// -// An Amazon S3 bucket has no directory hierarchy such as you would find in -// a typical computer file system. You can, however, create a logical hierarchy -// by using object key names that imply a folder structure. For example, instead -// of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg. -// -// To get an object from such a logical hierarchy, specify the full key name -// for the object in the GET operation. For a virtual hosted-style request example, -// if you have the object photos/2006/February/sample.jpg, specify the resource -// as /photos/2006/February/sample.jpg. For a path-style request example, if -// you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, -// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For -// more information about request types, see HTTP Host Header Bucket Specification -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket). -// -// For more information about returning the ACL of an object, see GetObjectAcl -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html). -// -// If the object you are retrieving is stored in the S3 Glacier or S3 Glacier -// Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering -// Deep Archive tiers, before you can retrieve the object you must first restore -// a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). -// Otherwise, this action returns an InvalidObjectStateError error. For information -// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html). -// -// Encryption request headers, like x-amz-server-side-encryption, should not -// be sent for GET requests if your object uses server-side encryption with -// KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption -// keys (SSE-S3). If your object does use these types of keys, you’ll get -// an HTTP 400 BadRequest error. -// -// If you encrypt an object by using server-side encryption with customer-provided -// encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you GET the object, you must use the following headers: +// Retrieves an object from Amazon S3. // -// - x-amz-server-side-encryption-customer-algorithm -// -// - x-amz-server-side-encryption-customer-key -// -// - x-amz-server-side-encryption-customer-key-MD5 -// -// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). +// In the GetObject request, specify the full key name for the object. // -// Assuming you have the relevant permission to read object tags, the response -// also returns the x-amz-tagging-count header that provides the count of number -// of tags associated with the object. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) -// to retrieve the tag set associated with an object. -// -// # Permissions -// -// You need the relevant read object (or version) permission for this operation. -// For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). -// If the object you request does not exist, the error Amazon S3 returns depends -// on whether you also have the s3:ListBucket permission. -// -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 will -// return an HTTP status code 404 ("no such key") error. -// -// - If you don’t have the s3:ListBucket permission, Amazon S3 will return -// an HTTP status code 403 ("access denied") error. +// General purpose buckets - Both the virtual-hosted-style requests and the +// path-style requests are supported. For a virtual hosted-style request example, +// if you have the object photos/2006/February/sample.jpg, specify the object +// key name as /photos/2006/February/sample.jpg. For a path-style request example, +// if you have the object photos/2006/February/sample.jpg in the bucket named +// examplebucket, specify the object key name as /examplebucket/photos/2006/February/sample.jpg. +// For more information about request types, see HTTP Host Header Bucket Specification +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket) +// in the Amazon S3 User Guide. // -// # Versioning +// Directory buckets - Only virtual-hosted-style requests are supported. For +// a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg +// in the bucket named examplebucket--use1-az5--x-s3, specify the object key +// name as /photos/2006/February/sample.jpg. Also, when you make requests to +// this API operation, your requests are sent to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// By default, the GET action returns the current version of an object. To return -// a different version, use the versionId subresource. +// Permissions +// +// - General purpose bucket permissions - You must have the required permissions +// in a policy. To use GetObject, you must have the READ access to the object +// (or version). If you grant READ access to the anonymous user, the GetObject +// operation returns the object without using an authorization header. For +// more information, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If you include a versionId in your request +// header, you must have the s3:GetObjectVersion permission to access a specific +// version of an object. The s3:GetObject permission is not required in this +// scenario. If you request the current version of an object without a specific +// versionId in the request header, only the s3:GetObject permission is required. +// The s3:GetObjectVersion permission is not required in this scenario. If +// the object that you request doesn’t exist, the error that Amazon S3 +// returns depends on whether you also have the s3:ListBucket permission. +// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns +// an HTTP status code 404 Not Found error. If you don’t have the s3:ListBucket +// permission, Amazon S3 returns an HTTP status code 403 Access Denied error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Storage classes +// +// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval +// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering +// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, +// before you can retrieve the object you must first restore a copy using RestoreObject +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this operation returns an InvalidObjectState error. For information +// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. // -// - If you supply a versionId, you need the s3:GetObjectVersion permission -// to access a specific version of an object. If you request a specific version, -// you do not need to have the s3:GetObject permission. +// Directory buckets - For directory buckets, only the S3 Express One Zone storage +// class is supported to store newly created objects. Unsupported storage class +// values won't write a destination object and will respond with the HTTP status +// code 400 Bad Request. // -// - If the current version of the object is a delete marker, Amazon S3 behaves -// as if the object was deleted and includes x-amz-delete-marker: true in -// the response. +// # Encryption // -// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for the GetObject requests, if your object uses server-side encryption +// with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in +// your GetObject requests for the object that uses these types of keys, you’ll +// get an HTTP 400 Bad Request error. // -// # Overriding Response Header Values +// # Overriding response header values through the request // // There are times when you want to override certain response header values -// in a GET response. For example, you might override the Content-Disposition -// response header value in your GET request. -// -// You can override values for a set of response headers using the following -// query parameters. These response header values are sent only on a successful -// request, that is, when status code 200 OK is returned. The set of headers -// you can override using these parameters is a subset of the headers that Amazon -// S3 accepts when you create an object. The response headers that you can override -// for the GET response are Content-Type, Content-Language, Expires, Cache-Control, -// Content-Disposition, and Content-Encoding. To override these header values -// in the GET response, you use the following request parameters. -// -// You must sign the request, either using an Authorization header or a presigned -// URL, when using these parameters. They cannot be used with an unsigned (anonymous) -// request. +// of a GetObject response. For example, you might override the Content-Disposition +// response header value through your GetObject request. // -// - response-content-type +// You can override values for a set of response headers. These modified response +// header values are included only in a successful response, that is, when the +// HTTP status code 200 OK is returned. The headers you can override using the +// following query parameters in the request are a subset of the headers that +// Amazon S3 accepts when you create an object. // -// - response-content-language +// The response headers that you can override for the GetObject response are +// Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, +// and Expires. // -// - response-expires +// To override values for a set of response headers in the GetObject response, +// you can use the following query parameters in the request. // // - response-cache-control // @@ -4628,17 +5073,19 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // // - response-content-encoding // -// # Additional Considerations about Request Headers +// - response-content-language +// +// - response-content-type +// +// - response-expires // -// If both of the If-Match and If-Unmodified-Since headers are present in the -// request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since -// condition evaluates to false; then, S3 returns 200 OK and the data requested. +// When you use these parameters, you must sign the request by using either +// an Authorization header or a presigned URL. These parameters cannot be used +// with an unsigned (anonymous) request. // -// If both of the If-None-Match and If-Modified-Since headers are present in -// the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since -// condition evaluates to true; then, S3 returns 304 Not Modified response code. +// # HTTP Host header syntax // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to GetObject: // @@ -4661,6 +5108,15 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // - ErrCodeInvalidObjectState "InvalidObjectState" // Object is archived and inaccessible until restored. // +// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval +// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering +// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, +// before you can retrieve the object you must first restore a copy using RestoreObject +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this operation returns an InvalidObjectState error. For information +// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject func (c *S3) GetObject(input *GetObjectInput) (*GetObjectOutput, error) { req, out := c.GetObjectRequest(input) @@ -4726,15 +5182,15 @@ func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request // GetObjectAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the access control list (ACL) of an object. To use this operation, // you must have s3:GetObjectAcl permissions or READ_ACP access to the object. // For more information, see Mapping of ACL permissions and access policy permissions // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping) // in the Amazon S3 User Guide // -// This action is not supported by Amazon S3 on Outposts. -// -// # Versioning +// This functionality is not supported for Amazon S3 on Outposts. // // By default, GET returns ACL information about the current version of an object. // To return ACL information about a different version, use the versionId subresource. @@ -4832,17 +5288,65 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r // GetObjectAttributes API operation for Amazon Simple Storage Service. // // Retrieves all the metadata from an object without returning the object itself. -// This action is useful if you're interested only in an object's metadata. -// To use GetObjectAttributes, you must have READ access to the object. +// This operation is useful if you're interested only in an object's metadata. // -// GetObjectAttributes combines the functionality of GetObjectAcl, GetObjectLegalHold, -// GetObjectLockConfiguration, GetObjectRetention, GetObjectTagging, HeadObject, -// and ListParts. All of the data returned with each of those individual calls -// can be returned with a single call to GetObjectAttributes. +// GetObjectAttributes combines the functionality of HeadObject and ListParts. +// All of the data returned with each of those individual calls can be returned +// with a single call to GetObjectAttributes. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - To use GetObjectAttributes, you +// must have READ access to the object. The permissions that you need to +// use this operation with depend on whether the bucket is versioned. If +// the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes +// permissions for this operation. If the bucket is not versioned, you need +// the s3:GetObject and s3:GetObjectAttributes permissions. For more information, +// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If the object that you request does not exist, +// the error Amazon S3 returns depends on whether you also have the s3:ListBucket +// permission. If you have the s3:ListBucket permission on the bucket, Amazon +// S3 returns an HTTP status code 404 Not Found ("no such key") error. If +// you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP +// status code 403 Forbidden ("access denied") error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Encryption +// +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for HEAD requests if your object uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption +// header is used when you PUT an object to S3 and want to specify the encryption +// method. If you include this header in a GET request for an object that uses +// these types of keys, you’ll get an HTTP 400 Bad Request error. It's because +// the encryption method can't be changed when you retrieve the object. // // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you retrieve the metadata from the object, you must use the following headers: +// you retrieve the metadata from the object, you must use the following headers +// to provide the encryption key for the server to be able to retrieve the object's +// metadata. The headers are: // // - x-amz-server-side-encryption-customer-algorithm // @@ -4854,47 +5358,35 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // -// - Encryption request headers, such as x-amz-server-side-encryption, should -// not be sent for GET requests if your object uses server-side encryption -// with Amazon Web Services KMS keys stored in Amazon Web Services Key Management -// Service (SSE-KMS) or server-side encryption with Amazon S3 managed encryption -// keys (SSE-S3). If your object does use these types of keys, you'll get -// an HTTP 400 Bad Request error. +// Directory bucket permissions - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// - The last modified property in this case is the creation date of the -// object. +// # Versioning +// +// Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID is +// supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// # Conditional request headers // // Consider the following when using request headers: // // - If both of the If-Match and If-Unmodified-Since headers are present // in the request as follows, then Amazon S3 returns the HTTP status code // 200 OK and the data requested: If-Match condition evaluates to true. If-Unmodified-Since -// condition evaluates to false. +// condition evaluates to false. For more information about conditional requests, +// see RFC 7232 (https://tools.ietf.org/html/rfc7232). // // - If both of the If-None-Match and If-Modified-Since headers are present // in the request as follows, then Amazon S3 returns the HTTP status code // 304 Not Modified: If-None-Match condition evaluates to false. If-Modified-Since -// condition evaluates to true. -// -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). -// -// # Permissions -// -// The permissions that you need to use this operation depend on whether the -// bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion -// and s3:GetObjectVersionAttributes permissions for this operation. If the -// bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes -// permissions. For more information, see Specifying Permissions in a Policy -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) -// in the Amazon S3 User Guide. If the object that you request does not exist, -// the error Amazon S3 returns depends on whether you also have the s3:ListBucket -// permission. +// condition evaluates to true. For more information about conditional requests, +// see RFC 7232 (https://tools.ietf.org/html/rfc7232). // -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 Not Found ("no such key") error. +// # HTTP Host header syntax // -// - If you don't have the s3:ListBucket permission, Amazon S3 returns an -// HTTP status code 403 Forbidden ("access denied") error. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following actions are related to GetObjectAttributes: // @@ -4990,10 +5482,12 @@ func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *req // GetObjectLegalHold API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets an object's current legal hold status. For more information, see Locking // Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectLegalHold: // @@ -5070,6 +5564,8 @@ func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfiguration // GetObjectLockConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets the Object Lock configuration for a bucket. The rule specified in the // Object Lock configuration will be applied by default to every new object // placed in the specified bucket. For more information, see Locking Objects @@ -5150,10 +5646,12 @@ func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *req // GetObjectRetention API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves an object's retention settings. For more information, see Locking // Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectRetention: // @@ -5230,6 +5728,8 @@ func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request // GetObjectTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the tag-set of an object. You send the GET request against the tagging // subresource associated with the object. // @@ -5325,9 +5825,10 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // GetObjectTorrent API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns torrent files from a bucket. BitTorrent can save you bandwidth when -// you're distributing large files. For more information about BitTorrent, see -// Using BitTorrent with Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html). +// you're distributing large files. // // You can get torrent only for objects that are less than 5 GB in size, and // that are not encrypted using server-side encryption with a customer-provided @@ -5335,7 +5836,7 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // // To use GET, you must have READ access to the object. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectTorrent: // @@ -5412,6 +5913,8 @@ func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req // GetPublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To // use this operation, you must have the s3:GetBucketPublicAccessBlock permission. // For more information about Amazon S3 permissions, see Specifying Permissions @@ -5503,33 +6006,63 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou output = &HeadBucketOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // HeadBucket API operation for Amazon Simple Storage Service. // -// This action is useful to determine if a bucket exists and you have permission -// to access it. The action returns a 200 OK if the bucket exists and you have -// permission to access it. +// You can use this operation to determine if a bucket exists and if you have +// permission to access it. The action returns a 200 OK if the bucket exists +// and you have permission to access it. // // If the bucket does not exist or you do not have permission to access it, -// the HEAD request returns a generic 404 Not Found or 403 Forbidden code. A -// message body is not included, so you cannot determine the exception beyond -// these error codes. +// the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 +// Not Found code. A message body is not included, so you cannot determine the +// exception beyond these error codes. // -// To use this operation, you must have permissions to perform the s3:ListBucket -// action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). +// Directory buckets - You must make requests for this API operation to the +// Zonal endpoint. These endpoints support virtual-hosted-style requests in +// the format https://bucket_name.s3express-az_id.region.amazonaws.com. Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Authentication and authorization +// +// All HeadBucket requests must be authenticated and signed by using IAM credentials +// (access key ID and secret access key for the IAM identities). All headers +// with the x-amz- prefix, including x-amz-copy-source, must be signed. For +// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). +// +// Directory bucket - You must use IAM credentials to authenticate and authorize +// your access to the HeadBucket API operation, instead of using the temporary +// security credentials through the CreateSession API operation. // -// To use this API against an access point, you must provide the alias of the -// access point in place of the bucket name or specify the access point ARN. -// When using the access point ARN, you must direct requests to the access point -// hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. -// When using the Amazon Web Services SDKs, you provide the ARN in place of -// the bucket name. For more information see, Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html). +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. +// +// Permissions +// +// - General purpose bucket permissions - To use this operation, you must +// have permissions to perform the s3:ListBucket action. The bucket owner +// has this permission by default and can grant this permission to others. +// For more information about permissions, see Managing access permissions +// to your Amazon S3 resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - You must have the s3express:CreateSession +// permission in the Action element of a policy. By default, the session +// is in the ReadWrite mode. If you want to restrict the access, you can +// explicitly set the s3express:SessionMode condition key to ReadOnly on +// the bucket. For more information about example bucket policies, see Example +// bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5607,19 +6140,70 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // HeadObject API operation for Amazon Simple Storage Service. // -// The HEAD action retrieves metadata from an object without returning the object -// itself. This action is useful if you're only interested in an object's metadata. -// To use HEAD, you must have READ access to the object. +// The HEAD operation retrieves metadata from an object without returning the +// object itself. This operation is useful if you're interested only in an object's +// metadata. // -// A HEAD request has the same options as a GET action on an object. The response -// is identical to the GET response except that there is no response body. Because -// of this, if the HEAD request generates an error, it returns a generic 404 -// Not Found or 403 Forbidden code. It is not possible to retrieve the exact -// exception beyond these error codes. +// A HEAD request has the same options as a GET operation on an object. The +// response is identical to the GET response except that there is no response +// body. Because of this, if the HEAD request generates an error, it returns +// a generic code, such as 400 Bad Request, 403 Forbidden, 404 Not Found, 405 +// Method Not Allowed, 412 Precondition Failed, or 304 Not Modified. It's not +// possible to retrieve the exact exception of these error codes. +// +// Request headers are limited to 8 KB in size. For more information, see Common +// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - To use HEAD, you must have the +// s3:GetObject permission. You need the relevant read object (or version) +// permission for this operation. For more information, see Actions, resources, +// and condition keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) +// in the Amazon S3 User Guide. If the object you request doesn't exist, +// the error that Amazon S3 returns depends on whether you also have the +// s3:ListBucket permission. If you have the s3:ListBucket permission on +// the bucket, Amazon S3 returns an HTTP status code 404 Not Found error. +// If you don’t have the s3:ListBucket permission, Amazon S3 returns an +// HTTP status code 403 Forbidden error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Encryption +// +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for HEAD requests if your object uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption +// header is used when you PUT an object to S3 and want to specify the encryption +// method. If you include this header in a HEAD request for an object that uses +// these types of keys, you’ll get an HTTP 400 Bad Request error. It's because +// the encryption method can't be changed when you retrieve the object. // // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you retrieve the metadata from the object, you must use the following headers: +// you retrieve the metadata from the object, you must use the following headers +// to provide the encryption key for the server to be able to retrieve the object's +// metadata. The headers are: // // - x-amz-server-side-encryption-customer-algorithm // @@ -5628,46 +6212,32 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // - x-amz-server-side-encryption-customer-key-MD5 // // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). -// -// - Encryption request headers, like x-amz-server-side-encryption, should -// not be sent for GET requests if your object uses server-side encryption -// with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed -// encryption keys (SSE-S3). If your object does use these types of keys, -// you’ll get an HTTP 400 BadRequest error. -// -// - The last modified property in this case is the creation date of the -// object. -// -// Request headers are limited to 8 KB in size. For more information, see Common -// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). +// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. // -// Consider the following when using request headers: +// Directory bucket permissions - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// - Consideration 1 – If both of the If-Match and If-Unmodified-Since -// headers are present in the request as follows: If-Match condition evaluates -// to true, and; If-Unmodified-Since condition evaluates to false; Then Amazon -// S3 returns 200 OK and the data requested. +// Versioning // -// - Consideration 2 – If both of the If-None-Match and If-Modified-Since -// headers are present in the request as follows: If-None-Match condition -// evaluates to false, and; If-Modified-Since condition evaluates to true; -// Then Amazon S3 returns the 304 Not Modified response code. +// - If the current version of the object is a delete marker, Amazon S3 behaves +// as if the object was deleted and includes x-amz-delete-marker: true in +// the response. // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// - If the specified version is a delete marker, the response returns a +// 405 Method Not Allowed error and the Last-Modified: timestamp response +// header. // -// # Permissions +// - Directory buckets - Delete marker is not supported by directory buckets. // -// You need the relevant read object (or version) permission for this operation. -// For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). -// If the object you request does not exist, the error Amazon S3 returns depends -// on whether you also have the s3:ListBucket permission. +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID +// is supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. // -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 ("no such key") error. +// # HTTP Host header syntax // -// - If you don’t have the s3:ListBucket permission, Amazon S3 returns -// an HTTP status code 403 ("access denied") error. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following actions are related to HeadObject: // @@ -5749,6 +6319,8 @@ func (c *S3) ListBucketAnalyticsConfigurationsRequest(input *ListBucketAnalytics // ListBucketAnalyticsConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the analytics configurations for the bucket. You can have up to 1,000 // analytics configurations per bucket. // @@ -5848,6 +6420,8 @@ func (c *S3) ListBucketIntelligentTieringConfigurationsRequest(input *ListBucket // ListBucketIntelligentTieringConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -5946,6 +6520,8 @@ func (c *S3) ListBucketInventoryConfigurationsRequest(input *ListBucketInventory // ListBucketInventoryConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns a list of inventory configurations for the bucket. You can have up // to 1,000 analytics configurations per bucket. // @@ -6045,6 +6621,8 @@ func (c *S3) ListBucketMetricsConfigurationsRequest(input *ListBucketMetricsConf // ListBucketMetricsConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the metrics configurations for the bucket. The metrics configurations // are only for the request metrics of the bucket and do not provide information // on daily storage metrics. You can have up to 1,000 configurations per bucket. @@ -6145,9 +6723,14 @@ func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request, // ListBuckets API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns a list of all buckets owned by the authenticated sender of the request. // To use this operation, you must have the s3:ListAllMyBuckets permission. // +// For information about Amazon S3 buckets, see Creating, configuring, and working +// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6176,6 +6759,160 @@ func (c *S3) ListBucketsWithContext(ctx aws.Context, input *ListBucketsInput, op return out, req.Send() } +const opListDirectoryBuckets = "ListDirectoryBuckets" + +// ListDirectoryBucketsRequest generates a "aws/request.Request" representing the +// client's request for the ListDirectoryBuckets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListDirectoryBuckets for more information on using the ListDirectoryBuckets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListDirectoryBucketsRequest method. +// req, resp := client.ListDirectoryBucketsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListDirectoryBuckets +func (c *S3) ListDirectoryBucketsRequest(input *ListDirectoryBucketsInput) (req *request.Request, output *ListDirectoryBucketsOutput) { + op := &request.Operation{ + Name: opListDirectoryBuckets, + HTTPMethod: "GET", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"ContinuationToken"}, + OutputTokens: []string{"ContinuationToken"}, + LimitToken: "MaxDirectoryBuckets", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListDirectoryBucketsInput{} + } + + output = &ListDirectoryBucketsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListDirectoryBuckets API operation for Amazon Simple Storage Service. +// +// Returns a list of all Amazon S3 directory buckets owned by the authenticated +// sender of the request. For more information about directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// You must have the s3express:ListAllMyDirectoryBuckets permission in an IAM +// identity-based policy instead of a bucket policy. Cross-account access to +// this API operation isn't supported. This operation can only be performed +// by the Amazon Web Services account that owns the resource. For more information +// about directory bucket policies and permissions, see Amazon Web Services +// Identity and Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation ListDirectoryBuckets for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListDirectoryBuckets +func (c *S3) ListDirectoryBuckets(input *ListDirectoryBucketsInput) (*ListDirectoryBucketsOutput, error) { + req, out := c.ListDirectoryBucketsRequest(input) + return out, req.Send() +} + +// ListDirectoryBucketsWithContext is the same as ListDirectoryBuckets with the addition of +// the ability to pass a context and additional request options. +// +// See ListDirectoryBuckets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) ListDirectoryBucketsWithContext(ctx aws.Context, input *ListDirectoryBucketsInput, opts ...request.Option) (*ListDirectoryBucketsOutput, error) { + req, out := c.ListDirectoryBucketsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListDirectoryBucketsPages iterates over the pages of a ListDirectoryBuckets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListDirectoryBuckets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListDirectoryBuckets operation. +// pageNum := 0 +// err := client.ListDirectoryBucketsPages(params, +// func(page *s3.ListDirectoryBucketsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *S3) ListDirectoryBucketsPages(input *ListDirectoryBucketsInput, fn func(*ListDirectoryBucketsOutput, bool) bool) error { + return c.ListDirectoryBucketsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListDirectoryBucketsPagesWithContext same as ListDirectoryBucketsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) ListDirectoryBucketsPagesWithContext(ctx aws.Context, input *ListDirectoryBucketsInput, fn func(*ListDirectoryBucketsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListDirectoryBucketsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListDirectoryBucketsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListDirectoryBucketsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListMultipartUploads = "ListMultipartUploads" // ListMultipartUploadsRequest generates a "aws/request.Request" representing the @@ -6225,28 +6962,79 @@ func (c *S3) ListMultipartUploadsRequest(input *ListMultipartUploadsInput) (req // ListMultipartUploads API operation for Amazon Simple Storage Service. // -// This action lists in-progress multipart uploads. An in-progress multipart -// upload is a multipart upload that has been initiated using the Initiate Multipart -// Upload request, but has not yet been completed or aborted. +// This operation lists in-progress multipart uploads in a bucket. An in-progress +// multipart upload is a multipart upload that has been initiated by the CreateMultipartUpload +// request, but has not yet been completed or aborted. +// +// Directory buckets - If multipart uploads in a directory bucket are in progress, +// you can't delete the bucket until all the in-progress multipart uploads are +// aborted or completed. +// +// The ListMultipartUploads operation returns a maximum of 1,000 multipart uploads +// in the response. The limit of 1,000 multipart uploads is also the default +// value. You can further limit the number of uploads in a response by specifying +// the max-uploads request parameter. If there are more than 1,000 multipart +// uploads that satisfy your ListMultipartUploads request, the response returns +// an IsTruncated element with the value of true, a NextKeyMarker element, and +// a NextUploadIdMarker element. To list the remaining multipart uploads, you +// need to make subsequent ListMultipartUploads requests. In these requests, +// include two query parameters: key-marker and upload-id-marker. Set the value +// of key-marker to the NextKeyMarker value from the previous response. Similarly, +// set the value of upload-id-marker to the NextUploadIdMarker value from the +// previous response. +// +// Directory buckets - The upload-id-marker element and the NextUploadIdMarker +// element aren't supported by directory buckets. To list the additional multipart +// uploads, you only need to set the value of key-marker to the NextKeyMarker +// value from the previous response. +// +// For more information about multipart uploads, see Uploading Objects Using +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. // -// This action returns at most 1,000 multipart uploads in the response. 1,000 -// multipart uploads is the maximum number of uploads a response can include, -// which is also the default value. You can further limit the number of uploads -// in a response by specifying the max-uploads parameter in the response. If -// additional multipart uploads satisfy the list criteria, the response will -// contain an IsTruncated element with the value true. To list the additional -// multipart uploads, use the key-marker and upload-id-marker request parameters. +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// In the response, the uploads are sorted by key. If your application has initiated -// more than one multipart upload using the same object key, then uploads in -// the response are first sorted by key. Additionally, uploads are sorted in -// ascending order within each key by the upload initiation time. +// Permissions // -// For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Sorting of multipart uploads in response +// +// - General purpose bucket - In the ListMultipartUploads response, the multipart +// uploads are sorted based on two criteria: Key-based sorting - Multipart +// uploads are initially sorted in ascending order based on their object +// keys. Time-based sorting - For uploads that share the same object key, +// they are further sorted in ascending order based on the upload initiation +// time. Among uploads with the same key, the one that was initiated first +// will appear before the ones that were initiated later. // -// For information on permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// - Directory bucket - In the ListMultipartUploads response, the multipart +// uploads aren't sorted lexicographically based on the object keys. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to ListMultipartUploads: // @@ -6388,11 +7176,13 @@ func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *req // ListObjectVersions API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns metadata about all versions of the objects in a bucket. You can also // use request parameters as selection criteria to return metadata about a subset // of all the object versions. // -// To use this operation, you must have permissions to perform the s3:ListBucketVersions +// To use this operation, you must have permission to perform the s3:ListBucketVersions // action. Be aware of the name difference. // // A 200 OK response can contain valid or invalid XML. Make sure to design your @@ -6400,8 +7190,6 @@ func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *req // // To use this operation, you must have READ access to the bucket. // -// This action is not supported by Amazon S3 on Outposts. -// // The following operations are related to ListObjectVersions: // // - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) @@ -6540,6 +7328,8 @@ func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, // ListObjects API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns some or all (up to 1,000) of the objects in a bucket. You can use // the request parameters as selection criteria to return a subset of the objects // in a bucket. A 200 OK response can contain valid or invalid XML. Be sure @@ -6700,25 +7490,57 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque // You can use the request parameters as selection criteria to return a subset // of the objects in a bucket. A 200 OK response can contain valid or invalid // XML. Make sure to design your application to parse the contents of the response -// and handle it appropriately. Objects are returned sorted in an ascending -// order of the respective key names in the list. For more information about -// listing objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) +// and handle it appropriately. For more information about listing objects, +// see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) +// in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// To use this operation, you must have READ access to the bucket. +// Permissions // -// To use this action in an Identity and Access Management (IAM) policy, you -// must have permissions to perform the s3:ListBucket action. The bucket owner -// has this permission by default and can grant this permission to others. For -// more information about permissions, see Permissions Related to Bucket Subresource -// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). +// - General purpose bucket permissions - To use this operation, you must +// have READ access to the bucket. You must have permission to perform the +// s3:ListBucket action. The bucket owner has this permission by default +// and can grant this permission to others. For more information about permissions, +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. // -// This section describes the latest revision of this action. We recommend that -// you use this revised API for application development. For backward compatibility, -// Amazon S3 continues to support the prior version of this API, ListObjects -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Sorting order of returned objects +// +// - General purpose bucket - For general purpose buckets, ListObjectsV2 +// returns objects in lexicographical order based on their key names. // -// To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). +// - Directory bucket - For directory buckets, ListObjectsV2 does not return +// objects in lexicographical order. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// This section describes the latest revision of this action. We recommend that +// you use this revised API operation for application development. For backward +// compatibility, Amazon S3 continues to support the prior version of this API +// operation, ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). // // The following operations are related to ListObjectsV2: // @@ -6862,24 +7684,58 @@ func (c *S3) ListPartsRequest(input *ListPartsInput) (req *request.Request, outp // ListParts API operation for Amazon Simple Storage Service. // // Lists the parts that have been uploaded for a specific multipart upload. -// This operation must include the upload ID, which you obtain by sending the -// initiate multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)). -// This request returns a maximum of 1,000 uploaded parts. The default number -// of parts returned is 1,000 parts. You can restrict the number of parts returned -// by specifying the max-parts request parameter. If your multipart upload consists -// of more than 1,000 parts, the response returns an IsTruncated field with -// the value of true, and a NextPartNumberMarker element. In subsequent ListParts -// requests you can include the part-number-marker query string parameter and -// set its value to the NextPartNumberMarker field value from the previous response. -// -// If the upload was created using a checksum algorithm, you will need to have -// permission to the kms:Decrypt action for the request to succeed. +// +// To use this operation, you must provide the upload ID in the request. You +// obtain this uploadID by sending the initiate multipart upload request through +// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// +// The ListParts request returns a maximum of 1,000 uploaded parts. The limit +// of 1,000 parts is also the default value. You can restrict the number of +// parts in a response by specifying the max-parts request parameter. If your +// multipart upload consists of more than 1,000 parts, the response returns +// an IsTruncated field with the value of true, and a NextPartNumberMarker element. +// To list remaining uploaded parts, in subsequent ListParts requests, include +// the part-number-marker query string parameter and set its value to the NextPartNumberMarker +// field value from the previous response. // // For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// For information on permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. If the upload was created using server-side +// encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer +// server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you +// must have permission to the kms:Decrypt action for the ListParts request +// to succeed. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to ListParts: // @@ -7018,6 +7874,8 @@ func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateC // PutBucketAccelerateConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer // Acceleration is a bucket-level feature that enables you to perform faster // data transfers to Amazon S3. @@ -7130,9 +7988,11 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // PutBucketAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the permissions on an existing bucket using access control lists (ACL). // For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// To set the ACL of a bucket, you must have WRITE_ACP permission. +// To set the ACL of a bucket, you must have the WRITE_ACP permission. // // You can use one of the following two ways to set a bucket's permissions: // @@ -7156,9 +8016,9 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // in the Amazon S3 User Guide. // -// # Access Permissions +// # Permissions // -// You can set access permissions using one of the following methods: +// You can set access permissions by using one of the following methods: // // - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports // a set of predefined ACLs, known as canned ACLs. Each canned ACL has a @@ -7208,7 +8068,7 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // xsi:type="Group"><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> // // - By Email address: <>Grantees@email.com<>lt;/Grantee> +// xsi:type="AmazonCustomerByEmail"><>Grantees@email.com<>& // The grantee is resolved to the CanonicalUser and, in a response to a GET // Object acl request, appears as the CanonicalUser. Using email addresses // to specify a grantee is only supported in the following Amazon Web Services @@ -7218,7 +8078,7 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) // in the Amazon Web Services General Reference. // -// Related Resources +// The following operations are related to PutBucketAcl: // // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // @@ -7298,6 +8158,8 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // PutBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets an analytics configuration for the bucket (specified by the analytics // configuration ID). You can have up to 1,000 analytics configurations per // bucket. @@ -7323,7 +8185,7 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// Special Errors +// PutBucketAnalyticsConfiguration has the following special errors: // // - HTTP Error: HTTP 400 Bad Request Code: InvalidArgument Cause: Invalid // argument. @@ -7336,7 +8198,7 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration // bucket permission to set the configuration on the bucket. // -// Related Resources +// The following operations are related to PutBucketAnalyticsConfiguration: // // - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) // @@ -7420,6 +8282,8 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque // PutBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the cors configuration for your bucket. If the configuration exists, // Amazon S3 replaces it. // @@ -7456,7 +8320,7 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon // S3 User Guide. // -// Related Resources +// The following operations are related to PutBucketCors: // // - GetBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html) // @@ -7540,31 +8404,33 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r // PutBucketEncryption API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action uses the encryption subresource to configure default encryption -// and Amazon S3 Bucket Key for an existing bucket. -// -// Default encryption for a bucket can use server-side encryption with Amazon -// S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). If you specify -// default encryption using SSE-KMS, you can also configure Amazon S3 Bucket -// Key. When the default encryption is SSE-KMS, if you upload an object to the -// bucket and do not specify the KMS key to use for encryption, Amazon S3 uses -// the default Amazon Web Services managed KMS key for your account. For information -// about default encryption, see Amazon S3 default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) -// in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see -// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. +// and Amazon S3 Bucket Keys for an existing bucket. +// +// By default, all buckets have a default encryption configuration that uses +// server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally +// configure default encryption for a bucket by using server-side encryption +// with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side +// encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default +// encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html). If you +// use PutBucketEncryption to set your default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 +// does not validate the KMS key ID provided in PutBucketEncryption requests. // // This action requires Amazon Web Services Signature Version 4. For more information, // see Authenticating Requests (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). // -// To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration +// To use this operation, you must have permission to perform the s3:PutEncryptionConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, // see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to PutBucketEncryption: // // - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) // @@ -7642,6 +8508,8 @@ func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketInt // PutBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Puts a S3 Intelligent-Tiering configuration to the specified bucket. You // can have up to 1,000 S3 Intelligent-Tiering configurations per bucket. // @@ -7674,17 +8542,26 @@ func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketInt // move objects stored in the S3 Intelligent-Tiering storage class to the Archive // Access or Deep Archive Access tier. // -// Special Errors +// PutBucketIntelligentTieringConfiguration has the following special errors: // -// - HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument +// # HTTP 400 Bad Request Error // -// - HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are -// attempting to create a new configuration but have already reached the -// 1,000-configuration limit. +// Code: InvalidArgument // -// - HTTP 403 Forbidden Error Code: AccessDenied Cause: You are not the owner -// of the specified bucket, or you do not have the s3:PutIntelligentTieringConfiguration -// bucket permission to set the configuration on the bucket. +// Cause: Invalid Argument +// +// # HTTP 400 Bad Request Error +// +// Code: TooManyConfigurations +// +// Cause: You are attempting to create a new configuration but have already +// reached the 1,000-configuration limit. +// +// # HTTP 403 Forbidden Error +// +// Cause: You are not the owner of the specified bucket, or you do not have +// the s3:PutIntelligentTieringConfiguration bucket permission to set the configuration +// on the bucket. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7758,6 +8635,8 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon // PutBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the PUT action adds an inventory configuration (identified // by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations // per bucket. @@ -7780,26 +8659,50 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon // an example policy, see Granting Permissions for Amazon S3 Inventory and Storage // Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9). // -// To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration +// # Permissions +// +// To use this operation, you must have permission to perform the s3:PutInventoryConfiguration // action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// permission to others. +// +// The s3:PutInventoryConfiguration permission allows a user to create an S3 +// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html) +// report that includes all object metadata fields available and to specify +// the destination bucket to store the inventory. A user with read access to +// objects in the destination bucket can also access all object metadata fields +// that are available in the inventory report. +// +// To restrict access to an inventory report, see Restricting access to an Amazon +// S3 Inventory report (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10) +// in the Amazon S3 User Guide. For more information about the metadata fields +// available in S3 Inventory, see Amazon S3 Inventory lists (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents) +// in the Amazon S3 User Guide. For more information about permissions, see +// Permissions related to bucket subresource operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Identity and access management in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // in the Amazon S3 User Guide. // -// Special Errors +// PutBucketInventoryConfiguration has the following special errors: // -// - HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument +// # HTTP 400 Bad Request Error // -// - HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are -// attempting to create a new configuration but have already reached the -// 1,000-configuration limit. +// Code: InvalidArgument // -// - HTTP 403 Forbidden Error Code: AccessDenied Cause: You are not the owner -// of the specified bucket, or you do not have the s3:PutInventoryConfiguration -// bucket permission to set the configuration on the bucket. +// Cause: Invalid Argument // -// Related Resources +// # HTTP 400 Bad Request Error +// +// Code: TooManyConfigurations +// +// Cause: You are attempting to create a new configuration but have already +// reached the 1,000-configuration limit. +// +// # HTTP 403 Forbidden Error +// +// Cause: You are not the owner of the specified bucket, or you do not have +// the s3:PutInventoryConfiguration bucket permission to set the configuration +// on the bucket. +// +// The following operations are related to PutBucketInventoryConfiguration: // // - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) // @@ -7888,6 +8791,8 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req // PutBucketLifecycle API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // For an updated version of this API, see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html). // This version has been deprecated. Existing lifecycle configurations will // work. For new lifecycle configurations, use the updated API. @@ -7922,7 +8827,7 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req // For more examples of transitioning objects to storage classes such as STANDARD_IA // or ONEZONE_IA, see Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples). // -// Related Resources +// The following operations are related to PutBucketLifecycle: // // - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)(Deprecated) // @@ -8017,6 +8922,8 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // PutBucketLifecycleConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates a new lifecycle configuration for the bucket or replaces an existing // lifecycle configuration. Keep in mind that this will overwrite an existing // lifecycle configuration, so if you want to retain any configuration details, @@ -8037,11 +8944,11 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // S3 Lifecycle configuration can have up to 1,000 rules. This limit is not // adjustable. Each rule consists of the following: // -// - Filter identifying a subset of objects to which the rule applies. The -// filter can be based on a key name prefix, object tags, or a combination +// - A filter identifying a subset of objects to which the rule applies. +// The filter can be based on a key name prefix, object tags, or a combination // of both. // -// - Status whether the rule is in effect. +// - A status indicating whether the rule is in effect. // // - One or more lifecycle transition and expiration actions that you want // Amazon S3 to perform on the objects identified by the filter. If the state @@ -8062,10 +8969,10 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // optionally grant access permissions to others by writing an access policy. // For this operation, a user must get the s3:PutLifecycleConfiguration permission. // -// You can also explicitly deny permissions. Explicit deny also supersedes any -// other permissions. If you want to block users or accounts from removing or -// deleting objects from your bucket, you must deny them permissions for the -// following actions: +// You can also explicitly deny permissions. An explicit deny also supersedes +// any other permissions. If you want to block users or accounts from removing +// or deleting objects from your bucket, you must deny them permissions for +// the following actions: // // - s3:DeleteObject // @@ -8076,7 +8983,7 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // For more information about permissions, see Managing Access Permissions to // Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// The following are related to PutBucketLifecycleConfiguration: +// The following operations are related to PutBucketLifecycleConfiguration: // // - Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html) // @@ -8160,6 +9067,8 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // PutBucketLogging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Set the logging parameters for a bucket and to specify permissions for who // can view and modify the logging parameters. All logs are saved to buckets // in the same Amazon Web Services Region as the source bucket. To set the logging @@ -8178,7 +9087,7 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // # Grantee Values // // You can specify the person (grantee) to whom you're assigning access rights -// (using request elements) in the following ways: +// (by using request elements) in the following ways: // // - By the person's ID: <>ID<><>GranteesEmail<> @@ -8186,8 +9095,8 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // // - By Email address: <>Grantees@email.com<> -// The grantee is resolved to the CanonicalUser and, in a response to a GET -// Object acl request, appears as the CanonicalUser. +// The grantee is resolved to the CanonicalUser and, in a response to a GETObjectAcl +// request, appears as the CanonicalUser. // // - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> @@ -8287,6 +9196,8 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu // PutBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets a metrics configuration (specified by the metrics configuration ID) // for the bucket. You can have up to 1,000 metrics configurations per bucket. // If you're updating an existing metrics configuration, note that this is a @@ -8310,7 +9221,7 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu // // - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) // -// GetBucketLifecycle has the following special error: +// PutBucketMetricsConfiguration has the following special error: // // - Error code: TooManyConfigurations Description: You are attempting to // create a new configuration but have already reached the 1,000-configuration @@ -8397,6 +9308,8 @@ func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (re // PutBucketNotification API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // No longer used, see the PutBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html) // operation. // @@ -8476,6 +9389,8 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // PutBucketNotificationConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Enables notifications of specified events for a bucket. For more information // about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). // @@ -8511,7 +9426,8 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // // By default, only the bucket owner can configure notifications on a bucket. // However, bucket owners can use a bucket policy to grant permission to other -// users to set this configuration with s3:PutBucketNotification permission. +// users to set this configuration with the required s3:PutBucketNotification +// permission. // // The PUT notification is an atomic operation. For example, suppose your notification // configuration includes SNS topic, SQS queue, and Lambda function configurations. @@ -8519,8 +9435,6 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // messages to your SNS topic. If the message fails, the entire PUT action will // fail, and Amazon S3 will not add the configuration to your bucket. // -// # Responses -// // If the configuration in the request body includes only one TopicConfiguration // specifying only the s3:ReducedRedundancyLostObject event type, the response // will also include the x-amz-sns-test-message-id header containing the message @@ -8606,6 +9520,8 @@ func (c *S3) PutBucketOwnershipControlsRequest(input *PutBucketOwnershipControls // PutBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this // operation, you must have the s3:PutBucketOwnershipControls permission. For // more information about Amazon S3 permissions, see Specifying permissions @@ -8696,22 +9612,62 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R // PutBucketPolicy API operation for Amazon Simple Storage Service. // -// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using -// an identity other than the root user of the Amazon Web Services account that -// owns the bucket, the calling identity must have the PutBucketPolicy permissions -// on the specified bucket and belong to the bucket owner's account in order -// to use this operation. +// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the PutBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access // Denied error. If you have the correct permissions, but you're not using an // identity that belongs to the bucket owner's account, Amazon S3 returns a // 405 Method Not Allowed error. // -// As a security precaution, the root user of the Amazon Web Services account -// that owns a bucket can always use this operation, even if the policy explicitly -// denies the root user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. +// +// - General purpose bucket permissions - The s3:PutBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:PutBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # Example bucket policies +// +// General purpose buckets example bucket policies - See Bucket policy examples +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// Directory bucket example bucket policies - See Example bucket policies for +// S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax // -// For more information, see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html). +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to PutBucketPolicy: // @@ -8795,6 +9751,8 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // PutBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates a replication configuration or replaces an existing one. For more // information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) // in the Amazon S3 User Guide. @@ -8803,6 +9761,9 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // configuration, you provide the name of the destination bucket or buckets // where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 // can assume to replicate objects on your behalf, and other relevant information. +// You can invoke this request for a specific Amazon Web Services Region by +// using the aws:RequestedRegion (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion) +// condition key. // // A replication configuration must include at least one rule, and can contain // a maximum of 1,000. Each rule identifies a subset of objects to replicate @@ -8931,6 +9892,8 @@ func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput) // PutBucketRequestPayment API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the request payment configuration for a bucket. By default, the bucket // owner pays for downloads from the bucket. This configuration parameter enables // the bucket owner (only) to specify that the person requesting the download @@ -9019,6 +9982,8 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // PutBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the tags for a bucket. // // Use tags to organize your Amazon Web Services bill to reflect your own cost @@ -9029,7 +9994,7 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // name, and then organize your billing information to see the total cost of // that application across several services. For more information, see Cost // Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) -// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html). +// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). // // When this operation sets the tags for a bucket, it will overwrite any current // tags the bucket already has. You cannot use this operation to add tags to @@ -9041,22 +10006,20 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// PutBucketTagging has the following special errors: +// PutBucketTagging has the following special errors. For more Amazon S3 errors +// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // -// - Error code: InvalidTagError Description: The tag provided was not a -// valid tag. This error can occur if the tag did not pass input validation. -// For information about tag restrictions, see User-Defined Tag Restrictions -// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) -// and Amazon Web Services-Generated Cost Allocation Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html). +// - InvalidTag - The tag provided was not a valid tag. This error can occur +// if the tag did not pass input validation. For more information, see Using +// Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). // -// - Error code: MalformedXMLError Description: The XML provided does not -// match the schema. +// - MalformedXML - The XML provided does not match the schema. // -// - Error code: OperationAbortedError Description: A conflicting conditional -// action is currently in progress against this resource. Please try again. +// - OperationAborted - A conflicting conditional action is currently in +// progress against this resource. Please try again. // -// - Error code: InternalError Description: The service was unable to apply -// the provided tag to the bucket. +// - InternalError - The service was unable to apply the provided tag to +// the bucket. // // The following operations are related to PutBucketTagging: // @@ -9140,6 +10103,8 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r // PutBucketVersioning API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the versioning state of an existing bucket. // // You can set the versioning state with one of the following values: @@ -9159,15 +10124,15 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r // you must include the x-amz-mfa request header and the Status and the MfaDelete // request elements in a request to set the versioning state of the bucket. // -// If you have an object expiration lifecycle policy in your non-versioned bucket -// and you want to maintain the same permanent delete behavior when you enable -// versioning, you must add a noncurrent expiration policy. The noncurrent expiration -// lifecycle policy will manage the deletes of the noncurrent object versions -// in the version-enabled bucket. (A version-enabled bucket maintains one current -// and zero or more noncurrent object versions.) For more information, see Lifecycle -// and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config). +// If you have an object expiration lifecycle configuration in your non-versioned +// bucket and you want to maintain the same permanent delete behavior when you +// enable versioning, you must add a noncurrent expiration policy. The noncurrent +// expiration lifecycle configuration will manage the deletes of the noncurrent +// object versions in the version-enabled bucket. (A version-enabled bucket +// maintains one current and zero or more noncurrent object versions.) For more +// information, see Lifecycle and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config). // -// Related Resources +// The following operations are related to PutBucketVersioning: // // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // @@ -9251,6 +10216,8 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // PutBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the configuration of the website that is specified in the website subresource. // To configure a bucket as a website, you can add this subresource on the bucket // with website configuration information such as the file name of the index @@ -9318,6 +10285,8 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // more information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) // in the Amazon S3 User Guide. // +// The maximum request length is limited to 128 KB. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9389,99 +10358,85 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // PutObject API operation for Amazon Simple Storage Service. // -// Adds an object to a bucket. You must have WRITE permissions on a bucket to -// add an object to it. -// -// Amazon S3 never adds partial objects; if you receive a success response, -// Amazon S3 added the entire object to the bucket. -// -// Amazon S3 is a distributed system. If it receives multiple write requests -// for the same object simultaneously, it overwrites all but the last object -// written. Amazon S3 does not provide object locking; if you need this, make -// sure to build it into your application layer or use versioning instead. -// -// To ensure that data is not corrupted traversing the network, use the Content-MD5 -// header. When you use this header, Amazon S3 checks the object against the -// provided MD5 value and, if they do not match, returns an error. Additionally, -// you can calculate the MD5 while putting an object to Amazon S3 and compare -// the returned ETag to the calculated MD5 value. +// Adds an object to a bucket. // -// - To successfully complete the PutObject request, you must have the s3:PutObject -// in your IAM permissions. +// - Amazon S3 never adds partial objects; if you receive a success response, +// Amazon S3 added the entire object to the bucket. You cannot use PutObject +// to only update a single piece of metadata for an existing object. You +// must put the entire object with updated metadata if you want to update +// some values. // -// - To successfully change the objects acl of your PutObject request, you -// must have the s3:PutObjectAcl in your IAM permissions. +// - If your bucket uses the bucket owner enforced setting for Object Ownership, +// ACLs are disabled and no longer affect permissions. All objects written +// to the bucket by any account will be owned by the bucket owner. // -// - The Content-MD5 header is required for any request to upload an object -// with a retention period configured using Amazon S3 Object Lock. For more -// information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// # Server-side Encryption -// -// You can optionally request server-side encryption. With server-side encryption, -// Amazon S3 encrypts your data as it writes it to disks in its data centers -// and decrypts the data when you access it. You have the option to provide -// your own encryption key or use Amazon Web Services managed encryption keys -// (SSE-S3 or SSE-KMS). For more information, see Using Server-Side Encryption -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). -// -// If you request server-side encryption using Amazon Web Services Key Management -// Service (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For -// more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. -// -// # Access Control List (ACL)-Specific Request Headers -// -// You can use headers to grant ACL- based permissions. By default, all objects -// are private. Only the owner has full access control. When adding a new object, -// you can grant permissions to individual Amazon Web Services accounts or to -// predefined groups defined by Amazon S3. These permissions are then added -// to the ACL on the object. For more information, see Access Control List (ACL) -// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). -// -// If the bucket that you're uploading objects to uses the bucket owner enforced -// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. -// Buckets that use this setting only accept PUT requests that don't specify -// an ACL or PUT requests that specify bucket owner full control ACLs, such -// as the bucket-owner-full-control canned ACL or an equivalent form of this -// ACL expressed in the XML format. PUT requests that contain other ACLs (for -// example, custom grants to certain Amazon Web Services accounts) fail and -// return a 400 error with the error code AccessControlListNotSupported. -// -// For more information, see Controlling ownership of objects and disabling -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. -// -// If your bucket uses the bucket owner enforced setting for Object Ownership, -// all objects written to the bucket by any account will be owned by the bucket -// owner. -// -// # Storage Class Options -// -// By default, Amazon S3 uses the STANDARD Storage Class to store newly created -// objects. The STANDARD storage class provides high durability and high availability. -// Depending on performance needs, you can specify a different Storage Class. -// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, -// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 User Guide. -// -// # Versioning -// -// If you enable versioning for a bucket, Amazon S3 automatically generates -// a unique version ID for the object being stored. Amazon S3 returns this ID -// in the response. When you enable versioning for a bucket, if Amazon S3 receives -// multiple write requests for the same object simultaneously, it stores all -// of the objects. -// -// For more information about versioning, see Adding Objects to Versioning Enabled -// Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html). -// For information about returning the versioning state of a bucket, see GetBucketVersioning -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). -// -// Related Resources +// Amazon S3 is a distributed system. If it receives multiple write requests +// for the same object simultaneously, it overwrites all but the last object +// written. However, Amazon S3 provides features that can modify this behavior: +// +// - S3 Object Lock - To prevent objects from being deleted or overwritten, +// you can use Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) +// in the Amazon S3 User Guide. This functionality is not supported for directory +// buckets. +// +// - S3 Versioning - When you enable versioning for a bucket, if Amazon S3 +// receives multiple write requests for the same object simultaneously, it +// stores all versions of the objects. For each write request that is made +// to the same object, Amazon S3 automatically generates a unique version +// ID of that object being stored in Amazon S3. You can retrieve, replace, +// or delete any version of the object. For more information about versioning, +// see Adding Objects to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) +// in the Amazon S3 User Guide. For information about returning the versioning +// state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). +// This functionality is not supported for directory buckets. +// +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your PutObject request includes specific headers. +// s3:PutObject - To successfully complete the PutObject request, you must +// always have the s3:PutObject permission on a bucket to add an object to +// it. s3:PutObjectAcl - To successfully change the objects ACL of your PutObject +// request, you must have the s3:PutObjectAcl. s3:PutObjectTagging - To successfully +// set the tag-set with your PutObject request, you must have the s3:PutObjectTagging. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Data integrity with Content-MD5 +// +// - General purpose bucket - To ensure that data is not corrupted traversing +// the network, use the Content-MD5 header. When you use this header, Amazon +// S3 checks the object against the provided MD5 value and, if they do not +// match, Amazon S3 returns an error. Alternatively, when the object's ETag +// is its MD5 digest, you can calculate the MD5 while putting the object +// to Amazon S3 and compare the returned ETag to the calculated MD5 value. +// +// - Directory bucket - This functionality is not supported for directory +// buckets. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// For more information about related Amazon S3 APIs, see the following: // // - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) // @@ -9562,13 +10517,15 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // PutObjectAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Uses the acl subresource to set the access control list (ACL) permissions -// for a new or existing object in an S3 bucket. You must have WRITE_ACP permission -// to set the ACL of an object. For more information, see What permissions can -// I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) +// for a new or existing object in an S3 bucket. You must have the WRITE_ACP +// permission to set the ACL of an object. For more information, see What permissions +// can I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) // in the Amazon S3 User Guide. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Depending on your application needs, you can choose to set the ACL on an // object using either the request body or the headers. For example, if you @@ -9585,7 +10542,7 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // in the Amazon S3 User Guide. // -// # Access Permissions +// # Permissions // // You can set access permissions using one of the following methods: // @@ -9651,7 +10608,7 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // sets the ACL of the current version of an object. To set the ACL of a different // version, use the versionId subresource. // -// Related Resources +// The following operations are related to PutObjectAcl: // // - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) // @@ -9737,10 +10694,12 @@ func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *req // PutObjectLegalHold API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Applies a legal hold configuration to the specified object. For more information, // see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9817,6 +10776,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration // PutObjectLockConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Places an Object Lock configuration on the specified bucket. The rule specified // in the Object Lock configuration will be applied by default to every new // object placed in the specified bucket. For more information, see Locking @@ -9827,8 +10788,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration // - The DefaultRetention period can be either Days or Years but you must // select one. You cannot specify Days and Years at the same time. // -// - You can only enable Object Lock for new buckets. If you want to turn -// on Object Lock for an existing bucket, contact Amazon Web Services Support. +// - You can enable Object Lock for new or existing buckets. For more information, +// see Configuring Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9905,13 +10866,15 @@ func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *req // PutObjectRetention API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Places an Object Retention configuration on an object. For more information, // see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // Users or accounts require the s3:PutObjectRetention permission in order to // place an Object Retention configuration on objects. Bypassing a Governance // Retention configuration requires the s3:BypassGovernanceRetention permission. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9988,12 +10951,15 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // PutObjectTagging API operation for Amazon Simple Storage Service. // -// Sets the supplied tag-set to an object that already exists in a bucket. +// This operation is not supported by directory buckets. +// +// Sets the supplied tag-set to an object that already exists in a bucket. A +// tag is a key-value pair. For more information, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). // -// A tag is a key-value pair. You can associate tags with an object by sending -// a PUT request against the tagging subresource that is associated with the -// object. You can retrieve tags by sending a GET request. For more information, -// see GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). +// You can associate tags with an object by sending a PUT request against the +// tagging subresource that is associated with the object. You can retrieve +// tags by sending a GET request. For more information, see GetObjectTagging +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). // // For tagging-related restrictions related to characters and encodings, see // Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html). @@ -10006,24 +10972,22 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // To put tags of any other version, use the versionId query parameter. You // also need permission for the s3:PutObjectVersionTagging action. // -// For information about the Amazon S3 object tagging feature, see Object Tagging -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). +// PutObjectTagging has the following special errors. For more Amazon S3 errors +// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // -// Special Errors +// - InvalidTag - The tag provided was not a valid tag. This error can occur +// if the tag did not pass input validation. For more information, see Object +// Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). // -// - Code: InvalidTagError Cause: The tag provided was not a valid tag. This -// error can occur if the tag did not pass input validation. For more information, -// see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). +// - MalformedXML - The XML provided does not match the schema. // -// - Code: MalformedXMLError Cause: The XML provided does not match the schema. +// - OperationAborted - A conflicting conditional action is currently in +// progress against this resource. Please try again. // -// - Code: OperationAbortedError Cause: A conflicting conditional action -// is currently in progress against this resource. Please try again. +// - InternalError - The service was unable to apply the provided tag to +// the object. // -// - Code: InternalError Cause: The service was unable to apply the provided -// tag to the object. -// -// Related Resources +// The following operations are related to PutObjectTagging: // // - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) // @@ -10105,6 +11069,8 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req // PutPublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates or modifies the PublicAccessBlock configuration for an Amazon S3 // bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock // permission. For more information about Amazon S3 permissions, see Specifying @@ -10120,7 +11086,7 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req // For more information about when Amazon S3 considers a bucket or an object // public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status). // -// Related Resources +// The following operations are related to PutPublicAccessBlock: // // - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) // @@ -10201,9 +11167,11 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // RestoreObject API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // # Restores an archived copy of an object back into Amazon S3 // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // This action performs the following types of requests: // @@ -10211,55 +11179,34 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // // - restore an archive - Restore an archived object // -// To use this operation, you must have permissions to perform the s3:RestoreObject -// action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) -// in the Amazon S3 User Guide. +// For more information about the S3 structure in the request body, see the +// following: // -// # Querying Archives with Select Requests +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// You use a select type of request to perform SQL queries on archived objects. -// The archived objects that are being queried by the select request must be -// formatted as uncompressed comma-separated values (CSV) files. You can run -// queries and custom analytics on your archived data without having to restore -// your data to a hotter Amazon S3 tier. For an overview about select requests, -// see Querying Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html) -// in the Amazon S3 User Guide. +// - Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) +// in the Amazon S3 User Guide // -// When making a select request, do the following: -// -// - Define an output location for the select query's output. This must be -// an Amazon S3 bucket in the same Amazon Web Services Region as the bucket -// that contains the archive object that is being queried. The Amazon Web -// Services account that initiates the job must have permissions to write -// to the S3 bucket. You can specify the storage class and encryption for -// the output objects stored in the bucket. For more information about output, -// see Querying Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html) -// in the Amazon S3 User Guide. For more information about the S3 structure -// in the request body, see the following: PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) -// Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) -// in the Amazon S3 User Guide Protecting Data Using Server-Side Encryption -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) +// - Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) // in the Amazon S3 User Guide // -// - Define the SQL expression for the SELECT type of restoration for your -// query in the request body's SelectParameters structure. You can use expressions -// like the following examples. The following expression returns all records -// from the specified object. SELECT * FROM Object Assuming that you are -// not using any headers for data stored in the object, you can specify columns -// with positional headers. SELECT s._1, s._2 FROM Object s WHERE s._3 > -// 100 If you have headers and you set the fileHeaderInfo in the CSV structure +// Define the SQL expression for the SELECT type of restoration for your query +// in the request body's SelectParameters structure. You can use expressions +// like the following examples. +// +// - The following expression returns all records from the specified object. +// SELECT * FROM Object +// +// - Assuming that you are not using any headers for data stored in the object, +// you can specify columns with positional headers. SELECT s._1, s._2 FROM +// Object s WHERE s._3 > 100 +// +// - If you have headers and you set the fileHeaderInfo in the CSV structure // in the request body to USE, you can specify headers in the query. (If // you set the fileHeaderInfo field to IGNORE, the first row is skipped for // the query.) You cannot mix ordinal positions with header column names. // SELECT s.Id, s.FirstName, s.SSN FROM S3Object s // -// For more information about using SQL with S3 Glacier Select restore, see -// SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon S3 User Guide. -// // When making a select request, you can also do the following: // // - To expedite your queries, specify the Expedited tier. For more information @@ -10273,59 +11220,74 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // // - The output results are new Amazon S3 objects. Unlike archive retrievals, // they are stored until explicitly deleted-manually or through a lifecycle -// policy. +// configuration. // // - You can issue more than one select request on the same Amazon S3 object. -// Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests. +// Amazon S3 doesn't duplicate requests, so avoid issuing duplicate requests. // // - Amazon S3 accepts a select request even if the object has already been // restored. A select request doesn’t return error response 409. // +// # Permissions +// +// To use this operation, you must have permissions to perform the s3:RestoreObject +// action. The bucket owner has this permission by default and can grant this +// permission to others. For more information about permissions, see Permissions +// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// // # Restoring objects // -// Objects that you archive to the S3 Glacier or S3 Glacier Deep Archive storage -// class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep -// Archive tiers are not accessible in real time. For objects in Archive Access -// or Deep Archive Access tiers you must first initiate a restore request, and -// then wait until the object is moved into the Frequent Access tier. For objects -// in S3 Glacier or S3 Glacier Deep Archive storage classes you must first initiate -// a restore request, and then wait until a temporary copy of the object is -// available. To access an archived object, you must restore the object for -// the duration (number of days) that you specify. +// Objects that you archive to the S3 Glacier Flexible Retrieval Flexible Retrieval +// or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive +// or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real +// time. For objects in the S3 Glacier Flexible Retrieval Flexible Retrieval +// or S3 Glacier Deep Archive storage classes, you must first initiate a restore +// request, and then wait until a temporary copy of the object is available. +// If you want a permanent copy of the object, create a copy of it in the Amazon +// S3 Standard storage class in your S3 bucket. To access an archived object, +// you must restore the object for the duration (number of days) that you specify. +// For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering, +// you must first initiate a restore request, and then wait until the object +// is moved into the Frequent Access tier. // // To restore a specific object version, you can provide a version ID. If you // don't provide a version ID, Amazon S3 restores the current version. // -// When restoring an archived object (or using a select request), you can specify -// one of the following data access tier options in the Tier element of the -// request body: +// When restoring an archived object, you can specify one of the following data +// access tier options in the Tier element of the request body: // // - Expedited - Expedited retrievals allow you to quickly access your data -// stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive -// tier when occasional urgent requests for a subset of archives are required. -// For all but the largest archived objects (250 MB+), data accessed using -// Expedited retrievals is typically made available within 1–5 minutes. -// Provisioned capacity ensures that retrieval capacity for Expedited retrievals -// is available when you need it. Expedited retrievals and provisioned capacity -// are not available for objects stored in the S3 Glacier Deep Archive storage -// class or S3 Intelligent-Tiering Deep Archive tier. +// stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage +// class or S3 Intelligent-Tiering Archive tier when occasional urgent requests +// for restoring archives are required. For all but the largest archived +// objects (250 MB+), data accessed using Expedited retrievals is typically +// made available within 1–5 minutes. Provisioned capacity ensures that +// retrieval capacity for Expedited retrievals is available when you need +// it. Expedited retrievals and provisioned capacity are not available for +// objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering +// Deep Archive tier. // // - Standard - Standard retrievals allow you to access any of your archived // objects within several hours. This is the default option for retrieval // requests that do not specify the retrieval option. Standard retrievals // typically finish within 3–5 hours for objects stored in the S3 Glacier -// storage class or S3 Intelligent-Tiering Archive tier. They typically finish -// within 12 hours for objects stored in the S3 Glacier Deep Archive storage -// class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals -// are free for objects stored in S3 Intelligent-Tiering. -// -// - Bulk - Bulk retrievals are the lowest-cost retrieval option in S3 Glacier, -// enabling you to retrieve large amounts, even petabytes, of data inexpensively. -// Bulk retrievals typically finish within 5–12 hours for objects stored -// in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. -// They typically finish within 48 hours for objects stored in the S3 Glacier -// Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. -// Bulk retrievals are free for objects stored in S3 Intelligent-Tiering. +// Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering +// Archive tier. They typically finish within 12 hours for objects stored +// in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering +// Deep Archive tier. Standard retrievals are free for objects stored in +// S3 Intelligent-Tiering. +// +// - Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible +// Retrieval and S3 Intelligent-Tiering storage classes, enabling you to +// retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals +// typically finish within 5–12 hours for objects stored in the S3 Glacier +// Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering +// Archive tier. Bulk retrievals are also the lowest-cost retrieval option +// when restoring objects from S3 Glacier Deep Archive. They typically finish +// within 48 hours for objects stored in the S3 Glacier Deep Archive storage +// class or S3 Intelligent-Tiering Deep Archive tier. // // For more information about archive retrieval options and provisioned capacity // for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) @@ -10368,11 +11330,9 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // - If the object is previously restored, Amazon S3 returns 200 OK in the // response. // -// Special Errors -// -// - Code: RestoreAlreadyInProgress Cause: Object restore is already in progress. -// (This error does not apply to SELECT type requests.) HTTP Status Code: -// 409 Conflict SOAP Fault Code Prefix: Client +// - Special errors: Code: RestoreAlreadyInProgress Cause: Object restore +// is already in progress. (This error does not apply to SELECT type requests.) +// HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client // // - Code: GlacierExpeditedRetrievalNotAvailable Cause: expedited retrievals // are currently not available. Try again later. (Returned if there is insufficient @@ -10380,15 +11340,12 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // Expedited retrievals and not to S3 Standard or Bulk retrievals.) HTTP // Status Code: 503 SOAP Fault Code Prefix: N/A // -// Related Resources +// The following operations are related to RestoreObject: // // - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) // // - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) // -// - SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon S3 User Guide -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -10474,6 +11431,8 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // SelectObjectContent API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action filters the contents of an Amazon S3 object based on a simple // structured query language (SQL) statement. In the request, along with the // SQL expression, you must also specify a data serialization format (JSON, @@ -10482,20 +11441,16 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // SQL expression. You must also specify the data serialization format for the // response. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // For more information about Amazon S3 Select, see Selecting Content from Objects // (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html) // and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html) // in the Amazon S3 User Guide. // -// For more information about using SQL with Amazon S3 Select, see SQL Reference -// for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon S3 User Guide. -// // # Permissions // -// You must have s3:GetObject permission for this operation. Amazon S3 Select +// You must have the s3:GetObject permission for this operation. Amazon S3 Select // does not support anonymous access. For more information about permissions, // see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) // in the Amazon S3 User Guide. @@ -10522,10 +11477,10 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. For objects that are encrypted with Amazon -// S3 managed encryption keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), -// server-side encryption is handled transparently, so you don't need to -// specify anything. For more information about server-side encryption, including -// SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) +// S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side +// encryption is handled transparently, so you don't need to specify anything. +// For more information about server-side encryption, including SSE-S3 and +// SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) // in the Amazon S3 User Guide. // // # Working with the Response Body @@ -10545,9 +11500,13 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // in the request parameters), you cannot specify the range of bytes of an // object to return. // -// - GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot -// specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes. -// For more information, about storage classes see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro) +// - The GLACIER, DEEP_ARCHIVE, and REDUCED_REDUNDANCY storage classes, or +// the ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING +// storage class: You cannot query objects in the GLACIER, DEEP_ARCHIVE, +// or REDUCED_REDUNDANCY storage classes, nor objects in the ARCHIVE_ACCESS +// or DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage +// class. For more information about storage classes, see Using Amazon S3 +// storage classes (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html) // in the Amazon S3 User Guide. // // # Special Errors @@ -10555,7 +11514,7 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // For a list of special errors for this operation, see List of SELECT Object // Content Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList) // -// Related Resources +// The following operations are related to SelectObjectContent: // // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // @@ -10592,6 +11551,7 @@ func (c *S3) SelectObjectContentWithContext(ctx aws.Context, input *SelectObject } var _ awserr.Error +var _ time.Time // SelectObjectContentEventStream provides the event stream handling for the SelectObjectContent. // @@ -10803,15 +11763,15 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // // Uploads a part in a multipart upload. // -// In this operation, you provide part data in your request. However, you have -// an option to specify your existing Amazon S3 object as a data source for -// the part you are uploading. To upload a part from an existing object, you -// use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// In this operation, you provide new data as a part of an object in your request. +// However, you have an option to specify your existing Amazon S3 object as +// a data source for the part you are uploading. To upload a part from an existing +// object, you use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. // // You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)) // before you can upload any part. In response to your initiate request, Amazon -// S3 returns an upload ID, a unique identifier, that you must include in your +// S3 returns an upload ID, a unique identifier that you must include in your // upload part request. // // Part numbers can be any number from 1 to 10,000, inclusive. A part number @@ -10823,18 +11783,8 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) // in the Amazon S3 User Guide. // -// To ensure that data is not corrupted when traversing the network, specify -// the Content-MD5 header in the upload part request. Amazon S3 checks the part -// data against the provided MD5 value. If they do not match, Amazon S3 returns -// an error. -// -// If the upload request is signed with Signature Version 4, then Amazon Web -// Services S3 uses the x-amz-content-sha256 header as a checksum instead of -// Content-MD5. For more information see Authenticating Requests: Using the -// Authorization Header (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). -// -// Note: After you initiate multipart upload and upload one or more parts, you -// must either complete or abort multipart upload in order to stop getting charged +// After you initiate multipart upload and upload one or more parts, you must +// either complete or abort multipart upload in order to stop getting charged // for storage of the uploaded parts. Only after you either complete or abort // multipart upload, Amazon S3 frees up the parts storage and stops charging // you for the parts storage. @@ -10843,44 +11793,90 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the // Amazon S3 User Guide . // -// For information on the permissions required to use the multipart upload API, -// go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// You can optionally request server-side encryption where Amazon S3 encrypts -// your data as it writes it to disks in its data centers and decrypts it for -// you when you access it. You have the option of providing your own encryption -// key, or you can use the Amazon Web Services managed encryption keys. If you -// choose to provide your own encryption key, the request headers you provide -// in the request must match the headers you used in the request to initiate -// the upload by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). -// For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) -// in the Amazon S3 User Guide. +// Permissions // -// Server-side encryption is supported by the S3 Multipart Upload actions. Unless -// you are using a customer-provided encryption key, you don't need to specify -// the encryption parameters in each UploadPart request. Instead, you only need -// to specify the server-side encryption parameters in the initial Initiate -// Multipart request. For more information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). -// -// If you requested server-side encryption using a customer-provided encryption -// key in your initiate multipart upload request, you must provide identical -// encryption information in each part upload using the following headers. +// - General purpose bucket permissions - For information on the permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. // -// - x-amz-server-side-encryption-customer-algorithm +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Data integrity +// +// General purpose bucket - To ensure that data is not corrupted traversing +// the network, specify the Content-MD5 header in the upload part request. Amazon +// S3 checks the part data against the provided MD5 value. If they do not match, +// Amazon S3 returns an error. If the upload request is signed with Signature +// Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header +// as a checksum instead of Content-MD5. For more information see Authenticating +// Requests: Using the Authorization Header (Amazon Web Services Signature Version +// 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). +// +// Directory buckets - MD5 is not supported by directory buckets. You can use +// checksum algorithms to check object integrity. +// +// Encryption +// +// - General purpose bucket - Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its +// data centers and decrypts it when you access it. You have mutually exclusive +// options to protect data using server-side encryption in Amazon S3, depending +// on how you choose to manage the encryption keys. Specifically, the encryption +// key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS +// keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts +// data with server-side encryption using Amazon S3 managed keys (SSE-S3) +// by default. You can optionally tell Amazon S3 to encrypt data at rest +// using server-side encryption with other key options. The option you use +// depends on whether you want to use KMS keys (SSE-KMS) or provide your +// own encryption key (SSE-C). Server-side encryption is supported by the +// S3 Multipart Upload operations. Unless you are using a customer-provided +// encryption key (SSE-C), you don't need to specify the encryption parameters +// in each UploadPart request. Instead, you only need to specify the server-side +// encryption parameters in the initial Initiate Multipart request. For more +// information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// If you request server-side encryption using a customer-provided encryption +// key (SSE-C) in your initiate multipart upload request, you must provide +// identical encryption information in each part upload using the following +// request headers. x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key +// x-amz-server-side-encryption-customer-key-MD5 +// +// - Directory bucket - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. +// +// For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) +// in the Amazon S3 User Guide. // -// - x-amz-server-side-encryption-customer-key +// Special errors // -// - x-amz-server-side-encryption-customer-key-MD5 +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// SOAP Fault Code Prefix: Client // -// Special Errors +// # HTTP Host header syntax // -// - Code: NoSuchUpload Cause: The specified multipart upload does not exist. -// The upload ID might be invalid, or the multipart upload might have been -// aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault Code -// Prefix: Client +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // -// Related Resources +// The following operations are related to UploadPart: // // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // @@ -10963,83 +11959,107 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req // UploadPartCopy API operation for Amazon Simple Storage Service. // -// Uploads a part by copying data from an existing object as data source. You -// specify the data source by adding the request header x-amz-copy-source in -// your request and a byte range by adding the request header x-amz-copy-source-range +// Uploads a part by copying data from an existing object as data source. To +// specify the data source, you add the request header x-amz-copy-source in +// your request. To specify a byte range, you add the request header x-amz-copy-source-range // in your request. // // For information about maximum and minimum part sizes and other multipart // upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) // in the Amazon S3 User Guide. // -// Instead of using an existing object as part data, you might use the UploadPart -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) action -// and provide data in your request. +// Instead of copying data from an existing object as part data, you might use +// the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// action to upload new data as a part of an object in your request. // // You must initiate a multipart upload before you can upload any part. In response -// to your initiate request. Amazon S3 returns a unique identifier, the upload -// ID, that you must include in your upload part request. +// to your initiate request, Amazon S3 returns the upload ID, a unique identifier +// that you must include in your upload part request. +// +// For conceptual information about multipart uploads, see Uploading Objects +// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. For information about copying objects using +// a single atomic action vs. a multipart upload, see Operations on Objects +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) in +// the Amazon S3 User Guide. // -// For more information about using the UploadPartCopy operation, see the following: +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// - For conceptual information about multipart uploads, see Uploading Objects -// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) -// in the Amazon S3 User Guide. +// # Authentication and authorization // -// - For information about permissions required to use the multipart upload -// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// in the Amazon S3 User Guide. +// All UploadPartCopy requests must be authenticated and signed by using IAM +// credentials (access key ID and secret access key for the IAM identities). +// All headers with the x-amz- prefix, including x-amz-copy-source, must be +// signed. For more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). // -// - For information about copying objects using a single atomic action vs. -// a multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) -// in the Amazon S3 User Guide. +// Directory buckets - You must use IAM credentials to authenticate and authorize +// your access to the UploadPartCopy API operation, instead of using the temporary +// security credentials through the CreateSession API operation. // -// - For information about using server-side encryption with customer-provided -// encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) -// and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. // -// Note the following additional considerations about the request headers x-amz-copy-source-if-match, -// x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and -// x-amz-copy-source-if-modified-since: +// # Permissions // -// - Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request as follows: x-amz-copy-source-if-match -// condition evaluates to true, and; x-amz-copy-source-if-unmodified-since -// condition evaluates to false; Amazon S3 returns 200 OK and copies the -// data. +// You must have READ access to the source object and WRITE access to the destination +// bucket. // -// - Consideration 2 - If both of the x-amz-copy-source-if-none-match and -// x-amz-copy-source-if-modified-since headers are present in the request -// as follows: x-amz-copy-source-if-none-match condition evaluates to false, -// and; x-amz-copy-source-if-modified-since condition evaluates to true; -// Amazon S3 returns 412 Precondition Failed response code. +// - General purpose bucket permissions - You must have the permissions in +// a policy based on the bucket types of your source bucket and destination +// bucket in an UploadPartCopy operation. If the source object is in a general +// purpose bucket, you must have the s3:GetObject permission to read the +// source object that is being copied. If the destination bucket is a general +// purpose bucket, you must have the s3:PubObject permission to write the +// object copy to the destination bucket. For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. // -// # Versioning +// - Directory bucket permissions - You must have permissions in a bucket +// policy or an IAM identity-based policy based on the source and destination +// bucket types in an UploadPartCopy operation. If the source object that +// you want to copy is in a directory bucket, you must have the s3express:CreateSession +// permission in the Action element of a policy to read the object . By default, +// the session is in the ReadWrite mode. If you want to restrict the access, +// you can explicitly set the s3express:SessionMode condition key to ReadOnly +// on the copy source bucket. If the copy destination is a directory bucket, +// you must have the s3express:CreateSession permission in the Action element +// of a policy to write the object to the destination. The s3express:SessionMode +// condition key cannot be set to ReadOnly on the copy destination. For example +// policies, see Example bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. // -// If your bucket has versioning enabled, you could have multiple versions of -// the same object. By default, x-amz-copy-source identifies the current version -// of the object to copy. If the current version is a delete marker and you -// don't specify a versionId in the x-amz-copy-source, Amazon S3 returns a 404 -// error, because the object does not exist. If you specify versionId in the -// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns -// an HTTP 400 error, because you are not allowed to specify a delete marker -// as a version for the x-amz-copy-source. +// Encryption // -// You can optionally specify a specific version of the source object to copy -// by adding the versionId subresource as shown in the following example: +// - General purpose buckets - For information about using server-side encryption +// with customer-provided encryption keys with the UploadPartCopy operation, +// see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). // -// x-amz-copy-source: /bucket/object?versionId=version id +// - Directory buckets - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// Special Errors +// Special errors // -// - Code: NoSuchUpload Cause: The specified multipart upload does not exist. -// The upload ID might be invalid, or the multipart upload might have been -// aborted or completed. HTTP Status Code: 404 Not Found +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found // -// - Code: InvalidRequest Cause: The specified copy source is not supported -// as a byte-range copy source. HTTP Status Code: 400 Bad Request +// - Error Code: InvalidRequest Description: The specified copy source is +// not supported as a byte-range copy source. HTTP Status Code: 400 Bad Request // -// Related Resources +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// The following operations are related to UploadPartCopy: // // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // @@ -11130,6 +12150,8 @@ func (c *S3) WriteGetObjectResponseRequest(input *WriteGetObjectResponseInput) ( // WriteGetObjectResponse API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Passes transformed objects to a GetObject operation when using Object Lambda // access points. For information about Object Lambda access points, see Transforming // objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html) @@ -11205,7 +12227,7 @@ func (c *S3) WriteGetObjectResponseWithContext(ctx aws.Context, input *WriteGetO // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket -// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) +// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) // in the Amazon S3 User Guide. type AbortIncompleteMultipartUpload struct { _ struct{} `type:"structure"` @@ -11244,27 +12266,41 @@ type AbortMultipartUploadInput struct { // The bucket name to which the upload was taking place. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Key of the object for which the multipart upload was initiated. @@ -11273,10 +12309,14 @@ type AbortMultipartUploadInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Upload ID that identifies the multipart upload. @@ -11397,6 +12437,8 @@ type AbortMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -11931,9 +12973,7 @@ func (s *AnalyticsS3BucketDestination) SetPrefix(v string) *AnalyticsS3BucketDes return s } -// In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name -// is globally unique, and the namespace is shared by all Amazon Web Services -// accounts. +// In terms of implementation, a Bucket is a resource. type Bucket struct { _ struct{} `type:"structure"` @@ -11975,6 +13015,51 @@ func (s *Bucket) SetName(v string) *Bucket { return s } +// Specifies the information about the bucket that will be created. For more +// information about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// This functionality is only supported by directory buckets. +type BucketInfo struct { + _ struct{} `type:"structure"` + + // The number of Availability Zone that's used for redundancy for the bucket. + DataRedundancy *string `type:"string" enum:"DataRedundancy"` + + // The type of bucket. + Type *string `type:"string" enum:"BucketType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BucketInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BucketInfo) GoString() string { + return s.String() +} + +// SetDataRedundancy sets the DataRedundancy field's value. +func (s *BucketInfo) SetDataRedundancy(v string) *BucketInfo { + s.DataRedundancy = &v + return s +} + +// SetType sets the Type field's value. +func (s *BucketInfo) SetType(v string) *BucketInfo { + s.Type = &v + return s +} + // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) // in the Amazon S3 User Guide. @@ -12261,7 +13346,9 @@ type CSVInput struct { // A single character used to indicate that a row should be ignored when the // character is present at the start of that row. You can specify any character - // to indicate a comment line. + // to indicate a comment line. The default character is #. + // + // Default: # Comments *string `type:"string"` // A single character used to separate individual fields in a record. You can @@ -12444,34 +13531,42 @@ type Checksum struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` } @@ -12631,19 +13726,33 @@ type CompleteMultipartUploadInput struct { // Name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -12677,9 +13786,9 @@ type CompleteMultipartUploadInput struct { // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -12691,16 +13800,23 @@ type CompleteMultipartUploadInput struct { MultipartUpload *CompletedMultipartUpload `locationName:"CompleteMultipartUpload" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The server-side encryption (SSE) algorithm used to encrypt the object. This - // parameter is needed only when the object was created using a checksum algorithm. - // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // parameter is required only when the object was created using a checksum algorithm + // or if your bucket policy requires the use of SSE-C. For more information, + // see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // The server-side encryption (SSE) customer managed key. This parameter is @@ -12708,6 +13824,8 @@ type CompleteMultipartUploadInput struct { // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CompleteMultipartUploadInput's // String and GoString methods. @@ -12717,6 +13835,8 @@ type CompleteMultipartUploadInput struct { // is needed only when the object was created using a checksum algorithm. For // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // ID for the initiated multipart upload. @@ -12893,55 +14013,52 @@ type CompleteMultipartUploadOutput struct { // The name of the bucket that contains the newly created object. Does not return // the access point ARN or access point alias if used. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // Access points are not supported by directory buckets. Bucket *string `type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -12957,6 +14074,8 @@ type CompleteMultipartUploadOutput struct { // If the object expiration is configured, this will contain the expiration // date (expiry-date) and rule ID (rule-id). The value of rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The object key of the newly created object. @@ -12967,25 +14086,31 @@ type CompleteMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CompleteMultipartUploadOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If you specified server-side encryption either with an Amazon S3-managed - // encryption key or an Amazon Web Services KMS key in your initiate multipart - // upload request, the response includes this header. It confirms the encryption - // algorithm that Amazon S3 used to encrypt the object. + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created object, in case the bucket has versioning // turned on. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -13138,34 +14263,42 @@ type CompletedPart struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -13174,6 +14307,16 @@ type CompletedPart struct { // Part number that identifies the part. This is a positive integer between // 1 and 10,000. + // + // * General purpose buckets - In CompleteMultipartUpload, when a additional + // checksum (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, + // or x-amz-checksum-sha256) is applied to each part, the PartNumber must + // start at 1 and the part numbers must be consecutive. Otherwise, Amazon + // S3 generates an HTTP 400 Bad Request status code and an InvalidPartOrder + // error code. + // + // * Directory buckets - In CompleteMultipartUpload, the PartNumber must + // start at 1 and the part numbers must be consecutive. PartNumber *int64 `type:"integer"` } @@ -13333,71 +14476,134 @@ func (s *ContinuationEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg even type CopyObjectInput struct { _ struct{} `locationName:"CopyObjectRequest" type:"structure"` - // The canned ACL to apply to the object. + // The canned access control list (ACL) to apply to the object. + // + // When you copy an object, the ACL metadata is not preserved and is set to + // private by default. Only the owner has full access control. To override the + // default ACL setting, specify a new ACL when you generate a copy request. + // For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). + // + // If the destination bucket that you're copying objects to uses the bucket + // owner enforced setting for S3 Object Ownership, ACLs are disabled and no + // longer affect permissions. Buckets that use this setting only accept PUT + // requests that don't specify an ACL or PUT requests that specify bucket owner + // full control ACLs, such as the bucket-owner-full-control canned ACL or an + // equivalent form of this ACL expressed in the XML format. For more information, + // see Controlling ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. // - // This action is not supported by Amazon S3 on Outposts. + // * If your destination bucket uses the bucket owner enforced setting for + // Object Ownership, all objects written to the bucket by any account will + // be owned by the bucket owner. + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // The name of the destination bucket. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the + // object. // - // Specifying this header with a COPY action doesn’t affect bucket-level settings - // for S3 Bucket Key. + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. Specifying this header with a COPY action + // doesn’t affect bucket-level settings for S3 Bucket Key. + // + // For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` - // Specifies caching behavior along the request/reply chain. + // Specifies the caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm you want Amazon S3 to use to create the checksum + // Indicates the algorithm that you want Amazon S3 to use to create the checksum // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. + // + // When you copy an object, if the source object has a checksum, that checksum + // value will be copied to the new object by default. If the CopyObject request + // does not include this x-amz-checksum-algorithm header, the checksum algorithm + // will be copied from the source object to the destination object (if it's + // present on the source object). You can optionally specify a different checksum + // algorithm to use with the x-amz-checksum-algorithm header. Unrecognized or + // unsupported values will respond with the HTTP status code 400 Bad Request. + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // Specifies presentational information for the object. + // Specifies presentational information for the object. Indicates whether an + // object should be displayed in a web browser or downloaded as a file. It allows + // specifying the desired filename for the downloaded file. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. + // + // For directory buckets, only the aws-chunked value is supported in this header + // field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` // The language the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` - // A standard MIME type describing the format of the object data. + // A standard MIME type that describes the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // Specifies the source object for the copy operation. You specify the value - // in one of two formats, depending on whether you want to access the source - // object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): + // Specifies the source object for the copy operation. The source object can + // be up to 5 GB. If the source object is an object that was uploaded by using + // a multipart upload, the object copy will be a single part object after the + // source object is copied to the destination bucket. + // + // You specify the value of the copy source in one of two formats, depending + // on whether you want to access the source object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): // // * For objects not accessed through an access point, specify the name of // the source bucket and the key of the source object, separated by a slash - // (/). For example, to copy the object reports/january.pdf from the bucket - // awsexamplebucket, use awsexamplebucket/reports/january.pdf. The value - // must be URL-encoded. + // (/). For example, to copy the object reports/january.pdf from the general + // purpose bucket awsexamplebucket, use awsexamplebucket/reports/january.pdf. + // The value must be URL-encoded. To copy the object reports/january.pdf + // from the directory bucket awsexamplebucket--use1-az5--x-s3, use awsexamplebucket--use1-az5--x-s3/reports/january.pdf. + // The value must be URL-encoded. // // * For objects accessed through access points, specify the Amazon Resource // Name (ARN) of the object as accessed through the access point, in the @@ -13406,43 +14612,104 @@ type CopyObjectInput struct { // my-access-point owned by account 123456789012 in Region us-west-2, use // the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. // The value must be URL encoded. Amazon S3 supports copy operations using - // access points only when the source and destination buckets are in the - // same Amazon Web Services Region. Alternatively, for objects accessed through - // Amazon S3 on Outposts, specify the ARN of the object as accessed in the - // format arn:aws:s3-outposts:::outpost//object/. + // Access points only when the source and destination buckets are in the + // same Amazon Web Services Region. Access points are not supported by directory + // buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, + // specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. // For example, to copy the object reports/january.pdf through outpost my-outpost // owned by account 123456789012 in Region us-west-2, use the URL encoding // of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. // The value must be URL-encoded. // - // To copy a specific version of an object, append ?versionId= to - // the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + // If your source bucket versioning is enabled, the x-amz-copy-source header + // by default identifies the current version of an object to copy. If the current + // version is a delete marker, Amazon S3 behaves as if the object was deleted. + // To copy a different version, use the versionId query parameter. Specifically, + // append ?versionId= to the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). // If you don't specify a version ID, Amazon S3 copies the latest version of // the source object. // + // If you enable versioning on the destination bucket, Amazon S3 generates a + // unique version ID for the copied object. This version ID is different from + // the version ID of the source object. Amazon S3 returns the version ID of + // the copied object in the x-amz-version-id response header in the response. + // + // If you do not enable versioning or suspend it on the destination bucket, + // the version ID that Amazon S3 generates in the x-amz-version-id response + // header is always null. + // + // Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. + // // CopySource is a required field CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"` // Copies the object if its entity tag (ETag) matches the specified tag. + // + // If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // + // * x-amz-copy-source-if-match condition evaluates to true + // + // * x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"` // Copies the object if it has been modified since the specified time. + // + // If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // the 412 Precondition Failed response code: + // + // * x-amz-copy-source-if-none-match condition evaluates to false + // + // * x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"` // Copies the object if its entity tag (ETag) is different than the specified // ETag. + // + // If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // the 412 Precondition Failed response code: + // + // * x-amz-copy-source-if-none-match condition evaluates to false + // + // * x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"` // Copies the object if it hasn't been modified since the specified time. + // + // If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // + // * x-amz-copy-source-if-match condition evaluates to true + // + // * x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` // Specifies the algorithm to use when decrypting the source object (for example, // AES256). + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt - // the source object. The encryption key provided in this header must be one - // that was used when the source object was created. + // the source object. The encryption key provided in this header must be the + // same one that was used when the source object was created. + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. // // CopySourceSSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's @@ -13452,16 +14719,23 @@ type CopyObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` - // The account ID of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request fails with the HTTP status - // code 403 Forbidden (access denied). + // The account ID of the expected destination bucket owner. If the account ID + // that you provide does not match the actual owner of the destination bucket, + // the request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The account ID of the expected source bucket owner. If the source bucket - // is owned by a different account, the request fails with the HTTP status code - // 403 Forbidden (access denied). + // The account ID of the expected source bucket owner. If the account ID that + // you provide does not match the actual owner of the source bucket, the request + // fails with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. @@ -13469,22 +14743,30 @@ type CopyObjectInput struct { // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // The key of the destination object. @@ -13496,35 +14778,69 @@ type CopyObjectInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether the metadata is copied from the source object or replaced - // with metadata provided in the request. + // with metadata that's provided in the request. When copying an object, you + // can preserve all metadata (the default) or specify new metadata. If this + // header isn’t specified, COPY is the default behavior. + // + // General purpose bucket - For general purpose buckets, when you grant permissions, + // you can use the s3:x-amz-metadata-directive condition key to enforce certain + // metadata behavior when objects are uploaded. For more information, see Amazon + // S3 condition key examples (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) + // in the Amazon S3 User Guide. + // + // x-amz-website-redirect-location is unique to each object and is not copied + // when using the x-amz-metadata-directive header. To copy the value, you must + // specify x-amz-website-redirect-location in the request header. MetadataDirective *string `location:"header" locationName:"x-amz-metadata-directive" type:"string" enum:"MetadataDirective"` - // Specifies whether you want to apply a legal hold to the copied object. + // Specifies whether you want to apply a legal hold to the object copy. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode that you want to apply to the copied object. + // The Object Lock mode that you want to apply to the object copy. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when you want the copied object's Object Lock to expire. + // The date and time when you want the Object Lock of the object copy to expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting + // in your request is different from the default encryption configuration of + // the destination bucket, the encryption setting in your request takes precedence. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting - // data. This value is used to store the object and then it is discarded; Amazon + // data. This value is used to store the object and then it is discarded. Amazon // S3 does not store the encryption key. The key must be appropriate for use // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. @@ -13533,54 +14849,201 @@ type CopyObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding - // JSON with the encryption context key-value pairs. + // JSON with the encryption context key-value pairs. This value must be explicitly + // added to specify encryption context for CopyObject requests. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the Amazon Web Services KMS key ID to use for object encryption. - // All GET and PUT requests for an object protected by Amazon Web Services KMS - // will fail if not made via SSL or using SigV4. For information about configuring - // using any of the officially supported Amazon Web Services SDKs and Amazon - // Web Services CLI, see Specifying the Signature Version in Request Authentication - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) + // Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object encryption. + // All GET and PUT requests for an object protected by KMS will fail if they're + // not made via SSL or using SigV4. For information about configuring any of + // the officially supported Amazon Web Services SDKs and Amazon Web Services + // CLI, see Specifying the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) // in the Amazon S3 User Guide. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // S3 (for example, AES256, aws:kms, aws:kms:dsse). Unrecognized or unsupported + // values won’t write a destination object and will receive a 400 Bad Request + // response. + // + // Amazon S3 automatically encrypts all new objects that are copied to an S3 + // bucket. When copying an object, if you don't specify encryption information + // in your copy request, the encryption setting of the target object is set + // to the default encryption configuration of the destination bucket. By default, + // all buckets have a base level of encryption configuration that uses server-side + // encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket + // has a default encryption configuration that uses server-side encryption with + // Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption + // with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with + // customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding + // KMS key, or a customer-provided key to encrypt the target object copy. + // + // When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting + // in your request is different from the default encryption configuration of + // the destination bucket, the encryption setting in your request takes precedence. + // + // With server-side encryption, Amazon S3 encrypts your data as it writes your + // data to disks in its data centers and decrypts the data when you access it. + // For more information about server-side encryption, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) + // in the Amazon S3 User Guide. + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` - // By default, Amazon S3 uses the STANDARD Storage Class to store newly created - // objects. The STANDARD storage class provides high durability and high availability. - // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // If the x-amz-storage-class header is not used, the copied object will be + // stored in the STANDARD Storage Class by default. The STANDARD storage class + // provides high durability and high availability. Depending on performance + // needs, you can specify a different Storage Class. + // + // * Directory buckets - For directory buckets, only the S3 Express One Zone + // storage class is supported to store newly created objects. Unsupported + // storage class values won't write a destination object and will respond + // with the HTTP status code 400 Bad Request. + // + // * Amazon S3 on Outposts - S3 on Outposts only uses the OUTPOSTS Storage + // Class. + // + // You can use the CopyObject action to change the storage class of an object + // that is already stored in Amazon S3 by using the x-amz-storage-class header. + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // in the Amazon S3 User Guide. + // + // Before using an object as a source object for the copy operation, you must + // restore a copy of it if it meets any of the following conditions: + // + // * The storage class of the source object is GLACIER or DEEP_ARCHIVE. + // + // * The storage class of the source object is INTELLIGENT_TIERING and it's + // S3 Intelligent-Tiering access tier (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition) + // is Archive Access or Deep Archive Access. + // + // For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) + // and Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html) // in the Amazon S3 User Guide. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The tag-set for the object destination object this value must be used in - // conjunction with the TaggingDirective. The tag-set must be encoded as URL - // Query parameters. + // The tag-set for the object copy in the destination bucket. This value must + // be used in conjunction with the x-amz-tagging-directive if you choose REPLACE + // for the x-amz-tagging-directive. If you choose COPY for the x-amz-tagging-directive, + // you don't need to set the x-amz-tagging header, because the tag-set will + // be copied from the source object directly. The tag-set must be encoded as + // URL Query parameters. + // + // The default value is the empty value. + // + // Directory buckets - For directory buckets in a CopyObject operation, only + // the empty tag-set is supported. Any requests that attempt to write non-empty + // tags into directory buckets will receive a 501 Not Implemented status code. + // When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // + // * When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // + // * When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging. + // + // * When you don't set the x-amz-tagging-directive header and the source + // object has non-empty tags. This is because the default value of x-amz-tagging-directive + // is COPY. + // + // Because only the empty tag-set is supported for directory buckets in a CopyObject + // operation, the following situations are allowed: + // + // * When you attempt to COPY the tag-set from a directory bucket source + // object that has no tags to a general purpose bucket. It copies an empty + // tag-set to the destination object. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and set the x-amz-tagging value of the directory bucket destination + // object to empty. + // + // * When you attempt to REPLACE the tag-set of a general purpose bucket + // source object that has non-empty tags and set the x-amz-tagging value + // of the directory bucket destination object to empty. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty + // value. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` - // Specifies whether the object tag-set are copied from the source object or - // replaced with tag-set provided in the request. + // Specifies whether the object tag-set is copied from the source object or + // replaced with the tag-set that's provided in the request. + // + // The default value is COPY. + // + // Directory buckets - For directory buckets in a CopyObject operation, only + // the empty tag-set is supported. Any requests that attempt to write non-empty + // tags into directory buckets will receive a 501 Not Implemented status code. + // When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // + // * When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // + // * When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging. + // + // * When you don't set the x-amz-tagging-directive header and the source + // object has non-empty tags. This is because the default value of x-amz-tagging-directive + // is COPY. + // + // Because only the empty tag-set is supported for directory buckets in a CopyObject + // operation, the following situations are allowed: + // + // * When you attempt to COPY the tag-set from a directory bucket source + // object that has no tags to a general purpose bucket. It copies an empty + // tag-set to the destination object. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and set the x-amz-tagging value of the directory bucket destination + // object to empty. + // + // * When you attempt to REPLACE the tag-set of a general purpose bucket + // source object that has non-empty tags and set the x-amz-tagging value + // of the directory bucket destination object to empty. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty + // value. TaggingDirective *string `location:"header" locationName:"x-amz-tagging-directive" type:"string" enum:"TaggingDirective"` - // If the bucket is configured as a website, redirects requests for this object - // to another object in the same bucket or to an external URL. Amazon S3 stores - // the value of this header in the object metadata. + // If the destination bucket is configured as a website, redirects requests + // for this object copy to another object in the same bucket or to an external + // URL. Amazon S3 stores the value of this header in the object metadata. This + // value is unique to each object and is not copied when using the x-amz-metadata-directive + // header. Instead, you may opt to provide this header in combination with the + // x-amz-metadata-directive header. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -13925,55 +15388,76 @@ type CopyObjectOutput struct { _ struct{} `type:"structure" payload:"CopyObjectResult"` // Indicates whether the copied object uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. CopyObjectResult *CopyObjectResult `type:"structure"` - // Version of the copied object in the destination bucket. + // Version ID of the source object that was copied. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"` // If the object expiration is configured, the response includes this header. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 // string holding JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created copy. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -14066,34 +15550,26 @@ type CopyObjectResult struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -14164,34 +15640,42 @@ type CopyPartResult struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -14260,8 +15744,29 @@ func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult { type CreateBucketConfiguration struct { _ struct{} `type:"structure"` - // Specifies the Region where the bucket will be created. If you don't specify - // a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1). + // Specifies the information about the bucket that will be created. + // + // This functionality is only supported by directory buckets. + Bucket *BucketInfo `type:"structure"` + + // Specifies the location where the bucket will be created. + // + // For directory buckets, the location type is Availability Zone. + // + // This functionality is only supported by directory buckets. + Location *LocationInfo `type:"structure"` + + // Specifies the Region where the bucket will be created. You might choose a + // Region to optimize latency, minimize costs, or address regulatory requirements. + // For example, if you reside in Europe, you will probably find it advantageous + // to create buckets in the Europe (Ireland) Region. For more information, see + // Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro) + // in the Amazon S3 User Guide. + // + // If you don't specify a Region, the bucket is created in the US East (N. Virginia) + // Region (us-east-1) by default. + // + // This functionality is not supported for directory buckets. LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"` } @@ -14283,6 +15788,22 @@ func (s CreateBucketConfiguration) GoString() string { return s.String() } +// SetBucket sets the Bucket field's value. +func (s *CreateBucketConfiguration) SetBucket(v *BucketInfo) *CreateBucketConfiguration { + s.Bucket = v + return s +} + +func (s *CreateBucketConfiguration) getBucket() (v *BucketInfo) { + return s.Bucket +} + +// SetLocation sets the Location field's value. +func (s *CreateBucketConfiguration) SetLocation(v *LocationInfo) *CreateBucketConfiguration { + s.Location = v + return s +} + // SetLocationConstraint sets the LocationConstraint field's value. func (s *CreateBucketConfiguration) SetLocationConstraint(v string) *CreateBucketConfiguration { s.LocationConstraint = &v @@ -14293,10 +15814,25 @@ type CreateBucketInput struct { _ struct{} `locationName:"CreateBucketRequest" type:"structure" payload:"CreateBucketConfiguration"` // The canned ACL to apply to the bucket. + // + // This functionality is not supported for directory buckets. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"` // The name of the bucket to create. // + // General purpose buckets - For information about bucket naming restrictions, + // see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -14305,24 +15841,36 @@ type CreateBucketInput struct { // Allows grantee the read, write, read ACP, and write ACP permissions on the // bucket. + // + // This functionality is not supported for directory buckets. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to list the objects in the bucket. + // + // This functionality is not supported for directory buckets. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the bucket ACL. + // + // This functionality is not supported for directory buckets. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to create new objects in the bucket. // // For the bucket and object owners of existing objects, also allows deletions // and overwrites of those objects. + // + // This functionality is not supported for directory buckets. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. + // + // This functionality is not supported for directory buckets. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Specifies whether you want S3 Object Lock to be enabled for the new bucket. + // + // This functionality is not supported for directory buckets. ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"` // The container element for object ownership for a bucket's ownership controls. @@ -14337,8 +15885,19 @@ type CreateBucketInput struct { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that - // don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control - // canned ACL or an equivalent form of this ACL expressed in the XML format. + // don't specify an ACL or specify bucket owner full control ACLs (such as the + // predefined bucket-owner-full-control canned ACL or a custom ACL in XML format + // that grants the same permissions). + // + // By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. + // We recommend keeping ACLs disabled, except in uncommon use cases where you + // must control access for each object individually. For more information about + // S3 Object Ownership, see Controlling ownership of objects and disabling ACLs + // for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Directory buckets + // use the bucket owner enforced setting for S3 Object Ownership. ObjectOwnership *string `location:"header" locationName:"x-amz-object-ownership" type:"string" enum:"ObjectOwnership"` } @@ -14477,44 +16036,74 @@ func (s *CreateBucketOutput) SetLocation(v string) *CreateBucketOutput { type CreateMultipartUploadInput struct { _ struct{} `locationName:"CreateMultipartUploadRequest" type:"structure"` - // The canned ACL to apply to the object. + // The canned ACL to apply to the object. Amazon S3 supports a set of predefined + // ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees + // and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. // - // This action is not supported by Amazon S3 on Outposts. + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can grant access permissions to individual + // Amazon Web Services accounts or to predefined groups defined by Amazon S3. + // These permissions are then added to the access control list (ACL) on the + // new object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). + // One way to grant the permissions using the request headers is to specify + // a canned ACL with the x-amz-acl request header. + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` - // The name of the bucket to which to initiate the upload + // The name of the bucket where the multipart upload is initiated and where + // the object is uploaded. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. // // Specifying this header with an object action doesn’t affect bucket-level // settings for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm you want Amazon S3 to use to create the checksum + // Indicates the algorithm that you want Amazon S3 to use to create the checksum // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` @@ -14525,40 +16114,175 @@ type CreateMultipartUploadInput struct { // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. + // + // For directory buckets, only the aws-chunked value is supported in this header + // field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` - // The language the content is in. + // The language that the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` // A standard MIME type describing the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"` - // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. + // Specify access permissions explicitly to give the grantee READ, READ_ACP, + // and WRITE_ACP permissions on the object. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: // - // This action is not supported by Amazon S3 on Outposts. + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` - // Allows grantee to read the object data and its metadata. + // Specify access permissions explicitly to allow grantee to read the object + // data and its metadata. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` - // Allows grantee to read the object ACL. + // Specify access permissions explicitly to allows grantee to read the object + // ACL. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group // - // This action is not supported by Amazon S3 on Outposts. + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to write the ACL for the applicable object. + // Specify access permissions explicitly to allows grantee to allow grantee + // to write the ACL for the applicable object. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: // - // This action is not supported by Amazon S3 on Outposts. + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Object key for which the multipart upload is to be initiated. @@ -14570,23 +16294,34 @@ type CreateMultipartUploadInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether you want to apply a legal hold to the uploaded object. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // Specifies the Object Lock mode that you want to apply to the uploaded object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // Specifies the date and time when you want the Object Lock to expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -14595,56 +16330,70 @@ type CreateMultipartUploadInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity + // check to ensure that the encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding // JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the ID of the symmetric customer managed key to use for object - // encryption. All GET and PUT requests for an object protected by Amazon Web - // Services KMS will fail if not made via SSL or using SigV4. For information - // about configuring using any of the officially supported Amazon Web Services - // SDKs and Amazon Web Services CLI, see Specifying the Signature Version in - // Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 User Guide. + // Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric encryption + // customer managed key to use for object encryption. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -14917,38 +16666,32 @@ type CreateMultipartUploadOutput struct { // name in the request, the response includes this header. The header indicates // when the initiated multipart upload becomes eligible for an abort operation. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // in the Amazon S3 User Guide. // // The response also includes the x-amz-abort-rule-id header that provides the - // ID of the lifecycle configuration rule that defines this action. + // ID of the lifecycle configuration rule that defines the abort action. + // + // This functionality is not supported for directory buckets. AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"` // This header is returned along with the x-amz-abort-date header. It identifies // the applicable lifecycle configuration rule that defines the action to abort // incomplete multipart uploads. + // + // This functionality is not supported for directory buckets. AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` // The name of the bucket to which the multipart upload was initiated. Does // not return the access point ARN or access point alias if used. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // Access points are not supported by directory buckets. Bucket *string `locationName:"Bucket" type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The algorithm that was used to create a checksum of the object. @@ -14959,38 +16702,50 @@ type CreateMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 // string holding JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // ID for the initiated multipart upload. @@ -15100,6 +16855,136 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo return s } +type CreateSessionInput struct { + _ struct{} `locationName:"CreateSessionRequest" type:"structure"` + + // The name of the bucket that you create a session for. + // + // Bucket is a required field + Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + + // Specifies the mode of the session that will be created, either ReadWrite + // or ReadOnly. By default, a ReadWrite session is created. A ReadWrite session + // is capable of executing all the Zonal endpoint APIs on a directory bucket. + // A ReadOnly session is constrained to execute the following Zonal endpoint + // APIs: GetObject, HeadObject, ListObjectsV2, GetObjectAttributes, ListParts, + // and ListMultipartUploads. + SessionMode *string `location:"header" locationName:"x-amz-create-session-mode" type:"string" enum:"SessionMode"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSessionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSessionInput"} + if s.Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("Bucket")) + } + if s.Bucket != nil && len(*s.Bucket) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Bucket", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBucket sets the Bucket field's value. +func (s *CreateSessionInput) SetBucket(v string) *CreateSessionInput { + s.Bucket = &v + return s +} + +func (s *CreateSessionInput) getBucket() (v string) { + if s.Bucket == nil { + return v + } + return *s.Bucket +} + +// SetSessionMode sets the SessionMode field's value. +func (s *CreateSessionInput) SetSessionMode(v string) *CreateSessionInput { + s.SessionMode = &v + return s +} + +func (s *CreateSessionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *CreateSessionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + +// updateArnableField updates the value of the input field that +// takes an ARN as an input. This method is useful to backfill +// the parsed resource name from ARN into the input member. +// It returns a pointer to a modified copy of input and an error. +// Note that original input is not modified. +func (s CreateSessionInput) updateArnableField(v string) (interface{}, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + s.Bucket = aws.String(v) + return &s, nil +} + +type CreateSessionOutput struct { + _ struct{} `type:"structure"` + + // The established temporary security credentials for the created session.. + // + // Credentials is a required field + Credentials *SessionCredentials `locationName:"Credentials" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionOutput) GoString() string { + return s.String() +} + +// SetCredentials sets the Credentials field's value. +func (s *CreateSessionOutput) SetCredentials(v *SessionCredentials) *CreateSessionOutput { + s.Credentials = v + return s +} + // The container element for specifying the default Object Lock retention settings // for new objects placed in the specified bucket. // @@ -15163,7 +17048,12 @@ func (s *DefaultRetention) SetYears(v int64) *DefaultRetention { type Delete struct { _ struct{} `type:"structure"` - // The objects to delete. + // The object to delete. + // + // Directory buckets - For directory buckets, an object that's composed entirely + // of whitespace characters is not supported by the DeleteObjects API operation. + // The request will receive a 400 Bad Request error and none of the objects + // in the request will be deleted. // // Objects is a required field Objects []*ObjectIdentifier `locationName:"Object" type:"list" flattened:"true" required:"true"` @@ -15234,9 +17124,9 @@ type DeleteBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -15364,9 +17254,9 @@ type DeleteBucketCorsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15481,9 +17371,9 @@ type DeleteBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15594,12 +17484,25 @@ type DeleteBucketInput struct { // Specifies the bucket being deleted. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15811,9 +17714,9 @@ type DeleteBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -15941,9 +17844,9 @@ type DeleteBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16057,12 +17960,13 @@ type DeleteBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -16209,9 +18113,9 @@ type DeleteBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16322,12 +18226,25 @@ type DeleteBucketPolicyInput struct { // The bucket name. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16441,9 +18358,9 @@ type DeleteBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16557,9 +18474,9 @@ type DeleteBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16673,9 +18590,9 @@ type DeleteBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16792,7 +18709,7 @@ type DeleteMarkerEntry struct { // The object key. Key *string `min:"1" type:"string"` - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time `type:"timestamp"` // The account that created the delete marker.> @@ -16901,19 +18818,33 @@ type DeleteObjectInput struct { // The bucket name of the bucket containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -16922,11 +18853,13 @@ type DeleteObjectInput struct { // Indicates whether S3 Object Lock should bypass Governance-mode restrictions // to process this operation. To use this header, you must have the s3:BypassGovernanceRetention // permission. + // + // This functionality is not supported for directory buckets. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Key name of the object to delete. @@ -16938,16 +18871,25 @@ type DeleteObjectInput struct { // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA // delete enabled. + // + // This functionality is not supported for directory buckets. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // For directory buckets in this API operation, only the null value of the version + // ID is supported. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -17070,16 +19012,24 @@ func (s DeleteObjectInput) updateArnableField(v string) (interface{}, error) { type DeleteObjectOutput struct { _ struct{} `type:"structure"` - // Specifies whether the versioned object that was permanently deleted was (true) - // or was not (false) a delete marker. + // Indicates whether the specified object version that was permanently deleted + // was (true) or was not (false) a delete marker before deletion. In a simple + // DELETE, this header indicates whether (true) or not (false) the current version + // of the object is a delete marker. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Returns the version ID of the delete marker created as a result of the DELETE // operation. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -17124,27 +19074,30 @@ type DeleteObjectTaggingInput struct { // The bucket name containing the objects from which to remove the tags. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key that identifies the object in the bucket from which to remove all @@ -17291,19 +19244,33 @@ type DeleteObjectsInput struct { // The bucket name containing the objects to delete. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -17312,22 +19279,38 @@ type DeleteObjectsInput struct { // Specifies whether you want to delete this object even if it has a Governance-type // Object Lock in place. To use this header, you must have the s3:BypassGovernanceRetention // permission. + // + // This functionality is not supported for directory buckets. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm // parameter. // - // This checksum algorithm must be the same for all parts and it match the checksum - // value supplied in the CreateMultipartUpload request. - // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value // is specified for this parameter, the matching algorithm's checksum member @@ -17343,22 +19326,37 @@ type DeleteObjectsInput struct { // Delete is a required field Delete *Delete `locationName:"Delete" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The concatenation of the authentication device's serial number, a space, // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA // delete enabled. + // + // When performing the DeleteObjects operation on an MFA delete enabled bucket, + // which attempts to delete the specified versioned objects, you must include + // an MFA token. If you don't provide an MFA token, the entire request will + // fail, even if there are non-versioned objects that you are trying to delete. + // If you provide an invalid token, whether there are versioned object keys + // in the request or not, the entire Multi-Object Delete request will fail. + // For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -17493,6 +19491,8 @@ type DeleteObjectsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -17540,9 +19540,9 @@ type DeletePublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -17652,20 +19652,27 @@ func (s DeletePublicAccessBlockOutput) GoString() string { type DeletedObject struct { _ struct{} `type:"structure"` - // Specifies whether the versioned object that was permanently deleted was (true) - // or was not (false) a delete marker. In a simple DELETE, this header indicates - // whether (true) or not (false) a delete marker was created. + // Indicates whether the specified object version that was permanently deleted + // was (true) or was not (false) a delete marker before deletion. In a simple + // DELETE, this header indicates whether (true) or not (false) the current version + // of the object is a delete marker. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `type:"boolean"` // The version ID of the delete marker created as a result of the DELETE operation. // If you delete a specific object version, the value returned by this header // is the version ID of the object version deleted. + // + // This functionality is not supported for directory buckets. DeleteMarkerVersionId *string `type:"string"` // The name of the deleted object. Key *string `min:"1" type:"string"` // The version ID of the deleted object. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -17871,9 +19878,9 @@ type Encryption struct { KMSContext *string `type:"string"` // If the encryption type is aws:kms, this optional value specifies the ID of - // the symmetric customer managed key to use for encryption of job results. - // Amazon S3 only supports symmetric keys. For more information, see Using symmetric - // and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // the symmetric encryption customer managed key to use for encryption of job + // results. Amazon S3 only supports symmetric encryption KMS keys. For more + // information, see Asymmetric keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Amazon Web Services Key Management Service Developer Guide. // // KMSKeyId is a sensitive parameter and its value will be @@ -17939,8 +19946,8 @@ type EncryptionConfiguration struct { // Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web // Services KMS key stored in Amazon Web Services Key Management Service (KMS) // for the destination bucket. Amazon S3 uses this key to encrypt replica objects. - // Amazon S3 only supports symmetric, customer managed KMS keys. For more information, - // see Using symmetric and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // Amazon S3 only supports symmetric encryption KMS keys. For more information, + // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Amazon Web Services Key Management Service Developer Guide. ReplicaKmsKeyID *string `type:"string"` } @@ -18019,9 +20026,8 @@ type Error struct { // The error code is a string that uniquely identifies an error condition. It // is meant to be read and understood by programs that detect and handle errors - // by type. - // - // Amazon S3 error codes + // by type. The following is a list of Amazon S3 error codes. For more information, + // see Error responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // // * Code: AccessDenied Description: Access Denied HTTP Status Code: 403 // Forbidden SOAP Fault Code Prefix: Client @@ -18341,8 +20347,8 @@ type Error struct { // and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html) // for details. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client // - // * Code: ServiceUnavailable Description: Reduce your request rate. HTTP - // Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server + // * Code: ServiceUnavailable Description: Service is unable to handle request. + // HTTP Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server // // * Code: SlowDown Description: Reduce your request rate. HTTP Status Code: // 503 Slow Down SOAP Fault Code Prefix: Server @@ -18382,6 +20388,8 @@ type Error struct { Message *string `type:"string"` // The version ID of the error. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -18510,6 +20518,8 @@ func (s EventBridgeConfiguration) GoString() string { type ExistingObjectReplication struct { _ struct{} `type:"structure"` + // Specifies whether Amazon S3 replicates existing source bucket objects. + // // Status is a required field Status *string `type:"string" required:"true" enum:"ExistingObjectReplicationStatus"` } @@ -18605,10 +20615,21 @@ type GetBucketAccelerateConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` + + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } // String returns the string representation. @@ -18664,6 +20685,12 @@ func (s *GetBucketAccelerateConfigurationInput) SetExpectedBucketOwner(v string) return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *GetBucketAccelerateConfigurationInput) SetRequestPayer(v string) *GetBucketAccelerateConfigurationInput { + s.RequestPayer = &v + return s +} + func (s *GetBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) { if s.Bucket == nil { return nil, fmt.Errorf("member Bucket is nil") @@ -18694,6 +20721,12 @@ func (s GetBucketAccelerateConfigurationInput) updateArnableField(v string) (int type GetBucketAccelerateConfigurationOutput struct { _ struct{} `type:"structure"` + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // The accelerate configuration of the bucket. Status *string `type:"string" enum:"BucketAccelerateStatus"` } @@ -18716,6 +20749,12 @@ func (s GetBucketAccelerateConfigurationOutput) GoString() string { return s.String() } +// SetRequestCharged sets the RequestCharged field's value. +func (s *GetBucketAccelerateConfigurationOutput) SetRequestCharged(v string) *GetBucketAccelerateConfigurationOutput { + s.RequestCharged = &v + return s +} + // SetStatus sets the Status field's value. func (s *GetBucketAccelerateConfigurationOutput) SetStatus(v string) *GetBucketAccelerateConfigurationOutput { s.Status = &v @@ -18727,12 +20766,21 @@ type GetBucketAclInput struct { // Specifies the S3 bucket whose ACL is being requested. // + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. + // + // When you use this API operation with an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -18864,9 +20912,9 @@ type GetBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -19000,12 +21048,21 @@ type GetBucketCorsInput struct { // The bucket name for which to get the cors configuration. // + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. + // + // When you use this API operation with an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19130,9 +21187,9 @@ type GetBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19384,9 +21441,9 @@ type GetBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -19523,9 +21580,9 @@ type GetBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19648,9 +21705,9 @@ type GetBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19770,12 +21827,21 @@ type GetBucketLocationInput struct { // The name of the bucket for which to get the location. // + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. + // + // When you use this API operation with an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19900,9 +21966,9 @@ type GetBucketLoggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20028,12 +22094,13 @@ type GetBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -20164,12 +22231,21 @@ type GetBucketNotificationConfigurationRequest struct { // The name of the bucket for which to get the notification configuration. // + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. + // + // When you use this API operation with an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20261,9 +22337,9 @@ type GetBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20382,14 +22458,40 @@ func (s *GetBucketOwnershipControlsOutput) SetOwnershipControls(v *OwnershipCont type GetBucketPolicyInput struct { _ struct{} `locationName:"GetBucketPolicyRequest" type:"structure"` - // The bucket name for which to get the bucket policy. + // The bucket name to get the bucket policy for. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // + // Access points - When you use this API operation with an access point, provide + // the alias of the access point in place of the bucket name. + // + // Object Lambda access points - When you use this API operation with an Object + // Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError, see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // + // Access points and Object Lambda access points are not supported by directory + // buckets. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20512,9 +22614,9 @@ type GetBucketPolicyStatusInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20637,9 +22739,9 @@ type GetBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20763,9 +22865,9 @@ type GetBucketRequestPaymentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20888,9 +22990,9 @@ type GetBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21015,9 +23117,9 @@ type GetBucketVersioningInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21151,9 +23253,9 @@ type GetBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21301,8 +23403,10 @@ type GetObjectAclInput struct { // The bucket name that contains the object for which to get the ACL information. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -21311,9 +23415,9 @@ type GetObjectAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key of the object for which to get the ACL information. @@ -21322,13 +23426,19 @@ type GetObjectAclInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -21447,6 +23557,8 @@ type GetObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -21491,27 +23603,41 @@ type GetObjectAttributesInput struct { // The name of the bucket that contains the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The object key. @@ -21522,8 +23648,8 @@ type GetObjectAttributesInput struct { // Sets the maximum number of parts to return. MaxParts *int64 `location:"header" locationName:"x-amz-max-parts" type:"integer"` - // An XML header that specifies the fields at the root level that you want returned - // in the response. Fields that you do not specify are not returned. + // Specifies the fields at the root level that you want returned in the response. + // Fields that you do not specify are not returned. // // ObjectAttributes is a required field ObjectAttributes []*string `location:"header" locationName:"x-amz-object-attributes" type:"list" required:"true" enum:"ObjectAttributes"` @@ -21533,13 +23659,19 @@ type GetObjectAttributesInput struct { PartNumberMarker *int64 `location:"header" locationName:"x-amz-part-number-marker" type:"integer"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -21548,6 +23680,8 @@ type GetObjectAttributesInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectAttributesInput's // String and GoString methods. @@ -21556,9 +23690,16 @@ type GetObjectAttributesInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // The version ID used to reference a specific version of the object. + // + // S3 Versioning isn't enabled and supported for directory buckets. For this + // API operation, only the null value of the version ID is supported by directory + // buckets. You can only specify null to the versionId query parameter in the + // request. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -21720,6 +23861,8 @@ type GetObjectAttributesOutput struct { // Specifies whether the object retrieved was (true) or was not (false) a delete // marker. If false, this response header does not appear in the response. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An ETag is an opaque identifier assigned by a web server to a specific version @@ -21737,15 +23880,22 @@ type GetObjectAttributesOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Provides the storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. // // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // The version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -21843,6 +23993,15 @@ type GetObjectAttributesParts struct { // A container for elements related to a particular part. A response can contain // zero or more Parts elements. + // + // * General purpose buckets - For GetObjectAttributes, if a additional checksum + // (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, + // or x-amz-checksum-sha256) isn't applied to the object specified in the + // request, the response doesn't return Part. + // + // * Directory buckets - For GetObjectAttributes, no matter whether a additional + // checksum is applied to the object specified in the request, the response + // returns Part. Parts []*ObjectPart `locationName:"Part" type:"list" flattened:"true"` // The total number of parts. @@ -21908,21 +24067,37 @@ type GetObjectInput struct { // The bucket name containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. + // Object Lambda access points - When you use this action with an Object Lambda + // access point, you must direct requests to the Object Lambda access point + // hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -21934,25 +24109,50 @@ type GetObjectInput struct { // validation. This feature is available in the AWS SDK for Go v2. ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Return the object only if its entity tag (ETag) is the same as the one specified; - // otherwise, return a 412 (precondition failed) error. + // Return the object only if its entity tag (ETag) is the same as the one specified + // in this header; otherwise, return a 412 Precondition Failed error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since + // condition evaluates to false; then, S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfMatch *string `location:"header" locationName:"If-Match" type:"string"` // Return the object only if it has been modified since the specified time; - // otherwise, return a 304 (not modified) error. + // otherwise, return a 304 Not Modified error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since + // condition evaluates to true; then, S3 returns 304 Not Modified status code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"` // Return the object only if its entity tag (ETag) is different from the one - // specified; otherwise, return a 304 (not modified) error. + // specified in this header; otherwise, return a 304 Not Modified error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since + // condition evaluates to true; then, S3 returns 304 Not Modified HTTP status + // code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"` // Return the object only if it has not been modified since the specified time; - // otherwise, return a 412 (precondition failed) error. + // otherwise, return a 412 Precondition Failed error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since + // condition evaluates to false; then, S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"` // Key of the object to get. @@ -21965,24 +24165,28 @@ type GetObjectInput struct { // Useful for downloading just a part of an object. PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` - // Downloads the specified range bytes of an object. For more information about - // the HTTP Range header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35 - // (https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35). + // Downloads the specified byte range of an object. For more information about + // the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range + // (https://www.rfc-editor.org/rfc/rfc9110.html#name-range). // // Amazon S3 doesn't support retrieving multiple ranges of data per GET request. Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Sets the Cache-Control header of the response. ResponseCacheControl *string `location:"querystring" locationName:"response-cache-control" type:"string"` - // Sets the Content-Disposition header of the response + // Sets the Content-Disposition header of the response. ResponseContentDisposition *string `location:"querystring" locationName:"response-content-disposition" type:"string"` // Sets the Content-Encoding header of the response. @@ -21997,27 +24201,92 @@ type GetObjectInput struct { // Sets the Expires header of the response. ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"` - // Specifies the algorithm to use to when decrypting the object (for example, - // AES256). + // Specifies the algorithm to use when decrypting the object (for example, AES256). + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` - // Specifies the customer-provided encryption key for Amazon S3 used to encrypt - // the data. This value is used to decrypt the object when recovering it and - // must match the one used when storing the data. The key must be appropriate - // for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - // header. + // Specifies the customer-provided encryption key that you originally provided + // for Amazon S3 to encrypt the data before storing it. This value is used to + // decrypt the object when recovering it and must match the one used when storing + // the data. The key must be appropriate for use with the algorithm specified + // in the x-amz-server-side-encryption-customer-algorithm header. + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectInput's // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity + // check to ensure that the encryption key was transmitted without error. + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // By default, the GetObject operation returns the current version of an object. + // To return a different version, use the versionId subresource. + // + // * If you include a versionId in your request header, you must have the + // s3:GetObjectVersion permission to access a specific version of an object. + // The s3:GetObject permission is not required in this scenario. + // + // * If you request the current version of an object without a specific versionId + // in the request header, only the s3:GetObject permission is required. The + // s3:GetObjectVersion permission is not required in this scenario. + // + // * Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. For this API operation, only the null value of the version ID + // is supported by directory buckets. You can only specify null to the versionId + // query parameter in the request. + // + // For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -22234,8 +24503,10 @@ type GetObjectLegalHoldInput struct { // The bucket name containing the object whose legal hold status you want to // retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -22244,9 +24515,9 @@ type GetObjectLegalHoldInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object whose legal hold status you want to retrieve. @@ -22255,10 +24526,14 @@ type GetObjectLegalHoldInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object whose legal hold status you want to retrieve. @@ -22405,8 +24680,10 @@ type GetObjectLockConfigurationInput struct { // The bucket whose Object Lock configuration you want to retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -22415,9 +24692,9 @@ type GetObjectLockConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -22535,55 +24812,49 @@ func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectL type GetObjectOutput struct { _ struct{} `type:"structure" payload:"Body"` - // Indicates that a range of bytes was specified. + // Indicates that a range of bytes was specified in the request. AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // Object data. Body io.ReadCloser `type:"blob"` // Indicates whether the object uses an S3 Bucket Key for server-side encryption - // with Amazon Web Services KMS (SSE-KMS). + // with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` - // Specifies what content encodings have been applied to the object and thus + // Indicates what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` @@ -22600,23 +24871,40 @@ type GetObjectOutput struct { // A standard MIME type describing the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // Specifies whether the object retrieved was (true) or was not (false) a Delete + // Indicates whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. + // + // * If the current version of the object is a delete marker, Amazon S3 behaves + // as if the object was deleted and includes x-amz-delete-marker: true in + // the response. + // + // * If the specified version in the request is a delete marker, the response + // returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An entity tag (ETag) is an opaque identifier assigned by a web server to // a specific version of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is URL-encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), + // the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The date and time at which the object is no longer cacheable. Expires *string `location:"header" locationName:"Expires" type:"string"` - // Creation date of the object. + // Date and time when the object was last modified. + // + // General purpose buckets - When you specify a versionId of the object in your + // request, if the specified version in the request is a delete marker, the + // response returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. @@ -22626,20 +24914,29 @@ type GetObjectOutput struct { // Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase. Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` - // This is set to the number of metadata entries not returned in x-amz-meta - // headers. This can happen if you create metadata using an API like SOAP that - // supports more flexible metadata than the REST API. For example, using SOAP, - // you can create metadata whose values are not legal HTTP headers. + // This is set to the number of metadata entries not returned in the headers + // that are prefixed with x-amz-meta-. This can happen if you create metadata + // using an API like SOAP that supports more flexible metadata than the REST + // API. For example, using SOAP, you can create metadata whose values are not + // legal HTTP headers. + // + // This functionality is not supported for directory buckets. MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"` // Indicates whether this object has an active legal hold. This field is only // returned if you have permission to view an object's legal hold status. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode currently in place for this object. + // The Object Lock mode that's currently in place for this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when this object's Object Lock will expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // The count of parts this object has. This value is only returned if you specify @@ -22648,52 +24945,80 @@ type GetObjectOutput struct { // Amazon S3 can return this if your request involves a bucket that is either // a source or destination in a replication rule. + // + // This functionality is not supported for directory buckets. ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Provides information about object restoration action and expiration time // of the restored object copy. + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string `location:"header" locationName:"x-amz-restore" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The number of tags, if any, on the object. + // The number of tags, if any, on the object, when you have the relevant permission + // to read object tags. + // + // You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) + // to retrieve the tag set associated with an object. + // + // This functionality is not supported for directory buckets. TagCount *int64 `location:"header" locationName:"x-amz-tagging-count" type:"integer"` - // Version of the object. + // Version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -22937,8 +25262,10 @@ type GetObjectRetentionInput struct { // The bucket name containing the object whose retention settings you want to // retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -22947,9 +25274,9 @@ type GetObjectRetentionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object whose retention settings you want to retrieve. @@ -22958,10 +25285,14 @@ type GetObjectRetentionInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID for the object whose retention settings you want to retrieve. @@ -23108,27 +25439,30 @@ type GetObjectTaggingInput struct { // The bucket name containing the object for which to get the tagging information. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which to get the tagging information. @@ -23137,10 +25471,14 @@ type GetObjectTaggingInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The versionId of the object for which to get the tagging information. @@ -23302,9 +25640,9 @@ type GetObjectTorrentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The object key for which to get the information. @@ -23313,10 +25651,14 @@ type GetObjectTorrentInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -23426,6 +25768,8 @@ type GetObjectTorrentOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -23468,9 +25812,9 @@ type GetPublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -23800,27 +26144,48 @@ type HeadBucketInput struct { // The bucket name. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Object Lambda access points - When you use this API operation with an Object + // Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError, see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -23906,6 +26271,30 @@ func (s HeadBucketInput) updateArnableField(v string) (interface{}, error) { type HeadBucketOutput struct { _ struct{} `type:"structure"` + + // Indicates whether the bucket name used in the request is an access point + // alias. + // + // This functionality is not supported for directory buckets. + AccessPointAlias *bool `location:"header" locationName:"x-amz-access-point-alias" type:"boolean"` + + // The name of the location where the bucket will be created. + // + // For directory buckets, the AZ ID of the Availability Zone where the bucket + // is created. An example AZ ID value is usw2-az2. + // + // This functionality is only supported by directory buckets. + BucketLocationName *string `location:"header" locationName:"x-amz-bucket-location-name" type:"string"` + + // The type of location where the bucket is created. + // + // This functionality is only supported by directory buckets. + BucketLocationType *string `location:"header" locationName:"x-amz-bucket-location-type" type:"string" enum:"LocationType"` + + // The Region that the bucket is located. + // + // This functionality is not supported for directory buckets. + BucketRegion *string `location:"header" locationName:"x-amz-bucket-region" type:"string"` } // String returns the string representation. @@ -23926,24 +26315,62 @@ func (s HeadBucketOutput) GoString() string { return s.String() } +// SetAccessPointAlias sets the AccessPointAlias field's value. +func (s *HeadBucketOutput) SetAccessPointAlias(v bool) *HeadBucketOutput { + s.AccessPointAlias = &v + return s +} + +// SetBucketLocationName sets the BucketLocationName field's value. +func (s *HeadBucketOutput) SetBucketLocationName(v string) *HeadBucketOutput { + s.BucketLocationName = &v + return s +} + +// SetBucketLocationType sets the BucketLocationType field's value. +func (s *HeadBucketOutput) SetBucketLocationType(v string) *HeadBucketOutput { + s.BucketLocationType = &v + return s +} + +// SetBucketRegion sets the BucketRegion field's value. +func (s *HeadBucketOutput) SetBucketRegion(v string) *HeadBucketOutput { + s.BucketRegion = &v + return s +} + type HeadObjectInput struct { _ struct{} `locationName:"HeadObjectRequest" type:"structure"` - // The name of the bucket containing the object. + // The name of the bucket that contains the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -23956,25 +26383,69 @@ type HeadObjectInput struct { // must have permission to use the kms:Decrypt action for the request to succeed. ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Return the object only if its entity tag (ETag) is the same as the one specified; // otherwise, return a 412 (precondition failed) error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: + // + // * If-Match condition evaluates to true, and; + // + // * If-Unmodified-Since condition evaluates to false; + // + // Then Amazon S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfMatch *string `location:"header" locationName:"If-Match" type:"string"` // Return the object only if it has been modified since the specified time; // otherwise, return a 304 (not modified) error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows: + // + // * If-None-Match condition evaluates to false, and; + // + // * If-Modified-Since condition evaluates to true; + // + // Then Amazon S3 returns the 304 Not Modified response code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"` // Return the object only if its entity tag (ETag) is different from the one // specified; otherwise, return a 304 (not modified) error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows: + // + // * If-None-Match condition evaluates to false, and; + // + // * If-Modified-Since condition evaluates to true; + // + // Then Amazon S3 returns the 304 Not Modified response code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"` // Return the object only if it has not been modified since the specified time; // otherwise, return a 412 (precondition failed) error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: + // + // * If-Match condition evaluates to true, and; + // + // * If-Unmodified-Since condition evaluates to false; + // + // Then Amazon S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"` // The object key. @@ -23988,19 +26459,25 @@ type HeadObjectInput struct { // object. PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` - // Because HeadObject returns only the metadata for an object, this parameter - // has no effect. + // HeadObject returns only the metadata for an object. If the Range is satisfiable, + // only the ContentLength is affected in the response. If the Range is not satisfiable, + // S3 returns a 416 - Requested Range Not Satisfiable error. Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -24009,6 +26486,8 @@ type HeadObjectInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by HeadObjectInput's // String and GoString methods. @@ -24017,9 +26496,14 @@ type HeadObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // For directory buckets in this API operation, only the null value of the version + // ID is supported. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -24201,51 +26685,63 @@ type HeadObjectOutput struct { AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // The archive state of the head object. + // + // This functionality is not supported for directory buckets. ArchiveStatus *string `location:"header" locationName:"x-amz-archive-status" type:"string" enum:"ArchiveStatus"` // Indicates whether the object uses an S3 Bucket Key for server-side encryption - // with Amazon Web Services KMS (SSE-KMS). + // with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` - // Specifies what content encodings have been applied to the object and thus + // Indicates what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` @@ -24261,21 +26757,27 @@ type HeadObjectOutput struct { // Specifies whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An entity tag (ETag) is an opaque identifier assigned by a web server to // a specific version of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is URL-encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), + // the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The date and time at which the object is no longer cacheable. Expires *string `location:"header" locationName:"Expires" type:"string"` - // Creation date of the object. + // Date and time when the object was last modified. LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. @@ -24289,6 +26791,8 @@ type HeadObjectOutput struct { // headers. This can happen if you create metadata using an API like SOAP that // supports more flexible metadata than the REST API. For example, using SOAP, // you can create metadata whose values are not legal HTTP headers. + // + // This functionality is not supported for directory buckets. MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"` // Specifies whether a legal hold is in effect for this object. This header @@ -24296,15 +26800,21 @@ type HeadObjectOutput struct { // This header is not returned if the specified version of this object has never // had a legal hold applied. For more information about S3 Object Lock, see // Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode, if any, that's in effect for this object. This header // is only returned if the requester has the s3:GetObjectRetention permission. // For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when the Object Lock retention period expires. This header // is only returned if the requester has the s3:GetObjectRetention permission. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // The count of parts this object has. This value is only returned if you specify @@ -24343,10 +26853,14 @@ type HeadObjectOutput struct { // header will return FAILED. // // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). + // + // This functionality is not supported for directory buckets. ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If the object is an archived object (an object whose storage class is GLACIER), @@ -24364,45 +26878,61 @@ type HeadObjectOutput struct { // // For more information about archiving objects, see Transitioning Objects: // General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations). + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string `location:"header" locationName:"x-amz-restore" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by HeadObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If the object is stored using server-side encryption either with an Amazon - // Web Services KMS key or an Amazon S3-managed encryption key, the response - // includes this header with the value of the server-side encryption algorithm - // used when storing this object in Amazon S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. // // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // Version of the object. + // Version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -24688,10 +27218,16 @@ type Initiator struct { _ struct{} `type:"structure"` // Name of the Principal. + // + // This functionality is not supported for directory buckets. DisplayName *string `type:"string"` // If the principal is an Amazon Web Services account, it provides the Canonical // User ID. If the principal is an IAM User, it provides a user ARN value. + // + // Directory buckets - If the principal is an Amazon Web Services account, it + // provides the Amazon Web Services account ID. If the principal is an IAM User, + // it provides a user ARN value. ID *string `type:"string"` } @@ -25596,7 +28132,8 @@ type LambdaFunctionConfiguration struct { Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -25670,6 +28207,9 @@ func (s *LambdaFunctionConfiguration) SetLambdaFunctionArn(v string) *LambdaFunc } // Container for lifecycle rules. You can add as many as 1000 rules. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleConfiguration struct { _ struct{} `type:"structure"` @@ -25727,11 +28267,14 @@ func (s *LifecycleConfiguration) SetRules(v []*Rule) *LifecycleConfiguration { } // Container for the expiration for the lifecycle of the object. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleExpiration struct { _ struct{} `type:"structure"` - // Indicates at what date the object is to be moved or deleted. Should be in - // GMT ISO 8601 Format. + // Indicates at what date the object is to be moved or deleted. The date value + // must conform to the ISO 8601 format. The time is always midnight UTC. Date *time.Time `type:"timestamp" timestampFormat:"iso8601"` // Indicates the lifetime, in days, of the objects that are subject to the rule. @@ -25782,13 +28325,16 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp } // A lifecycle rule for individual objects in an Amazon S3 bucket. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleRule struct { _ struct{} `type:"structure"` // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) // in the Amazon S3 User Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` @@ -26117,9 +28663,9 @@ type ListBucketAnalyticsConfigurationsInput struct { // should begin. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -26443,9 +28989,9 @@ type ListBucketInventoryConfigurationsInput struct { // that Amazon S3 understands. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -26612,9 +29158,9 @@ type ListBucketMetricsConfigurationsInput struct { // value that Amazon S3 understands. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -26830,24 +29376,123 @@ func (s *ListBucketsOutput) SetOwner(v *Owner) *ListBucketsOutput { return s } +type ListDirectoryBucketsInput struct { + _ struct{} `locationName:"ListDirectoryBucketsRequest" type:"structure"` + + // ContinuationToken indicates to Amazon S3 that the list is being continued + // on this bucket with a token. ContinuationToken is obfuscated and is not a + // real key. You can use this ContinuationToken for pagination of the list results. + ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` + + // Maximum number of buckets to be returned in response. When the number is + // more than the count of buckets that are owned by an Amazon Web Services account, + // return all the buckets in response. + MaxDirectoryBuckets *int64 `location:"querystring" locationName:"max-directory-buckets" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsInput) GoString() string { + return s.String() +} + +// SetContinuationToken sets the ContinuationToken field's value. +func (s *ListDirectoryBucketsInput) SetContinuationToken(v string) *ListDirectoryBucketsInput { + s.ContinuationToken = &v + return s +} + +// SetMaxDirectoryBuckets sets the MaxDirectoryBuckets field's value. +func (s *ListDirectoryBucketsInput) SetMaxDirectoryBuckets(v int64) *ListDirectoryBucketsInput { + s.MaxDirectoryBuckets = &v + return s +} + +type ListDirectoryBucketsOutput struct { + _ struct{} `type:"structure"` + + // The list of buckets owned by the requester. + Buckets []*Bucket `locationNameList:"Bucket" type:"list"` + + // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + ContinuationToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsOutput) GoString() string { + return s.String() +} + +// SetBuckets sets the Buckets field's value. +func (s *ListDirectoryBucketsOutput) SetBuckets(v []*Bucket) *ListDirectoryBucketsOutput { + s.Buckets = v + return s +} + +// SetContinuationToken sets the ContinuationToken field's value. +func (s *ListDirectoryBucketsOutput) SetContinuationToken(v string) *ListDirectoryBucketsOutput { + s.ContinuationToken = &v + return s +} + type ListMultipartUploadsInput struct { _ struct{} `locationName:"ListMultipartUploadsRequest" type:"structure"` // The name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -26861,30 +29506,40 @@ type ListMultipartUploadsInput struct { // parameter, then the substring starts at the beginning of the key. The keys // that are grouped under CommonPrefixes result element are not returned elsewhere // in the response. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Requests Amazon S3 to encode the object keys in the response and specifies - // the encoding method to use. An object key may contain any Unicode character; - // however, XML 1.0 parser cannot parse some characters, such as characters + // the encoding method to use. An object key can contain any Unicode character; + // however, the XML 1.0 parser cannot parse some characters, such as characters // with an ASCII value from 0 to 10. For characters that are not supported in // XML 1.0, you can add this parameter to request that Amazon S3 encode the // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Together with upload-id-marker, this parameter specifies the multipart upload - // after which listing should begin. - // - // If upload-id-marker is not specified, only the keys lexicographically greater - // than the specified key-marker will be included in the list. - // - // If upload-id-marker is specified, any multipart uploads for a key equal to - // the key-marker might also be included, provided those multipart uploads have - // upload IDs lexicographically greater than the specified upload-id-marker. + // Specifies the multipart upload after which listing should begin. + // + // * General purpose buckets - For general purpose buckets, key-marker is + // an object key. Together with upload-id-marker, this parameter specifies + // the multipart upload after which listing should begin. If upload-id-marker + // is not specified, only the keys lexicographically greater than the specified + // key-marker will be included in the list. If upload-id-marker is specified, + // any multipart uploads for a key equal to the key-marker might also be + // included, provided those multipart uploads have upload IDs lexicographically + // greater than the specified upload-id-marker. + // + // * Directory buckets - For directory buckets, key-marker is obfuscated + // and isn't a real object key. The upload-id-marker parameter isn't supported + // by directory buckets. To list the additional multipart uploads, you only + // need to set the value of key-marker to the NextKeyMarker value from the + // previous response. In the ListMultipartUploads response, the multipart + // uploads aren't sorted lexicographically based on the object keys. KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"` // Sets the maximum number of multipart uploads, from 1 to 1,000, to return @@ -26894,15 +29549,31 @@ type ListMultipartUploadsInput struct { // Lists in-progress uploads only for those keys that begin with the specified // prefix. You can use prefixes to separate a bucket into different grouping - // of keys. (You can think of using prefix to make groups in the same way you'd - // use a folder in a file system.) + // of keys. (You can think of using prefix to make groups in the same way that + // you'd use a folder in a file system.) + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // Together with key-marker, specifies the multipart upload after which listing // should begin. If key-marker is not specified, the upload-id-marker parameter // is ignored. Otherwise, any multipart uploads for a key equal to the key-marker // might be included in the list only if they have an upload ID lexicographically // greater than the specified upload-id-marker. + // + // This functionality is not supported for directory buckets. UploadIdMarker *string `location:"querystring" locationName:"upload-id-marker" type:"string"` } @@ -26989,6 +29660,12 @@ func (s *ListMultipartUploadsInput) SetPrefix(v string) *ListMultipartUploadsInp return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *ListMultipartUploadsInput) SetRequestPayer(v string) *ListMultipartUploadsInput { + s.RequestPayer = &v + return s +} + // SetUploadIdMarker sets the UploadIdMarker field's value. func (s *ListMultipartUploadsInput) SetUploadIdMarker(v string) *ListMultipartUploadsInput { s.UploadIdMarker = &v @@ -27032,17 +29709,22 @@ type ListMultipartUploadsOutput struct { // If you specify a delimiter in the request, then the result returns each distinct // key prefix containing the delimiter in a CommonPrefixes element. The distinct // key prefixes are returned in the Prefix child element. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"` // Contains the delimiter you specified in the request. If you don't specify // a delimiter in your request, this element is absent from the response. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `type:"string"` // Encoding type used by Amazon S3 to encode object keys in the response. // - // If you specify encoding-type request parameter, Amazon S3 includes this element - // in the response, and returns encoded key name values in the following response - // elements: + // If you specify the encoding-type request parameter, Amazon S3 includes this + // element in the response, and returns encoded key name values in the following + // response elements: // // Delimiter, KeyMarker, Prefix, NextKeyMarker, Key. EncodingType *string `type:"string" enum:"EncodingType"` @@ -27066,13 +29748,26 @@ type ListMultipartUploadsOutput struct { // When a list is truncated, this element specifies the value that should be // used for the upload-id-marker request parameter in a subsequent request. + // + // This functionality is not supported for directory buckets. NextUploadIdMarker *string `type:"string"` // When a prefix is provided in the request, this field contains the specified // prefix. The result contains only keys starting with the specified prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `type:"string"` + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // Upload ID after which listing began. + // + // This functionality is not supported for directory buckets. UploadIdMarker *string `type:"string"` // Container for elements related to a particular multipart upload. A response @@ -27165,6 +29860,12 @@ func (s *ListMultipartUploadsOutput) SetPrefix(v string) *ListMultipartUploadsOu return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListMultipartUploadsOutput) SetRequestCharged(v string) *ListMultipartUploadsOutput { + s.RequestCharged = &v + return s +} + // SetUploadIdMarker sets the UploadIdMarker field's value. func (s *ListMultipartUploadsOutput) SetUploadIdMarker(v string) *ListMultipartUploadsOutput { s.UploadIdMarker = &v @@ -27193,22 +29894,22 @@ type ListObjectVersionsInput struct { Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Requests Amazon S3 to encode the object keys in the response and specifies - // the encoding method to use. An object key may contain any Unicode character; - // however, XML 1.0 parser cannot parse some characters, such as characters + // the encoding method to use. An object key can contain any Unicode character; + // however, the XML 1.0 parser cannot parse some characters, such as characters // with an ASCII value from 0 to 10. For characters that are not supported in // XML 1.0, you can add this parameter to request that Amazon S3 encode the // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Specifies the key to start with when listing objects in a bucket. KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"` - // Sets the maximum number of keys returned in the response. By default the + // Sets the maximum number of keys returned in the response. By default, the // action returns up to 1,000 key names. The response might contain fewer keys // but will never contain more. If additional keys satisfy the search criteria, // but were not returned because max-keys was exceeded, the response contains @@ -27216,13 +29917,28 @@ type ListObjectVersionsInput struct { // and version-id-marker. MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"` + // Specifies the optional fields that you want returned in the response. Fields + // that you do not specify are not returned. + OptionalObjectAttributes []*string `location:"header" locationName:"x-amz-optional-object-attributes" type:"list" enum:"OptionalObjectAttributes"` + // Use this parameter to select only those keys that begin with the specified // prefix. You can use prefixes to separate a bucket into different groupings - // of keys. (You can think of using prefix to make groups in the same way you'd - // use a folder in a file system.) You can use prefix with delimiter to roll - // up numerous objects into a single result under CommonPrefixes. + // of keys. (You can think of using prefix to make groups in the same way that + // you'd use a folder in a file system.) You can use prefix with delimiter to + // roll up numerous objects into a single result under CommonPrefixes. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // Specifies the object version you want to start listing from. VersionIdMarker *string `location:"querystring" locationName:"version-id-marker" type:"string"` } @@ -27304,12 +30020,24 @@ func (s *ListObjectVersionsInput) SetMaxKeys(v int64) *ListObjectVersionsInput { return s } +// SetOptionalObjectAttributes sets the OptionalObjectAttributes field's value. +func (s *ListObjectVersionsInput) SetOptionalObjectAttributes(v []*string) *ListObjectVersionsInput { + s.OptionalObjectAttributes = v + return s +} + // SetPrefix sets the Prefix field's value. func (s *ListObjectVersionsInput) SetPrefix(v string) *ListObjectVersionsInput { s.Prefix = &v return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *ListObjectVersionsInput) SetRequestPayer(v string) *ListObjectVersionsInput { + s.RequestPayer = &v + return s +} + // SetVersionIdMarker sets the VersionIdMarker field's value. func (s *ListObjectVersionsInput) SetVersionIdMarker(v string) *ListObjectVersionsInput { s.VersionIdMarker = &v @@ -27363,16 +30091,16 @@ type ListObjectVersionsOutput struct { // Encoding type used by Amazon S3 to encode object key names in the XML response. // - // If you specify encoding-type request parameter, Amazon S3 includes this element - // in the response, and returns encoded key name values in the following response - // elements: + // If you specify the encoding-type request parameter, Amazon S3 includes this + // element in the response, and returns encoded key name values in the following + // response elements: // // KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter. EncodingType *string `type:"string" enum:"EncodingType"` // A flag that indicates whether Amazon S3 returned all of the results that // satisfied the search criteria. If your results were truncated, you can make - // a follow-up paginated request using the NextKeyMarker and NextVersionIdMarker + // a follow-up paginated request by using the NextKeyMarker and NextVersionIdMarker // response parameters as a starting place in another request to return the // rest of the results. IsTruncated *bool `type:"boolean"` @@ -27400,6 +30128,12 @@ type ListObjectVersionsOutput struct { // Selects objects that start with the value supplied by this parameter. Prefix *string `type:"string"` + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // Marks the last version of the key returned in a truncated response. VersionIdMarker *string `type:"string"` @@ -27491,6 +30225,12 @@ func (s *ListObjectVersionsOutput) SetPrefix(v string) *ListObjectVersionsOutput return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectVersionsOutput) SetRequestCharged(v string) *ListObjectVersionsOutput { + s.RequestCharged = &v + return s +} + // SetVersionIdMarker sets the VersionIdMarker field's value. func (s *ListObjectVersionsOutput) SetVersionIdMarker(v string) *ListObjectVersionsOutput { s.VersionIdMarker = &v @@ -27508,49 +30248,67 @@ type ListObjectsInput struct { // The name of the bucket containing the objects. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // A delimiter is a character you use to group keys. + // A delimiter is a character that you use to group keys. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Requests Amazon S3 to encode the object keys in the response and specifies - // the encoding method to use. An object key may contain any Unicode character; - // however, XML 1.0 parser cannot parse some characters, such as characters + // the encoding method to use. An object key can contain any Unicode character; + // however, the XML 1.0 parser cannot parse some characters, such as characters // with an ASCII value from 0 to 10. For characters that are not supported in // XML 1.0, you can add this parameter to request that Amazon S3 encode the // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Marker is where you want Amazon S3 to start listing from. Amazon S3 starts // listing after this specified key. Marker can be any key in the bucket. Marker *string `location:"querystring" locationName:"marker" type:"string"` - // Sets the maximum number of keys returned in the response. By default the + // Sets the maximum number of keys returned in the response. By default, the // action returns up to 1,000 key names. The response might contain fewer keys // but will never contain more. MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"` + // Specifies the optional fields that you want returned in the response. Fields + // that you do not specify are not returned. + OptionalObjectAttributes []*string `location:"header" locationName:"x-amz-optional-object-attributes" type:"list" enum:"OptionalObjectAttributes"` + // Limits the response to keys that begin with the specified prefix. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` @@ -27637,6 +30395,12 @@ func (s *ListObjectsInput) SetMaxKeys(v int64) *ListObjectsInput { return s } +// SetOptionalObjectAttributes sets the OptionalObjectAttributes field's value. +func (s *ListObjectsInput) SetOptionalObjectAttributes(v []*string) *ListObjectsInput { + s.OptionalObjectAttributes = v + return s +} + // SetPrefix sets the Prefix field's value. func (s *ListObjectsInput) SetPrefix(v string) *ListObjectsInput { s.Prefix = &v @@ -27690,7 +30454,7 @@ type ListObjectsOutput struct { // CommonPrefixes lists keys that act like subdirectories in the directory specified // by Prefix. // - // For example, if the prefix is notes/ and the delimiter is a slash (/) as + // For example, if the prefix is notes/ and the delimiter is a slash (/), as // in notes/summer/july, the common prefix is notes/summer/. All of the keys // that roll up into a common prefix count as a single return when calculating // the number of returns. @@ -27723,17 +30487,26 @@ type ListObjectsOutput struct { // The bucket name. Name *string `type:"string"` - // When response is truncated (the IsTruncated element value in the response - // is true), you can use the key name in this field as marker in the subsequent - // request to get next set of objects. Amazon S3 lists objects in alphabetical - // order Note: This element is returned only if you have delimiter request parameter - // specified. If response does not include the NextMarker and it is truncated, - // you can use the value of the last Key in the response as the marker in the - // subsequent request to get the next set of object keys. + // When the response is truncated (the IsTruncated element value in the response + // is true), you can use the key name in this field as the marker parameter + // in the subsequent request to get the next set of objects. Amazon S3 lists + // objects in alphabetical order. + // + // This element is returned only if you have the delimiter request parameter + // specified. If the response does not include the NextMarker element and it + // is truncated, you can use the value of the last Key element in the response + // as the marker parameter in the subsequent request to get the next set of + // object keys. NextMarker *string `type:"string"` // Keys that begin with the indicated prefix. Prefix *string `type:"string"` + + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } // String returns the string representation. @@ -27814,65 +30587,108 @@ func (s *ListObjectsOutput) SetPrefix(v string) *ListObjectsOutput { return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectsOutput) SetRequestCharged(v string) *ListObjectsOutput { + s.RequestCharged = &v + return s +} + type ListObjectsV2Input struct { _ struct{} `locationName:"ListObjectsV2Request" type:"structure"` - // Bucket name to list. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // ContinuationToken indicates Amazon S3 that the list is being continued on - // this bucket with a token. ContinuationToken is obfuscated and is not a real - // key. + // ContinuationToken indicates to Amazon S3 that the list is being continued + // on this bucket with a token. ContinuationToken is obfuscated and is not a + // real key. You can use this ContinuationToken for pagination of the list results. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // A delimiter is a character you use to group keys. + // A delimiter is a character that you use to group keys. + // + // * Directory buckets - For directory buckets, / is the only supported delimiter. + // + // * Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. + // For more information about multipart uploads, see Multipart Upload Overview + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in + // the Amazon S3 User Guide. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Encoding type used by Amazon S3 to encode object keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The owner field is not present in listV2 by default, if you want to return - // owner field with each key in the result then set the fetch owner field to - // true. + // The owner field is not present in ListObjectsV2 by default. If you want to + // return the owner field with each key in the result, then set the FetchOwner + // field to true. + // + // Directory buckets - For directory buckets, the bucket owner is returned as + // the object owner for all objects. FetchOwner *bool `location:"querystring" locationName:"fetch-owner" type:"boolean"` - // Sets the maximum number of keys returned in the response. By default the + // Sets the maximum number of keys returned in the response. By default, the // action returns up to 1,000 key names. The response might contain fewer keys // but will never contain more. MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"` + // Specifies the optional fields that you want returned in the response. Fields + // that you do not specify are not returned. + // + // This functionality is not supported for directory buckets. + OptionalObjectAttributes []*string `location:"header" locationName:"x-amz-optional-object-attributes" type:"list" enum:"OptionalObjectAttributes"` + // Limits the response to keys that begin with the specified prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` // Confirms that the requester knows that she or he will be charged for the // list objects request in V2 style. Bucket owners need not specify this parameter // in their requests. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts // listing after this specified key. StartAfter can be any key in the bucket. + // + // This functionality is not supported for directory buckets. StartAfter *string `location:"querystring" locationName:"start-after" type:"string"` } @@ -27959,6 +30775,12 @@ func (s *ListObjectsV2Input) SetMaxKeys(v int64) *ListObjectsV2Input { return s } +// SetOptionalObjectAttributes sets the OptionalObjectAttributes field's value. +func (s *ListObjectsV2Input) SetOptionalObjectAttributes(v []*string) *ListObjectsV2Input { + s.OptionalObjectAttributes = v + return s +} + // SetPrefix sets the Prefix field's value. func (s *ListObjectsV2Input) SetPrefix(v string) *ListObjectsV2Input { s.Prefix = &v @@ -28007,8 +30829,9 @@ func (s ListObjectsV2Input) updateArnableField(v string) (interface{}, error) { type ListObjectsV2Output struct { _ struct{} `type:"structure"` - // All of the keys (up to 1,000) rolled up into a common prefix count as a single - // return when calculating the number of returns. + // All of the keys (up to 1,000) that share the same prefix are grouped together. + // When counting the total numbers of returns by this API operation, this group + // of keys is considered as one item. // // A response can contain CommonPrefixes only if you specify a delimiter. // @@ -28022,12 +30845,24 @@ type ListObjectsV2Output struct { // in notes/summer/july, the common prefix is notes/summer/. All of the keys // that roll up into a common prefix count as a single return when calculating // the number of returns. + // + // * Directory buckets - For directory buckets, only prefixes that end in + // a delimiter (/) are supported. + // + // * Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. + // For more information about multipart uploads, see Multipart Upload Overview + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in + // the Amazon S3 User Guide. CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"` // Metadata about each object returned. Contents []*Object `type:"list" flattened:"true"` // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + // You can use this ContinuationToken for pagination of the list results. ContinuationToken *string `type:"string"` // Causes keys that contain the same string between the prefix and the first @@ -28035,6 +30870,8 @@ type ListObjectsV2Output struct { // in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere // in the response. Each rolled-up result counts as only one return against // the MaxKeys value. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `type:"string"` // Encoding type used by Amazon S3 to encode object key names in the XML response. @@ -28052,31 +30889,16 @@ type ListObjectsV2Output struct { IsTruncated *bool `type:"boolean"` // KeyCount is the number of keys returned with this request. KeyCount will - // always be less than or equals to MaxKeys field. Say you ask for 50 keys, - // your result will include less than equals 50 keys + // always be less than or equal to the MaxKeys field. For example, if you ask + // for 50 keys, your result will include 50 keys or fewer. KeyCount *int64 `type:"integer"` - // Sets the maximum number of keys returned in the response. By default the + // Sets the maximum number of keys returned in the response. By default, the // action returns up to 1,000 key names. The response might contain fewer keys // but will never contain more. MaxKeys *int64 `type:"integer"` // The bucket name. - // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. Name *string `type:"string"` // NextContinuationToken is sent when isTruncated is true, which means there @@ -28086,9 +30908,20 @@ type ListObjectsV2Output struct { NextContinuationToken *string `type:"string"` // Keys that begin with the indicated prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `type:"string"` + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // If StartAfter was sent with the request, it is included in the response. + // + // This functionality is not supported for directory buckets. StartAfter *string `type:"string"` } @@ -28176,6 +31009,12 @@ func (s *ListObjectsV2Output) SetPrefix(v string) *ListObjectsV2Output { return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectsV2Output) SetRequestCharged(v string) *ListObjectsV2Output { + s.RequestCharged = &v + return s +} + // SetStartAfter sets the StartAfter field's value. func (s *ListObjectsV2Output) SetStartAfter(v string) *ListObjectsV2Output { s.StartAfter = &v @@ -28187,27 +31026,41 @@ type ListPartsInput struct { // The name of the bucket to which the parts are being uploaded. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -28223,16 +31076,22 @@ type ListPartsInput struct { PartNumberMarker *int64 `location:"querystring" locationName:"part-number-marker" type:"integer"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The server-side encryption (SSE) algorithm used to encrypt the object. This // parameter is needed only when the object was created using a checksum algorithm. // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // The server-side encryption (SSE) customer managed key. This parameter is @@ -28240,6 +31099,8 @@ type ListPartsInput struct { // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ListPartsInput's // String and GoString methods. @@ -28249,6 +31110,8 @@ type ListPartsInput struct { // is needed only when the object was created using a checksum algorithm. For // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose parts are being listed. @@ -28409,15 +31272,19 @@ type ListPartsOutput struct { // name in the request, then the response includes this header indicating when // the initiated multipart upload will become eligible for abort operation. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). // // The response will also include the x-amz-abort-rule-id header that will provide // the ID of the lifecycle configuration rule that defines this action. + // + // This functionality is not supported for directory buckets. AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"` // This header is returned along with the x-amz-abort-date header. It identifies // applicable lifecycle configuration rule that defines the action to abort // incomplete multipart uploads. + // + // This functionality is not supported for directory buckets. AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` // The name of the bucket to which the multipart upload was initiated. Does @@ -28452,6 +31319,9 @@ type ListPartsOutput struct { // Container element that identifies the object owner, after the object is created. // If multipart upload is initiated by an IAM user, this element provides the // parent account ID and display name. + // + // Directory buckets - The bucket owner is returned as the object owner for + // all the parts. Owner *Owner `type:"structure"` // When a list is truncated, this element specifies the last part in the list, @@ -28465,10 +31335,14 @@ type ListPartsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded - // object. + // The class of storage used to store the uploaded object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // Upload ID identifying the multipart upload whose parts are being listed. @@ -28726,6 +31600,56 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location { return s } +// Specifies the location where the bucket will be created. +// +// For directory buckets, the location type is Availability Zone. For more information +// about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// This functionality is only supported by directory buckets. +type LocationInfo struct { + _ struct{} `type:"structure"` + + // The name of the location where the bucket will be created. + // + // For directory buckets, the AZ ID of the Availability Zone where the bucket + // will be created. An example AZ ID value is usw2-az2. + Name *string `type:"string"` + + // The type of location where the bucket will be created. + Type *string `type:"string" enum:"LocationType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LocationInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LocationInfo) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *LocationInfo) SetName(v string) *LocationInfo { + s.Name = &v + return s +} + +// SetType sets the Type field's value. +func (s *LocationInfo) SetType(v string) *LocationInfo { + s.Type = &v + return s +} + // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) @@ -28751,6 +31675,9 @@ type LoggingEnabled struct { // in the Amazon S3 User Guide. TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"` + // Amazon S3 key format for log objects. + TargetObjectKeyFormat *TargetObjectKeyFormat `type:"structure"` + // A prefix for all log object keys. If you store log files from multiple Amazon // S3 buckets in a single bucket, you can use a prefix to distinguish which // log files came from which bucket. @@ -28815,6 +31742,12 @@ func (s *LoggingEnabled) SetTargetGrants(v []*TargetGrant) *LoggingEnabled { return s } +// SetTargetObjectKeyFormat sets the TargetObjectKeyFormat field's value. +func (s *LoggingEnabled) SetTargetObjectKeyFormat(v *TargetObjectKeyFormat) *LoggingEnabled { + s.TargetObjectKeyFormat = v + return s +} + // SetTargetPrefix sets the TargetPrefix field's value. func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled { s.TargetPrefix = &v @@ -28825,10 +31758,10 @@ func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled { type MetadataEntry struct { _ struct{} `type:"structure"` - // Name of the Object. + // Name of the object. Name *string `type:"string"` - // Value of the Object. + // Value of the object. Value *string `type:"string"` } @@ -29006,7 +31939,8 @@ type MetricsConfiguration struct { // prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). Filter *MetricsFilter `type:"structure"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `type:"string" required:"true"` @@ -29161,9 +32095,15 @@ type MultipartUpload struct { Key *string `min:"1" type:"string"` // Specifies the owner of the object that is part of the multipart upload. + // + // Directory buckets - The bucket owner is returned as the object owner for + // all the objects. Owner *Owner `type:"structure"` // The class of storage used to store the object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // Upload ID that identifies the multipart upload. @@ -29238,9 +32178,10 @@ func (s *MultipartUpload) SetUploadId(v string) *MultipartUpload { type NoncurrentVersionExpiration struct { _ struct{} `type:"structure"` - // Specifies how many noncurrent versions Amazon S3 will retain. If there are - // this many more recent noncurrent versions, Amazon S3 will take the associated - // action. For more information about noncurrent versions, see Lifecycle configuration + // Specifies how many newer noncurrent versions must exist before Amazon S3 + // can perform the associated action on a given version. If there are this many + // more recent noncurrent versions, Amazon S3 will take the associated action. + // For more information about noncurrent versions, see Lifecycle configuration // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) // in the Amazon S3 User Guide. NewerNoncurrentVersions *int64 `type:"integer"` @@ -29293,9 +32234,10 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers type NoncurrentVersionTransition struct { _ struct{} `type:"structure"` - // Specifies how many noncurrent versions Amazon S3 will retain. If there are - // this many more recent noncurrent versions, Amazon S3 will take the associated - // action. For more information about noncurrent versions, see Lifecycle configuration + // Specifies how many newer noncurrent versions must exist before Amazon S3 + // can perform the associated action on a given version. If there are this many + // more recent noncurrent versions, Amazon S3 will take the associated action. + // For more information about noncurrent versions, see Lifecycle configuration // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) // in the Amazon S3 User Guide. NewerNoncurrentVersions *int64 `type:"integer"` @@ -29504,7 +32446,8 @@ func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConf } // Specifies object key name filtering rules. For information about key name -// filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) +// filtering, see Configuring event notifications using object key name filtering +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) // in the Amazon S3 User Guide. type NotificationConfigurationFilter struct { _ struct{} `type:"structure"` @@ -29564,6 +32507,8 @@ type Object struct { // encryption. If an object is larger than 16 MB, the Amazon Web Services // Management Console will upload or copy that object as a Multipart Upload, // and therefore the ETag will not be an MD5 digest. + // + // Directory buckets - MD5 is not supported by directory buckets. ETag *string `type:"string"` // The name that you assign to an object. You use the object key to retrieve @@ -29574,12 +32519,27 @@ type Object struct { LastModified *time.Time `type:"timestamp"` // The owner of the object + // + // Directory buckets - The bucket owner is returned as the object owner. Owner *Owner `type:"structure"` + // Specifies the restoration status of an object. Objects in certain storage + // classes must be restored before they can be retrieved. For more information + // about these storage classes and how to work with archived objects, see Working + // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. + RestoreStatus *RestoreStatus `type:"structure"` + // Size in bytes of the object - Size *int64 `type:"integer"` + Size *int64 `type:"long"` // The class of storage used to store the object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"ObjectStorageClass"` } @@ -29631,6 +32591,12 @@ func (s *Object) SetOwner(v *Owner) *Object { return s } +// SetRestoreStatus sets the RestoreStatus field's value. +func (s *Object) SetRestoreStatus(v *RestoreStatus) *Object { + s.RestoreStatus = v + return s +} + // SetSize sets the Size field's value. func (s *Object) SetSize(v int64) *Object { s.Size = &v @@ -29656,7 +32622,9 @@ type ObjectIdentifier struct { // Key is a required field Key *string `min:"1" type:"string" required:"true"` - // VersionId for the specific version of the object to delete. + // Version ID for the specific version of the object to delete. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -29871,26 +32839,32 @@ type ObjectPart struct { ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -29899,7 +32873,7 @@ type ObjectPart struct { PartNumber *int64 `type:"integer"` // The size of the uploaded part in bytes. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` } // String returns the string representation. @@ -29973,14 +32947,21 @@ type ObjectVersion struct { // The object key. Key *string `min:"1" type:"string"` - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time `type:"timestamp"` // Specifies the owner of the object. Owner *Owner `type:"structure"` + // Specifies the restoration status of an object. Objects in certain storage + // classes must be restored before they can be retrieved. For more information + // about these storage classes and how to work with archived objects, see Working + // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) + // in the Amazon S3 User Guide. + RestoreStatus *RestoreStatus `type:"structure"` + // Size in bytes of the object. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` // The class of storage used to store the object. StorageClass *string `type:"string" enum:"ObjectVersionStorageClass"` @@ -30043,6 +33024,12 @@ func (s *ObjectVersion) SetOwner(v *Owner) *ObjectVersion { return s } +// SetRestoreStatus sets the RestoreStatus field's value. +func (s *ObjectVersion) SetRestoreStatus(v *RestoreStatus) *ObjectVersion { + s.RestoreStatus = v + return s +} + // SetSize sets the Size field's value. func (s *ObjectVersion) SetSize(v int64) *ObjectVersion { s.Size = &v @@ -30153,7 +33140,26 @@ func (s *OutputSerialization) SetJSON(v *JSONOutput) *OutputSerialization { type Owner struct { _ struct{} `type:"structure"` - // Container for the display name of the owner. + // Container for the display name of the owner. This value is only supported + // in the following Amazon Web Services Regions: + // + // * US East (N. Virginia) + // + // * US West (N. California) + // + // * US West (Oregon) + // + // * Asia Pacific (Singapore) + // + // * Asia Pacific (Sydney) + // + // * Asia Pacific (Tokyo) + // + // * Europe (Ireland) + // + // * South America (São Paulo) + // + // This functionality is not supported for directory buckets. DisplayName *string `type:"string"` // Container for the ID of the owner. @@ -30263,8 +33269,19 @@ type OwnershipControlsRule struct { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that - // don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control - // canned ACL or an equivalent form of this ACL expressed in the XML format. + // don't specify an ACL or specify bucket owner full control ACLs (such as the + // predefined bucket-owner-full-control canned ACL or a custom ACL in XML format + // that grants the same permissions). + // + // By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. + // We recommend keeping ACLs disabled, except in uncommon use cases where you + // must control access for each object individually. For more information about + // S3 Object Ownership, see Controlling ownership of objects and disabling ACLs + // for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Directory buckets + // use the bucket owner enforced setting for S3 Object Ownership. // // ObjectOwnership is a required field ObjectOwnership *string `type:"string" required:"true" enum:"ObjectOwnership"` @@ -30342,18 +33359,22 @@ type Part struct { ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` @@ -30375,7 +33396,7 @@ type Part struct { PartNumber *int64 `type:"integer"` // Size in bytes of the uploaded part data. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` } // String returns the string representation. @@ -30444,6 +33465,44 @@ func (s *Part) SetSize(v int64) *Part { return s } +// Amazon S3 keys for log objects are partitioned in the following format: +// +// [DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +// +// PartitionedPrefix defaults to EventTime delivery when server access logs +// are delivered. +type PartitionedPrefix struct { + _ struct{} `locationName:"PartitionedPrefix" type:"structure"` + + // Specifies the partition date source for the partitioned prefix. PartitionDateSource + // can be EventTime or DeliveryTime. + PartitionDateSource *string `type:"string" enum:"PartitionDateSource"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionedPrefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionedPrefix) GoString() string { + return s.String() +} + +// SetPartitionDateSource sets the PartitionDateSource field's value. +func (s *PartitionedPrefix) SetPartitionDateSource(v string) *PartitionedPrefix { + s.PartitionDateSource = &v + return s +} + // The container element for a bucket's policy status. type PolicyStatus struct { _ struct{} `type:"structure"` @@ -30691,12 +33750,12 @@ type PutBucketAccelerateConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -30708,9 +33767,9 @@ type PutBucketAccelerateConfigurationInput struct { // must be populated with the algorithm's checksum of the request payload. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -30845,12 +33904,12 @@ type PutBucketAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -30866,9 +33925,9 @@ type PutBucketAclInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Allows grantee the read, write, read ACP, and write ACP permissions on the @@ -31059,9 +34118,9 @@ type PutBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -31211,12 +34270,12 @@ type PutBucketCorsInput struct { // CORSConfiguration is a required field CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31232,9 +34291,9 @@ type PutBucketCorsInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -31364,20 +34423,23 @@ type PutBucketEncryptionInput struct { _ struct{} `locationName:"PutBucketEncryptionRequest" type:"structure" payload:"ServerSideEncryptionConfiguration"` // Specifies default encryption for a bucket using server-side encryption with - // Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). For information - // about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket - // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) + // different key options. By default, all buckets have a default encryption + // configuration that uses server-side encryption with Amazon S3 managed keys + // (SSE-S3). You can optionally configure default encryption for a bucket by + // using server-side encryption with an Amazon Web Services KMS key (SSE-KMS) + // or a customer-provided key (SSE-C). For information about the bucket default + // encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31393,9 +34455,9 @@ type PutBucketEncryptionInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Specifies the default server-side-encryption configuration. @@ -31673,9 +34735,9 @@ type PutBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -31822,12 +34884,12 @@ type PutBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31843,9 +34905,9 @@ type PutBucketLifecycleConfigurationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1,000 rules. @@ -31977,12 +35039,12 @@ type PutBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31998,12 +35060,15 @@ type PutBucketLifecycleInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1000 rules. + // + // For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) + // in the Amazon S3 User Guide. LifecycleConfiguration *LifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } @@ -32139,12 +35204,12 @@ type PutBucketLoggingInput struct { // BucketLoggingStatus is a required field BucketLoggingStatus *BucketLoggingStatus `locationName:"BucketLoggingStatus" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32160,9 +35225,9 @@ type PutBucketLoggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -32296,12 +35361,13 @@ type PutBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -32445,9 +35511,9 @@ type PutBucketNotificationConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // A container for specifying the notification configuration of the bucket. @@ -32591,12 +35657,12 @@ type PutBucketNotificationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32612,9 +35678,9 @@ type PutBucketNotificationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The container for the configuration. @@ -32748,9 +35814,9 @@ type PutBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) @@ -32881,19 +35947,45 @@ type PutBucketPolicyInput struct { // The name of the bucket. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // - // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - // parameter. + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value @@ -32907,15 +35999,24 @@ type PutBucketPolicyInput struct { // Set this parameter to true to confirm that you want to remove your permissions // to change this bucket policy in the future. + // + // This functionality is not supported for directory buckets. ConfirmRemoveSelfBucketAccess *bool `location:"header" locationName:"x-amz-confirm-remove-self-bucket-access" type:"boolean"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The bucket policy as a JSON document. // + // For directory buckets, the only IAM action supported in the bucket policy + // is s3express:CreateSession. + // // Policy is a required field Policy *string `type:"string" required:"true"` } @@ -33051,12 +36152,12 @@ type PutBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33072,9 +36173,9 @@ type PutBucketReplicationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // A container for replication rules. You can add up to 1,000 rules. The maximum @@ -33223,12 +36324,12 @@ type PutBucketRequestPaymentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33244,9 +36345,9 @@ type PutBucketRequestPaymentInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for Payer. @@ -33385,12 +36486,12 @@ type PutBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33406,9 +36507,9 @@ type PutBucketTaggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for the TagSet and Tag elements. @@ -33547,12 +36648,12 @@ type PutBucketVersioningInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33568,9 +36669,9 @@ type PutBucketVersioningInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The concatenation of the authentication device's serial number, a space, @@ -33714,12 +36815,12 @@ type PutBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33735,9 +36836,9 @@ type PutBucketWebsiteInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for the request. @@ -33881,22 +36982,33 @@ type PutObjectAclInput struct { // The bucket name that contains the object to which you want to attach the // ACL. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33912,25 +37024,25 @@ type PutObjectAclInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Allows grantee the read, write, read ACP, and write ACP permissions on the // bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to list the objects in the bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the bucket ACL. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to create new objects in the bucket. @@ -33941,37 +37053,28 @@ type PutObjectAclInput struct { // Allows grantee to write the ACL for the applicable bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Key for which the PUT action was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. - // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -34137,6 +37240,8 @@ type PutObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -34168,9 +37273,32 @@ type PutObjectInput struct { _ struct{} `locationName:"PutObjectRequest" type:"structure" payload:"Body"` // The canned ACL to apply to the object. For more information, see Canned ACL - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. + // + // When adding a new object, you can use headers to grant ACL-based permissions + // to individual Amazon Web Services accounts or to predefined groups defined + // by Amazon S3. These permissions are then added to the ACL on the object. + // By default, all objects are private. Only the owner has full access control. + // For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) + // in the Amazon S3 User Guide. + // + // If the bucket that you're uploading objects to uses the bucket owner enforced + // setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. + // Buckets that use this setting only accept PUT requests that don't specify + // an ACL or PUT requests that specify bucket owner full control ACLs, such + // as the bucket-owner-full-control canned ACL or an equivalent form of this + // ACL expressed in the XML format. PUT requests that contain other ACLs (for + // example, custom grants to certain Amazon Web Services accounts) fail and + // return a 400 error with the error code AccessControlListNotSupported. For + // more information, see Controlling ownership of objects and disabling ACLs + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // * This functionality is not supported for directory buckets. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // Object data. @@ -34178,31 +37306,47 @@ type PutObjectInput struct { // The bucket name to which the PUT action was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. // // Specifying this header with a PUT action doesn’t affect bucket-level settings // for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Can be used to specify caching behavior along the request/reply chain. For @@ -34210,16 +37354,33 @@ type PutObjectInput struct { // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9). CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // - // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - // parameter. + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value @@ -34256,21 +37417,21 @@ type PutObjectInput struct { ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1). + // see https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4). ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced - // by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11 - // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11). + // by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding + // (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding). ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` // The language the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` // Size of the body in bytes. This parameter is useful when the size of the - // body cannot be determined automatically. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13 - // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13). + // body cannot be determined automatically. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length + // (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length). ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` // The base64-encoded 128-bit MD5 digest of the message (without the headers) @@ -34279,39 +37440,54 @@ type PutObjectInput struct { // it is optional, we recommend using the Content-MD5 mechanism as an end-to-end // integrity check. For more information about REST request authentication, // see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). + // + // The Content-MD5 header is required for any request to upload an object with + // a retention period configured using Amazon S3 Object Lock. For more information + // about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` // A standard MIME type describing the format of the contents. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17). + // see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type). ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21). + // see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3). Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"` // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Object key for which the PUT action was initiated. @@ -34323,25 +37499,37 @@ type PutObjectInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether a legal hold will be applied to this object. For more information - // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode that you want to apply to this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when you want this object's Object Lock to expire. Must // be formatted as a timestamp parameter. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -34350,6 +37538,8 @@ type PutObjectInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's // String and GoString methods. @@ -34358,51 +37548,81 @@ type PutObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding - // JSON with the encryption context key-value pairs. + // JSON with the encryption context key-value pairs. This value is stored as + // object metadata and automatically gets passed on to Amazon Web Services KMS + // for future GetObject or CopyObject operations on this object. This value + // must be explicitly added during CopyObject operations. + // + // This functionality is not supported for directory buckets. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If x-amz-server-side-encryption is present and has the value of aws:kms, - // this header specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetrical customer managed key that was used - // for the object. If you specify x-amz-server-side-encryption:aws:kms, but - // do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses - // the Amazon Web Services managed key to protect the data. If the KMS key does - // not exist in the same account issuing the command, you must use the full - // ARN and not just the ID. + // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, + // this header specifies the ID (Key ID, Key ARN, or Key Alias) of the Key Management + // Service (KMS) symmetric encryption customer managed key that was used for + // the object. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, + // but do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 + // uses the Amazon Web Services managed key (aws/s3) to protect the data. If + // the KMS key does not exist in the same account that's issuing the command, + // you must use the full ARN and not just the ID. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm that was used when you store this object + // in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // General purpose buckets - You have four mutually exclusive options to protect + // data using server-side encryption in Amazon S3, depending on how you choose + // to manage the encryption keys. Specifically, the encryption key options are + // Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or + // DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with + // server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. + // You can optionally tell Amazon S3 to encrypt data at rest by using server-side + // encryption with other key options. For more information, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - For directory buckets, only the server-side encryption + // with Amazon S3 managed keys (SSE-S3) (AES256) value is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. // (For example, "Key1=Value1") + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. For information about object - // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html). + // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html) + // in the Amazon S3 User Guide. // // In the following example, the request header sets the redirect to an object // (anotherPage.html) in the same bucket: @@ -34416,7 +37636,10 @@ type PutObjectInput struct { // // For more information about website hosting in Amazon S3, see Hosting Websites // on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) - // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html). + // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -34729,8 +37952,10 @@ type PutObjectLegalHoldInput struct { // The bucket name containing the object that you want to place a legal hold // on. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -34739,12 +37964,12 @@ type PutObjectLegalHoldInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -34760,9 +37985,9 @@ type PutObjectLegalHoldInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object that you want to place a legal hold on. @@ -34775,10 +38000,14 @@ type PutObjectLegalHoldInput struct { LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object that you want to place a legal hold on. @@ -34906,6 +38135,8 @@ type PutObjectLegalHoldOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -34941,12 +38172,12 @@ type PutObjectLockConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -34962,19 +38193,23 @@ type PutObjectLockConfigurationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The Object Lock configuration that you want to apply to the specified bucket. ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // A token to allow Object Lock to be enabled for an existing bucket. @@ -35090,6 +38325,8 @@ type PutObjectLockConfigurationOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -35121,91 +38358,134 @@ type PutObjectOutput struct { _ struct{} `type:"structure"` // Indicates whether the uploaded object uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Entity tag for the uploaded object. + // + // General purpose buckets - To ensure that data is not corrupted traversing + // the network, for objects where the ETag is the MD5 digest of the object, + // you can calculate the MD5 while putting an object to Amazon S3 and compare + // the returned ETag to the calculated MD5 value. + // + // Directory buckets - The ETag for the object in a directory bucket isn't the + // MD5 digest of the object. ETag *string `location:"header" locationName:"ETag" type:"string"` // If the expiration is configured for the object (see PutBucketLifecycleConfiguration - // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), - // the response includes this header. It includes the expiry-date and rule-id - // key-value pairs that provide information about object expiration. The value - // of the rule-id is URL-encoded. + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)) + // in the Amazon S3 User Guide, the response includes this header. It includes + // the expiry-date and rule-id key-value pairs that provide information about + // object expiration. The value of the rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 - // string holding JSON with the encryption context key-value pairs. + // string holding JSON with the encryption context key-value pairs. This value + // is stored as object metadata and automatically gets passed on to Amazon Web + // Services KMS for future GetObject or CopyObject operations on this object. + // + // This functionality is not supported for directory buckets. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If x-amz-server-side-encryption is present and has the value of aws:kms, - // this header specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, + // this header indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If you specified server-side encryption either with an Amazon Web Services - // KMS key or Amazon S3-managed encryption key in your PUT request, the response - // includes this header. It confirms the encryption algorithm that Amazon S3 - // used to encrypt the object. + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` - // Version of the object. + // Version ID of the object. + // + // If you enable versioning for a bucket, Amazon S3 automatically generates + // a unique version ID for the object being stored. Amazon S3 returns this ID + // in the response. When you enable versioning for a bucket, if Amazon S3 receives + // multiple write requests for the same object simultaneously, it stores all + // of the objects. For more information about versioning, see Adding Objects + // to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) + // in the Amazon S3 User Guide. For information about returning the versioning + // state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -35317,8 +38597,10 @@ type PutObjectRetentionInput struct { // The bucket name that contains the object you want to apply this Object Retention // configuration to. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -35330,12 +38612,12 @@ type PutObjectRetentionInput struct { // Indicates whether this action should bypass Governance-mode restrictions. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35351,9 +38633,9 @@ type PutObjectRetentionInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object that you want to apply this Object Retention @@ -35363,10 +38645,14 @@ type PutObjectRetentionInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The container element for the Object Retention configuration. @@ -35504,6 +38790,8 @@ type PutObjectRetentionOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -35536,30 +38824,33 @@ type PutObjectTaggingInput struct { // The bucket name containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35575,9 +38866,9 @@ type PutObjectTaggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Name of the object key. @@ -35586,10 +38877,14 @@ type PutObjectTaggingInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for the TagSet and Tag elements @@ -35765,12 +39060,12 @@ type PutPublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35786,9 +39081,9 @@ type PutPublicAccessBlockInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The PublicAccessBlock configuration that you want to apply to this Amazon @@ -35929,7 +39224,8 @@ type QueueConfiguration struct { Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -36922,30 +40218,33 @@ type RestoreObjectInput struct { // The bucket name containing the object to restore. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -36957,9 +40256,9 @@ type RestoreObjectInput struct { // must be populated with the algorithm's checksum of the request payload. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the action was initiated. @@ -36968,10 +40267,14 @@ type RestoreObjectInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for restore job parameters. @@ -37107,6 +40410,8 @@ type RestoreObjectOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Indicates the path in the provided S3 output location where Select results @@ -37260,6 +40565,67 @@ func (s *RestoreRequest) SetType(v string) *RestoreRequest { return s } +// Specifies the restoration status of an object. Objects in certain storage +// classes must be restored before they can be retrieved. For more information +// about these storage classes and how to work with archived objects, see Working +// with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) +// in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. Only the S3 Express +// One Zone storage class is supported by directory buckets to store objects. +type RestoreStatus struct { + _ struct{} `type:"structure"` + + // Specifies whether the object is currently being restored. If the object restoration + // is in progress, the header returns the value TRUE. For example: + // + // x-amz-optional-object-attributes: IsRestoreInProgress="true" + // + // If the object restoration has completed, the header returns the value FALSE. + // For example: + // + // x-amz-optional-object-attributes: IsRestoreInProgress="false", RestoreExpiryDate="2012-12-21T00:00:00.000Z" + // + // If the object hasn't been restored, there is no header response. + IsRestoreInProgress *bool `type:"boolean"` + + // Indicates when the restored copy will expire. This value is populated only + // if the object has already been restored. For example: + // + // x-amz-optional-object-attributes: IsRestoreInProgress="false", RestoreExpiryDate="2012-12-21T00:00:00.000Z" + RestoreExpiryDate *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreStatus) GoString() string { + return s.String() +} + +// SetIsRestoreInProgress sets the IsRestoreInProgress field's value. +func (s *RestoreStatus) SetIsRestoreInProgress(v bool) *RestoreStatus { + s.IsRestoreInProgress = &v + return s +} + +// SetRestoreExpiryDate sets the RestoreExpiryDate field's value. +func (s *RestoreStatus) SetRestoreExpiryDate(v time.Time) *RestoreStatus { + s.RestoreExpiryDate = &v + return s +} + // Specifies the redirect behavior and when a redirect is applied. For more // information about routing rules, see Configuring advanced conditional redirects // (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects) @@ -37334,7 +40700,7 @@ type Rule struct { // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) // in the Amazon S3 User Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` @@ -37469,9 +40835,8 @@ func (s *Rule) SetTransition(v *Transition) *Rule { type SSEKMS struct { _ struct{} `locationName:"SSE-KMS" type:"structure"` - // Specifies the ID of the Amazon Web Services Key Management Service (Amazon - // Web Services KMS) symmetric customer managed key to use for encrypting inventory - // reports. + // Specifies the ID of the Key Management Service (KMS) symmetric encryption + // customer managed key to use for encrypting inventory reports. // // KeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SSEKMS's @@ -37775,9 +41140,9 @@ type SelectObjectContentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The expression that is used to query the object. @@ -38156,19 +41521,24 @@ type ServerSideEncryptionByDefault struct { // KMS key ID to use for the default encryption. This parameter is allowed if // and only if SSEAlgorithm is set to aws:kms. // - // You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. - // However, if you are using encryption with cross-account or Amazon Web Services - // service operations you must use a fully qualified KMS key ARN. For more information, - // see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - // - // For example: + // You can specify the key ID, key alias, or the Amazon Resource Name (ARN) + // of the KMS key. // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For - // more information, see Using symmetric and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // * Key Alias: alias/alias-name + // + // If you use a key ID, you can run into a LogDestination undeliverable error + // when creating a VPC flow log. + // + // If you are using encryption with cross-account or Amazon Web Services service + // operations you must use a fully qualified KMS key ARN. For more information, + // see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + // + // Amazon S3 only supports symmetric encryption KMS keys. For more information, + // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Amazon Web Services Key Management Service Developer Guide. // // KMSMasterKeyID is a sensitive parameter and its value will be @@ -38347,6 +41717,118 @@ func (s *ServerSideEncryptionRule) SetBucketKeyEnabled(v bool) *ServerSideEncryp return s } +// The established temporary security credentials of the session. +// +// Directory buckets - These session credentials are only supported for the +// authentication and authorization of Zonal endpoint APIs on directory buckets. +type SessionCredentials struct { + _ struct{} `type:"structure"` + + // A unique identifier that's associated with a secret access key. The access + // key ID and the secret access key are used together to sign programmatic Amazon + // Web Services requests cryptographically. + // + // AccessKeyId is a required field + AccessKeyId *string `locationName:"AccessKeyId" type:"string" required:"true"` + + // Temporary security credentials expire after a specified interval. After temporary + // credentials expire, any calls that you make with those credentials will fail. + // So you must generate a new set of temporary credentials. Temporary credentials + // cannot be extended or refreshed beyond the original specified interval. + // + // Expiration is a required field + Expiration *time.Time `locationName:"Expiration" type:"timestamp" required:"true"` + + // A key that's used with the access key ID to cryptographically sign programmatic + // Amazon Web Services requests. Signing a request identifies the sender and + // prevents the request from being altered. + // + // SecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionCredentials's + // String and GoString methods. + // + // SecretAccessKey is a required field + SecretAccessKey *string `locationName:"SecretAccessKey" type:"string" required:"true" sensitive:"true"` + + // A part of the temporary security credentials. The session token is used to + // validate the temporary security credentials. + // + // SessionToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionCredentials's + // String and GoString methods. + // + // SessionToken is a required field + SessionToken *string `locationName:"SessionToken" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionCredentials) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionCredentials) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *SessionCredentials) SetAccessKeyId(v string) *SessionCredentials { + s.AccessKeyId = &v + return s +} + +// SetExpiration sets the Expiration field's value. +func (s *SessionCredentials) SetExpiration(v time.Time) *SessionCredentials { + s.Expiration = &v + return s +} + +// SetSecretAccessKey sets the SecretAccessKey field's value. +func (s *SessionCredentials) SetSecretAccessKey(v string) *SessionCredentials { + s.SecretAccessKey = &v + return s +} + +// SetSessionToken sets the SessionToken field's value. +func (s *SessionCredentials) SetSessionToken(v string) *SessionCredentials { + s.SessionToken = &v + return s +} + +// To use simple format for S3 keys for log objects, set SimplePrefix to an +// empty object. +// +// [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +type SimplePrefix struct { + _ struct{} `locationName:"SimplePrefix" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SimplePrefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SimplePrefix) GoString() string { + return s.String() +} + // A container that describes additional filters for identifying the source // objects that you want to replicate. You can choose to enable or disable the // replication of these objects. Currently, Amazon S3 supports only the filter @@ -38883,6 +42365,49 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant { return s } +// Amazon S3 key format for log objects. Only one format, PartitionedPrefix +// or SimplePrefix, is allowed. +type TargetObjectKeyFormat struct { + _ struct{} `type:"structure"` + + // Partitioned S3 key for log objects. + PartitionedPrefix *PartitionedPrefix `locationName:"PartitionedPrefix" type:"structure"` + + // To use the simple format for S3 keys for log objects. To specify SimplePrefix + // format, set SimplePrefix to {}. + SimplePrefix *SimplePrefix `locationName:"SimplePrefix" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetObjectKeyFormat) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetObjectKeyFormat) GoString() string { + return s.String() +} + +// SetPartitionedPrefix sets the PartitionedPrefix field's value. +func (s *TargetObjectKeyFormat) SetPartitionedPrefix(v *PartitionedPrefix) *TargetObjectKeyFormat { + s.PartitionedPrefix = v + return s +} + +// SetSimplePrefix sets the SimplePrefix field's value. +func (s *TargetObjectKeyFormat) SetSimplePrefix(v *SimplePrefix) *TargetObjectKeyFormat { + s.SimplePrefix = v + return s +} + // The S3 Intelligent-Tiering storage class is designed to optimize storage // costs by automatically moving data to the most cost-effective storage access // tier, without additional operational overhead. @@ -38966,7 +42491,8 @@ type TopicConfiguration struct { Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -39166,19 +42692,33 @@ type UploadPartCopyInput struct { // The bucket name. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -39200,34 +42740,81 @@ type UploadPartCopyInput struct { // my-access-point owned by account 123456789012 in Region us-west-2, use // the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. // The value must be URL encoded. Amazon S3 supports copy operations using - // access points only when the source and destination buckets are in the - // same Amazon Web Services Region. Alternatively, for objects accessed through - // Amazon S3 on Outposts, specify the ARN of the object as accessed in the - // format arn:aws:s3-outposts:::outpost//object/. + // Access points only when the source and destination buckets are in the + // same Amazon Web Services Region. Access points are not supported by directory + // buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, + // specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. // For example, to copy the object reports/january.pdf through outpost my-outpost // owned by account 123456789012 in Region us-west-2, use the URL encoding // of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. // The value must be URL-encoded. // - // To copy a specific version of an object, append ?versionId= to - // the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). - // If you don't specify a version ID, Amazon S3 copies the latest version of - // the source object. + // If your bucket has versioning enabled, you could have multiple versions of + // the same object. By default, x-amz-copy-source identifies the current version + // of the source object to copy. To copy a specific version of the source object + // to copy, append ?versionId= to the x-amz-copy-source request + // header (for example, x-amz-copy-source: /awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + // + // If the current version is a delete marker and you don't specify a versionId + // in the x-amz-copy-source request header, Amazon S3 returns a 404 Not Found + // error, because the object does not exist. If you specify versionId in the + // x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns + // an HTTP 400 Bad Request error, because you are not allowed to specify a delete + // marker as a version for the x-amz-copy-source. + // + // Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. // // CopySource is a required field CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"` // Copies the object if its entity tag (ETag) matches the specified tag. + // + // If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-match condition evaluates to true, and; + // + // x-amz-copy-source-if-unmodified-since condition evaluates to false; + // + // Amazon S3 returns 200 OK and copies the data. CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"` // Copies the object if it has been modified since the specified time. + // + // If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-none-match condition evaluates to false, and; + // + // x-amz-copy-source-if-modified-since condition evaluates to true; + // + // Amazon S3 returns 412 Precondition Failed response code. CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"` // Copies the object if its entity tag (ETag) is different than the specified // ETag. + // + // If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-none-match condition evaluates to false, and; + // + // x-amz-copy-source-if-modified-since condition evaluates to true; + // + // Amazon S3 returns 412 Precondition Failed response code. CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"` // Copies the object if it hasn't been modified since the specified time. + // + // If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-match condition evaluates to true, and; + // + // x-amz-copy-source-if-unmodified-since condition evaluates to false; + // + // Amazon S3 returns 200 OK and copies the data. CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` // The range of bytes to copy from the source object. The range value must use @@ -39239,12 +42826,18 @@ type UploadPartCopyInput struct { // Specifies the algorithm to use when decrypting the source object (for example, // AES256). + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt // the source object. The encryption key provided in this header must be one // that was used when the source object was created. // + // This functionality is not supported when the source object is in a directory + // bucket. + // // CopySourceSSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyInput's // String and GoString methods. @@ -39253,16 +42846,19 @@ type UploadPartCopyInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` - // The account ID of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request fails with the HTTP status - // code 403 Forbidden (access denied). + // The account ID of the expected destination bucket owner. If the account ID + // that you provide does not match the actual owner of the destination bucket, + // the request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The account ID of the expected source bucket owner. If the source bucket - // is owned by a different account, the request fails with the HTTP status code - // 403 Forbidden (access denied). + // The account ID of the expected source bucket owner. If the account ID that + // you provide does not match the actual owner of the source bucket, the request + // fails with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -39277,14 +42873,20 @@ type UploadPartCopyInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -39294,6 +42896,9 @@ type UploadPartCopyInput struct { // header. This must be the same encryption key specified in the initiate multipart // upload request. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyInput's // String and GoString methods. @@ -39302,6 +42907,9 @@ type UploadPartCopyInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being copied. @@ -39525,7 +43133,9 @@ type UploadPartCopyOutput struct { _ struct{} `type:"structure" payload:"CopyPartResult"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. @@ -39533,33 +43143,46 @@ type UploadPartCopyOutput struct { // The version of the source object that was copied, if you have enabled versioning // on the source bucket. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } @@ -39637,30 +43260,44 @@ type UploadPartInput struct { // The name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -39710,11 +43347,13 @@ type UploadPartInput struct { // The base64-encoded 128-bit MD5 digest of the part data. This parameter is // auto-populated when using the command from the CLI. This parameter is required // if object lock parameters are specified. + // + // This functionality is not supported for directory buckets. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -39729,14 +43368,19 @@ type UploadPartInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -39746,6 +43390,8 @@ type UploadPartInput struct { // header. This must be the same encryption key specified in the initiate multipart // upload request. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartInput's // String and GoString methods. @@ -39754,6 +43400,8 @@ type UploadPartInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being uploaded. @@ -39955,38 +43603,48 @@ type UploadPartOutput struct { _ struct{} `type:"structure"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` @@ -39995,29 +43653,39 @@ type UploadPartOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key was used for the - // object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } @@ -40401,6 +44069,8 @@ type WriteGetObjectResponseInput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-fwd-header-x-amz-request-charged" type:"string" enum:"RequestCharged"` // Route prefix to the HTTP URL generated. @@ -40427,9 +44097,9 @@ type WriteGetObjectResponseInput struct { // server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html). SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // stored in Amazon S3 object. + // If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the Amazon + // Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption + // customer managed key that was used for stored in Amazon S3 object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by WriteGetObjectResponseInput's @@ -40441,9 +44111,7 @@ type WriteGetObjectResponseInput struct { ServerSideEncryption *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // The integer status code for an HTTP response of a corresponding GetObject - // request. - // - // Status Codes + // request. The following is a list of status codes. // // * 200 - OK // @@ -40879,6 +44547,9 @@ const ( // BucketLocationConstraintApSouth1 is a BucketLocationConstraint enum value BucketLocationConstraintApSouth1 = "ap-south-1" + // BucketLocationConstraintApSouth2 is a BucketLocationConstraint enum value + BucketLocationConstraintApSouth2 = "ap-south-2" + // BucketLocationConstraintApSoutheast1 is a BucketLocationConstraint enum value BucketLocationConstraintApSoutheast1 = "ap-southeast-1" @@ -40909,6 +44580,9 @@ const ( // BucketLocationConstraintEuSouth1 is a BucketLocationConstraint enum value BucketLocationConstraintEuSouth1 = "eu-south-1" + // BucketLocationConstraintEuSouth2 is a BucketLocationConstraint enum value + BucketLocationConstraintEuSouth2 = "eu-south-2" + // BucketLocationConstraintEuWest1 is a BucketLocationConstraint enum value BucketLocationConstraintEuWest1 = "eu-west-1" @@ -40949,6 +44623,7 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintApNortheast2, BucketLocationConstraintApNortheast3, BucketLocationConstraintApSouth1, + BucketLocationConstraintApSouth2, BucketLocationConstraintApSoutheast1, BucketLocationConstraintApSoutheast2, BucketLocationConstraintApSoutheast3, @@ -40959,6 +44634,7 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintEuCentral1, BucketLocationConstraintEuNorth1, BucketLocationConstraintEuSouth1, + BucketLocationConstraintEuSouth2, BucketLocationConstraintEuWest1, BucketLocationConstraintEuWest2, BucketLocationConstraintEuWest3, @@ -40992,6 +44668,18 @@ func BucketLogsPermission_Values() []string { } } +const ( + // BucketTypeDirectory is a BucketType enum value + BucketTypeDirectory = "Directory" +) + +// BucketType_Values returns all elements of the BucketType enum +func BucketType_Values() []string { + return []string{ + BucketTypeDirectory, + } +} + const ( // BucketVersioningStatusEnabled is a BucketVersioningStatus enum value BucketVersioningStatusEnabled = "Enabled" @@ -41064,6 +44752,18 @@ func CompressionType_Values() []string { } } +const ( + // DataRedundancySingleAvailabilityZone is a DataRedundancy enum value + DataRedundancySingleAvailabilityZone = "SingleAvailabilityZone" +) + +// DataRedundancy_Values returns all elements of the DataRedundancy enum +func DataRedundancy_Values() []string { + return []string{ + DataRedundancySingleAvailabilityZone, + } +} + const ( // DeleteMarkerReplicationStatusEnabled is a DeleteMarkerReplicationStatus enum value DeleteMarkerReplicationStatusEnabled = "Enabled" @@ -41081,8 +44781,8 @@ func DeleteMarkerReplicationStatus_Values() []string { } // Requests Amazon S3 to encode the object keys in the response and specifies -// the encoding method to use. An object key may contain any Unicode character; -// however, XML 1.0 parser cannot parse some characters, such as characters +// the encoding method to use. An object key can contain any Unicode character; +// however, the XML 1.0 parser cannot parse some characters, such as characters // with an ASCII value from 0 to 10. For characters that are not supported in // XML 1.0, you can add this parameter to request that Amazon S3 encode the // keys in the response. @@ -41418,6 +45118,12 @@ const ( // InventoryOptionalFieldChecksumAlgorithm is a InventoryOptionalField enum value InventoryOptionalFieldChecksumAlgorithm = "ChecksumAlgorithm" + + // InventoryOptionalFieldObjectAccessControlList is a InventoryOptionalField enum value + InventoryOptionalFieldObjectAccessControlList = "ObjectAccessControlList" + + // InventoryOptionalFieldObjectOwner is a InventoryOptionalField enum value + InventoryOptionalFieldObjectOwner = "ObjectOwner" ) // InventoryOptionalField_Values returns all elements of the InventoryOptionalField enum @@ -41436,6 +45142,8 @@ func InventoryOptionalField_Values() []string { InventoryOptionalFieldIntelligentTieringAccessTier, InventoryOptionalFieldBucketKeyStatus, InventoryOptionalFieldChecksumAlgorithm, + InventoryOptionalFieldObjectAccessControlList, + InventoryOptionalFieldObjectOwner, } } @@ -41455,6 +45163,18 @@ func JSONType_Values() []string { } } +const ( + // LocationTypeAvailabilityZone is a LocationType enum value + LocationTypeAvailabilityZone = "AvailabilityZone" +) + +// LocationType_Values returns all elements of the LocationType enum +func LocationType_Values() []string { + return []string{ + LocationTypeAvailabilityZone, + } +} + const ( // MFADeleteEnabled is a MFADelete enum value MFADeleteEnabled = "Enabled" @@ -41655,8 +45375,19 @@ func ObjectLockRetentionMode_Values() []string { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that -// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control -// canned ACL or an equivalent form of this ACL expressed in the XML format. +// don't specify an ACL or specify bucket owner full control ACLs (such as the +// predefined bucket-owner-full-control canned ACL or a custom ACL in XML format +// that grants the same permissions). +// +// By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. +// We recommend keeping ACLs disabled, except in uncommon use cases where you +// must control access for each object individually. For more information about +// S3 Object Ownership, see Controlling ownership of objects and disabling ACLs +// for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. Directory buckets +// use the bucket owner enforced setting for S3 Object Ownership. const ( // ObjectOwnershipBucketOwnerPreferred is a ObjectOwnership enum value ObjectOwnershipBucketOwnerPreferred = "BucketOwnerPreferred" @@ -41704,6 +45435,12 @@ const ( // ObjectStorageClassGlacierIr is a ObjectStorageClass enum value ObjectStorageClassGlacierIr = "GLACIER_IR" + + // ObjectStorageClassSnow is a ObjectStorageClass enum value + ObjectStorageClassSnow = "SNOW" + + // ObjectStorageClassExpressOnezone is a ObjectStorageClass enum value + ObjectStorageClassExpressOnezone = "EXPRESS_ONEZONE" ) // ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum @@ -41718,6 +45455,8 @@ func ObjectStorageClass_Values() []string { ObjectStorageClassDeepArchive, ObjectStorageClassOutposts, ObjectStorageClassGlacierIr, + ObjectStorageClassSnow, + ObjectStorageClassExpressOnezone, } } @@ -41733,6 +45472,18 @@ func ObjectVersionStorageClass_Values() []string { } } +const ( + // OptionalObjectAttributesRestoreStatus is a OptionalObjectAttributes enum value + OptionalObjectAttributesRestoreStatus = "RestoreStatus" +) + +// OptionalObjectAttributes_Values returns all elements of the OptionalObjectAttributes enum +func OptionalObjectAttributes_Values() []string { + return []string{ + OptionalObjectAttributesRestoreStatus, + } +} + const ( // OwnerOverrideDestination is a OwnerOverride enum value OwnerOverrideDestination = "Destination" @@ -41745,6 +45496,22 @@ func OwnerOverride_Values() []string { } } +const ( + // PartitionDateSourceEventTime is a PartitionDateSource enum value + PartitionDateSourceEventTime = "EventTime" + + // PartitionDateSourceDeliveryTime is a PartitionDateSource enum value + PartitionDateSourceDeliveryTime = "DeliveryTime" +) + +// PartitionDateSource_Values returns all elements of the PartitionDateSource enum +func PartitionDateSource_Values() []string { + return []string{ + PartitionDateSourceEventTime, + PartitionDateSourceDeliveryTime, + } +} + const ( // PayerRequester is a Payer enum value PayerRequester = "Requester" @@ -41865,6 +45632,9 @@ const ( // ReplicationStatusReplica is a ReplicationStatus enum value ReplicationStatusReplica = "REPLICA" + + // ReplicationStatusCompleted is a ReplicationStatus enum value + ReplicationStatusCompleted = "COMPLETED" ) // ReplicationStatus_Values returns all elements of the ReplicationStatus enum @@ -41874,6 +45644,7 @@ func ReplicationStatus_Values() []string { ReplicationStatusPending, ReplicationStatusFailed, ReplicationStatusReplica, + ReplicationStatusCompleted, } } @@ -41895,6 +45666,8 @@ func ReplicationTimeStatus_Values() []string { // If present, indicates that the requester was successfully charged for the // request. +// +// This functionality is not supported for directory buckets. const ( // RequestChargedRequester is a RequestCharged enum value RequestChargedRequester = "requester" @@ -41908,10 +45681,14 @@ func RequestCharged_Values() []string { } // Confirms that the requester knows that they will be charged for the request. -// Bucket owners need not specify this parameter in their requests. For information -// about downloading objects from Requester Pays buckets, see Downloading Objects +// Bucket owners need not specify this parameter in their requests. If either +// the source or destination S3 bucket has Requester Pays enabled, the requester +// will pay for corresponding charges to copy the object. For information about +// downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. const ( // RequestPayerRequester is a RequestPayer enum value RequestPayerRequester = "requester" @@ -41942,6 +45719,9 @@ const ( // ServerSideEncryptionAwsKms is a ServerSideEncryption enum value ServerSideEncryptionAwsKms = "aws:kms" + + // ServerSideEncryptionAwsKmsDsse is a ServerSideEncryption enum value + ServerSideEncryptionAwsKmsDsse = "aws:kms:dsse" ) // ServerSideEncryption_Values returns all elements of the ServerSideEncryption enum @@ -41949,6 +45729,23 @@ func ServerSideEncryption_Values() []string { return []string{ ServerSideEncryptionAes256, ServerSideEncryptionAwsKms, + ServerSideEncryptionAwsKmsDsse, + } +} + +const ( + // SessionModeReadOnly is a SessionMode enum value + SessionModeReadOnly = "ReadOnly" + + // SessionModeReadWrite is a SessionMode enum value + SessionModeReadWrite = "ReadWrite" +) + +// SessionMode_Values returns all elements of the SessionMode enum +func SessionMode_Values() []string { + return []string{ + SessionModeReadOnly, + SessionModeReadWrite, } } @@ -41995,6 +45792,12 @@ const ( // StorageClassGlacierIr is a StorageClass enum value StorageClassGlacierIr = "GLACIER_IR" + + // StorageClassSnow is a StorageClass enum value + StorageClassSnow = "SNOW" + + // StorageClassExpressOnezone is a StorageClass enum value + StorageClassExpressOnezone = "EXPRESS_ONEZONE" ) // StorageClass_Values returns all elements of the StorageClass enum @@ -42009,6 +45812,8 @@ func StorageClass_Values() []string { StorageClassDeepArchive, StorageClassOutposts, StorageClassGlacierIr, + StorageClassSnow, + StorageClassExpressOnezone, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go index cd6a2e8ae49..8a67333ab26 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go @@ -25,6 +25,15 @@ const ( // "InvalidObjectState". // // Object is archived and inaccessible until restored. + // + // If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval + // storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering + // Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, + // before you can retrieve the object you must first restore a copy using RestoreObject + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). + // Otherwise, this operation returns an InvalidObjectState error. For information + // about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) + // in the Amazon S3 User Guide. ErrCodeInvalidObjectState = "InvalidObjectState" // ErrCodeNoSuchBucket for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go index 6d679a2990f..d13b4617030 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go @@ -80,6 +80,10 @@ type S3API interface { CreateMultipartUploadWithContext(aws.Context, *s3.CreateMultipartUploadInput, ...request.Option) (*s3.CreateMultipartUploadOutput, error) CreateMultipartUploadRequest(*s3.CreateMultipartUploadInput) (*request.Request, *s3.CreateMultipartUploadOutput) + CreateSession(*s3.CreateSessionInput) (*s3.CreateSessionOutput, error) + CreateSessionWithContext(aws.Context, *s3.CreateSessionInput, ...request.Option) (*s3.CreateSessionOutput, error) + CreateSessionRequest(*s3.CreateSessionInput) (*request.Request, *s3.CreateSessionOutput) + DeleteBucket(*s3.DeleteBucketInput) (*s3.DeleteBucketOutput, error) DeleteBucketWithContext(aws.Context, *s3.DeleteBucketInput, ...request.Option) (*s3.DeleteBucketOutput, error) DeleteBucketRequest(*s3.DeleteBucketInput) (*request.Request, *s3.DeleteBucketOutput) @@ -300,6 +304,13 @@ type S3API interface { ListBucketsWithContext(aws.Context, *s3.ListBucketsInput, ...request.Option) (*s3.ListBucketsOutput, error) ListBucketsRequest(*s3.ListBucketsInput) (*request.Request, *s3.ListBucketsOutput) + ListDirectoryBuckets(*s3.ListDirectoryBucketsInput) (*s3.ListDirectoryBucketsOutput, error) + ListDirectoryBucketsWithContext(aws.Context, *s3.ListDirectoryBucketsInput, ...request.Option) (*s3.ListDirectoryBucketsOutput, error) + ListDirectoryBucketsRequest(*s3.ListDirectoryBucketsInput) (*request.Request, *s3.ListDirectoryBucketsOutput) + + ListDirectoryBucketsPages(*s3.ListDirectoryBucketsInput, func(*s3.ListDirectoryBucketsOutput, bool) bool) error + ListDirectoryBucketsPagesWithContext(aws.Context, *s3.ListDirectoryBucketsInput, func(*s3.ListDirectoryBucketsOutput, bool) bool, ...request.Option) error + ListMultipartUploads(*s3.ListMultipartUploadsInput) (*s3.ListMultipartUploadsOutput, error) ListMultipartUploadsWithContext(aws.Context, *s3.ListMultipartUploadsInput, ...request.Option) (*s3.ListMultipartUploadsOutput, error) ListMultipartUploadsRequest(*s3.ListMultipartUploadsInput) (*request.Request, *s3.ListMultipartUploadsOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload_input.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload_input.go index 1cd115f48ce..8f9e068f75f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload_input.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload_input.go @@ -23,9 +23,32 @@ type UploadInput struct { _ struct{} `locationName:"PutObjectRequest" type:"structure" payload:"Body"` // The canned ACL to apply to the object. For more information, see Canned ACL - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. + // + // When adding a new object, you can use headers to grant ACL-based permissions + // to individual Amazon Web Services accounts or to predefined groups defined + // by Amazon S3. These permissions are then added to the ACL on the object. + // By default, all objects are private. Only the owner has full access control. + // For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) + // in the Amazon S3 User Guide. + // + // If the bucket that you're uploading objects to uses the bucket owner enforced + // setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. + // Buckets that use this setting only accept PUT requests that don't specify + // an ACL or PUT requests that specify bucket owner full control ACLs, such + // as the bucket-owner-full-control canned ACL or an equivalent form of this + // ACL expressed in the XML format. PUT requests that contain other ACLs (for + // example, custom grants to certain Amazon Web Services accounts) fail and + // return a 400 error with the error code AccessControlListNotSupported. For + // more information, see Controlling ownership of objects and disabling ACLs + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // * This functionality is not supported for directory buckets. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // The readable body payload to send to S3. @@ -33,31 +56,47 @@ type UploadInput struct { // The bucket name to which the PUT action was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. // // Specifying this header with a PUT action doesn’t affect bucket-level settings // for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Can be used to specify caching behavior along the request/reply chain. For @@ -65,16 +104,33 @@ type UploadInput struct { // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9). CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // - // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - // parameter. + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value @@ -111,13 +167,13 @@ type UploadInput struct { ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1). + // see https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4). ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced - // by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11 - // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11). + // by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding + // (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding). ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` // The language the content is in. @@ -130,41 +186,56 @@ type UploadInput struct { // integrity check. For more information about REST request authentication, // see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). // + // The Content-MD5 header is required for any request to upload an object with + // a retention period configured using Amazon S3 Object Lock. For more information + // about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + // // If the ContentMD5 is provided for a multipart upload, it will be ignored. // Objects that will be uploaded in a single part, the ContentMD5 will be used. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` // A standard MIME type describing the format of the contents. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17). + // see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type). ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21). + // see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3). Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"` // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Object key for which the PUT action was initiated. @@ -176,25 +247,37 @@ type UploadInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether a legal hold will be applied to this object. For more information - // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode that you want to apply to this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when you want this object's Object Lock to expire. Must // be formatted as a timestamp parameter. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -202,48 +285,80 @@ type UploadInput struct { // S3 does not store the encryption key. The key must be appropriate for use // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. + // + // This functionality is not supported for directory buckets. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding - // JSON with the encryption context key-value pairs. + // JSON with the encryption context key-value pairs. This value is stored as + // object metadata and automatically gets passed on to Amazon Web Services KMS + // for future GetObject or CopyObject operations on this object. This value + // must be explicitly added during CopyObject operations. + // + // This functionality is not supported for directory buckets. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If x-amz-server-side-encryption is present and has the value of aws:kms, - // this header specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetrical customer managed key that was used - // for the object. If you specify x-amz-server-side-encryption:aws:kms, but - // do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses - // the Amazon Web Services managed key to protect the data. If the KMS key does - // not exist in the same account issuing the command, you must use the full - // ARN and not just the ID. + // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, + // this header specifies the ID (Key ID, Key ARN, or Key Alias) of the Key Management + // Service (KMS) symmetric encryption customer managed key that was used for + // the object. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, + // but do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 + // uses the Amazon Web Services managed key (aws/s3) to protect the data. If + // the KMS key does not exist in the same account that's issuing the command, + // you must use the full ARN and not just the ID. + // + // This functionality is not supported for directory buckets. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm that was used when you store this object + // in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // General purpose buckets - You have four mutually exclusive options to protect + // data using server-side encryption in Amazon S3, depending on how you choose + // to manage the encryption keys. Specifically, the encryption key options are + // Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or + // DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with + // server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. + // You can optionally tell Amazon S3 to encrypt data at rest by using server-side + // encryption with other key options. For more information, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - For directory buckets, only the server-side encryption + // with Amazon S3 managed keys (SSE-S3) (AES256) value is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. // (For example, "Key1=Value1") + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. For information about object - // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html). + // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html) + // in the Amazon S3 User Guide. // // In the following example, the request header sets the redirect to an object // (anotherPage.html) in the same bucket: @@ -257,6 +372,9 @@ type UploadInput struct { // // For more information about website hosting in Amazon S3, see Hosting Websites // on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) - // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html). + // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go new file mode 100644 index 00000000000..04f6c811b63 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go @@ -0,0 +1,2252 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package ssooidc + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" +) + +const opCreateToken = "CreateToken" + +// CreateTokenRequest generates a "aws/request.Request" representing the +// client's request for the CreateToken operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateToken for more information on using the CreateToken +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTokenRequest method. +// req, resp := client.CreateTokenRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken +func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Request, output *CreateTokenOutput) { + op := &request.Operation{ + Name: opCreateToken, + HTTPMethod: "POST", + HTTPPath: "/token", + } + + if input == nil { + input = &CreateTokenInput{} + } + + output = &CreateTokenOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// CreateToken API operation for AWS SSO OIDC. +// +// Creates and returns access and refresh tokens for clients that are authenticated +// using client secrets. The access token can be used to fetch short-term credentials +// for the assigned AWS accounts or to access application APIs using bearer +// authentication. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation CreateToken for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - InvalidGrantException +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - UnsupportedGrantTypeException +// Indicates that the grant type in the request is not supported by the service. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - AuthorizationPendingException +// Indicates that a request to authorize a client with an access user session +// token is pending. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ExpiredTokenException +// Indicates that the token issued by the service is expired and is no longer +// valid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken +func (c *SSOOIDC) CreateToken(input *CreateTokenInput) (*CreateTokenOutput, error) { + req, out := c.CreateTokenRequest(input) + return out, req.Send() +} + +// CreateTokenWithContext is the same as CreateToken with the addition of +// the ability to pass a context and additional request options. +// +// See CreateToken for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInput, opts ...request.Option) (*CreateTokenOutput, error) { + req, out := c.CreateTokenRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateTokenWithIAM = "CreateTokenWithIAM" + +// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the +// client's request for the CreateTokenWithIAM operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTokenWithIAMRequest method. +// req, resp := client.CreateTokenWithIAMRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) { + op := &request.Operation{ + Name: opCreateTokenWithIAM, + HTTPMethod: "POST", + HTTPPath: "/token?aws_iam=t", + } + + if input == nil { + input = &CreateTokenWithIAMInput{} + } + + output = &CreateTokenWithIAMOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTokenWithIAM API operation for AWS SSO OIDC. +// +// Creates and returns access and refresh tokens for clients and applications +// that are authenticated using IAM entities. The access token can be used to +// fetch short-term credentials for the assigned AWS accounts or to access application +// APIs using bearer authentication. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation CreateTokenWithIAM for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - InvalidGrantException +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - UnsupportedGrantTypeException +// Indicates that the grant type in the request is not supported by the service. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - AuthorizationPendingException +// Indicates that a request to authorize a client with an access user session +// token is pending. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ExpiredTokenException +// Indicates that the token issued by the service is expired and is no longer +// valid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// - InvalidRequestRegionException +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + return out, req.Send() +} + +// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTokenWithIAM for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRegisterClient = "RegisterClient" + +// RegisterClientRequest generates a "aws/request.Request" representing the +// client's request for the RegisterClient operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RegisterClient for more information on using the RegisterClient +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RegisterClientRequest method. +// req, resp := client.RegisterClientRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient +func (c *SSOOIDC) RegisterClientRequest(input *RegisterClientInput) (req *request.Request, output *RegisterClientOutput) { + op := &request.Operation{ + Name: opRegisterClient, + HTTPMethod: "POST", + HTTPPath: "/client/register", + } + + if input == nil { + input = &RegisterClientInput{} + } + + output = &RegisterClientOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// RegisterClient API operation for AWS SSO OIDC. +// +// Registers a client with IAM Identity Center. This allows clients to initiate +// device authorization. The output should be persisted for reuse through many +// authentication requests. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation RegisterClient for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - InvalidClientMetadataException +// Indicates that the client information sent in the request during registration +// is invalid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient +func (c *SSOOIDC) RegisterClient(input *RegisterClientInput) (*RegisterClientOutput, error) { + req, out := c.RegisterClientRequest(input) + return out, req.Send() +} + +// RegisterClientWithContext is the same as RegisterClient with the addition of +// the ability to pass a context and additional request options. +// +// See RegisterClient for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) RegisterClientWithContext(ctx aws.Context, input *RegisterClientInput, opts ...request.Option) (*RegisterClientOutput, error) { + req, out := c.RegisterClientRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStartDeviceAuthorization = "StartDeviceAuthorization" + +// StartDeviceAuthorizationRequest generates a "aws/request.Request" representing the +// client's request for the StartDeviceAuthorization operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartDeviceAuthorization for more information on using the StartDeviceAuthorization +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StartDeviceAuthorizationRequest method. +// req, resp := client.StartDeviceAuthorizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization +func (c *SSOOIDC) StartDeviceAuthorizationRequest(input *StartDeviceAuthorizationInput) (req *request.Request, output *StartDeviceAuthorizationOutput) { + op := &request.Operation{ + Name: opStartDeviceAuthorization, + HTTPMethod: "POST", + HTTPPath: "/device_authorization", + } + + if input == nil { + input = &StartDeviceAuthorizationInput{} + } + + output = &StartDeviceAuthorizationOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// StartDeviceAuthorization API operation for AWS SSO OIDC. +// +// Initiates device authorization by requesting a pair of verification codes +// from the authorization service. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation StartDeviceAuthorization for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization +func (c *SSOOIDC) StartDeviceAuthorization(input *StartDeviceAuthorizationInput) (*StartDeviceAuthorizationOutput, error) { + req, out := c.StartDeviceAuthorizationRequest(input) + return out, req.Send() +} + +// StartDeviceAuthorizationWithContext is the same as StartDeviceAuthorization with the addition of +// the ability to pass a context and additional request options. +// +// See StartDeviceAuthorization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) StartDeviceAuthorizationWithContext(ctx aws.Context, input *StartDeviceAuthorizationInput, opts ...request.Option) (*StartDeviceAuthorizationOutput, error) { + req, out := c.StartDeviceAuthorizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// You do not have sufficient access to perform this action. +type AccessDeniedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be access_denied. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) GoString() string { + return s.String() +} + +func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { + return &AccessDeniedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *AccessDeniedException) Code() string { + return "AccessDeniedException" +} + +// Message returns the exception's message. +func (s *AccessDeniedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *AccessDeniedException) OrigErr() error { + return nil +} + +func (s *AccessDeniedException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *AccessDeniedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *AccessDeniedException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that a request to authorize a client with an access user session +// token is pending. +type AuthorizationPendingException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be authorization_pending. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthorizationPendingException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthorizationPendingException) GoString() string { + return s.String() +} + +func newErrorAuthorizationPendingException(v protocol.ResponseMetadata) error { + return &AuthorizationPendingException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *AuthorizationPendingException) Code() string { + return "AuthorizationPendingException" +} + +// Message returns the exception's message. +func (s *AuthorizationPendingException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *AuthorizationPendingException) OrigErr() error { + return nil +} + +func (s *AuthorizationPendingException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *AuthorizationPendingException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *AuthorizationPendingException) RequestID() string { + return s.RespMetadata.RequestID +} + +type CreateTokenInput struct { + _ struct{} `type:"structure"` + + // The unique identifier string for the client or application. This value comes + // from the result of the RegisterClient API. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // A secret string generated for the client. This value should come from the + // persisted result of the RegisterClient API. + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + // + // ClientSecret is a required field + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` + + // Used only when calling this API for the Authorization Code grant type. The + // short-term code is used to identify this authorization request. This grant + // type is currently unsupported for the CreateToken API. + Code *string `locationName:"code" type:"string"` + + // Used only when calling this API for the Device Code grant type. This short-term + // code is used to identify this authorization request. This comes from the + // result of the StartDeviceAuthorization API. + DeviceCode *string `locationName:"deviceCode" type:"string"` + + // Supports the following OAuth grant types: Device Code and Refresh Token. + // Specify either of the following values, depending on the grant type that + // you want: + // + // * Device Code - urn:ietf:params:oauth:grant-type:device_code + // + // * Refresh Token - refresh_token + // + // For information about how to obtain the device code, see the StartDeviceAuthorization + // topic. + // + // GrantType is a required field + GrantType *string `locationName:"grantType" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. + RedirectUri *string `locationName:"redirectUri" type:"string"` + + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If this value is + // not specified, IAM Identity Center authorizes all scopes that are configured + // for the client during the call to RegisterClient. + Scope []*string `locationName:"scope" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTokenInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTokenInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.ClientSecret == nil { + invalidParams.Add(request.NewErrParamRequired("ClientSecret")) + } + if s.GrantType == nil { + invalidParams.Add(request.NewErrParamRequired("GrantType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientId sets the ClientId field's value. +func (s *CreateTokenInput) SetClientId(v string) *CreateTokenInput { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *CreateTokenInput) SetClientSecret(v string) *CreateTokenInput { + s.ClientSecret = &v + return s +} + +// SetCode sets the Code field's value. +func (s *CreateTokenInput) SetCode(v string) *CreateTokenInput { + s.Code = &v + return s +} + +// SetDeviceCode sets the DeviceCode field's value. +func (s *CreateTokenInput) SetDeviceCode(v string) *CreateTokenInput { + s.DeviceCode = &v + return s +} + +// SetGrantType sets the GrantType field's value. +func (s *CreateTokenInput) SetGrantType(v string) *CreateTokenInput { + s.GrantType = &v + return s +} + +// SetRedirectUri sets the RedirectUri field's value. +func (s *CreateTokenInput) SetRedirectUri(v string) *CreateTokenInput { + s.RedirectUri = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenInput) SetRefreshToken(v string) *CreateTokenInput { + s.RefreshToken = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput { + s.Scope = v + return s +} + +type CreateTokenOutput struct { + _ struct{} `type:"structure"` + + // A bearer token to access AWS accounts and applications assigned to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` + + // Indicates the time in seconds when an access token will expire. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // The idToken is not implemented or supported. For more information about the + // features and limitations of the current IAM Identity Center OIDC implementation, + // see Considerations for Using this Guide in the IAM Identity Center OIDC API + // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // A JSON Web Token (JWT) that identifies who is associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` + + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // Used to notify the client that the returned token is an access token. The + // supported token type is Bearer. + TokenType *string `locationName:"tokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenOutput) GoString() string { + return s.String() +} + +// SetAccessToken sets the AccessToken field's value. +func (s *CreateTokenOutput) SetAccessToken(v string) *CreateTokenOutput { + s.AccessToken = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *CreateTokenOutput) SetExpiresIn(v int64) *CreateTokenOutput { + s.ExpiresIn = &v + return s +} + +// SetIdToken sets the IdToken field's value. +func (s *CreateTokenOutput) SetIdToken(v string) *CreateTokenOutput { + s.IdToken = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenOutput) SetRefreshToken(v string) *CreateTokenOutput { + s.RefreshToken = &v + return s +} + +// SetTokenType sets the TokenType field's value. +func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput { + s.TokenType = &v + return s +} + +type CreateTokenWithIAMInput struct { + _ struct{} `type:"structure"` + + // Used only when calling this API for the JWT Bearer grant type. This value + // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize + // a trusted token issuer, configure the JWT Bearer GrantOptions for the application. + // + // Assertion is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + Assertion *string `locationName:"assertion" type:"string" sensitive:"true"` + + // The unique identifier string for the client or application. This value is + // an application ARN that has OAuth grants configured. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // short-term code is used to identify this authorization request. The code + // is obtained through a redirect from IAM Identity Center to a redirect URI + // persisted in the Authorization Code GrantOptions for the application. + Code *string `locationName:"code" type:"string"` + + // Supports the following OAuth grant types: Authorization Code, Refresh Token, + // JWT Bearer, and Token Exchange. Specify one of the following values, depending + // on the grant type that you want: + // + // * Authorization Code - authorization_code + // + // * Refresh Token - refresh_token + // + // * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer + // + // * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange + // + // GrantType is a required field + GrantType *string `locationName:"grantType" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. + RedirectUri *string `locationName:"redirectUri" type:"string"` + + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that the requester can receive. The following + // values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + RequestedTokenType *string `locationName:"requestedTokenType" type:"string"` + + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If the value is + // not specified, IAM Identity Center authorizes all scopes configured for the + // application, including the following default scopes: openid, aws, sts:identity_context. + Scope []*string `locationName:"scope" type:"list"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the subject of the exchange. The value of the subject token must + // be an access token issued by IAM Identity Center to a different client or + // application. The access token must have authorized scopes that indicate the + // requested application as a target audience. + // + // SubjectToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that is passed as the subject of the exchange. + // The following value is supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + SubjectTokenType *string `locationName:"subjectTokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTokenWithIAMInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.GrantType == nil { + invalidParams.Add(request.NewErrParamRequired("GrantType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssertion sets the Assertion field's value. +func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput { + s.Assertion = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput { + s.ClientId = &v + return s +} + +// SetCode sets the Code field's value. +func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput { + s.Code = &v + return s +} + +// SetGrantType sets the GrantType field's value. +func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput { + s.GrantType = &v + return s +} + +// SetRedirectUri sets the RedirectUri field's value. +func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput { + s.RedirectUri = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput { + s.RefreshToken = &v + return s +} + +// SetRequestedTokenType sets the RequestedTokenType field's value. +func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput { + s.RequestedTokenType = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput { + s.Scope = v + return s +} + +// SetSubjectToken sets the SubjectToken field's value. +func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput { + s.SubjectToken = &v + return s +} + +// SetSubjectTokenType sets the SubjectTokenType field's value. +func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput { + s.SubjectTokenType = &v + return s +} + +type CreateTokenWithIAMOutput struct { + _ struct{} `type:"structure"` + + // A bearer token to access AWS accounts and applications assigned to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` + + // Indicates the time in seconds when an access token will expire. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // A JSON Web Token (JWT) that identifies the user associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` + + // Indicates the type of tokens that are issued by IAM Identity Center. The + // following values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + IssuedTokenType *string `locationName:"issuedTokenType" type:"string"` + + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // The list of scopes for which authorization is granted. The access token that + // is issued is limited to the scopes that are granted. + Scope []*string `locationName:"scope" type:"list"` + + // Used to notify the requester that the returned token is an access token. + // The supported token type is Bearer. + TokenType *string `locationName:"tokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) GoString() string { + return s.String() +} + +// SetAccessToken sets the AccessToken field's value. +func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput { + s.AccessToken = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput { + s.ExpiresIn = &v + return s +} + +// SetIdToken sets the IdToken field's value. +func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput { + s.IdToken = &v + return s +} + +// SetIssuedTokenType sets the IssuedTokenType field's value. +func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput { + s.IssuedTokenType = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput { + s.RefreshToken = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput { + s.Scope = v + return s +} + +// SetTokenType sets the TokenType field's value. +func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput { + s.TokenType = &v + return s +} + +// Indicates that the token issued by the service is expired and is no longer +// valid. +type ExpiredTokenException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be expired_token. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExpiredTokenException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExpiredTokenException) GoString() string { + return s.String() +} + +func newErrorExpiredTokenException(v protocol.ResponseMetadata) error { + return &ExpiredTokenException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ExpiredTokenException) Code() string { + return "ExpiredTokenException" +} + +// Message returns the exception's message. +func (s *ExpiredTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ExpiredTokenException) OrigErr() error { + return nil +} + +func (s *ExpiredTokenException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ExpiredTokenException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ExpiredTokenException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that an error from the service occurred while trying to process +// a request. +type InternalServerException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be server_error. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) GoString() string { + return s.String() +} + +func newErrorInternalServerException(v protocol.ResponseMetadata) error { + return &InternalServerException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InternalServerException) Code() string { + return "InternalServerException" +} + +// Message returns the exception's message. +func (s *InternalServerException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InternalServerException) OrigErr() error { + return nil +} + +func (s *InternalServerException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InternalServerException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InternalServerException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +type InvalidClientException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_client. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidClientException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidClientException) GoString() string { + return s.String() +} + +func newErrorInvalidClientException(v protocol.ResponseMetadata) error { + return &InvalidClientException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidClientException) Code() string { + return "InvalidClientException" +} + +// Message returns the exception's message. +func (s *InvalidClientException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidClientException) OrigErr() error { + return nil +} + +func (s *InvalidClientException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidClientException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidClientException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the client information sent in the request during registration +// is invalid. +type InvalidClientMetadataException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_client_metadata. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidClientMetadataException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidClientMetadataException) GoString() string { + return s.String() +} + +func newErrorInvalidClientMetadataException(v protocol.ResponseMetadata) error { + return &InvalidClientMetadataException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidClientMetadataException) Code() string { + return "InvalidClientMetadataException" +} + +// Message returns the exception's message. +func (s *InvalidClientMetadataException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidClientMetadataException) OrigErr() error { + return nil +} + +func (s *InvalidClientMetadataException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidClientMetadataException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidClientMetadataException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +type InvalidGrantException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_grant. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidGrantException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidGrantException) GoString() string { + return s.String() +} + +func newErrorInvalidGrantException(v protocol.ResponseMetadata) error { + return &InvalidGrantException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidGrantException) Code() string { + return "InvalidGrantException" +} + +// Message returns the exception's message. +func (s *InvalidGrantException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidGrantException) OrigErr() error { + return nil +} + +func (s *InvalidGrantException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidGrantException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidGrantException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +type InvalidRequestException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_request. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { + return &InvalidRequestException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestException) Code() string { + return "InvalidRequestException" +} + +// Message returns the exception's message. +func (s *InvalidRequestException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestException) OrigErr() error { + return nil +} + +func (s *InvalidRequestException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +type InvalidRequestRegionException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Indicates the IAM Identity Center endpoint which the requester may call with + // this token. + Endpoint *string `locationName:"endpoint" type:"string"` + + // Single error code. For this exception the value will be invalid_request. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` + + // Indicates the region which the requester may call with this token. + Region *string `locationName:"region" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error { + return &InvalidRequestRegionException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestRegionException) Code() string { + return "InvalidRequestRegionException" +} + +// Message returns the exception's message. +func (s *InvalidRequestRegionException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestRegionException) OrigErr() error { + return nil +} + +func (s *InvalidRequestRegionException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestRegionException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestRegionException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the scope provided in the request is invalid. +type InvalidScopeException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_scope. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidScopeException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidScopeException) GoString() string { + return s.String() +} + +func newErrorInvalidScopeException(v protocol.ResponseMetadata) error { + return &InvalidScopeException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidScopeException) Code() string { + return "InvalidScopeException" +} + +// Message returns the exception's message. +func (s *InvalidScopeException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidScopeException) OrigErr() error { + return nil +} + +func (s *InvalidScopeException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidScopeException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidScopeException) RequestID() string { + return s.RespMetadata.RequestID +} + +type RegisterClientInput struct { + _ struct{} `type:"structure"` + + // The friendly name of the client. + // + // ClientName is a required field + ClientName *string `locationName:"clientName" type:"string" required:"true"` + + // The type of client. The service supports only public as a client type. Anything + // other than public will be rejected by the service. + // + // ClientType is a required field + ClientType *string `locationName:"clientType" type:"string" required:"true"` + + // The list of scopes that are defined by the client. Upon authorization, this + // list is used to restrict permissions when granting an access token. + Scopes []*string `locationName:"scopes" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisterClientInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisterClientInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RegisterClientInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RegisterClientInput"} + if s.ClientName == nil { + invalidParams.Add(request.NewErrParamRequired("ClientName")) + } + if s.ClientType == nil { + invalidParams.Add(request.NewErrParamRequired("ClientType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientName sets the ClientName field's value. +func (s *RegisterClientInput) SetClientName(v string) *RegisterClientInput { + s.ClientName = &v + return s +} + +// SetClientType sets the ClientType field's value. +func (s *RegisterClientInput) SetClientType(v string) *RegisterClientInput { + s.ClientType = &v + return s +} + +// SetScopes sets the Scopes field's value. +func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput { + s.Scopes = v + return s +} + +type RegisterClientOutput struct { + _ struct{} `type:"structure"` + + // An endpoint that the client can use to request authorization. + AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` + + // The unique identifier string for each client. This client uses this identifier + // to get authenticated by the service in subsequent calls. + ClientId *string `locationName:"clientId" type:"string"` + + // Indicates the time at which the clientId and clientSecret were issued. + ClientIdIssuedAt *int64 `locationName:"clientIdIssuedAt" type:"long"` + + // A secret string generated for the client. The client will use this string + // to get authenticated by the service in subsequent calls. + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RegisterClientOutput's + // String and GoString methods. + ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"` + + // Indicates the time at which the clientId and clientSecret will become invalid. + ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"` + + // An endpoint that the client can use to create tokens. + TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisterClientOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisterClientOutput) GoString() string { + return s.String() +} + +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *RegisterClientOutput) SetAuthorizationEndpoint(v string) *RegisterClientOutput { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *RegisterClientOutput) SetClientId(v string) *RegisterClientOutput { + s.ClientId = &v + return s +} + +// SetClientIdIssuedAt sets the ClientIdIssuedAt field's value. +func (s *RegisterClientOutput) SetClientIdIssuedAt(v int64) *RegisterClientOutput { + s.ClientIdIssuedAt = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *RegisterClientOutput) SetClientSecret(v string) *RegisterClientOutput { + s.ClientSecret = &v + return s +} + +// SetClientSecretExpiresAt sets the ClientSecretExpiresAt field's value. +func (s *RegisterClientOutput) SetClientSecretExpiresAt(v int64) *RegisterClientOutput { + s.ClientSecretExpiresAt = &v + return s +} + +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *RegisterClientOutput) SetTokenEndpoint(v string) *RegisterClientOutput { + s.TokenEndpoint = &v + return s +} + +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +type SlowDownException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be slow_down. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SlowDownException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SlowDownException) GoString() string { + return s.String() +} + +func newErrorSlowDownException(v protocol.ResponseMetadata) error { + return &SlowDownException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *SlowDownException) Code() string { + return "SlowDownException" +} + +// Message returns the exception's message. +func (s *SlowDownException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *SlowDownException) OrigErr() error { + return nil +} + +func (s *SlowDownException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *SlowDownException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *SlowDownException) RequestID() string { + return s.RespMetadata.RequestID +} + +type StartDeviceAuthorizationInput struct { + _ struct{} `type:"structure"` + + // The unique identifier string for the client that is registered with IAM Identity + // Center. This value should come from the persisted result of the RegisterClient + // API operation. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // A secret string that is generated for the client. This value should come + // from the persisted result of the RegisterClient API operation. + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's + // String and GoString methods. + // + // ClientSecret is a required field + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` + + // The URL for the Amazon Web Services access portal. For more information, + // see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) + // in the IAM Identity Center User Guide. + // + // StartUrl is a required field + StartUrl *string `locationName:"startUrl" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartDeviceAuthorizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartDeviceAuthorizationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartDeviceAuthorizationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartDeviceAuthorizationInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.ClientSecret == nil { + invalidParams.Add(request.NewErrParamRequired("ClientSecret")) + } + if s.StartUrl == nil { + invalidParams.Add(request.NewErrParamRequired("StartUrl")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientId sets the ClientId field's value. +func (s *StartDeviceAuthorizationInput) SetClientId(v string) *StartDeviceAuthorizationInput { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *StartDeviceAuthorizationInput) SetClientSecret(v string) *StartDeviceAuthorizationInput { + s.ClientSecret = &v + return s +} + +// SetStartUrl sets the StartUrl field's value. +func (s *StartDeviceAuthorizationInput) SetStartUrl(v string) *StartDeviceAuthorizationInput { + s.StartUrl = &v + return s +} + +type StartDeviceAuthorizationOutput struct { + _ struct{} `type:"structure"` + + // The short-lived code that is used by the device when polling for a session + // token. + DeviceCode *string `locationName:"deviceCode" type:"string"` + + // Indicates the number of seconds in which the verification code will become + // invalid. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // Indicates the number of seconds the client must wait between attempts when + // polling for a session. + Interval *int64 `locationName:"interval" type:"integer"` + + // A one-time user verification code. This is needed to authorize an in-use + // device. + UserCode *string `locationName:"userCode" type:"string"` + + // The URI of the verification page that takes the userCode to authorize the + // device. + VerificationUri *string `locationName:"verificationUri" type:"string"` + + // An alternate URL that the client can use to automatically launch a browser. + // This process skips the manual step in which the user visits the verification + // page and enters their code. + VerificationUriComplete *string `locationName:"verificationUriComplete" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartDeviceAuthorizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartDeviceAuthorizationOutput) GoString() string { + return s.String() +} + +// SetDeviceCode sets the DeviceCode field's value. +func (s *StartDeviceAuthorizationOutput) SetDeviceCode(v string) *StartDeviceAuthorizationOutput { + s.DeviceCode = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *StartDeviceAuthorizationOutput) SetExpiresIn(v int64) *StartDeviceAuthorizationOutput { + s.ExpiresIn = &v + return s +} + +// SetInterval sets the Interval field's value. +func (s *StartDeviceAuthorizationOutput) SetInterval(v int64) *StartDeviceAuthorizationOutput { + s.Interval = &v + return s +} + +// SetUserCode sets the UserCode field's value. +func (s *StartDeviceAuthorizationOutput) SetUserCode(v string) *StartDeviceAuthorizationOutput { + s.UserCode = &v + return s +} + +// SetVerificationUri sets the VerificationUri field's value. +func (s *StartDeviceAuthorizationOutput) SetVerificationUri(v string) *StartDeviceAuthorizationOutput { + s.VerificationUri = &v + return s +} + +// SetVerificationUriComplete sets the VerificationUriComplete field's value. +func (s *StartDeviceAuthorizationOutput) SetVerificationUriComplete(v string) *StartDeviceAuthorizationOutput { + s.VerificationUriComplete = &v + return s +} + +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +type UnauthorizedClientException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be unauthorized_client. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnauthorizedClientException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnauthorizedClientException) GoString() string { + return s.String() +} + +func newErrorUnauthorizedClientException(v protocol.ResponseMetadata) error { + return &UnauthorizedClientException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *UnauthorizedClientException) Code() string { + return "UnauthorizedClientException" +} + +// Message returns the exception's message. +func (s *UnauthorizedClientException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *UnauthorizedClientException) OrigErr() error { + return nil +} + +func (s *UnauthorizedClientException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *UnauthorizedClientException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *UnauthorizedClientException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the grant type in the request is not supported by the service. +type UnsupportedGrantTypeException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be unsupported_grant_type. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnsupportedGrantTypeException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnsupportedGrantTypeException) GoString() string { + return s.String() +} + +func newErrorUnsupportedGrantTypeException(v protocol.ResponseMetadata) error { + return &UnsupportedGrantTypeException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *UnsupportedGrantTypeException) Code() string { + return "UnsupportedGrantTypeException" +} + +// Message returns the exception's message. +func (s *UnsupportedGrantTypeException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *UnsupportedGrantTypeException) OrigErr() error { + return nil +} + +func (s *UnsupportedGrantTypeException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *UnsupportedGrantTypeException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *UnsupportedGrantTypeException) RequestID() string { + return s.RespMetadata.RequestID +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go new file mode 100644 index 00000000000..083568c616f --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go @@ -0,0 +1,67 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package ssooidc provides the client and types for making API +// requests to AWS SSO OIDC. +// +// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a +// client (such as CLI or a native application) to register with IAM Identity +// Center. The service also enables the client to fetch the user’s access +// token upon successful authentication and authorization with IAM Identity +// Center. +// +// IAM Identity Center uses the sso and identitystore API namespaces. +// +// # Considerations for Using This Guide +// +// Before you begin using this guide, we recommend that you first review the +// following important information about how the IAM Identity Center OIDC service +// works. +// +// - The IAM Identity Center OIDC service currently implements only the portions +// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628 +// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single +// sign-on authentication with the CLI. +// +// - With older versions of the CLI, the service only emits OIDC access tokens, +// so to obtain a new token, users must explicitly re-authenticate. To access +// the OIDC flow that supports token refresh and doesn’t require re-authentication, +// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI +// V2) with support for OIDC token refresh and configurable IAM Identity +// Center session durations. For more information, see Configure Amazon Web +// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html). +// +// - The access tokens provided by this service grant access to all Amazon +// Web Services account entitlements assigned to an IAM Identity Center user, +// not just a particular application. +// +// - The documentation in this guide does not describe the mechanism to convert +// the access token into Amazon Web Services Auth (“sigv4”) credentials +// for use with IAM-protected Amazon Web Services service endpoints. For +// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) +// in the IAM Identity Center Portal API Reference Guide. +// +// For general information about IAM Identity Center, see What is IAM Identity +// Center? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) +// in the IAM Identity Center User Guide. +// +// See https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10 for more information on this service. +// +// See ssooidc package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/ +// +// # Using the Client +// +// To contact AWS SSO OIDC with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the AWS SSO OIDC client SSOOIDC for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/#New +package ssooidc diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go new file mode 100644 index 00000000000..e6242e4928d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go @@ -0,0 +1,115 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package ssooidc + +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + +const ( + + // ErrCodeAccessDeniedException for service response error code + // "AccessDeniedException". + // + // You do not have sufficient access to perform this action. + ErrCodeAccessDeniedException = "AccessDeniedException" + + // ErrCodeAuthorizationPendingException for service response error code + // "AuthorizationPendingException". + // + // Indicates that a request to authorize a client with an access user session + // token is pending. + ErrCodeAuthorizationPendingException = "AuthorizationPendingException" + + // ErrCodeExpiredTokenException for service response error code + // "ExpiredTokenException". + // + // Indicates that the token issued by the service is expired and is no longer + // valid. + ErrCodeExpiredTokenException = "ExpiredTokenException" + + // ErrCodeInternalServerException for service response error code + // "InternalServerException". + // + // Indicates that an error from the service occurred while trying to process + // a request. + ErrCodeInternalServerException = "InternalServerException" + + // ErrCodeInvalidClientException for service response error code + // "InvalidClientException". + // + // Indicates that the clientId or clientSecret in the request is invalid. For + // example, this can occur when a client sends an incorrect clientId or an expired + // clientSecret. + ErrCodeInvalidClientException = "InvalidClientException" + + // ErrCodeInvalidClientMetadataException for service response error code + // "InvalidClientMetadataException". + // + // Indicates that the client information sent in the request during registration + // is invalid. + ErrCodeInvalidClientMetadataException = "InvalidClientMetadataException" + + // ErrCodeInvalidGrantException for service response error code + // "InvalidGrantException". + // + // Indicates that a request contains an invalid grant. This can occur if a client + // makes a CreateToken request with an invalid grant type. + ErrCodeInvalidGrantException = "InvalidGrantException" + + // ErrCodeInvalidRequestException for service response error code + // "InvalidRequestException". + // + // Indicates that something is wrong with the input to the request. For example, + // a required parameter might be missing or out of range. + ErrCodeInvalidRequestException = "InvalidRequestException" + + // ErrCodeInvalidRequestRegionException for service response error code + // "InvalidRequestRegionException". + // + // Indicates that a token provided as input to the request was issued by and + // is only usable by calling IAM Identity Center endpoints in another region. + ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException" + + // ErrCodeInvalidScopeException for service response error code + // "InvalidScopeException". + // + // Indicates that the scope provided in the request is invalid. + ErrCodeInvalidScopeException = "InvalidScopeException" + + // ErrCodeSlowDownException for service response error code + // "SlowDownException". + // + // Indicates that the client is making the request too frequently and is more + // than the service can handle. + ErrCodeSlowDownException = "SlowDownException" + + // ErrCodeUnauthorizedClientException for service response error code + // "UnauthorizedClientException". + // + // Indicates that the client is not currently authorized to make the request. + // This can happen when a clientId is not issued for a public client. + ErrCodeUnauthorizedClientException = "UnauthorizedClientException" + + // ErrCodeUnsupportedGrantTypeException for service response error code + // "UnsupportedGrantTypeException". + // + // Indicates that the grant type in the request is not supported by the service. + ErrCodeUnsupportedGrantTypeException = "UnsupportedGrantTypeException" +) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "AccessDeniedException": newErrorAccessDeniedException, + "AuthorizationPendingException": newErrorAuthorizationPendingException, + "ExpiredTokenException": newErrorExpiredTokenException, + "InternalServerException": newErrorInternalServerException, + "InvalidClientException": newErrorInvalidClientException, + "InvalidClientMetadataException": newErrorInvalidClientMetadataException, + "InvalidGrantException": newErrorInvalidGrantException, + "InvalidRequestException": newErrorInvalidRequestException, + "InvalidRequestRegionException": newErrorInvalidRequestRegionException, + "InvalidScopeException": newErrorInvalidScopeException, + "SlowDownException": newErrorSlowDownException, + "UnauthorizedClientException": newErrorUnauthorizedClientException, + "UnsupportedGrantTypeException": newErrorUnsupportedGrantTypeException, +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go new file mode 100644 index 00000000000..782bae3692d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go @@ -0,0 +1,106 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package ssooidc + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +// SSOOIDC provides the API operation methods for making requests to +// AWS SSO OIDC. See this package's package overview docs +// for details on the service. +// +// SSOOIDC methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type SSOOIDC struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "SSO OIDC" // Name of service. + EndpointsID = "oidc" // ID to lookup a service endpoint with. + ServiceID = "SSO OIDC" // ServiceID is a unique identifier of a specific service. +) + +// New creates a new instance of the SSOOIDC client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// +// mySession := session.Must(session.NewSession()) +// +// // Create a SSOOIDC client from just a session. +// svc := ssooidc.New(mySession) +// +// // Create a SSOOIDC client with additional configuration +// svc := ssooidc.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "sso-oauth" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSOOIDC { + svc := &SSOOIDC{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2019-06-10", + ResolvedRegion: resolvedRegion, + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(restjson.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a SSOOIDC operation and runs any +// custom request initialization. +func (c *SSOOIDC) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 63729d0a78b..2c395f5f673 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -85,9 +85,9 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// When you create a role, you create two policies: A role trust policy that -// specifies who can assume the role and a permissions policy that specifies -// what can be done with the role. You specify the trusted principal who is +// When you create a role, you create two policies: a role trust policy that +// specifies who can assume the role, and a permissions policy that specifies +// what can be done with the role. You specify the trusted principal that is // allowed to assume the role in the role trust policy. // // To assume a role from a different account, your Amazon Web Services account @@ -96,9 +96,9 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // are allowed to delegate that access to users in the account. // // A user who wants to access a role in a different account must also have permissions -// that are delegated from the user account administrator. The administrator -// must attach a policy that allows the user to call AssumeRole for the ARN -// of the role in the other account. +// that are delegated from the account administrator. The administrator must +// attach a policy that allows the user to call AssumeRole for the ARN of the +// role in the other account. // // To allow a user to assume a role in the same account, you can do either of // the following: @@ -517,10 +517,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // a user. You can also supply the user with a consistent identity throughout // the lifetime of an application. // -// To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) -// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito -// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) -// in the Amazon Web Services SDK for iOS Developer Guide. +// To learn more about Amazon Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) +// in Amazon Cognito Developer Guide. // // Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web // Services security credentials. Therefore, you can distribute an application @@ -984,11 +982,11 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ // call the operation. // // No permissions are required to perform this operation. If an administrator -// adds a policy to your IAM user or role that explicitly denies access to the -// sts:GetCallerIdentity action, you can still perform this operation. Permissions -// are not required because the same information is returned when an IAM user -// or role is denied access. To view an example response, see I Am Not Authorized -// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) +// attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity +// action, you can still perform this operation. Permissions are not required +// because the same information is returned when access is denied. To view an +// example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1063,18 +1061,26 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // GetFederationToken API operation for AWS Security Token Service. // // Returns a set of temporary security credentials (consisting of an access -// key ID, a secret access key, and a security token) for a federated user. -// A typical use is in a proxy application that gets temporary security credentials -// on behalf of distributed applications inside a corporate network. You must -// call the GetFederationToken operation using the long-term security credentials -// of an IAM user. As a result, this call is appropriate in contexts where those -// credentials can be safely stored, usually in a server-based application. +// key ID, a secret access key, and a security token) for a user. A typical +// use is in a proxy application that gets temporary security credentials on +// behalf of distributed applications inside a corporate network. +// +// You must call the GetFederationToken operation using the long-term security +// credentials of an IAM user. As a result, this call is appropriate in contexts +// where those credentials can be safeguarded, usually in a server-based application. // For a comparison of GetFederationToken with the other API operations that // produce temporary credentials, see Requesting Temporary Security Credentials // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // +// Although it is possible to call GetFederationToken using the security credentials +// of an Amazon Web Services account root user rather than an IAM user that +// you create for the purpose of a proxy application, we do not recommend it. +// For more information, see Safeguard your root user credentials and don't +// use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) +// in the IAM User Guide. +// // You can create a mobile-based or browser-based app that can authenticate // users using a web identity provider like Login with Amazon, Facebook, Google, // or an OpenID Connect-compatible identity provider. In this case, we recommend @@ -1083,21 +1089,13 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) // in the IAM User Guide. // -// You can also call GetFederationToken using the security credentials of an -// Amazon Web Services account root user, but we do not recommend it. Instead, -// we recommend that you create an IAM user for the purpose of the proxy application. -// Then attach a policy to the IAM user that limits federated users to only -// the actions and resources that they need to access. For more information, -// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) -// in the IAM User Guide. -// // # Session duration // // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default // session duration is 43,200 seconds (12 hours). Temporary credentials obtained -// by using the Amazon Web Services account root user credentials have a maximum -// duration of 3,600 seconds (1 hour). +// by using the root user credentials have a maximum duration of 3,600 seconds +// (1 hour). // // # Permissions // @@ -1267,12 +1265,13 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // or IAM user. The credentials consist of an access key ID, a secret access // key, and a security token. Typically, you use GetSessionToken if you want // to use MFA to protect programmatic calls to specific Amazon Web Services -// API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would -// need to call GetSessionToken and submit an MFA code that is associated with -// their MFA device. Using the temporary security credentials that are returned -// from the call, IAM users can then make programmatic calls to API operations -// that require MFA authentication. If you do not supply a correct MFA code, -// then the API returns an access denied error. For a comparison of GetSessionToken +// API operations like Amazon EC2 StopInstances. +// +// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that +// is associated with their MFA device. Using the temporary security credentials +// that the call returns, IAM users can then make programmatic calls to API +// operations that require MFA authentication. An incorrect MFA code causes +// the API to return an access denied error. For a comparison of GetSessionToken // with the other API operations that produce temporary credentials, see Requesting // Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) @@ -1287,13 +1286,12 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // # Session Duration // // The GetSessionToken operation must be called by using the long-term Amazon -// Web Services security credentials of the Amazon Web Services account root -// user or an IAM user. Credentials that are created by IAM users are valid -// for the duration that you specify. This duration can range from 900 seconds -// (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default -// of 43,200 seconds (12 hours). Credentials based on account credentials can -// range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a -// default of 1 hour. +// Web Services security credentials of an IAM user. Credentials that are created +// by IAM users are valid for the duration that you specify. This duration can +// range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 +// hours), with a default of 43,200 seconds (12 hours). Credentials based on +// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds +// (1 hour), with a default of 1 hour. // // # Permissions // @@ -1305,20 +1303,20 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // // - You cannot call any STS API except AssumeRole or GetCallerIdentity. // -// We recommend that you do not call GetSessionToken with Amazon Web Services -// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) -// by creating one or more IAM users, giving them the necessary permissions, -// and using IAM users for everyday interaction with Amazon Web Services. +// The credentials that GetSessionToken returns are based on permissions associated +// with the IAM user whose credentials were used to call the operation. The +// temporary credentials have the same permissions as the IAM user. // -// The credentials that are returned by GetSessionToken are based on permissions -// associated with the user whose credentials were used to call the operation. -// If GetSessionToken is called using Amazon Web Services account root user -// credentials, the temporary credentials have root user permissions. Similarly, -// if GetSessionToken is called using the credentials of an IAM user, the temporary -// credentials have the same permissions as the IAM user. +// Although it is possible to call GetSessionToken using the security credentials +// of an Amazon Web Services account root user rather than an IAM user, we do +// not recommend it. If GetSessionToken is called using root user credentials, +// the temporary credentials have root user permissions. For more information, +// see Safeguard your root user credentials and don't use them for everyday +// tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) +// in the IAM User Guide // // For more information about using GetSessionToken to create temporary credentials, -// go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) +// see Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1462,6 +1460,17 @@ type AssumeRoleInput struct { // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` + // A list of previously acquired trusted context assertions in the format of + // a JSON array. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. + // + // The following is an example of a ProvidedContext value that includes a single + // trusted context assertion and the ARN of the context provider from which + // the trusted context assertion was generated. + // + // [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}] + ProvidedContexts []*ProvidedContext `type:"list"` + // The Amazon Resource Name (ARN) of the role to assume. // // RoleArn is a required field @@ -1635,6 +1644,16 @@ func (s *AssumeRoleInput) Validate() error { } } } + if s.ProvidedContexts != nil { + for i, v := range s.ProvidedContexts { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ProvidedContexts", i), err.(request.ErrInvalidParams)) + } + } + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -1676,6 +1695,12 @@ func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleIn return s } +// SetProvidedContexts sets the ProvidedContexts field's value. +func (s *AssumeRoleInput) SetProvidedContexts(v []*ProvidedContext) *AssumeRoleInput { + s.ProvidedContexts = v + return s +} + // SetRoleArn sets the RoleArn field's value. func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput { s.RoleArn = &v @@ -1900,8 +1925,12 @@ type AssumeRoleWithSAMLInput struct { // For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) // in the IAM User Guide. // + // SAMLAssertion is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AssumeRoleWithSAMLInput's + // String and GoString methods. + // // SAMLAssertion is a required field - SAMLAssertion *string `min:"4" type:"string" required:"true"` + SAMLAssertion *string `min:"4" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -2036,7 +2065,7 @@ type AssumeRoleWithSAMLOutput struct { // IAM. // // The combination of NameQualifier and Subject can be used to uniquely identify - // a federated user. + // a user. // // The following pseudocode shows how the hash value is calculated: // @@ -2264,10 +2293,15 @@ type AssumeRoleWithWebIdentityInput struct { // The OAuth 2.0 access token or OpenID Connect ID token that is provided by // the identity provider. Your application must get this token by authenticating // the user who is using your application with a web identity provider before - // the application makes an AssumeRoleWithWebIdentity call. + // the application makes an AssumeRoleWithWebIdentity call. Only tokens with + // RSA algorithms (RS256) are supported. + // + // WebIdentityToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AssumeRoleWithWebIdentityInput's + // String and GoString methods. // // WebIdentityToken is a required field - WebIdentityToken *string `min:"4" type:"string" required:"true"` + WebIdentityToken *string `min:"4" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -2573,8 +2607,12 @@ type Credentials struct { // The secret access key that can be used to sign requests. // + // SecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Credentials's + // String and GoString methods. + // // SecretAccessKey is a required field - SecretAccessKey *string `type:"string" required:"true"` + SecretAccessKey *string `type:"string" required:"true" sensitive:"true"` // The token that users must pass to the service API to use the temporary credentials. // @@ -2922,10 +2960,9 @@ type GetFederationTokenInput struct { // The duration, in seconds, that the session should last. Acceptable durations // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained - // using Amazon Web Services account root user credentials are restricted to - // a maximum of 3,600 seconds (one hour). If the specified duration is longer - // than one hour, the session obtained by using root user credentials defaults - // to one hour. + // using root user credentials are restricted to a maximum of 3,600 seconds + // (one hour). If the specified duration is longer than one hour, the session + // obtained by using root user credentials defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The name of the federated user. The name is used as an identifier for the @@ -3376,6 +3413,67 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { return s } +// Contains information about the provided context. This includes the signed +// and encrypted trusted context assertion and the context provider ARN from +// which the trusted context assertion was generated. +type ProvidedContext struct { + _ struct{} `type:"structure"` + + // The signed and encrypted trusted context assertion generated by the context + // provider. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. + ContextAssertion *string `min:"4" type:"string"` + + // The context provider ARN from which the trusted context assertion was generated. + ProviderArn *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvidedContext) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvidedContext) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ProvidedContext) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ProvidedContext"} + if s.ContextAssertion != nil && len(*s.ContextAssertion) < 4 { + invalidParams.Add(request.NewErrParamMinLen("ContextAssertion", 4)) + } + if s.ProviderArn != nil && len(*s.ProviderArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("ProviderArn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetContextAssertion sets the ContextAssertion field's value. +func (s *ProvidedContext) SetContextAssertion(v string) *ProvidedContext { + s.ContextAssertion = &v + return s +} + +// SetProviderArn sets the ProviderArn field's value. +func (s *ProvidedContext) SetProviderArn(v string) *ProvidedContext { + s.ProviderArn = &v + return s +} + // You can pass custom key-value pair attributes when you assume a role or federate // a user. These are called session tags. You can then use the session tags // to control access to resources. For more information, see Tagging Amazon diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go index c40f5a2a52b..ea1d9eb0ccf 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go @@ -4,10 +4,9 @@ // requests to AWS Security Token Service. // // Security Token Service (STS) enables you to request temporary, limited-privilege -// credentials for Identity and Access Management (IAM) users or for users that -// you authenticate (federated users). This guide provides descriptions of the -// STS API. For more information about using this service, see Temporary Security -// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). +// credentials for users. This guide provides descriptions of the STS API. For +// more information about using this service, see Temporary Security Credentials +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). // // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. // diff --git a/vendor/github.com/containers/image/docker/reference/regexp.go b/vendor/github.com/containers/image/docker/reference/regexp.go deleted file mode 100644 index 78603493203..00000000000 --- a/vendor/github.com/containers/image/docker/reference/regexp.go +++ /dev/null @@ -1,143 +0,0 @@ -package reference - -import "regexp" - -var ( - // alphaNumericRegexp defines the alpha numeric atom, typically a - // component of names. This only allows lower case characters and digits. - alphaNumericRegexp = match(`[a-z0-9]+`) - - // separatorRegexp defines the separators allowed to be embedded in name - // components. This allow one period, one or two underscore and multiple - // dashes. - separatorRegexp = match(`(?:[._]|__|[-]*)`) - - // nameComponentRegexp restricts registry path component names to start - // with at least one letter or number, with following parts able to be - // separated by one period, one or two underscore and multiple dashes. - nameComponentRegexp = expression( - alphaNumericRegexp, - optional(repeated(separatorRegexp, alphaNumericRegexp))) - - // domainComponentRegexp restricts the registry domain component of a - // repository name to start with a component as defined by DomainRegexp - // and followed by an optional port. - domainComponentRegexp = match(`(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`) - - // DomainRegexp defines the structure of potential domain components - // that may be part of image names. This is purposely a subset of what is - // allowed by DNS to ensure backwards compatibility with Docker image - // names. - DomainRegexp = expression( - domainComponentRegexp, - optional(repeated(literal(`.`), domainComponentRegexp)), - optional(literal(`:`), match(`[0-9]+`))) - - // TagRegexp matches valid tag names. From docker/docker:graph/tags.go. - TagRegexp = match(`[\w][\w.-]{0,127}`) - - // anchoredTagRegexp matches valid tag names, anchored at the start and - // end of the matched string. - anchoredTagRegexp = anchored(TagRegexp) - - // DigestRegexp matches valid digests. - DigestRegexp = match(`[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`) - - // anchoredDigestRegexp matches valid digests, anchored at the start and - // end of the matched string. - anchoredDigestRegexp = anchored(DigestRegexp) - - // NameRegexp is the format for the name component of references. The - // regexp has capturing groups for the domain and name part omitting - // the separating forward slash from either. - NameRegexp = expression( - optional(DomainRegexp, literal(`/`)), - nameComponentRegexp, - optional(repeated(literal(`/`), nameComponentRegexp))) - - // anchoredNameRegexp is used to parse a name value, capturing the - // domain and trailing components. - anchoredNameRegexp = anchored( - optional(capture(DomainRegexp), literal(`/`)), - capture(nameComponentRegexp, - optional(repeated(literal(`/`), nameComponentRegexp)))) - - // ReferenceRegexp is the full supported format of a reference. The regexp - // is anchored and has capturing groups for name, tag, and digest - // components. - ReferenceRegexp = anchored(capture(NameRegexp), - optional(literal(":"), capture(TagRegexp)), - optional(literal("@"), capture(DigestRegexp))) - - // IdentifierRegexp is the format for string identifier used as a - // content addressable identifier using sha256. These identifiers - // are like digests without the algorithm, since sha256 is used. - IdentifierRegexp = match(`([a-f0-9]{64})`) - - // ShortIdentifierRegexp is the format used to represent a prefix - // of an identifier. A prefix may be used to match a sha256 identifier - // within a list of trusted identifiers. - ShortIdentifierRegexp = match(`([a-f0-9]{6,64})`) - - // anchoredIdentifierRegexp is used to check or match an - // identifier value, anchored at start and end of string. - anchoredIdentifierRegexp = anchored(IdentifierRegexp) - - // anchoredShortIdentifierRegexp is used to check if a value - // is a possible identifier prefix, anchored at start and end - // of string. - anchoredShortIdentifierRegexp = anchored(ShortIdentifierRegexp) -) - -// match compiles the string to a regular expression. -var match = regexp.MustCompile - -// literal compiles s into a literal regular expression, escaping any regexp -// reserved characters. -func literal(s string) *regexp.Regexp { - re := match(regexp.QuoteMeta(s)) - - if _, complete := re.LiteralPrefix(); !complete { - panic("must be a literal") - } - - return re -} - -// expression defines a full expression, where each regular expression must -// follow the previous. -func expression(res ...*regexp.Regexp) *regexp.Regexp { - var s string - for _, re := range res { - s += re.String() - } - - return match(s) -} - -// optional wraps the expression in a non-capturing group and makes the -// production optional. -func optional(res ...*regexp.Regexp) *regexp.Regexp { - return match(group(expression(res...)).String() + `?`) -} - -// repeated wraps the regexp in a non-capturing group to get one or more -// matches. -func repeated(res ...*regexp.Regexp) *regexp.Regexp { - return match(group(expression(res...)).String() + `+`) -} - -// group wraps the regexp in a non-capturing group. -func group(res ...*regexp.Regexp) *regexp.Regexp { - return match(`(?:` + expression(res...).String() + `)`) -} - -// capture wraps the expression in a capturing group. -func capture(res ...*regexp.Regexp) *regexp.Regexp { - return match(`(` + expression(res...).String() + `)`) -} - -// anchored anchors the regular expression by adding start and end delimiters. -func anchored(res ...*regexp.Regexp) *regexp.Regexp { - return match(`^` + expression(res...).String() + `$`) -} diff --git a/vendor/github.com/containers/image/LICENSE b/vendor/github.com/containers/image/v5/LICENSE similarity index 100% rename from vendor/github.com/containers/image/LICENSE rename to vendor/github.com/containers/image/v5/LICENSE diff --git a/vendor/github.com/containers/image/docker/reference/README.md b/vendor/github.com/containers/image/v5/docker/reference/README.md similarity index 100% rename from vendor/github.com/containers/image/docker/reference/README.md rename to vendor/github.com/containers/image/v5/docker/reference/README.md diff --git a/vendor/github.com/containers/image/docker/reference/helpers.go b/vendor/github.com/containers/image/v5/docker/reference/helpers.go similarity index 100% rename from vendor/github.com/containers/image/docker/reference/helpers.go rename to vendor/github.com/containers/image/v5/docker/reference/helpers.go diff --git a/vendor/github.com/containers/image/docker/reference/normalize.go b/vendor/github.com/containers/image/v5/docker/reference/normalize.go similarity index 98% rename from vendor/github.com/containers/image/docker/reference/normalize.go rename to vendor/github.com/containers/image/v5/docker/reference/normalize.go index 6a86ec64fdc..d3f47d210ff 100644 --- a/vendor/github.com/containers/image/docker/reference/normalize.go +++ b/vendor/github.com/containers/image/v5/docker/reference/normalize.go @@ -104,7 +104,7 @@ func splitDockerDomain(name string) (domain, remainder string) { } // familiarizeName returns a shortened version of the name familiar -// to to the Docker UI. Familiar names have the default domain +// to the Docker UI. Familiar names have the default domain // "docker.io" and "library/" repository prefix removed. // For example, "docker.io/library/redis" will have the familiar // name "redis" and "docker.io/dmcgowan/myapp" will be "dmcgowan/myapp". diff --git a/vendor/github.com/containers/image/docker/reference/reference.go b/vendor/github.com/containers/image/v5/docker/reference/reference.go similarity index 97% rename from vendor/github.com/containers/image/docker/reference/reference.go rename to vendor/github.com/containers/image/v5/docker/reference/reference.go index 8c0c23b2fe1..6c5484c068c 100644 --- a/vendor/github.com/containers/image/docker/reference/reference.go +++ b/vendor/github.com/containers/image/v5/docker/reference/reference.go @@ -3,13 +3,13 @@ // // Grammar // -// reference := name [ ":" tag ] [ "@" digest ] +// reference := name [ ":" tag ] [ "@" digest ] // name := [domain '/'] path-component ['/' path-component]* // domain := domain-component ['.' domain-component]* [':' port-number] // domain-component := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/ // port-number := /[0-9]+/ -// path-component := alpha-numeric [separator alpha-numeric]* -// alpha-numeric := /[a-z0-9]+/ +// path-component := alphanumeric [separator alphanumeric]* +// alphanumeric := /[a-z0-9]+/ // separator := /[_.]|__|[-]*/ // // tag := /[\w][\w.-]{0,127}/ @@ -175,7 +175,7 @@ func splitDomain(name string) (string, string) { // hostname and name string. If no valid hostname is // found, the hostname is empty and the full value // is returned as name -// DEPRECATED: Use Domain or Path +// Deprecated: Use Domain or Path func SplitHostname(named Named) (string, string) { if r, ok := named.(namedRepository); ok { return r.Domain(), r.Path() diff --git a/vendor/github.com/containers/image/v5/docker/reference/regexp-additions.go b/vendor/github.com/containers/image/v5/docker/reference/regexp-additions.go new file mode 100644 index 00000000000..7b15871f7b6 --- /dev/null +++ b/vendor/github.com/containers/image/v5/docker/reference/regexp-additions.go @@ -0,0 +1,6 @@ +package reference + +// Return true if the specified string fully matches `IdentifierRegexp`. +func IsFullIdentifier(s string) bool { + return anchoredIdentifierRegexp.MatchString(s) +} diff --git a/vendor/github.com/containers/image/v5/docker/reference/regexp.go b/vendor/github.com/containers/image/v5/docker/reference/regexp.go new file mode 100644 index 00000000000..76ba5c2d5c8 --- /dev/null +++ b/vendor/github.com/containers/image/v5/docker/reference/regexp.go @@ -0,0 +1,156 @@ +package reference + +import ( + "regexp" + "strings" + + storageRegexp "github.com/containers/storage/pkg/regexp" +) + +const ( + // alphaNumeric defines the alpha numeric atom, typically a + // component of names. This only allows lower case characters and digits. + alphaNumeric = `[a-z0-9]+` + + // separator defines the separators allowed to be embedded in name + // components. This allow one period, one or two underscore and multiple + // dashes. Repeated dashes and underscores are intentionally treated + // differently. In order to support valid hostnames as name components, + // supporting repeated dash was added. Additionally double underscore is + // now allowed as a separator to loosen the restriction for previously + // supported names. + separator = `(?:[._]|__|[-]*)` + + // repository name to start with a component as defined by DomainRegexp + // and followed by an optional port. + domainComponent = `(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])` + + // The string counterpart for TagRegexp. + tag = `[\w][\w.-]{0,127}` + + // The string counterpart for DigestRegexp. + digestPat = `[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}` + + // The string counterpart for IdentifierRegexp. + identifier = `([a-f0-9]{64})` + + // The string counterpart for ShortIdentifierRegexp. + shortIdentifier = `([a-f0-9]{6,64})` +) + +var ( + // nameComponent restricts registry path component names to start + // with at least one letter or number, with following parts able to be + // separated by one period, one or two underscore and multiple dashes. + nameComponent = expression( + alphaNumeric, + optional(repeated(separator, alphaNumeric))) + + domain = expression( + domainComponent, + optional(repeated(literal(`.`), domainComponent)), + optional(literal(`:`), `[0-9]+`)) + // DomainRegexp defines the structure of potential domain components + // that may be part of image names. This is purposely a subset of what is + // allowed by DNS to ensure backwards compatibility with Docker image + // names. + DomainRegexp = re(domain) + + // TagRegexp matches valid tag names. From docker/docker:graph/tags.go. + TagRegexp = re(tag) + + anchoredTag = anchored(tag) + // anchoredTagRegexp matches valid tag names, anchored at the start and + // end of the matched string. + anchoredTagRegexp = storageRegexp.Delayed(anchoredTag) + + // DigestRegexp matches valid digests. + DigestRegexp = re(digestPat) + + anchoredDigest = anchored(digestPat) + // anchoredDigestRegexp matches valid digests, anchored at the start and + // end of the matched string. + anchoredDigestRegexp = storageRegexp.Delayed(anchoredDigest) + + namePat = expression( + optional(domain, literal(`/`)), + nameComponent, + optional(repeated(literal(`/`), nameComponent))) + // NameRegexp is the format for the name component of references. The + // regexp has capturing groups for the domain and name part omitting + // the separating forward slash from either. + NameRegexp = re(namePat) + + anchoredName = anchored( + optional(capture(domain), literal(`/`)), + capture(nameComponent, + optional(repeated(literal(`/`), nameComponent)))) + // anchoredNameRegexp is used to parse a name value, capturing the + // domain and trailing components. + anchoredNameRegexp = storageRegexp.Delayed(anchoredName) + + referencePat = anchored(capture(namePat), + optional(literal(":"), capture(tag)), + optional(literal("@"), capture(digestPat))) + // ReferenceRegexp is the full supported format of a reference. The regexp + // is anchored and has capturing groups for name, tag, and digest + // components. + ReferenceRegexp = re(referencePat) + + // IdentifierRegexp is the format for string identifier used as a + // content addressable identifier using sha256. These identifiers + // are like digests without the algorithm, since sha256 is used. + IdentifierRegexp = re(identifier) + + // ShortIdentifierRegexp is the format used to represent a prefix + // of an identifier. A prefix may be used to match a sha256 identifier + // within a list of trusted identifiers. + ShortIdentifierRegexp = re(shortIdentifier) + + anchoredIdentifier = anchored(identifier) + // anchoredIdentifierRegexp is used to check or match an + // identifier value, anchored at start and end of string. + anchoredIdentifierRegexp = storageRegexp.Delayed(anchoredIdentifier) +) + +// re compiles the string to a regular expression. +var re = regexp.MustCompile + +// literal compiles s into a literal regular expression, escaping any regexp +// reserved characters. +func literal(s string) string { + return regexp.QuoteMeta(s) +} + +// expression defines a full expression, where each regular expression must +// follow the previous. +func expression(res ...string) string { + return strings.Join(res, "") +} + +// optional wraps the expression in a non-capturing group and makes the +// production optional. +func optional(res ...string) string { + return group(expression(res...)) + `?` +} + +// repeated wraps the regexp in a non-capturing group to get one or more +// matches. +func repeated(res ...string) string { + return group(expression(res...)) + `+` +} + +// group wraps the regexp in a non-capturing group. +func group(res ...string) string { + return `(?:` + expression(res...) + `)` +} + +// capture wraps the expression in a capturing group. +func capture(res ...string) string { + return `(` + expression(res...) + `)` +} + +// anchored anchors the regular expression by adding start and end delimiters. +func anchored(res ...string) string { + return `^` + expression(res...) + `$` +} diff --git a/vendor/github.com/containers/storage/AUTHORS b/vendor/github.com/containers/storage/AUTHORS new file mode 100644 index 00000000000..129dd39692a --- /dev/null +++ b/vendor/github.com/containers/storage/AUTHORS @@ -0,0 +1,1523 @@ +# This file lists all individuals having contributed content to the repository. +# For how it is generated, see `hack/generate-authors.sh`. + +Aanand Prasad +Aaron Davidson +Aaron Feng +Aaron Huslage +Aaron Lehmann +Aaron Welch +Abel Muiño +Abhijeet Kasurde +Abhinav Ajgaonkar +Abhishek Chanda +Abin Shahab +Adam Miller +Adam Singer +Aditi Rajagopal +Aditya +Adria Casas +Adrian Mouat +Adrian Oprea +Adrien Folie +Adrien Gallouët +Ahmed Kamal +Ahmet Alp Balkan +Aidan Feldman +Aidan Hobson Sayers +AJ Bowen +Ajey Charantimath +ajneu +Akihiro Suda +Al Tobey +alambike +Alan Scherger +Alan Thompson +Albert Callarisa +Albert Zhang +Aleksa Sarai +Aleksandrs Fadins +Alena Prokharchyk +Alessandro Boch +Alessio Biancalana +Alex Chan +Alex Crawford +Alex Ellis +Alex Gaynor +Alex Samorukov +Alex Warhawk +Alexander Artemenko +Alexander Boyd +Alexander Larsson +Alexander Morozov +Alexander Shopov +Alexandre Beslic +Alexandre González +Alexandru Sfirlogea +Alexey Guskov +Alexey Kotlyarov +Alexey Shamrin +Alexis THOMAS +Ali Dehghani +Allen Madsen +Allen Sun +almoehi +Alvin Richards +amangoel +Amen Belayneh +Amit Bakshi +Amit Krishnan +Amy Lindburg +Anand Patil +AnandkumarPatel +Anatoly Borodin +Anchal Agrawal +Anders Janmyr +Andre Dublin <81dublin@gmail.com> +Andre Granovsky +Andrea Luzzardi +Andrea Turli +Andreas Köhler +Andreas Savvides +Andreas Tiefenthaler +Andrew C. Bodine +Andrew Clay Shafer +Andrew Duckworth +Andrew France +Andrew Gerrand +Andrew Guenther +Andrew Kuklewicz +Andrew Macgregor +Andrew Macpherson +Andrew Martin +Andrew Munsell +Andrew Weiss +Andrew Williams +Andrews Medina +Andrey Petrov +Andrey Stolbovsky +André Martins +andy +Andy Chambers +andy diller +Andy Goldstein +Andy Kipp +Andy Rothfusz +Andy Smith +Andy Wilson +Anes Hasicic +Anil Belur +Ankush Agarwal +Anonmily +Anthon van der Neut +Anthony Baire +Anthony Bishopric +Anthony Dahanne +Anton Löfgren +Anton Nikitin +Anton Polonskiy +Anton Tiurin +Antonio Murdaca +Antony Messerli +Anuj Bahuguna +Anusha Ragunathan +apocas +ArikaChen +Arnaud Porterie +Arthur Barr +Arthur Gautier +Artur Meyster +Arun Gupta +Asbjørn Enge +averagehuman +Avi Das +Avi Miller +ayoshitake +Azat Khuyiyakhmetov +Bardia Keyoumarsi +Barnaby Gray +Barry Allard +Bartłomiej Piotrowski +Bastiaan Bakker +bdevloed +Ben Firshman +Ben Golub +Ben Hall +Ben Sargent +Ben Severson +Ben Toews +Ben Wiklund +Benjamin Atkin +Benoit Chesneau +Bernerd Schaefer +Bert Goethals +Bharath Thiruveedula +Bhiraj Butala +Bill W +bin liu +Blake Geno +Boaz Shuster +bobby abbott +boucher +Bouke Haarsma +Boyd Hemphill +boynux +Bradley Cicenas +Bradley Wright +Brandon Liu +Brandon Philips +Brandon Rhodes +Brendan Dixon +Brent Salisbury +Brett Higgins +Brett Kochendorfer +Brian (bex) Exelbierd +Brian Bland +Brian DeHamer +Brian Dorsey +Brian Flad +Brian Goff +Brian McCallister +Brian Olsen +Brian Shumate +Brian Torres-Gil +Brian Trump +Brice Jaglin +Briehan Lombaard +Bruno Bigras +Bruno Binet +Bruno Gazzera +Bruno Renié +Bryan Bess +Bryan Boreham +Bryan Matsuo +Bryan Murphy +buddhamagnet +Burke Libbey +Byung Kang +Caleb Spare +Calen Pennington +Cameron Boehmer +Cameron Spear +Campbell Allen +Candid Dauth +Carl Henrik Lunde +Carl X. Su +Carlos Alexandro Becker +Carlos Sanchez +Carol Fager-Higgins +Cary +Casey Bisson +Cedric Davies +Cezar Sa Espinola +Chad Swenson +Chance Zibolski +Chander G +Charles Chan +Charles Hooper +Charles Law +Charles Lindsay +Charles Merriam +Charles Sarrazin +Charlie Lewis +Chase Bolt +ChaYoung You +Chen Chao +Chen Hanxiao +cheney90 +Chewey +Chia-liang Kao +chli +Cholerae Hu +Chris Alfonso +Chris Armstrong +Chris Dituri +Chris Fordham +Chris Khoo +Chris McKinnel +Chris Seto +Chris Snow +Chris St. Pierre +Chris Stivers +Chris Swan +Chris Wahl +Chris Weyl +chrismckinnel +Christian Berendt +Christian Böhme +Christian Persson +Christian Rotzoll +Christian Simon +Christian Stefanescu +ChristoperBiscardi +Christophe Mehay +Christophe Troestler +Christopher Currie +Christopher Jones +Christopher Latham +Christopher Rigor +Christy Perez +Chun Chen +Ciro S. Costa +Clayton Coleman +Clinton Kitson +Coenraad Loubser +Colin Dunklau +Colin Rice +Colin Walters +Collin Guarino +Colm Hally +companycy +Cory Forsyth +cressie176 +Cristian Staretu +cristiano balducci +Cruceru Calin-Cristian +Cyril F +Daan van Berkel +Daehyeok Mun +Dafydd Crosby +dalanlan +Damien Nadé +Damien Nozay +Damjan Georgievski +Dan Anolik +Dan Buch +Dan Cotora +Dan Griffin +Dan Hirsch +Dan Keder +Dan Levy +Dan McPherson +Dan Stine +Dan Walsh +Dan Williams +Daniel Antlinger +Daniel Exner +Daniel Farrell +Daniel Garcia +Daniel Gasienica +Daniel Hiltgen +Daniel Menet +Daniel Mizyrycki +Daniel Nephin +Daniel Norberg +Daniel Nordberg +Daniel Robinson +Daniel S +Daniel Von Fange +Daniel YC Lin +Daniel Zhang +Daniel, Dao Quang Minh +Danny Berger +Danny Yates +Darren Coxall +Darren Shepherd +Darren Stahl +Dave Barboza +Dave Henderson +Dave MacDonald +Dave Tucker +David Anderson +David Calavera +David Corking +David Cramer +David Currie +David Davis +David Gageot +David Gebler +David Lawrence +David Mackey +David Mat +David Mcanulty +David Pelaez +David R. Jenni +David Röthlisberger +David Sheets +David Sissitka +David Xia +David Young +Davide Ceretti +Dawn Chen +dcylabs +decadent +deed02392 +Deng Guangxing +Deni Bertovic +Denis Gladkikh +Denis Ollier +Dennis Docter +Derek +Derek +Derek Ch +Derek McGowan +Deric Crago +Deshi Xiao +devmeyster +Devvyn Murphy +Dharmit Shah +Dieter Reuter +Dima Stopel +Dimitri John Ledkov +Dimitry Andric +Dinesh Subhraveti +Diogo Monica +DiuDiugirl +Djibril Koné +dkumor +Dmitri Logvinenko +Dmitry Demeshchuk +Dmitry Gusev +Dmitry V. Krivenok +Dmitry Vorobev +Dolph Mathews +Dominik Finkbeiner +Dominik Honnef +Don Kirkby +Don Kjer +Don Spaulding +Donald Huang +Dong Chen +Donovan Jones +Doug Davis +Doug MacEachern +Doug Tangren +Dr Nic Williams +dragon788 +Dražen Lučanin +Dustin Sallings +Ed Costello +Edmund Wagner +Eiichi Tsukata +Eike Herzbach +Eivind Uggedal +Elan Ruusamäe +Elias Probst +Elijah Zupancic +eluck +Elvir Kuric +Emil Hernvall +Emily Maier +Emily Rose +Emir Ozer +Enguerran +Eohyung Lee +Eric Hanchrow +Eric Lee +Eric Myhre +Eric Paris +Eric Rafaloff +Eric Rosenberg +Eric Sage +Eric Windisch +Eric Yang +Eric-Olivier Lamey +Erik Bray +Erik Dubbelboer +Erik Hollensbe +Erik Inge Bolsø +Erik Kristensen +Erik Weathers +Erno Hopearuoho +Erwin van der Koogh +Euan +Eugene Yakubovich +eugenkrizo +evalle +Evan Allrich +Evan Carmi +Evan Hazlett +Evan Krall +Evan Phoenix +Evan Wies +Evgeny Vereshchagin +Ewa Czechowska +Eystein Måløy Stenberg +ezbercih +Fabiano Rosas +Fabio Falci +Fabio Rehm +Fabrizio Regini +Fabrizio Soppelsa +Faiz Khan +falmp +Fangyuan Gao <21551127@zju.edu.cn> +Fareed Dudhia +Fathi Boudra +Federico Gimenez +Felix Geisendörfer +Felix Hupfeld +Felix Rabe +Felix Schindler +Ferenc Szabo +Fernando +Fero Volar +Filipe Brandenburger +Filipe Oliveira +fl0yd +Flavio Castelli +FLGMwt +Florian +Florian Klein +Florian Maier +Florian Weingarten +Florin Asavoaie +Francesc Campoy +Francisco Carriedo +Francisco Souza +Frank Groeneveld +Frank Herrmann +Frank Macreery +Frank Rosquin +Fred Lifton +Frederick F. Kautz IV +Frederik Loeffert +Frederik Nordahl Jul Sabroe +Freek Kalter +fy2462 +Félix Baylac-Jacqué +Félix Cantournet +Gabe Rosenhouse +Gabor Nagy +Gabriel Monroy +GabrielNicolasAvellaneda +Galen Sampson +Gareth Rushgrove +Garrett Barboza +Gaurav +gautam, prasanna +GennadySpb +Geoffrey Bachelet +George MacRorie +George Xie +Georgi Hristozov +Gereon Frey +German DZ +Gert van Valkenhoef +Gianluca Borello +Gildas Cuisinier +gissehel +Giuseppe Mazzotta +Gleb Fotengauer-Malinovskiy +Gleb M Borisov +Glyn Normington +GoBella +Goffert van Gool +Gosuke Miyashita +Gou Rao +Govinda Fichtner +Grant Reaber +Graydon Hoare +Greg Fausak +Greg Thornton +grossws +grunny +gs11 +Guilhem Lettron +Guilherme Salgado +Guillaume Dufour +Guillaume J. Charmes +guoxiuyan +Gurjeet Singh +Guruprasad +gwx296173 +Günter Zöchbauer +Hans Kristian Flaatten +Hans Rødtang +Hao Shu Wei +Hao Zhang <21521210@zju.edu.cn> +Harald Albers +Harley Laue +Harold Cooper +Harry Zhang +He Simei +heartlock <21521209@zju.edu.cn> +Hector Castro +Henning Sprang +Hobofan +Hollie Teal +Hong Xu +hsinko <21551195@zju.edu.cn> +Hu Keping +Hu Tao +Huanzhong Zhang +Huayi Zhang +Hugo Duncan +Hugo Marisco <0x6875676f@gmail.com> +Hunter Blanks +huqun +Huu Nguyen +hyeongkyu.lee +hyp3rdino +Hyzhou <1187766782@qq.com> +Ian Babrou +Ian Bishop +Ian Bull +Ian Calvert +Ian Lee +Ian Main +Ian Truslove +Iavael +Icaro Seara +Igor Dolzhikov +Ilkka Laukkanen +Ilya Dmitrichenko +Ilya Gusev +ILYA Khlopotov +imre Fitos +inglesp +Ingo Gottwald +Isaac Dupree +Isabel Jimenez +Isao Jonas +Ivan Babrou +Ivan Fraixedes +Ivan Grcic +J Bruni +J. Nunn +Jack Danger Canty +Jacob Atzen +Jacob Edelman +Jake Champlin +Jake Moshenko +jakedt +James Allen +James Carey +James Carr +James DeFelice +James Harrison Fisher +James Kyburz +James Kyle +James Lal +James Mills +James Nugent +James Turnbull +Jamie Hannaford +Jamshid Afshar +Jan Keromnes +Jan Koprowski +Jan Pazdziora +Jan Toebes +Jan-Gerd Tenberge +Jan-Jaap Driessen +Jana Radhakrishnan +Januar Wayong +Jared Biel +Jared Hocutt +Jaroslaw Zabiello +jaseg +Jasmine Hegman +Jason Divock +Jason Giedymin +Jason Green +Jason Hall +Jason Heiss +Jason Livesay +Jason McVetta +Jason Plum +Jason Shepherd +Jason Smith +Jason Sommer +Jason Stangroome +jaxgeller +Jay +Jay +Jay Kamat +Jean-Baptiste Barth +Jean-Baptiste Dalido +Jean-Paul Calderone +Jean-Tiare Le Bigot +Jeff Anderson +Jeff Johnston +Jeff Lindsay +Jeff Mickey +Jeff Minard +Jeff Nickoloff +Jeff Welch +Jeffrey Bolle +Jeffrey Morgan +Jeffrey van Gogh +Jenny Gebske +Jeremy Grosser +Jeremy Price +Jeremy Qian +Jeremy Unruh +Jeroen Jacobs +Jesse Dearing +Jesse Dubay +Jessica Frazelle +Jezeniel Zapanta +jgeiger +Jhon Honce +Jian Zhang +jianbosun +Jilles Oldenbeuving +Jim Alateras +Jim Perrin +Jimmy Cuadra +Jimmy Puckett +jimmyxian +Jinsoo Park +Jiri Popelka +Jiří Župka +jjy +jmzwcn +Joe Beda +Joe Doliner +Joe Ferguson +Joe Gordon +Joe Shaw +Joe Van Dyk +Joel Friedly +Joel Handwell +Joel Hansson +Joel Wurtz +Joey Geiger +Joey Gibson +Joffrey F +Johan Euphrosine +Johan Rydberg +Johannes 'fish' Ziemke +John Costa +John Feminella +John Gardiner Myers +John Gossman +John Howard (VM) +John OBrien III +John Starks +John Tims +John Warwick +John Willis +Jon Wedaman +Jonas Pfenniger +Jonathan A. Sternberg +Jonathan Boulle +Jonathan Camp +Jonathan Dowland +Jonathan Lebon +Jonathan McCrohan +Jonathan Mueller +Jonathan Pares +Jonathan Rudenberg +Joost Cassee +Jordan +Jordan Arentsen +Jordan Sissel +Jordan Williams +Jose Diaz-Gonzalez +Joseph Anthony Pasquale Holsten +Joseph Hager +Joseph Kern +Josh +Josh Hawn +Josh Poimboeuf +Josiah Kiehl +José Tomás Albornoz +JP +jrabbit +Julian Taylor +Julien Barbier +Julien Bisconti +Julien Bordellier +Julien Dubois +Julien Pervillé +Julio Montes +Jun-Ru Chang +Jussi Nummelin +Justas Brazauskas +Justin Cormack +Justin Force +Justin Plock +Justin Simonelis +Justin Terry +Jyrki Puttonen +Jérôme Petazzoni +Jörg Thalheim +Kai Blin +Kai Qiang Wu(Kennan) +Kamil Domański +kamjar gerami +Kanstantsin Shautsou +Karan Lyons +Kareem Khazem +kargakis +Karl Grzeszczak +Karol Duleba +Katie McLaughlin +Kato Kazuyoshi +Katrina Owen +Kawsar Saiyeed +kayrus +Ke Xu +Keli Hu +Ken Cochrane +Ken ICHIKAWA +Kenfe-Mickael Laventure +Kenjiro Nakayama +Kent Johnson +Kevin "qwazerty" Houdebert +Kevin Clark +Kevin J. Lynagh +Kevin Menard +Kevin P. Kucharczyk +Kevin Shi +Kevin Wallace +Kevin Yap +kevinmeredith +Keyvan Fatehi +kies +Kim BKC Carlbacker +Kim Eik +Kimbro Staken +Kir Kolyshkin +Kiran Gangadharan +Kirill SIbirev +knappe +Kohei Tsuruta +Koichi Shiraishi +Konrad Kleine +Konstantin Pelykh +Krasimir Georgiev +Kristian Haugene +Kristina Zabunova +krrg +Kun Zhang +Kunal Kushwaha +Kyle Conroy +kyu +Lachlan Coote +Lai Jiangshan +Lajos Papp +Lakshan Perera +Lalatendu Mohanty +lalyos +Lance Chen +Lance Kinley +Lars Butler +Lars Kellogg-Stedman +Lars R. Damerow +Laszlo Meszaros +Laurent Erignoux +Laurie Voss +Leandro Siqueira +Lee, Meng-Han +leeplay +Lei Jitang +Len Weincier +Lennie +Leszek Kowalski +Levi Blackstone +Levi Gross +Lewis Marshall +Lewis Peckover +Liana Lo +Liang Mingqiang +Liang-Chi Hsieh +liaoqingwei +limsy +Lin Lu +LingFaKe +Linus Heckemann +Liran Tal +Liron Levin +Liu Bo +Liu Hua +LIZAO LI +Lloyd Dewolf +Lokesh Mandvekar +longliqiang88 <394564827@qq.com> +Lorenz Leutgeb +Lorenzo Fontana +Louis Opter +Luca Marturana +Luca Orlandi +Luca-Bogdan Grigorescu +Lucas Chan +Luis Martínez de Bartolomé Izquierdo +Lukas Waslowski +lukaspustina +Lukasz Zajaczkowski +lukemarsden +Lynda O'Leary +Lénaïc Huard +Ma Shimiao +Mabin +Madhav Puri +Madhu Venugopal +Mageee <21521230.zju.edu.cn> +Mahesh Tiyyagura +malnick +Malte Janduda +manchoz +Manfred Touron +Manfred Zabarauskas +mansinahar +Manuel Meurer +Manuel Woelker +mapk0y +Marc Abramowitz +Marc Kuo +Marc Tamsky +Marcelo Salazar +Marco Hennings +Marcus Farkas +Marcus Linke +Marcus Ramberg +Marek Goldmann +Marian Marinov +Marianna Tessel +Mario Loriedo +Marius Gundersen +Marius Sturm +Marius Voila +Mark Allen +Mark McGranaghan +Mark McKinstry +Mark West +Marko Mikulicic +Marko Tibold +Markus Fix +Martijn Dwars +Martijn van Oosterhout +Martin Honermeyer +Martin Kelly +Martin Mosegaard Amdisen +Martin Redmond +Mary Anthony +Masahito Zembutsu +Mason Malone +Mateusz Sulima +Mathias Monnerville +Mathieu Le Marec - Pasquet +Matt Apperson +Matt Bachmann +Matt Bentley +Matt Haggard +Matt McCormick +Matt Moore +Matt Robenolt +Matthew Heon +Matthew Mayer +Matthew Mueller +Matthew Riley +Matthias Klumpp +Matthias Kühnle +Matthias Rampke +Matthieu Hauglustaine +mattymo +mattyw +Mauricio Garavaglia +mauriyouth +Max Shytikov +Maxim Ivanov +Maxim Kulkin +Maxim Treskin +Maxime Petazzoni +Meaglith Ma +meejah +Megan Kostick +Mehul Kar +Mengdi Gao +Mert Yazıcıoğlu +Micah Zoltu +Michael A. Smith +Michael Bridgen +Michael Brown +Michael Chiang +Michael Crosby +Michael Currie +Michael Friis +Michael Gorsuch +Michael Grauer +Michael Holzheu +Michael Hudson-Doyle +Michael Huettermann +Michael Käufl +Michael Neale +Michael Prokop +Michael Scharf +Michael Stapelberg +Michael Steinert +Michael Thies +Michael West +Michal Fojtik +Michal Gebauer +Michal Jemala +Michal Minar +Michaël Pailloncy +Michał Czeraszkiewicz +Michiel@unhosted +Miguel Angel Fernández +Miguel Morales +Mihai Borobocea +Mihuleacc Sergiu +Mike Brown +Mike Chelen +Mike Danese +Mike Dillon +Mike Dougherty +Mike Gaffney +Mike Goelzer +Mike Leone +Mike MacCana +Mike Naberezny +Mike Snitzer +mikelinjie <294893458@qq.com> +Mikhail Sobolev +Miloslav Trmač +mingqing +Mingzhen Feng +Mitch Capper +mlarcher +Mohammad Banikazemi +Mohammed Aaqib Ansari +Mohit Soni +Morgan Bauer +Morgante Pell +Morgy93 +Morten Siebuhr +Morton Fox +Moysés Borges +mqliang +Mrunal Patel +msabansal +mschurenko +muge +Mustafa Akın +Muthukumar R +Máximo Cuadros +Médi-Rémi Hashim +Nahum Shalman +Nakul Pathak +Nalin Dahyabhai +Nan Monnand Deng +Naoki Orii +Natalie Parker +Natanael Copa +Nate Brennand +Nate Eagleson +Nate Jones +Nathan Hsieh +Nathan Kleyn +Nathan LeClaire +Nathan McCauley +Nathan Williams +Neal McBurnett +Nelson Chen +Nghia Tran +Niall O'Higgins +Nicholas E. Rabenau +Nick Irvine +Nick Parker +Nick Payne +Nick Stenning +Nick Stinemates +Nicolas Borboën +Nicolas De loof +Nicolas Dudebout +Nicolas Goy +Nicolas Kaiser +Nicolás Hock Isaza +Nigel Poulton +NikolaMandic +nikolas +Nirmal Mehta +Nishant Totla +NIWA Hideyuki +noducks +Nolan Darilek +nponeccop +Nuutti Kotivuori +nzwsch +O.S. Tezer +objectified +OddBloke +odk- +Oguz Bilgic +Oh Jinkyun +Ohad Schneider +Ole Reifschneider +Oliver Neal +Olivier Gambier +Olle Jonsson +Oriol Francès +Otto Kekäläinen +oyld +ozlerhakan +paetling +pandrew +panticz +Paolo G. Giarrusso +Pascal Borreli +Pascal Hartig +Patrick Devine +Patrick Hemmer +Patrick Stapleton +pattichen +Paul +paul +Paul Annesley +Paul Bellamy +Paul Bowsher +Paul Hammond +Paul Jimenez +Paul Lietar +Paul Liljenberg +Paul Morie +Paul Nasrat +Paul Weaver +Pavel Lobashov +Pavel Pospisil +Pavel Sutyrin +Pavel Tikhomirov +Pavlos Ratis +Peeyush Gupta +Peggy Li +Pei Su +Penghan Wang +perhapszzy@sina.com +Peter Bourgon +Peter Braden +Peter Choi +Peter Dave Hello +Peter Edge +Peter Ericson +Peter Esbensen +Peter Malmgren +Peter Salvatore +Peter Volpe +Peter Waller +Phil +Phil Estes +Phil Spitler +Philip Monroe +Philipp Wahala +Philipp Weissensteiner +Phillip Alexander +pidster +Piergiuliano Bossi +Pierre +Pierre Carrier +Pierre Wacrenier +Pierre-Alain RIVIERE +Piotr Bogdan +pixelistik +Porjo +Poul Kjeldager Sørensen +Pradeep Chhetri +Prasanna Gautam +Prayag Verma +Przemek Hejman +pysqz +qg <1373319223@qq.com> +qhuang +Qiang Huang +qq690388648 <690388648@qq.com> +Quentin Brossard +Quentin Perez +Quentin Tayssier +r0n22 +Rafal Jeczalik +Rafe Colton +Raghavendra K T +Raghuram Devarakonda +Rajat Pandit +Rajdeep Dua +Ralle +Ralph Bean +Ramkumar Ramachandra +Ramon van Alteren +Ray Tsang +ReadmeCritic +Recursive Madman +Regan McCooey +Remi Rampin +Renato Riccieri Santos Zannon +resouer +rgstephens +Rhys Hiltner +Rich Seymour +Richard +Richard Burnison +Richard Harvey +Richard Metzler +Richard Scothern +Richo Healey +Rick Bradley +Rick van de Loo +Rick Wieman +Rik Nijessen +Riku Voipio +Riley Guerin +Ritesh H Shukla +Riyaz Faizullabhoy +Rob Vesse +Robert Bachmann +Robert Bittle +Robert Obryk +Robert Stern +Robert Wallis +Roberto G. Hashioka +Robin Naundorf +Robin Schneider +Robin Speekenbrink +robpc +Rodolfo Carvalho +Rodrigo Vaz +Roel Van Nyen +Roger Peppe +Rohit Jnagal +Rohit Kadam +Roland Huß +Roland Kammerer +Roland Moriz +Roma Sokolov +Roman Strashkin +Ron Smits +root +root +root +root +Rory Hunter +Rory McCune +Ross Boucher +Rovanion Luckey +Rozhnov Alexandr +rsmoorthy +Rudolph Gottesheim +Rui Lopes +Ryan Anderson +Ryan Aslett +Ryan Belgrave +Ryan Detzel +Ryan Fowler +Ryan McLaughlin +Ryan O'Donnell +Ryan Seto +Ryan Thomas +Ryan Trauntvein +Ryan Wallner +RyanDeng +Rémy Greinhofer +s. rannou +s00318865 +Sabin Basyal +Sachin Joshi +Sagar Hani +Sainath Grandhi +Sally O'Malley +Sam Abed +Sam Alba +Sam Bailey +Sam J Sharpe +Sam Neirinck +Sam Reis +Sam Rijs +Sambuddha Basu +Sami Wagiaalla +Samuel Andaya +Samuel Dion-Girardeau +Samuel Karp +Samuel PHAN +Sankar சங்கர் +Sanket Saurav +Santhosh Manohar +sapphiredev +Satnam Singh +satoru +Satoshi Amemiya +scaleoutsean +Scott Bessler +Scott Collier +Scott Johnston +Scott Stamp +Scott Walls +sdreyesg +Sean Christopherson +Sean Cronin +Sean OMeara +Sean P. Kane +Sebastiaan van Steenis +Sebastiaan van Stijn +Senthil Kumar Selvaraj +Senthil Kumaran +SeongJae Park +Seongyeol Lim +Serge Hallyn +Sergey Alekseev +Sergey Evstifeev +Sevki Hasirci +Shane Canon +Shane da Silva +shaunol +Shawn Landden +Shawn Siefkas +Shekhar Gulati +Sheng Yang +Shengbo Song +Shih-Yuan Lee +Shijiang Wei +Shishir Mahajan +shuai-z +Shuwei Hao +Sian Lerk Lau +sidharthamani +Silas Sewell +Simei He +Simon Eskildsen +Simon Leinen +Simon Taranto +Sindhu S +Sjoerd Langkemper +Solganik Alexander +Solomon Hykes +Song Gao +Soshi Katsuta +Soulou +Spencer Brown +Spencer Smith +Sridatta Thatipamala +Sridhar Ratnakumar +Srini Brahmaroutu +srinsriv +Steeve Morin +Stefan Berger +Stefan J. Wernli +Stefan Praszalowicz +Stefan Scherer +Stefan Staudenmeyer +Stefan Weil +Stephen Crosby +Stephen Day +Stephen Rust +Steve Durrheimer +Steve Francia +Steve Koch +Steven Burgess +Steven Iveson +Steven Merrill +Steven Richards +Steven Taylor +Subhajit Ghosh +Sujith Haridasan +Suryakumar Sudar +Sven Dowideit +Swapnil Daingade +Sylvain Baubeau +Sylvain Bellemare +Sébastien +Sébastien Luttringer +Sébastien Stormacq +TAGOMORI Satoshi +tang0th +Tangi COLIN +Tatsuki Sugiura +Tatsushi Inagaki +Taylor Jones +tbonza +Ted M. Young +Tehmasp Chaudhri +Tejesh Mehta +terryding77 <550147740@qq.com> +tgic +Thatcher Peskens +theadactyl +Thell 'Bo' Fowler +Thermionix +Thijs Terlouw +Thomas Bikeev +Thomas Frössman +Thomas Gazagnaire +Thomas Grainger +Thomas Hansen +Thomas Leonard +Thomas LEVEIL +Thomas Orozco +Thomas Riccardi +Thomas Schroeter +Thomas Sjögren +Thomas Swift +Thomas Tanaka +Thomas Texier +Tianon Gravi +Tibor Vass +Tiffany Low +Tim Bosse +Tim Dettrick +Tim Düsterhus +Tim Hockin +Tim Ruffles +Tim Smith +Tim Terhorst +Tim Wang +Tim Waugh +Tim Wraight +Timothy Hobbs +tjwebb123 +tobe +Tobias Bieniek +Tobias Bradtke +Tobias Gesellchen +Tobias Klauser +Tobias Schmidt +Tobias Schwab +Todd Crane +Todd Lunter +Todd Whiteman +Toli Kuznets +Tom Barlow +Tom Denham +Tom Fotherby +Tom Howe +Tom Hulihan +Tom Maaswinkel +Tom X. Tobin +Tomas Tomecek +Tomasz Kopczynski +Tomasz Lipinski +Tomasz Nurkiewicz +Tommaso Visconti +Tomáš Hrčka +Tonis Tiigi +Tonny Xu +Tony Daws +Tony Miller +toogley +Torstein Husebø +tpng +tracylihui <793912329@qq.com> +Travis Cline +Travis Thieman +Trent Ogren +Trevor +Trevor Pounds +trishnaguha +Tristan Carel +Troy Denton +Tyler Brock +Tzu-Jung Lee +Tõnis Tiigi +Ulysse Carion +unknown +vagrant +Vaidas Jablonskis +Veres Lajos +vgeta +Victor Coisne +Victor Costan +Victor I. Wood +Victor Lyuboslavsky +Victor Marmol +Victor Palma +Victor Vieux +Victoria Bialas +Vijaya Kumar K +Viktor Stanchev +Viktor Vojnovski +VinayRaghavanKS +Vincent Batts +Vincent Bernat +Vincent Bernat +Vincent Demeester +Vincent Giersch +Vincent Mayers +Vincent Woo +Vinod Kulkarni +Vishal Doshi +Vishnu Kannan +Vitor Monteiro +Vivek Agarwal +Vivek Dasgupta +Vivek Goyal +Vladimir Bulyga +Vladimir Kirillov +Vladimir Rutsky +Vladimir Varankin +VladimirAus +Vojtech Vitek (V-Teq) +waitingkuo +Walter Leibbrandt +Walter Stanish +WANG Chao +Wang Xing +Ward Vandewege +WarheadsSE +Wayne Chang +Wei-Ting Kuo +weiyan +Weiyang Zhu +Wen Cheng Ma +Wendel Fleming +Wenxuan Zhao +Wenyu You <21551128@zju.edu.cn> +Wes Morgan +Will Dietz +Will Rouesnel +Will Weaver +willhf +William Delanoue +William Henry +William Hubbs +William Riancho +William Thurston +WiseTrem +wlan0 +Wolfgang Powisch +wonderflow +xamyzhao +XiaoBing Jiang +Xiaoxu Chen +xiekeyang +Xinzi Zhou +Xiuming Chen +xlgao-zju +xuzhaokui +Yahya +YAMADA Tsuyoshi +Yan Feng +Yang Bai +yangshukui +Yasunori Mahata +Yestin Sun +Yi EungJun +Yibai Zhang +Yihang Ho +Ying Li +Yohei Ueda +Yong Tang +Yongzhi Pan +yorkie +Youcef YEKHLEF +Yuan Sun +yuchangchun +yuchengxia +Yurii Rashkovskii +yuzou +Zac Dover +Zach Borboa +Zachary Jaffee +Zain Memon +Zaiste! +Zane DeGraffenried +Zefan Li +Zen Lin(Zhinan Lin) +Zhang Kun +Zhang Wei +Zhang Wentao +Zhenan Ye <21551168@zju.edu.cn> +Zhu Guihua +Zhuoyun Wei +Zilin Du +zimbatm +Ziming Dong +ZJUshuaizhou <21551191@zju.edu.cn> +zmarouf +Zoltan Tombol +zqh +Zuhayr Elahi +Zunayed Ali +Álex González +Álvaro Lázaro +Átila Camurça Alves +尹吉峰 +搏通 diff --git a/vendor/github.com/containers/storage/LICENSE b/vendor/github.com/containers/storage/LICENSE new file mode 100644 index 00000000000..8f3fee627a4 --- /dev/null +++ b/vendor/github.com/containers/storage/LICENSE @@ -0,0 +1,191 @@ + + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2013-2016 Docker, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/containers/storage/NOTICE b/vendor/github.com/containers/storage/NOTICE new file mode 100644 index 00000000000..8a37c1c7bc4 --- /dev/null +++ b/vendor/github.com/containers/storage/NOTICE @@ -0,0 +1,19 @@ +Docker +Copyright 2012-2016 Docker, Inc. + +This product includes software developed at Docker, Inc. (https://www.docker.com). + +This product contains software (https://github.com/kr/pty) developed +by Keith Rarick, licensed under the MIT License. + +The following is courtesy of our legal counsel: + + +Use and transfer of Docker may be subject to certain restrictions by the +United States and other governments. +It is your responsibility to ensure that your use and/or transfer does not +violate applicable laws. + +For more information, please see https://www.bis.doc.gov + +See also https://www.apache.org/dev/crypto.html and/or seek legal counsel. diff --git a/vendor/github.com/containers/storage/pkg/regexp/regexp.go b/vendor/github.com/containers/storage/pkg/regexp/regexp.go new file mode 100644 index 00000000000..1a3333dba26 --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/regexp/regexp.go @@ -0,0 +1,234 @@ +package regexp + +import ( + "io" + "regexp" + "sync" +) + +// Regexp is a wrapper struct used for wrapping MustCompile regex expressions +// used as global variables. Using this structure helps speed the startup time +// of apps that want to use global regex variables. This library initializes them on +// first use as opposed to the start of the executable. +type Regexp struct { + *regexpStruct +} + +type regexpStruct struct { + _ noCopy + once sync.Once + regexp *regexp.Regexp + val string +} + +func Delayed(val string) Regexp { + re := ®expStruct{ + val: val, + } + if precompile { + re.regexp = regexp.MustCompile(re.val) + } + return Regexp{re} +} + +func (re *regexpStruct) compile() { + if precompile { + return + } + re.once.Do(func() { + re.regexp = regexp.MustCompile(re.val) + }) +} + +func (re *regexpStruct) Expand(dst []byte, template []byte, src []byte, match []int) []byte { + re.compile() + return re.regexp.Expand(dst, template, src, match) +} + +func (re *regexpStruct) ExpandString(dst []byte, template string, src string, match []int) []byte { + re.compile() + return re.regexp.ExpandString(dst, template, src, match) +} + +func (re *regexpStruct) Find(b []byte) []byte { + re.compile() + return re.regexp.Find(b) +} + +func (re *regexpStruct) FindAll(b []byte, n int) [][]byte { + re.compile() + return re.regexp.FindAll(b, n) +} + +func (re *regexpStruct) FindAllIndex(b []byte, n int) [][]int { + re.compile() + return re.regexp.FindAllIndex(b, n) +} + +func (re *regexpStruct) FindAllString(s string, n int) []string { + re.compile() + return re.regexp.FindAllString(s, n) +} + +func (re *regexpStruct) FindAllStringIndex(s string, n int) [][]int { + re.compile() + return re.regexp.FindAllStringIndex(s, n) +} + +func (re *regexpStruct) FindAllStringSubmatch(s string, n int) [][]string { + re.compile() + return re.regexp.FindAllStringSubmatch(s, n) +} + +func (re *regexpStruct) FindAllStringSubmatchIndex(s string, n int) [][]int { + re.compile() + return re.regexp.FindAllStringSubmatchIndex(s, n) +} + +func (re *regexpStruct) FindAllSubmatch(b []byte, n int) [][][]byte { + re.compile() + return re.regexp.FindAllSubmatch(b, n) +} + +func (re *regexpStruct) FindAllSubmatchIndex(b []byte, n int) [][]int { + re.compile() + return re.regexp.FindAllSubmatchIndex(b, n) +} + +func (re *regexpStruct) FindIndex(b []byte) (loc []int) { + re.compile() + return re.regexp.FindIndex(b) +} + +func (re *regexpStruct) FindReaderIndex(r io.RuneReader) (loc []int) { + re.compile() + return re.regexp.FindReaderIndex(r) +} + +func (re *regexpStruct) FindReaderSubmatchIndex(r io.RuneReader) []int { + re.compile() + return re.regexp.FindReaderSubmatchIndex(r) +} + +func (re *regexpStruct) FindString(s string) string { + re.compile() + return re.regexp.FindString(s) +} + +func (re *regexpStruct) FindStringIndex(s string) (loc []int) { + re.compile() + return re.regexp.FindStringIndex(s) +} + +func (re *regexpStruct) FindStringSubmatch(s string) []string { + re.compile() + return re.regexp.FindStringSubmatch(s) +} + +func (re *regexpStruct) FindStringSubmatchIndex(s string) []int { + re.compile() + return re.regexp.FindStringSubmatchIndex(s) +} + +func (re *regexpStruct) FindSubmatch(b []byte) [][]byte { + re.compile() + return re.regexp.FindSubmatch(b) +} + +func (re *regexpStruct) FindSubmatchIndex(b []byte) []int { + re.compile() + return re.regexp.FindSubmatchIndex(b) +} + +func (re *regexpStruct) LiteralPrefix() (prefix string, complete bool) { + re.compile() + return re.regexp.LiteralPrefix() +} + +func (re *regexpStruct) Longest() { + re.compile() + re.regexp.Longest() +} + +func (re *regexpStruct) Match(b []byte) bool { + re.compile() + return re.regexp.Match(b) +} + +func (re *regexpStruct) MatchReader(r io.RuneReader) bool { + re.compile() + return re.regexp.MatchReader(r) +} + +func (re *regexpStruct) MatchString(s string) bool { + re.compile() + return re.regexp.MatchString(s) +} + +func (re *regexpStruct) NumSubexp() int { + re.compile() + return re.regexp.NumSubexp() +} + +func (re *regexpStruct) ReplaceAll(src, repl []byte) []byte { + re.compile() + return re.regexp.ReplaceAll(src, repl) +} + +func (re *regexpStruct) ReplaceAllFunc(src []byte, repl func([]byte) []byte) []byte { + re.compile() + return re.regexp.ReplaceAllFunc(src, repl) +} + +func (re *regexpStruct) ReplaceAllLiteral(src, repl []byte) []byte { + re.compile() + return re.regexp.ReplaceAllLiteral(src, repl) +} + +func (re *regexpStruct) ReplaceAllLiteralString(src, repl string) string { + re.compile() + return re.regexp.ReplaceAllLiteralString(src, repl) +} + +func (re *regexpStruct) ReplaceAllString(src, repl string) string { + re.compile() + return re.regexp.ReplaceAllString(src, repl) +} + +func (re *regexpStruct) ReplaceAllStringFunc(src string, repl func(string) string) string { + re.compile() + return re.regexp.ReplaceAllStringFunc(src, repl) +} + +func (re *regexpStruct) Split(s string, n int) []string { + re.compile() + return re.regexp.Split(s, n) +} + +func (re *regexpStruct) String() string { + re.compile() + return re.regexp.String() +} + +func (re *regexpStruct) SubexpIndex(name string) int { + re.compile() + return re.regexp.SubexpIndex(name) +} + +func (re *regexpStruct) SubexpNames() []string { + re.compile() + return re.regexp.SubexpNames() +} + +// noCopy may be added to structs which must not be copied +// after the first use. +// +// See https://golang.org/issues/8005#issuecomment-190753527 +// for details. +// +// Note that it must not be embedded, due to the Lock and Unlock methods. +type noCopy struct{} + +// Lock is a no-op used by -copylocks checker from `go vet`. +func (*noCopy) Lock() {} +func (*noCopy) Unlock() {} diff --git a/vendor/github.com/containers/storage/pkg/regexp/regexp_dontprecompile.go b/vendor/github.com/containers/storage/pkg/regexp/regexp_dontprecompile.go new file mode 100644 index 00000000000..834dd943377 --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/regexp/regexp_dontprecompile.go @@ -0,0 +1,6 @@ +//go:build !regexp_precompile +// +build !regexp_precompile + +package regexp + +const precompile = false diff --git a/vendor/github.com/containers/storage/pkg/regexp/regexp_precompile.go b/vendor/github.com/containers/storage/pkg/regexp/regexp_precompile.go new file mode 100644 index 00000000000..a5fe0dbc49a --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/regexp/regexp_precompile.go @@ -0,0 +1,6 @@ +//go:build regexp_precompile +// +build regexp_precompile + +package regexp + +const precompile = true diff --git a/vendor/github.com/go-openapi/errors/api.go b/vendor/github.com/go-openapi/errors/api.go index 77f1f92c5e3..c13f3435fa8 100644 --- a/vendor/github.com/go-openapi/errors/api.go +++ b/vendor/github.com/go-openapi/errors/api.go @@ -112,7 +112,7 @@ func flattenComposite(errs *CompositeError) *CompositeError { for _, er := range errs.Errors { switch e := er.(type) { case *CompositeError: - if len(e.Errors) > 0 { + if e != nil && len(e.Errors) > 0 { flat := flattenComposite(e) if len(flat.Errors) > 0 { res = append(res, flat.Errors...) diff --git a/vendor/github.com/go-openapi/strfmt/bson.go b/vendor/github.com/go-openapi/strfmt/bson.go index 8740b150599..a8a3604a2c3 100644 --- a/vendor/github.com/go-openapi/strfmt/bson.go +++ b/vendor/github.com/go-openapi/strfmt/bson.go @@ -142,7 +142,7 @@ func (id ObjectId) MarshalBSONValue() (bsontype.Type, []byte, error) { // BSON value representation of themselves. The BSON bytes and type can be // assumed to be valid. UnmarshalBSONValue must copy the BSON value bytes if it // wishes to retain the data after returning. -func (id *ObjectId) UnmarshalBSONValue(tpe bsontype.Type, data []byte) error { +func (id *ObjectId) UnmarshalBSONValue(_ bsontype.Type, data []byte) error { var oid bsonprim.ObjectID copy(oid[:], data) *id = ObjectId(oid) diff --git a/vendor/github.com/go-openapi/strfmt/time.go b/vendor/github.com/go-openapi/strfmt/time.go index 6f5a44bb7de..9bef4c3b335 100644 --- a/vendor/github.com/go-openapi/strfmt/time.go +++ b/vendor/github.com/go-openapi/strfmt/time.go @@ -133,13 +133,19 @@ func (t DateTime) String() string { } // IsZero returns whether the date time is a zero value -func (t DateTime) IsZero() bool { - return time.Time(t).IsZero() +func (t *DateTime) IsZero() bool { + if t == nil { + return true + } + return time.Time(*t).IsZero() } // IsUnixZerom returns whether the date time is equivalent to time.Unix(0, 0).UTC(). -func (t DateTime) IsUnixZero() bool { - return time.Time(t) == UnixZero +func (t *DateTime) IsUnixZero() bool { + if t == nil { + return true + } + return time.Time(*t).Equal(UnixZero) } // MarshalText implements the text marshaller interface diff --git a/vendor/github.com/go-openapi/swag/util.go b/vendor/github.com/go-openapi/swag/util.go index f78ab684a0a..d971fbe34b4 100644 --- a/vendor/github.com/go-openapi/swag/util.go +++ b/vendor/github.com/go-openapi/swag/util.go @@ -341,12 +341,21 @@ type zeroable interface { // IsZero returns true when the value passed into the function is a zero value. // This allows for safer checking of interface values. func IsZero(data interface{}) bool { + v := reflect.ValueOf(data) + // check for nil data + switch v.Kind() { + case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice: + if v.IsNil() { + return true + } + } + // check for things that have an IsZero method instead if vv, ok := data.(zeroable); ok { return vv.IsZero() } + // continue with slightly more complex reflection - v := reflect.ValueOf(data) switch v.Kind() { case reflect.String: return v.Len() == 0 @@ -358,14 +367,13 @@ func IsZero(data interface{}) bool { return v.Uint() == 0 case reflect.Float32, reflect.Float64: return v.Float() == 0 - case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice: - return v.IsNil() case reflect.Struct, reflect.Array: return reflect.DeepEqual(data, reflect.Zero(v.Type()).Interface()) case reflect.Invalid: return true + default: + return false } - return false } // AddInitialisms add additional initialisms diff --git a/vendor/github.com/gobuffalo/flect/README.md b/vendor/github.com/gobuffalo/flect/README.md index 2d9a1bd3b6a..14547e22771 100644 --- a/vendor/github.com/gobuffalo/flect/README.md +++ b/vendor/github.com/gobuffalo/flect/README.md @@ -1,25 +1,53 @@ # Flect -

-GoDoc -CI -Go Report Card -

+[![Go Reference](https://pkg.go.dev/badge/github.com/gobuffalo/flect.svg)](https://pkg.go.dev/github.com/gobuffalo/flect) +[![Standard Test](https://github.com/gobuffalo/flect/actions/workflows/standard-go-test.yml/badge.svg)](https://github.com/gobuffalo/flect/actions/workflows/standard-go-test.yml) +[![Go Report Card](https://goreportcard.com/badge/github.com/gobuffalo/flect)](https://goreportcard.com/report/github.com/gobuffalo/flect) This is a new inflection engine to replace [https://github.com/markbates/inflect](https://github.com/markbates/inflect) designed to be more modular, more readable, and easier to fix issues on than the original. +Flect provides word inflection features such as `Singularize` and `Pluralize` +for English nouns and text utility features such as `Camelize`, `Capitalize`, +`Humanize`, and more. + +Due to the flexibly-complex nature of English noun inflection, it is almost +impossible to cover all exceptions (such as identical/irregular plural). +With this reason along with the main purpose of Flect, which is to make it +easy to develop web application in Go, Flect has limitations with its own +rules. + +* It covers regular rule (adding -s or -es and of the word) +* It covers well-known irregular rules (such as -is to -es, -f to -ves, etc) + * https://en.wiktionary.org/wiki/Appendix:English_irregular_nouns#Rules +* It covers well-known irregular words (such as children, men, etc) +* If a word can be countable and uncountable like milk or time, it will be + treated as countable. +* If a word has more than one plural forms, which means it has at least one + irregular plural, we tried to find most popular one. (The selected plural + could be odd to you, please feel free to open an issue with back data) + * For example, we selected "stadiums" over "stadia", "dwarfs" over "dwarves" + * One or combination of en.wiktionary.org, britannica.com, and + trends.google.com are used to check the recent usage trends. +* However, we cannot cover all cases and some of our cases could not fit with + your situation. You can override the default with functions such as + `InsertPlural()`, `InsertSingular()`, or `LoadInfrections()`. +* If you have a json file named `inflections.json` in your application root, + the file will be automatically loaded as your custom inflection dictionary. + ## Installation -```bash -$ go get -u -v github.com/gobuffalo/flect +```console +$ go get github.com/gobuffalo/flect ``` -## `github.com/gobuffalo/flect` -GoDoc + +## Packages + +### `github.com/gobuffalo/flect` The `github.com/gobuffalo/flect` package contains "basic" inflection tools, like pluralization, singularization, etc... -### The `Ident` Type +#### The `Ident` Type In addition to helpful methods that take in a `string` and return a `string`, there is an `Ident` type that can be used to create new, custom, inflection rules. @@ -30,7 +58,6 @@ The `Ident` type contains two fields. Examples of creating new inflection rules using `Ident` can be found in the `github.com/gobuffalo/flect/name` package. -## `github.com/gobuffalo/flect/name` -GoDoc +### `github.com/gobuffalo/flect/name` The `github.com/gobuffalo/flect/name` package contains more "business" inflection rules like creating proper names, table names, etc... diff --git a/vendor/github.com/gobuffalo/flect/SHOULDERS.md b/vendor/github.com/gobuffalo/flect/SHOULDERS.md index 8c359f157e6..75222c6bc79 100644 --- a/vendor/github.com/gobuffalo/flect/SHOULDERS.md +++ b/vendor/github.com/gobuffalo/flect/SHOULDERS.md @@ -1,10 +1,12 @@ -# github.com/gobuffalo/flect Stands on the Shoulders of Giants +# Flect Stands on the Shoulders of Giants -github.com/gobuffalo/flect does not try to reinvent the wheel! Instead, it uses the already great wheels developed by the Go community and puts them all together in the best way possible. Without these giants, this project would not be possible. Please make sure to check them out and thank them for all of their hard work. +Flect does not try to reinvent the wheel! Instead, it uses the already great wheels developed by the Go community and puts them all together in the best way possible. Without these giants, this project would not be possible. Please make sure to check them out and thank them for all of their hard work. Thank you to the following **GIANTS**: - * [github.com/davecgh/go-spew](https://godoc.org/github.com/davecgh/go-spew) - +* [github.com/pmezard/go-difflib](https://godoc.org/github.com/pmezard/go-difflib) +* [github.com/stretchr/objx](https://godoc.org/github.com/stretchr/objx) * [github.com/stretchr/testify](https://godoc.org/github.com/stretchr/testify) +* [gopkg.in/check.v1](https://godoc.org/gopkg.in/check.v1) +* [gopkg.in/yaml.v3](https://godoc.org/gopkg.in/yaml.v3) diff --git a/vendor/github.com/gobuffalo/flect/humanize.go b/vendor/github.com/gobuffalo/flect/humanize.go index 6a0b75af7bf..311c8beed4a 100644 --- a/vendor/github.com/gobuffalo/flect/humanize.go +++ b/vendor/github.com/gobuffalo/flect/humanize.go @@ -22,13 +22,9 @@ func (i Ident) Humanize() Ident { return New("") } - var parts []string - for index, part := range i.Parts { - if index == 0 { - part = strings.Title(i.Parts[0]) - } - - parts = xappend(parts, part) + parts := xappend([]string{}, Titleize(i.Parts[0])) + if len(i.Parts) > 1 { + parts = xappend(parts, i.Parts[1:]...) } return New(strings.Join(parts, " ")) diff --git a/vendor/github.com/gobuffalo/flect/plural_rules.go b/vendor/github.com/gobuffalo/flect/plural_rules.go index 7205ec028a1..3904e79744f 100644 --- a/vendor/github.com/gobuffalo/flect/plural_rules.go +++ b/vendor/github.com/gobuffalo/flect/plural_rules.go @@ -1,17 +1,24 @@ package flect +import "fmt" + var pluralRules = []rule{} // AddPlural adds a rule that will replace the given suffix with the replacement suffix. +// The name is confusing. This function will be deprecated in the next release. func AddPlural(suffix string, repl string) { + InsertPluralRule(suffix, repl) +} + +// InsertPluralRule inserts a rule that will replace the given suffix with +// the repl(acement) at the begining of the list of the pluralize rules. +func InsertPluralRule(suffix, repl string) { pluralMoot.Lock() defer pluralMoot.Unlock() + pluralRules = append([]rule{{ suffix: suffix, - fn: func(s string) string { - s = s[:len(s)-len(suffix)] - return s + repl - }, + fn: simpleRuleFunc(suffix, repl), }}, pluralRules...) pluralRules = append([]rule{{ @@ -20,136 +27,229 @@ func AddPlural(suffix string, repl string) { }}, pluralRules...) } -var singleToPlural = map[string]string{ - "aircraft": "aircraft", - "alias": "aliases", - "alumna": "alumnae", - "alumnus": "alumni", - "analysis": "analyses", - "antenna": "antennas", - "antithesis": "antitheses", - "apex": "apexes", - "appendix": "appendices", - "axis": "axes", - "bacillus": "bacilli", - "bacterium": "bacteria", - "basis": "bases", - "beau": "beaus", - "bison": "bison", - "bureau": "bureaus", - "bus": "buses", - "campus": "campuses", - "caucus": "caucuses", - "child": "children", - "château": "châteaux", - "circus": "circuses", - "codex": "codices", - "concerto": "concertos", - "corpus": "corpora", - "crisis": "crises", - "criterion": "criteria", - "curriculum": "curriculums", - "datum": "data", - "deer": "deer", - "diagnosis": "diagnoses", - "die": "dice", - "dwarf": "dwarves", - "ellipsis": "ellipses", - "equipment": "equipment", - "erratum": "errata", - "fez": "fezzes", - "fish": "fish", - "focus": "foci", - "foo": "foos", - "foot": "feet", - "formula": "formulas", - "fungus": "fungi", - "genus": "genera", - "goose": "geese", - "graffito": "graffiti", - "grouse": "grouse", - "half": "halves", - "halo": "halos", - "hoof": "hooves", - "human": "humans", - "hypothesis": "hypotheses", - "index": "indices", - "information": "information", - "jeans": "jeans", - "larva": "larvae", - "libretto": "librettos", - "loaf": "loaves", - "locus": "loci", - "louse": "lice", - "matrix": "matrices", - "medium": "media", - "minutia": "minutiae", - "money": "money", - "moose": "moose", - "mouse": "mice", - "nebula": "nebulae", - "news": "news", - "nucleus": "nuclei", - "oasis": "oases", - "octopus": "octopi", - "offspring": "offspring", - "opus": "opera", - "ovum": "ova", - "ox": "oxen", - "parenthesis": "parentheses", - "person": "people", - "phenomenon": "phenomena", - "photo": "photos", - "phylum": "phyla", - "piano": "pianos", - "plus": "pluses", - "police": "police", - "prognosis": "prognoses", - "prometheus": "prometheuses", - "quiz": "quizzes", - "quota": "quotas", - "radius": "radiuses", - "referendum": "referendums", - "ress": "resses", - "rice": "rice", - "salmon": "salmon", - "sex": "sexes", - "series": "series", - "sheep": "sheep", - "shoe": "shoes", - "shrimp": "shrimp", - "species": "species", - "stimulus": "stimuli", - "stratum": "strata", - "swine": "swine", - "syllabus": "syllabi", - "symposium": "symposiums", - "synapse": "synapses", - "synopsis": "synopses", - "tableau": "tableaus", - "testis": "testes", - "thesis": "theses", - "thief": "thieves", - "tooth": "teeth", - "trout": "trout", - "tuna": "tuna", - "vedalia": "vedalias", - "vertebra": "vertebrae", - "vertix": "vertices", - "vita": "vitae", - "vortex": "vortices", - "wharf": "wharves", - "wife": "wives", - "woman": "women", - "wolf": "wolves", - "you": "you", +type word struct { + singular string + plural string + alternative string + unidirectional bool // plural to singular is not possible (or bad) + uncountable bool + exact bool +} + +// dictionary is the main table for singularize and pluralize. +// All words in the dictionary will be added to singleToPlural, pluralToSingle +// and singlePluralAssertions by init() functions. +var dictionary = []word{ + // identicals https://en.wikipedia.org/wiki/English_plurals#Nouns_with_identical_singular_and_plural + {singular: "aircraft", plural: "aircraft"}, + {singular: "beef", plural: "beef", alternative: "beefs"}, + {singular: "bison", plural: "bison"}, + {singular: "blues", plural: "blues", unidirectional: true}, + {singular: "chassis", plural: "chassis"}, + {singular: "deer", plural: "deer"}, + {singular: "fish", plural: "fish", alternative: "fishes"}, + {singular: "moose", plural: "moose"}, + {singular: "police", plural: "police"}, + {singular: "salmon", plural: "salmon", alternative: "salmons"}, + {singular: "series", plural: "series"}, + {singular: "sheep", plural: "sheep"}, + {singular: "shrimp", plural: "shrimp", alternative: "shrimps"}, + {singular: "species", plural: "species"}, + {singular: "swine", plural: "swine", alternative: "swines"}, + {singular: "trout", plural: "trout", alternative: "trouts"}, + {singular: "tuna", plural: "tuna", alternative: "tunas"}, + {singular: "you", plural: "you"}, + // -en https://en.wikipedia.org/wiki/English_plurals#Plurals_in_-(e)n + {singular: "child", plural: "children"}, + {singular: "ox", plural: "oxen", exact: true}, + // apophonic https://en.wikipedia.org/wiki/English_plurals#Apophonic_plurals + {singular: "foot", plural: "feet"}, + {singular: "goose", plural: "geese"}, + {singular: "man", plural: "men"}, + {singular: "human", plural: "humans"}, // not humen + {singular: "louse", plural: "lice", exact: true}, + {singular: "mouse", plural: "mice"}, + {singular: "tooth", plural: "teeth"}, + {singular: "woman", plural: "women"}, + // misc https://en.wikipedia.org/wiki/English_plurals#Miscellaneous_irregular_plurals + {singular: "die", plural: "dice", exact: true}, + {singular: "person", plural: "people"}, + + // Words from French that end in -u add an x; in addition to eau to eaux rule + {singular: "adieu", plural: "adieux", alternative: "adieus"}, + {singular: "fabliau", plural: "fabliaux"}, + {singular: "bureau", plural: "bureaus", alternative: "bureaux"}, // popular + + // Words from Greek that end in -on change -on to -a; in addition to hedron rule + {singular: "criterion", plural: "criteria"}, + {singular: "ganglion", plural: "ganglia", alternative: "ganglions"}, + {singular: "lexicon", plural: "lexica", alternative: "lexicons"}, + {singular: "mitochondrion", plural: "mitochondria", alternative: "mitochondrions"}, + {singular: "noumenon", plural: "noumena"}, + {singular: "phenomenon", plural: "phenomena"}, + {singular: "taxon", plural: "taxa"}, + + // Words from Latin that end in -um change -um to -a; in addition to some rules + {singular: "media", plural: "media"}, // popular case: media -> media + {singular: "medium", plural: "media", alternative: "mediums", unidirectional: true}, + {singular: "stadium", plural: "stadiums", alternative: "stadia"}, + {singular: "aquarium", plural: "aquaria", alternative: "aquariums"}, + {singular: "auditorium", plural: "auditoria", alternative: "auditoriums"}, + {singular: "symposium", plural: "symposia", alternative: "symposiums"}, + {singular: "curriculum", plural: "curriculums", alternative: "curricula"}, // ulum + {singular: "quota", plural: "quotas"}, + + // Words from Latin that end in -us change -us to -i or -era + {singular: "alumnus", plural: "alumni", alternative: "alumnuses"}, // -i + {singular: "bacillus", plural: "bacilli"}, + {singular: "cactus", plural: "cacti", alternative: "cactuses"}, + {singular: "coccus", plural: "cocci"}, + {singular: "focus", plural: "foci", alternative: "focuses"}, + {singular: "locus", plural: "loci", alternative: "locuses"}, + {singular: "nucleus", plural: "nuclei", alternative: "nucleuses"}, + {singular: "octopus", plural: "octupuses", alternative: "octopi"}, + {singular: "radius", plural: "radii", alternative: "radiuses"}, + {singular: "syllabus", plural: "syllabi"}, + {singular: "corpus", plural: "corpora", alternative: "corpuses"}, // -ra + {singular: "genus", plural: "genera"}, + + // Words from Latin that end in -a change -a to -ae + {singular: "alumna", plural: "alumnae"}, + {singular: "vertebra", plural: "vertebrae"}, + {singular: "differentia", plural: "differentiae"}, // -tia + {singular: "minutia", plural: "minutiae"}, + {singular: "vita", plural: "vitae"}, // -ita + {singular: "larva", plural: "larvae"}, // -va + {singular: "postcava", plural: "postcavae"}, + {singular: "praecava", plural: "praecavae"}, + {singular: "uva", plural: "uvae"}, + + // Words from Latin that end in -ex change -ex to -ices + {singular: "apex", plural: "apices", alternative: "apexes"}, + {singular: "codex", plural: "codices", alternative: "codexes"}, + {singular: "index", plural: "indices", alternative: "indexes"}, + {singular: "latex", plural: "latices", alternative: "latexes"}, + {singular: "vertex", plural: "vertices", alternative: "vertexes"}, + {singular: "vortex", plural: "vortices", alternative: "vortexes"}, + + // Words from Latin that end in -ix change -ix to -ices (eg, matrix becomes matrices) + {singular: "appendix", plural: "appendices", alternative: "appendixes"}, + {singular: "radix", plural: "radices", alternative: "radixes"}, + {singular: "helix", plural: "helices", alternative: "helixes"}, + + // Words from Latin that end in -is change -is to -es + {singular: "axis", plural: "axes", exact: true}, + {singular: "crisis", plural: "crises"}, + {singular: "ellipsis", plural: "ellipses", unidirectional: true}, // ellipse + {singular: "genesis", plural: "geneses"}, + {singular: "oasis", plural: "oases"}, + {singular: "thesis", plural: "theses"}, + {singular: "testis", plural: "testes"}, + {singular: "base", plural: "bases"}, // popular case + {singular: "basis", plural: "bases", unidirectional: true}, + + {singular: "alias", plural: "aliases", exact: true}, // no alia, no aliasis + {singular: "vedalia", plural: "vedalias"}, // no vedalium, no vedaliases + + // Words that end in -ch, -o, -s, -sh, -x, -z (can be conflict with the others) + {singular: "use", plural: "uses", exact: true}, // us vs use + {singular: "abuse", plural: "abuses"}, + {singular: "cause", plural: "causes"}, + {singular: "clause", plural: "clauses"}, + {singular: "cruse", plural: "cruses"}, + {singular: "excuse", plural: "excuses"}, + {singular: "fuse", plural: "fuses"}, + {singular: "house", plural: "houses"}, + {singular: "misuse", plural: "misuses"}, + {singular: "muse", plural: "muses"}, + {singular: "pause", plural: "pauses"}, + {singular: "ache", plural: "aches"}, + {singular: "topaz", plural: "topazes"}, + {singular: "buffalo", plural: "buffaloes", alternative: "buffalos"}, + {singular: "potato", plural: "potatoes"}, + {singular: "tomato", plural: "tomatoes"}, + + // uncountables + {singular: "equipment", uncountable: true}, + {singular: "information", uncountable: true}, + {singular: "jeans", uncountable: true}, + {singular: "money", uncountable: true}, + {singular: "news", uncountable: true}, + {singular: "rice", uncountable: true}, + + // exceptions: -f to -ves, not -fe + {singular: "dwarf", plural: "dwarfs", alternative: "dwarves"}, + {singular: "hoof", plural: "hoofs", alternative: "hooves"}, + {singular: "thief", plural: "thieves"}, + // exceptions: instead of -f(e) to -ves + {singular: "chive", plural: "chives"}, + {singular: "hive", plural: "hives"}, + {singular: "move", plural: "moves"}, + + // exceptions: instead of -y to -ies + {singular: "movie", plural: "movies"}, + {singular: "cookie", plural: "cookies"}, + + // exceptions: instead of -um to -a + {singular: "pretorium", plural: "pretoriums"}, + {singular: "agenda", plural: "agendas"}, // instead of plural of agendum + // exceptions: instead of -um to -a (chemical element names) + + // Words from Latin that end in -a change -a to -ae + {singular: "formula", plural: "formulas", alternative: "formulae"}, // also -um/-a + + // exceptions: instead of -o to -oes + {singular: "shoe", plural: "shoes"}, + {singular: "toe", plural: "toes", exact: true}, + {singular: "graffiti", plural: "graffiti"}, + + // abbreviations + {singular: "ID", plural: "IDs", exact: true}, } +// singleToPlural is the highest priority map for Pluralize(). +// singularToPluralSuffixList is used to build pluralRules for suffixes and +// compound words. +var singleToPlural = map[string]string{} + +// pluralToSingle is the highest priority map for Singularize(). +// singularToPluralSuffixList is used to build singularRules for suffixes and +// compound words. var pluralToSingle = map[string]string{} +// NOTE: This map should not be built as reverse map of singleToPlural since +// there are words that has the same plurals. + +// build singleToPlural and pluralToSingle with dictionary func init() { - for k, v := range singleToPlural { - pluralToSingle[v] = k + for _, wd := range dictionary { + if singleToPlural[wd.singular] != "" { + panic(fmt.Errorf("map singleToPlural already has an entry for %s", wd.singular)) + } + + if wd.uncountable && wd.plural == "" { + wd.plural = wd.singular + } + + if wd.plural == "" { + panic(fmt.Errorf("plural for %s is not provided", wd.singular)) + } + + singleToPlural[wd.singular] = wd.plural + + if !wd.unidirectional { + if pluralToSingle[wd.plural] != "" { + panic(fmt.Errorf("map pluralToSingle already has an entry for %s", wd.plural)) + } + pluralToSingle[wd.plural] = wd.singular + + if wd.alternative != "" { + if pluralToSingle[wd.alternative] != "" { + panic(fmt.Errorf("map pluralToSingle already has an entry for %s", wd.alternative)) + } + pluralToSingle[wd.alternative] = wd.singular + } + } } } @@ -158,129 +258,160 @@ type singularToPluralSuffix struct { plural string } +// singularToPluralSuffixList is a list of "bidirectional" suffix rules for +// the irregular plurals follow such rules. +// +// NOTE: IMPORTANT! The order of items in this list is the rule priority, not +// alphabet order. The first match will be used to inflect. var singularToPluralSuffixList = []singularToPluralSuffix{ - {"campus", "campuses"}, - {"person", "people"}, - {"phylum", "phyla"}, - {"randum", "randa"}, - {"actus", "acti"}, - {"adium", "adia"}, - {"basis", "basis"}, - {"child", "children"}, - {"chive", "chives"}, - {"focus", "foci"}, - {"genus", "genera"}, - {"hello", "hellos"}, - {"jeans", "jeans"}, - {"louse", "lice"}, - {"media", "media"}, - {"mouse", "mice"}, - {"movie", "movies"}, - {"oasis", "oasis"}, - {"atum", "ata"}, - {"atus", "atuses"}, - {"base", "bases"}, - {"cess", "cesses"}, - {"dium", "diums"}, - {"eses", "esis"}, - {"half", "halves"}, - {"hive", "hives"}, - {"iano", "ianos"}, - {"irus", "iri"}, - {"isis", "ises"}, - {"leus", "li"}, - {"mnus", "mni"}, - {"move", "moves"}, - {"news", "news"}, - {"odex", "odice"}, - {"oose", "eese"}, - {"ouse", "ouses"}, - {"ovum", "ova"}, - {"shoe", "shoes"}, - {"stis", "stes"}, - {"tive", "tives"}, - {"vice", "vices"}, - {"wife", "wives"}, - {"afe", "aves"}, - {"bfe", "bves"}, - {"box", "boxes"}, - {"cfe", "cves"}, - {"dfe", "dves"}, - {"dge", "dges"}, - {"efe", "eves"}, - {"gfe", "gves"}, - {"hfe", "hves"}, - {"ife", "ives"}, - {"itz", "itzes"}, - {"ium", "ia"}, - {"ize", "izes"}, - {"jfe", "jves"}, - {"kfe", "kves"}, - {"man", "men"}, - {"mfe", "mves"}, - {"nfe", "nves"}, - {"nna", "nnas"}, + // https://en.wiktionary.org/wiki/Appendix:English_irregular_nouns#Rules + // Words that end in -f or -fe change -f or -fe to -ves + {"tive", "tives"}, // exception + {"eaf", "eaves"}, {"oaf", "oaves"}, - {"oci", "ocus"}, - {"ode", "odes"}, - {"ofe", "oves"}, - {"pfe", "pves"}, - {"qfe", "qves"}, - {"quy", "quies"}, + {"afe", "aves"}, + {"arf", "arves"}, {"rfe", "rves"}, - {"sfe", "sves"}, - {"tfe", "tves"}, - {"tum", "ta"}, - {"tus", "tuses"}, - {"ufe", "uves"}, - {"ula", "ulae"}, - {"ula", "ulas"}, - {"uli", "ulus"}, - {"use", "uses"}, - {"uss", "usses"}, - {"vfe", "vves"}, - {"wfe", "wves"}, - {"xfe", "xves"}, - {"yfe", "yves"}, - {"you", "you"}, - {"zfe", "zves"}, - {"by", "bies"}, + {"rf", "rves"}, + {"lf", "lves"}, + {"fe", "ves"}, // previously '[a-eg-km-z]fe' TODO: regex support + + // Words that end in -y preceded by a consonant change -y to -ies + {"ay", "ays"}, + {"ey", "eys"}, + {"oy", "oys"}, + {"quy", "quies"}, + {"uy", "uys"}, + {"y", "ies"}, // '[^aeiou]y' + + // Words from French that end in -u add an x (eg, château becomes châteaux) + {"eau", "eaux"}, // it seems like 'eau' is the most popular form of this rule + + // Words from Latin that end in -a change -a to -ae; before -on to -a and -um to -a + {"bula", "bulae"}, + {"dula", "bulae"}, + {"lula", "bulae"}, + {"nula", "bulae"}, + {"vula", "bulae"}, + + // Words from Greek that end in -on change -on to -a (eg, polyhedron becomes polyhedra) + // https://en.wiktionary.org/wiki/Category:English_irregular_plurals_ending_in_"-a" + {"hedron", "hedra"}, + + // Words from Latin that end in -um change -um to -a (eg, minimum becomes minima) + // https://en.wiktionary.org/wiki/Category:English_irregular_plurals_ending_in_"-a" + {"ium", "ia"}, // some exceptions especially chemical element names + {"seum", "seums"}, + {"eum", "ea"}, + {"oum", "oa"}, + {"stracum", "straca"}, + {"dum", "da"}, + {"elum", "ela"}, + {"ilum", "ila"}, + {"olum", "ola"}, + {"ulum", "ula"}, + {"llum", "lla"}, + {"ylum", "yla"}, + {"imum", "ima"}, + {"ernum", "erna"}, + {"gnum", "gna"}, + {"brum", "bra"}, + {"crum", "cra"}, + {"terum", "tera"}, + {"serum", "sera"}, + {"trum", "tra"}, + {"antum", "anta"}, + {"atum", "ata"}, + {"entum", "enta"}, + {"etum", "eta"}, + {"itum", "ita"}, + {"otum", "ota"}, + {"utum", "uta"}, + {"ctum", "cta"}, + {"ovum", "ova"}, + + // Words from Latin that end in -us change -us to -i or -era + // not easy to make a simple rule. just add them all to the dictionary + + // Words from Latin that end in -ex change -ex to -ices (eg, vortex becomes vortices) + // Words from Latin that end in -ix change -ix to -ices (eg, matrix becomes matrices) + // for example, -dix, -dex, and -dice will have the same plural form so + // making a simple rule is not possible for them + {"trix", "trices"}, // ignore a few words end in trice + + // Words from Latin that end in -is change -is to -es (eg, thesis becomes theses) + // -sis and -se has the same plural -ses so making a rule is not easy too. + {"iasis", "iases"}, + {"mesis", "meses"}, + {"kinesis", "kineses"}, + {"resis", "reses"}, + {"gnosis", "gnoses"}, // e.g. diagnosis + {"opsis", "opses"}, // e.g. synopsis + {"ysis", "yses"}, // e.g. analysis + + // Words that end in -ch, -o, -s, -sh, -x, -z + {"ouse", "ouses"}, + {"lause", "lauses"}, + {"us", "uses"}, // use/uses is in the dictionary + {"ch", "ches"}, - {"cy", "cies"}, - {"dy", "dies"}, - {"ex", "ices"}, - {"fy", "fies"}, - {"gy", "gies"}, - {"hy", "hies"}, {"io", "ios"}, - {"jy", "jies"}, - {"ky", "kies"}, - {"lf", "lves"}, - {"ly", "lies"}, - {"my", "mies"}, - {"ny", "nies"}, - {"py", "pies"}, - {"qy", "qies"}, - {"rf", "rves"}, - {"ry", "ries"}, {"sh", "shes"}, {"ss", "sses"}, - {"sy", "sies"}, - {"ty", "ties"}, + {"ez", "ezzes"}, + {"iz", "izzes"}, {"tz", "tzes"}, - {"va", "vae"}, - {"vy", "vies"}, - {"wy", "wies"}, - {"xy", "xies"}, - {"zy", "zies"}, {"zz", "zzes"}, + {"ano", "anos"}, + {"lo", "los"}, + {"to", "tos"}, + {"oo", "oos"}, {"o", "oes"}, {"x", "xes"}, + + // for abbreviations + {"S", "Ses"}, + + // excluded rules: seems rare + // Words from Hebrew that add -im or -ot (eg, cherub becomes cherubim) + // - cherub (cherubs or cherubim), seraph (seraphs or seraphim) + // Words from Greek that end in -ma change -ma to -mata + // - The most of words end in -ma are in this category but it looks like + // just adding -s is more popular. + // Words from Latin that end in -nx change -nx to -nges + // - The most of words end in -nx are in this category but it looks like + // just adding -es is more popular. (sphinxes) + + // excluded rules: don't care at least for now: + // Words that end in -ful that add an s after the -ful + // Words that end in -s or -ese denoting a national of a particular country + // Symbols or letters, which often add -'s } func init() { for i := len(singularToPluralSuffixList) - 1; i >= 0; i-- { - AddPlural(singularToPluralSuffixList[i].singular, singularToPluralSuffixList[i].plural) - AddSingular(singularToPluralSuffixList[i].plural, singularToPluralSuffixList[i].singular) + InsertPluralRule(singularToPluralSuffixList[i].singular, singularToPluralSuffixList[i].plural) + InsertSingularRule(singularToPluralSuffixList[i].plural, singularToPluralSuffixList[i].singular) + } + + // build pluralRule and singularRule with dictionary for compound words + for _, wd := range dictionary { + if wd.exact { + continue + } + + if wd.uncountable && wd.plural == "" { + wd.plural = wd.singular + } + + InsertPluralRule(wd.singular, wd.plural) + + if !wd.unidirectional { + InsertSingularRule(wd.plural, wd.singular) + + if wd.alternative != "" { + InsertSingularRule(wd.alternative, wd.singular) + } + } } } diff --git a/vendor/github.com/gobuffalo/flect/pluralize.go b/vendor/github.com/gobuffalo/flect/pluralize.go index 88f9ec55454..d0ac77d3fc1 100644 --- a/vendor/github.com/gobuffalo/flect/pluralize.go +++ b/vendor/github.com/gobuffalo/flect/pluralize.go @@ -38,18 +38,28 @@ func (i Ident) Pluralize() Ident { pluralMoot.RLock() defer pluralMoot.RUnlock() + // check if the Original has an explicit entry in the map + if p, ok := singleToPlural[i.Original]; ok { + return i.ReplaceSuffix(i.Original, p) + } + if _, ok := pluralToSingle[i.Original]; ok { + return i + } + ls := strings.ToLower(s) if _, ok := pluralToSingle[ls]; ok { return i } + if p, ok := singleToPlural[ls]; ok { if s == Capitalize(s) { p = Capitalize(p) } return i.ReplaceSuffix(s, p) } + for _, r := range pluralRules { - if strings.HasSuffix(ls, r.suffix) { + if strings.HasSuffix(s, r.suffix) { return i.ReplaceSuffix(s, r.fn(s)) } } diff --git a/vendor/github.com/gobuffalo/flect/rule.go b/vendor/github.com/gobuffalo/flect/rule.go index dc616b337dd..5428e6ed01f 100644 --- a/vendor/github.com/gobuffalo/flect/rule.go +++ b/vendor/github.com/gobuffalo/flect/rule.go @@ -7,4 +7,11 @@ type rule struct { fn ruleFn } +func simpleRuleFunc(suffix, repl string) func(string) string { + return func(s string) string { + s = s[:len(s)-len(suffix)] + return s + repl + } +} + func noop(s string) string { return s } diff --git a/vendor/github.com/gobuffalo/flect/singular_rules.go b/vendor/github.com/gobuffalo/flect/singular_rules.go index 9b85a873b98..d59307b73cb 100644 --- a/vendor/github.com/gobuffalo/flect/singular_rules.go +++ b/vendor/github.com/gobuffalo/flect/singular_rules.go @@ -3,21 +3,24 @@ package flect var singularRules = []rule{} // AddSingular adds a rule that will replace the given suffix with the replacement suffix. +// The name is confusing. This function will be deprecated in the next release. func AddSingular(ext string, repl string) { + InsertSingularRule(ext, repl) +} + +// InsertSingularRule inserts a rule that will replace the given suffix with +// the repl(acement) at the beginning of the list of the singularize rules. +func InsertSingularRule(suffix, repl string) { singularMoot.Lock() defer singularMoot.Unlock() + singularRules = append([]rule{{ - suffix: ext, - fn: func(s string) string { - s = s[:len(s)-len(ext)] - return s + repl - }, + suffix: suffix, + fn: simpleRuleFunc(suffix, repl), }}, singularRules...) singularRules = append([]rule{{ suffix: repl, - fn: func(s string) string { - return s - }, + fn: noop, }}, singularRules...) } diff --git a/vendor/github.com/gobuffalo/flect/singularize.go b/vendor/github.com/gobuffalo/flect/singularize.go index 244e382c3c3..d00cf4f1e47 100644 --- a/vendor/github.com/gobuffalo/flect/singularize.go +++ b/vendor/github.com/gobuffalo/flect/singularize.go @@ -19,10 +19,7 @@ func Singularize(s string) string { // SingularizeWithSize("user", 1) = user // SingularizeWithSize("user", 2) = users func SingularizeWithSize(s string, i int) string { - if i == 1 || i == -1 { - return New(s).Singularize().String() - } - return New(s).Pluralize().String() + return PluralizeWithSize(s, i) } // Singularize returns a singular version of the string @@ -38,6 +35,14 @@ func (i Ident) Singularize() Ident { singularMoot.RLock() defer singularMoot.RUnlock() + // check if the Original has an explicit entry in the map + if p, ok := pluralToSingle[i.Original]; ok { + return i.ReplaceSuffix(i.Original, p) + } + if _, ok := singleToPlural[i.Original]; ok { + return i + } + ls := strings.ToLower(s) if p, ok := pluralToSingle[ls]; ok { if s == Capitalize(s) { @@ -45,11 +50,13 @@ func (i Ident) Singularize() Ident { } return i.ReplaceSuffix(s, p) } + if _, ok := singleToPlural[ls]; ok { return i } + for _, r := range singularRules { - if strings.HasSuffix(ls, r.suffix) { + if strings.HasSuffix(s, r.suffix) { return i.ReplaceSuffix(s, r.fn(s)) } } @@ -57,5 +64,6 @@ func (i Ident) Singularize() Ident { if strings.HasSuffix(s, "s") { return i.ReplaceSuffix("s", "") } + return i } diff --git a/vendor/github.com/gobuffalo/flect/titleize.go b/vendor/github.com/gobuffalo/flect/titleize.go index cbbf08a5aa2..0878ada8de7 100644 --- a/vendor/github.com/gobuffalo/flect/titleize.go +++ b/vendor/github.com/gobuffalo/flect/titleize.go @@ -19,12 +19,20 @@ func Titleize(s string) string { // "This is `code` ok" = "This Is `code` OK" func (i Ident) Titleize() Ident { var parts []string + + // TODO: we need to reconsider the design. + // this approach preserves inline code block as is but it also + // preserves the other words start with a special character. + // I would prefer: "*wonderful* world" to be "*Wonderful* World" for _, part := range i.Parts { - x := string(unicode.ToTitle(rune(part[0]))) - if len(part) > 1 { - x += part[1:] + // CAUTION: in unicode, []rune(str)[0] is not rune(str[0]) + runes := []rune(part) + x := string(unicode.ToTitle(runes[0])) + if len(runes) > 1 { + x += string(runes[1:]) } parts = append(parts, x) } + return New(strings.Join(parts, " ")) } diff --git a/vendor/github.com/gobuffalo/flect/version.go b/vendor/github.com/gobuffalo/flect/version.go index 9624d5df2d0..79486ed2c2c 100644 --- a/vendor/github.com/gobuffalo/flect/version.go +++ b/vendor/github.com/gobuffalo/flect/version.go @@ -1,4 +1,4 @@ package flect //Version holds Flect version number -const Version = "v0.1.6" +const Version = "v1.0.0" diff --git a/vendor/github.com/moby/term/doc.go b/vendor/github.com/moby/term/doc.go new file mode 100644 index 00000000000..c9bc0324435 --- /dev/null +++ b/vendor/github.com/moby/term/doc.go @@ -0,0 +1,3 @@ +// Package term provides structures and helper functions to work with +// terminal (state, sizes). +package term diff --git a/vendor/github.com/moby/term/tc.go b/vendor/github.com/moby/term/tc.go deleted file mode 100644 index 8a5e09f5849..00000000000 --- a/vendor/github.com/moby/term/tc.go +++ /dev/null @@ -1,20 +0,0 @@ -//go:build !windows -// +build !windows - -package term - -import ( - "golang.org/x/sys/unix" -) - -func tcget(fd uintptr) (*Termios, error) { - p, err := unix.IoctlGetTermios(int(fd), getTermios) - if err != nil { - return nil, err - } - return p, nil -} - -func tcset(fd uintptr, p *Termios) error { - return unix.IoctlSetTermios(int(fd), setTermios, p) -} diff --git a/vendor/github.com/moby/term/term.go b/vendor/github.com/moby/term/term.go index 2dd3d090dff..f9d8988ef88 100644 --- a/vendor/github.com/moby/term/term.go +++ b/vendor/github.com/moby/term/term.go @@ -1,100 +1,85 @@ -//go:build !windows -// +build !windows - -// Package term provides structures and helper functions to work with -// terminal (state, sizes). package term -import ( - "errors" - "io" - "os" - - "golang.org/x/sys/unix" -) - -// ErrInvalidState is returned if the state of the terminal is invalid. -var ErrInvalidState = errors.New("Invalid terminal state") +import "io" -// State represents the state of the terminal. -type State struct { - termios Termios -} +// State holds the platform-specific state / console mode for the terminal. +type State terminalState // Winsize represents the size of the terminal window. type Winsize struct { Height uint16 Width uint16 - x uint16 - y uint16 + + // Only used on Unix + x uint16 + y uint16 } // StdStreams returns the standard streams (stdin, stdout, stderr). +// +// On Windows, it attempts to turn on VT handling on all std handles if +// supported, or falls back to terminal emulation. On Unix, this returns +// the standard [os.Stdin], [os.Stdout] and [os.Stderr]. func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) { - return os.Stdin, os.Stdout, os.Stderr + return stdStreams() } // GetFdInfo returns the file descriptor for an os.File and indicates whether the file represents a terminal. -func GetFdInfo(in interface{}) (uintptr, bool) { - var inFd uintptr - var isTerminalIn bool - if file, ok := in.(*os.File); ok { - inFd = file.Fd() - isTerminalIn = IsTerminal(inFd) - } - return inFd, isTerminalIn +func GetFdInfo(in interface{}) (fd uintptr, isTerminal bool) { + return getFdInfo(in) +} + +// GetWinsize returns the window size based on the specified file descriptor. +func GetWinsize(fd uintptr) (*Winsize, error) { + return getWinsize(fd) +} + +// SetWinsize tries to set the specified window size for the specified file +// descriptor. It is only implemented on Unix, and returns an error on Windows. +func SetWinsize(fd uintptr, ws *Winsize) error { + return setWinsize(fd, ws) } // IsTerminal returns true if the given file descriptor is a terminal. func IsTerminal(fd uintptr) bool { - _, err := tcget(fd) - return err == nil + return isTerminal(fd) } // RestoreTerminal restores the terminal connected to the given file descriptor // to a previous state. func RestoreTerminal(fd uintptr, state *State) error { - if state == nil { - return ErrInvalidState - } - return tcset(fd, &state.termios) + return restoreTerminal(fd, state) } // SaveState saves the state of the terminal connected to the given file descriptor. func SaveState(fd uintptr) (*State, error) { - termios, err := tcget(fd) - if err != nil { - return nil, err - } - return &State{termios: *termios}, nil + return saveState(fd) } // DisableEcho applies the specified state to the terminal connected to the file // descriptor, with echo disabled. func DisableEcho(fd uintptr, state *State) error { - newState := state.termios - newState.Lflag &^= unix.ECHO - - if err := tcset(fd, &newState); err != nil { - return err - } - return nil + return disableEcho(fd, state) } // SetRawTerminal puts the terminal connected to the given file descriptor into -// raw mode and returns the previous state. On UNIX, this puts both the input -// and output into raw mode. On Windows, it only puts the input into raw mode. -func SetRawTerminal(fd uintptr) (*State, error) { - oldState, err := MakeRaw(fd) - if err != nil { - return nil, err - } - return oldState, err +// raw mode and returns the previous state. On UNIX, this is the equivalent of +// [MakeRaw], and puts both the input and output into raw mode. On Windows, it +// only puts the input into raw mode. +func SetRawTerminal(fd uintptr) (previousState *State, err error) { + return setRawTerminal(fd) } // SetRawTerminalOutput puts the output of terminal connected to the given file // descriptor into raw mode. On UNIX, this does nothing and returns nil for the // state. On Windows, it disables LF -> CRLF translation. -func SetRawTerminalOutput(fd uintptr) (*State, error) { - return nil, nil +func SetRawTerminalOutput(fd uintptr) (previousState *State, err error) { + return setRawTerminalOutput(fd) +} + +// MakeRaw puts the terminal (Windows Console) connected to the +// given file descriptor into raw mode and returns the previous state of +// the terminal so that it can be restored. +func MakeRaw(fd uintptr) (previousState *State, err error) { + return makeRaw(fd) } diff --git a/vendor/github.com/moby/term/term_unix.go b/vendor/github.com/moby/term/term_unix.go new file mode 100644 index 00000000000..2ec7706a16a --- /dev/null +++ b/vendor/github.com/moby/term/term_unix.go @@ -0,0 +1,98 @@ +//go:build !windows +// +build !windows + +package term + +import ( + "errors" + "io" + "os" + + "golang.org/x/sys/unix" +) + +// ErrInvalidState is returned if the state of the terminal is invalid. +// +// Deprecated: ErrInvalidState is no longer used. +var ErrInvalidState = errors.New("Invalid terminal state") + +// terminalState holds the platform-specific state / console mode for the terminal. +type terminalState struct { + termios unix.Termios +} + +func stdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) { + return os.Stdin, os.Stdout, os.Stderr +} + +func getFdInfo(in interface{}) (uintptr, bool) { + var inFd uintptr + var isTerminalIn bool + if file, ok := in.(*os.File); ok { + inFd = file.Fd() + isTerminalIn = isTerminal(inFd) + } + return inFd, isTerminalIn +} + +func getWinsize(fd uintptr) (*Winsize, error) { + uws, err := unix.IoctlGetWinsize(int(fd), unix.TIOCGWINSZ) + ws := &Winsize{Height: uws.Row, Width: uws.Col, x: uws.Xpixel, y: uws.Ypixel} + return ws, err +} + +func setWinsize(fd uintptr, ws *Winsize) error { + return unix.IoctlSetWinsize(int(fd), unix.TIOCSWINSZ, &unix.Winsize{ + Row: ws.Height, + Col: ws.Width, + Xpixel: ws.x, + Ypixel: ws.y, + }) +} + +func isTerminal(fd uintptr) bool { + _, err := tcget(fd) + return err == nil +} + +func restoreTerminal(fd uintptr, state *State) error { + if state == nil { + return errors.New("invalid terminal state") + } + return tcset(fd, &state.termios) +} + +func saveState(fd uintptr) (*State, error) { + termios, err := tcget(fd) + if err != nil { + return nil, err + } + return &State{termios: *termios}, nil +} + +func disableEcho(fd uintptr, state *State) error { + newState := state.termios + newState.Lflag &^= unix.ECHO + + return tcset(fd, &newState) +} + +func setRawTerminal(fd uintptr) (*State, error) { + return makeRaw(fd) +} + +func setRawTerminalOutput(fd uintptr) (*State, error) { + return nil, nil +} + +func tcget(fd uintptr) (*unix.Termios, error) { + p, err := unix.IoctlGetTermios(int(fd), getTermios) + if err != nil { + return nil, err + } + return p, nil +} + +func tcset(fd uintptr, p *unix.Termios) error { + return unix.IoctlSetTermios(int(fd), setTermios, p) +} diff --git a/vendor/github.com/moby/term/term_windows.go b/vendor/github.com/moby/term/term_windows.go index 3cdc8edbdaa..81ccff04281 100644 --- a/vendor/github.com/moby/term/term_windows.go +++ b/vendor/github.com/moby/term/term_windows.go @@ -1,6 +1,7 @@ package term import ( + "fmt" "io" "os" "os/signal" @@ -9,22 +10,15 @@ import ( "golang.org/x/sys/windows" ) -// State holds the console mode for the terminal. -type State struct { +// terminalState holds the platform-specific state / console mode for the terminal. +type terminalState struct { mode uint32 } -// Winsize is used for window size. -type Winsize struct { - Height uint16 - Width uint16 -} - // vtInputSupported is true if winterm.ENABLE_VIRTUAL_TERMINAL_INPUT is supported by the console var vtInputSupported bool -// StdStreams returns the standard streams (stdin, stdout, stderr). -func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) { +func stdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) { // Turn on VT handling on all std handles, if possible. This might // fail, in which case we will fall back to terminal emulation. var ( @@ -87,16 +81,14 @@ func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) { stdErr = os.Stderr } - return + return stdIn, stdOut, stdErr } -// GetFdInfo returns the file descriptor for an os.File and indicates whether the file represents a terminal. -func GetFdInfo(in interface{}) (uintptr, bool) { +func getFdInfo(in interface{}) (uintptr, bool) { return windowsconsole.GetHandleInfo(in) } -// GetWinsize returns the window size based on the specified file descriptor. -func GetWinsize(fd uintptr) (*Winsize, error) { +func getWinsize(fd uintptr) (*Winsize, error) { var info windows.ConsoleScreenBufferInfo if err := windows.GetConsoleScreenBufferInfo(windows.Handle(fd), &info); err != nil { return nil, err @@ -110,21 +102,21 @@ func GetWinsize(fd uintptr) (*Winsize, error) { return winsize, nil } -// IsTerminal returns true if the given file descriptor is a terminal. -func IsTerminal(fd uintptr) bool { +func setWinsize(fd uintptr, ws *Winsize) error { + return fmt.Errorf("not implemented on Windows") +} + +func isTerminal(fd uintptr) bool { var mode uint32 err := windows.GetConsoleMode(windows.Handle(fd), &mode) return err == nil } -// RestoreTerminal restores the terminal connected to the given file descriptor -// to a previous state. -func RestoreTerminal(fd uintptr, state *State) error { +func restoreTerminal(fd uintptr, state *State) error { return windows.SetConsoleMode(windows.Handle(fd), state.mode) } -// SaveState saves the state of the terminal connected to the given file descriptor. -func SaveState(fd uintptr) (*State, error) { +func saveState(fd uintptr) (*State, error) { var mode uint32 if err := windows.GetConsoleMode(windows.Handle(fd), &mode); err != nil { @@ -134,9 +126,8 @@ func SaveState(fd uintptr) (*State, error) { return &State{mode: mode}, nil } -// DisableEcho disables echo for the terminal connected to the given file descriptor. -// -- See https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx -func DisableEcho(fd uintptr, state *State) error { +func disableEcho(fd uintptr, state *State) error { + // See https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx mode := state.mode mode &^= windows.ENABLE_ECHO_INPUT mode |= windows.ENABLE_PROCESSED_INPUT | windows.ENABLE_LINE_INPUT @@ -150,69 +141,27 @@ func DisableEcho(fd uintptr, state *State) error { return nil } -// SetRawTerminal puts the terminal connected to the given file descriptor into -// raw mode and returns the previous state. On UNIX, this puts both the input -// and output into raw mode. On Windows, it only puts the input into raw mode. -func SetRawTerminal(fd uintptr) (*State, error) { - state, err := MakeRaw(fd) +func setRawTerminal(fd uintptr) (*State, error) { + oldState, err := MakeRaw(fd) if err != nil { return nil, err } // Register an interrupt handler to catch and restore prior state - restoreAtInterrupt(fd, state) - return state, err + restoreAtInterrupt(fd, oldState) + return oldState, err } -// SetRawTerminalOutput puts the output of terminal connected to the given file -// descriptor into raw mode. On UNIX, this does nothing and returns nil for the -// state. On Windows, it disables LF -> CRLF translation. -func SetRawTerminalOutput(fd uintptr) (*State, error) { - state, err := SaveState(fd) +func setRawTerminalOutput(fd uintptr) (*State, error) { + oldState, err := saveState(fd) if err != nil { return nil, err } // Ignore failures, since winterm.DISABLE_NEWLINE_AUTO_RETURN might not be supported on this // version of Windows. - _ = windows.SetConsoleMode(windows.Handle(fd), state.mode|windows.DISABLE_NEWLINE_AUTO_RETURN) - return state, err -} - -// MakeRaw puts the terminal (Windows Console) connected to the given file descriptor into raw -// mode and returns the previous state of the terminal so that it can be restored. -func MakeRaw(fd uintptr) (*State, error) { - state, err := SaveState(fd) - if err != nil { - return nil, err - } - - mode := state.mode - - // See - // -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx - // -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx - - // Disable these modes - mode &^= windows.ENABLE_ECHO_INPUT - mode &^= windows.ENABLE_LINE_INPUT - mode &^= windows.ENABLE_MOUSE_INPUT - mode &^= windows.ENABLE_WINDOW_INPUT - mode &^= windows.ENABLE_PROCESSED_INPUT - - // Enable these modes - mode |= windows.ENABLE_EXTENDED_FLAGS - mode |= windows.ENABLE_INSERT_MODE - mode |= windows.ENABLE_QUICK_EDIT_MODE - if vtInputSupported { - mode |= windows.ENABLE_VIRTUAL_TERMINAL_INPUT - } - - err = windows.SetConsoleMode(windows.Handle(fd), mode) - if err != nil { - return nil, err - } - return state, nil + _ = windows.SetConsoleMode(windows.Handle(fd), oldState.mode|windows.DISABLE_NEWLINE_AUTO_RETURN) + return oldState, err } func restoreAtInterrupt(fd uintptr, state *State) { diff --git a/vendor/github.com/moby/term/termios.go b/vendor/github.com/moby/term/termios_unix.go similarity index 50% rename from vendor/github.com/moby/term/termios.go rename to vendor/github.com/moby/term/termios_unix.go index 99c0f7de60d..60c823783cd 100644 --- a/vendor/github.com/moby/term/termios.go +++ b/vendor/github.com/moby/term/termios_unix.go @@ -8,12 +8,11 @@ import ( ) // Termios is the Unix API for terminal I/O. +// +// Deprecated: use [unix.Termios]. type Termios = unix.Termios -// MakeRaw puts the terminal connected to the given file descriptor into raw -// mode and returns the previous state of the terminal so that it can be -// restored. -func MakeRaw(fd uintptr) (*State, error) { +func makeRaw(fd uintptr) (*State, error) { termios, err := tcget(fd) if err != nil { return nil, err @@ -21,10 +20,10 @@ func MakeRaw(fd uintptr) (*State, error) { oldState := State{termios: *termios} - termios.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON) + termios.Iflag &^= unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON termios.Oflag &^= unix.OPOST - termios.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN) - termios.Cflag &^= (unix.CSIZE | unix.PARENB) + termios.Lflag &^= unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN + termios.Cflag &^= unix.CSIZE | unix.PARENB termios.Cflag |= unix.CS8 termios.Cc[unix.VMIN] = 1 termios.Cc[unix.VTIME] = 0 diff --git a/vendor/github.com/moby/term/termios_windows.go b/vendor/github.com/moby/term/termios_windows.go new file mode 100644 index 00000000000..5be4e760113 --- /dev/null +++ b/vendor/github.com/moby/term/termios_windows.go @@ -0,0 +1,37 @@ +package term + +import "golang.org/x/sys/windows" + +func makeRaw(fd uintptr) (*State, error) { + state, err := SaveState(fd) + if err != nil { + return nil, err + } + + mode := state.mode + + // See + // -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx + // -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx + + // Disable these modes + mode &^= windows.ENABLE_ECHO_INPUT + mode &^= windows.ENABLE_LINE_INPUT + mode &^= windows.ENABLE_MOUSE_INPUT + mode &^= windows.ENABLE_WINDOW_INPUT + mode &^= windows.ENABLE_PROCESSED_INPUT + + // Enable these modes + mode |= windows.ENABLE_EXTENDED_FLAGS + mode |= windows.ENABLE_INSERT_MODE + mode |= windows.ENABLE_QUICK_EDIT_MODE + if vtInputSupported { + mode |= windows.ENABLE_VIRTUAL_TERMINAL_INPUT + } + + err = windows.SetConsoleMode(windows.Handle(fd), mode) + if err != nil { + return nil, err + } + return state, nil +} diff --git a/vendor/github.com/moby/term/windows/ansi_reader.go b/vendor/github.com/moby/term/windows/ansi_reader.go index f32aa537ef2..fb34c547aad 100644 --- a/vendor/github.com/moby/term/windows/ansi_reader.go +++ b/vendor/github.com/moby/term/windows/ansi_reader.go @@ -195,10 +195,10 @@ func keyToString(keyEvent *winterm.KEY_EVENT_RECORD, escapeSequence []byte) stri // +Key generates ESC N Key if !control && alt { - return ansiterm.KEY_ESC_N + strings.ToLower(string(keyEvent.UnicodeChar)) + return ansiterm.KEY_ESC_N + strings.ToLower(string(rune(keyEvent.UnicodeChar))) } - return string(keyEvent.UnicodeChar) + return string(rune(keyEvent.UnicodeChar)) } // formatVirtualKey converts a virtual key (e.g., up arrow) into the appropriate ANSI string. diff --git a/vendor/github.com/moby/term/windows/console.go b/vendor/github.com/moby/term/windows/console.go index 116b74e8f58..21e57bd52fe 100644 --- a/vendor/github.com/moby/term/windows/console.go +++ b/vendor/github.com/moby/term/windows/console.go @@ -30,8 +30,11 @@ func GetHandleInfo(in interface{}) (uintptr, bool) { // IsConsole returns true if the given file descriptor is a Windows Console. // The code assumes that GetConsoleMode will return an error for file descriptors that are not a console. -// Deprecated: use golang.org/x/sys/windows.GetConsoleMode() or golang.org/x/term.IsTerminal() -var IsConsole = isConsole +// +// Deprecated: use [windows.GetConsoleMode] or [golang.org/x/term.IsTerminal]. +func IsConsole(fd uintptr) bool { + return isConsole(fd) +} func isConsole(fd uintptr) bool { var mode uint32 diff --git a/vendor/github.com/moby/term/winsize.go b/vendor/github.com/moby/term/winsize.go deleted file mode 100644 index bea8d4595cf..00000000000 --- a/vendor/github.com/moby/term/winsize.go +++ /dev/null @@ -1,21 +0,0 @@ -//go:build !windows -// +build !windows - -package term - -import ( - "golang.org/x/sys/unix" -) - -// GetWinsize returns the window size based on the specified file descriptor. -func GetWinsize(fd uintptr) (*Winsize, error) { - uws, err := unix.IoctlGetWinsize(int(fd), unix.TIOCGWINSZ) - ws := &Winsize{Height: uws.Row, Width: uws.Col, x: uws.Xpixel, y: uws.Ypixel} - return ws, err -} - -// SetWinsize tries to set the specified window size for the specified file descriptor. -func SetWinsize(fd uintptr, ws *Winsize) error { - uws := &unix.Winsize{Row: ws.Height, Col: ws.Width, Xpixel: ws.x, Ypixel: ws.y} - return unix.IoctlSetWinsize(int(fd), unix.TIOCSWINSZ, uws) -} diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index 9310a72128a..2bdee10c9f1 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -51,12 +51,16 @@ verify-scripts: bash -x hack/verify-prerelease-lifecycle-gen.sh .PHONY: verify -verify: verify-scripts verify-codegen-crds +verify: verify-scripts verify-crd-schema verify-codegen-crds .PHONY: verify-codegen-crds verify-codegen-crds: bash -x hack/verify-codegen-crds.sh +.PHONY: verify-crd-schema +verify-crd-schema: + bash -x hack/verify-crd-schema-checker.sh + .PHONY: verify-% verify-%: make $* diff --git a/vendor/github.com/openshift/api/build/v1/consts.go b/vendor/github.com/openshift/api/build/v1/consts.go index 3310b9e0a82..653ec7c53bd 100644 --- a/vendor/github.com/openshift/api/build/v1/consts.go +++ b/vendor/github.com/openshift/api/build/v1/consts.go @@ -164,9 +164,10 @@ const ( StatusReasonBuildPodEvicted StatusReason = "BuildPodEvicted" ) -// env vars -// WhitelistEnvVarNames is a list of special env vars allows s2i containers -var WhitelistEnvVarNames = []string{"BUILD_LOGLEVEL", "GIT_SSL_NO_VERIFY", "HTTP_PROXY", "HTTPS_PROXY", "LANG", "NO_PROXY"} +// WhitelistEnvVarNames is a list of environment variable names that are allowed to be specified +// in a buildconfig and merged into the created build pods, the code for this is located in +// openshift/openshift-controller-manager +var WhitelistEnvVarNames = []string{"BUILD_LOGLEVEL", "GIT_SSL_NO_VERIFY", "GIT_LFS_SKIP_SMUDGE", "HTTP_PROXY", "HTTPS_PROXY", "LANG", "NO_PROXY"} // env vars const ( diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 0028eaa7b38..b3e5c9dbc12 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -72,6 +72,9 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic baselineCapabilitySet: description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent. @@ -195,6 +198,9 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic knownCapabilities: description: knownCapabilities lists all the capabilities known to the current cluster. @@ -212,6 +218,9 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic conditionalUpdates: description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified. @@ -433,6 +442,9 @@ spec: versionHash: description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only. type: string + x-kubernetes-validations: + - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' + message: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability served: true storage: true subresources: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml index 74e9b3bd3ba..2f92c36d3bd 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml @@ -646,7 +646,80 @@ spec: region: description: region holds the region for new GCP resources created for the cluster. type: string + resourceLabels: + description: resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + items: + description: GCPResourceLabel is a label to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]{0,62}$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]{1,63}$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' ibmcloud: description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. properties: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index 64a54d5c5fe..e5aa9ad7bf9 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -381,6 +381,13 @@ spec: - SingleReplica - External type: string + cpuPartitioning: + default: None + description: cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API. + enum: + - None + - AllNodes + type: string etcdDiscoveryDomain: description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml index 13d0d1f4658..254474e113d 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -646,7 +646,80 @@ spec: region: description: region holds the region for new GCP resources created for the cluster. type: string + resourceLabels: + description: resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + items: + description: GCPResourceLabel is a label to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]{0,62}$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]{1,63}$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' ibmcloud: description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. properties: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml similarity index 99% rename from vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml rename to vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml index 75166deb7c1..9e80775ffef 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml @@ -3,6 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.openshift.io: https://github.com/openshift/api/pull/470 + capability.openshift.io/name: Build include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" diff --git a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml index ab1a123b605..24433f4f75c 100644 --- a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml @@ -1,104 +1,321 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] DNS" -crd: 0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml +name: "[Custom] Infrastructure" +crd: 0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml tests: onCreate: - - name: Should be able to create a minimal DNS + - name: Should be able to create a minimal Infrastructure initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS + kind: Infrastructure + spec: {} # No spec is required for a Infrastructure expected: | apiVersion: config.openshift.io/v1 - kind: DNS + kind: Infrastructure spec: {} - - name: Should be able to specify an AWS role ARN for a private hosted zone + onUpdate: + - name: Should not be able to modify an existing GCP ResourceLabels Label initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Should not be able to specify unsupported platform + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add a Label to an existing GCP ResourceLabels initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: Azure - azure: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'" - - name: Should not be able to specify invalid AWS role ARN + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to remove a Label from an existing GCP ResourceLabels initial: | apiVersion: config.openshift.io/v1 - kind: DNS - metadata: - name: cluster - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo - expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" - - name: Should not be able to specify different type and platform + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" - onUpdate: - - name: Can switch from empty (default), to AWS + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Upgrade case is valid + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "openshift-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS + kind: Infrastructure + spec: {} + status: {} updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - expected: | + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "kubernetes-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not be able to modify an existing GCP ResourceTags Tag + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + - {parentID: "test-project-123", key: "new", value: "tag"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + - {parentID: "test-project-123", key: "key2", value: "value2"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp + initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "test-project-123", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/feature_gates.go b/vendor/github.com/openshift/api/config/v1/feature_gates.go index 07f03f61841..1aa6b41ce1f 100644 --- a/vendor/github.com/openshift/api/config/v1/feature_gates.go +++ b/vendor/github.com/openshift/api/config/v1/feature_gates.go @@ -23,6 +23,16 @@ var ( ) var ( + FeatureGateValidatingAdmissionPolicy = FeatureGateName("ValidatingAdmissionPolicy") + validatingAdmissionPolicy = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateValidatingAdmissionPolicy, + }, + OwningJiraComponent: "kube-apiserver", + ResponsiblePerson: "benluddy", + OwningProduct: kubernetes, + } + FeatureGateGatewayAPI = FeatureGateName("GatewayAPI") gateGatewayAPI = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -143,16 +153,6 @@ var ( OwningProduct: ocpSpecific, } - FeatureGatePDBUnhealthyPodEvictionPolicy = FeatureGateName("PDBUnhealthyPodEvictionPolicy") - pdbUnhealthyPodEvictionPolicy = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGatePDBUnhealthyPodEvictionPolicy, - }, - OwningJiraComponent: "apps", - ResponsiblePerson: "atiratree", - OwningProduct: kubernetes, - } - FeatureGateDynamicResourceAllocation = FeatureGateName("DynamicResourceAllocation") dynamicResourceAllocation = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -183,16 +183,6 @@ var ( OwningProduct: ocpSpecific, } - FeatureGateAWSSecurityTokenService = FeatureGateName("AWSSecurityTokenService") - awsSecurityTokenService = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateAWSSecurityTokenService, - }, - OwningJiraComponent: "cloud-credential-operator", - ResponsiblePerson: "abutcher", - OwningProduct: ocpSpecific, - } - FeatureGateMaxUnavailableStatefulSet = FeatureGateName("MaxUnavailableStatefulSet") maxUnavailableStatefulSet = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ diff --git a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml index cdd8a9b7011..b422ebd2065 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] Build" -crd: 0000_10_config-operator_01_build.crd.yaml +crd: 0000_10_openshift-controller-manager-operator_01_build.crd.yaml tests: onCreate: - name: Should be able to create a minimal Build diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml index b966b29a880..914d06d12fe 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml @@ -98,6 +98,38 @@ tests: version: 4.11.1 image: bar expectedError: "cannot set both Architecture and Image" + - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability onUpdate: - name: Should not allow image to be set if architecture set initial: | @@ -136,3 +168,111 @@ tests: version: 4.11.1 image: bar expectedError: "cannot set both Architecture and Image" + - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml index 63da9aa4123..18d752f9194 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml @@ -208,6 +208,7 @@ tests: status: controlPlaneTopology: "HighlyAvailable" infrastructureTopology: "HighlyAvailable" + cpuPartitioning: None platform: Azure platformStatus: azure: @@ -340,6 +341,7 @@ tests: type: OpenStack status: controlPlaneTopology: HighlyAvailable + cpuPartitioning: None infrastructureTopology: HighlyAvailable platform: OpenStack platformStatus: @@ -378,6 +380,7 @@ tests: type: OpenStack status: controlPlaneTopology: HighlyAvailable + cpuPartitioning: None infrastructureTopology: HighlyAvailable platform: OpenStack platformStatus: @@ -550,6 +553,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -657,6 +661,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -764,6 +769,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -822,6 +828,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -857,6 +864,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -914,6 +922,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml index f9829b9a396..7834e1f8414 100644 --- a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml @@ -211,3 +211,309 @@ tests: type: FooBar type: BareMetal expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" + - name: Should not be able to modify an existing GCP ResourceLabels Label + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add a Label to an existing GCP ResourceLabels + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to remove a Label from an existing GCP ResourceLabels + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "openshift-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "kubernetes-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not be able to modify an existing GCP ResourceTags Tag + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + - {parentID: "test-project-123", key: "new", value: "tag"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + - {parentID: "test-project-123", key: "key2", value: "value2"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "test-project-123", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 234720477b7..3fbe39e4d36 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -13,6 +13,7 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'baremetal' in self.spec.capabilities.additionalEnabledCapabilities ? 'MachineAPI' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'MachineAPI' in self.status.capabilities.enabledCapabilities) : true",message="the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability" type ClusterVersion struct { metav1.TypeMeta `json:",inline"` @@ -247,7 +248,7 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI +// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry type ClusterVersionCapability string const ( @@ -313,6 +314,26 @@ const ( // documentation. This is important part of openshift system // and may cause cluster damage ClusterVersionCapabilityMachineAPI ClusterVersionCapability = "MachineAPI" + + // ClusterVersionCapabilityBuild manages the Build API which is responsible + // for watching the Build API objects and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - builds + // - buildconfigs + ClusterVersionCapabilityBuild ClusterVersionCapability = "Build" + + // ClusterVersionCapabilityDeploymentConfig manages the DeploymentConfig API + // which is responsible for watching the DeploymentConfig API and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - deploymentconfigs + ClusterVersionCapabilityDeploymentConfig ClusterVersionCapability = "DeploymentConfig" + // ClusterVersionCapabilityImageRegistry manages the image registry which + // allows to distribute Docker images + ClusterVersionCapabilityImageRegistry ClusterVersionCapability = "ImageRegistry" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -326,6 +347,9 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. @@ -374,6 +398,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityBaremetal, ClusterVersionCapabilityMarketplace, ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_12: { ClusterVersionCapabilityBaremetal, @@ -383,6 +408,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityStorage, ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_13: { ClusterVersionCapabilityBaremetal, @@ -393,6 +419,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_14: { ClusterVersionCapabilityBaremetal, @@ -404,6 +431,9 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, }, ClusterVersionCapabilitySetCurrent: { ClusterVersionCapabilityBaremetal, @@ -415,6 +445,9 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, }, } diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index d2dbc11884a..b5e18f2ee39 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -163,19 +163,16 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ Disabled: []FeatureGateDescription{}, }, TechPreviewNoUpgrade: newDefaultFeatures(). + without(validatingAdmissionPolicy). with(externalCloudProvider). with(externalCloudProviderGCP). with(csiDriverSharedResource). - with(buildCSIVolumes). with(nodeSwap). with(machineAPIProviderOpenStack). with(insightsConfigAPI). with(retroactiveDefaultStorageClass). - with(pdbUnhealthyPodEvictionPolicy). with(dynamicResourceAllocation). with(admissionWebhookMatchConditions). - with(awsSecurityTokenService). - with(azureWorkloadIdentity). with(gateGatewayAPI). with(maxUnavailableStatefulSet). without(eventedPleg). @@ -186,6 +183,7 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ with(automatedEtcdBackup). without(machineAPIOperatorDisableMachineHealthCheckController). with(adminNetworkPolicy). + with(openShiftPodSecurityAdmission). toFeatures(defaultFeatures), LatencySensitive: newDefaultFeatures(). toFeatures(defaultFeatures), @@ -193,12 +191,13 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ var defaultFeatures = &FeatureGateEnabledDisabled{ Enabled: []FeatureGateDescription{ - openShiftPodSecurityAdmission, alibabaPlatform, // This is a bug, it should be TechPreviewNoUpgrade. This must be downgraded before 4.14 is shipped. + azureWorkloadIdentity, cloudDualStackNodeIPs, externalCloudProviderAzure, externalCloudProviderExternal, privateHostedZoneAWS, + buildCSIVolumes, }, Disabled: []FeatureGateDescription{ retroactiveDefaultStorageClass, diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 2c1423dedaf..b9002cf1a29 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -114,7 +114,6 @@ type InfrastructureStatus struct { // +kubebuilder:default=None // +default="None" // +kubebuilder:validation:Enum=None;AllNodes - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional CPUPartitioning CPUPartitioningMode `json:"cpuPartitioning,omitempty"` } @@ -580,12 +579,93 @@ const ( type GCPPlatformSpec struct{} // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)",message="resourceLabels may only be configured during installation" +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" type GCPPlatformStatus struct { // resourceGroupName is the Project ID for new GCP resources created for the cluster. ProjectID string `json:"projectID"` // region holds the region for new GCP resources created for the cluster. Region string `json:"region"` + + // resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. + // See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. + // GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, + // allowing 32 labels for user configuration. + // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceLabels are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ResourceLabels []GCPResourceLabel `json:"resourceLabels,omitempty"` + + // resourceTags is a list of additional tags to apply to GCP resources created for the cluster. + // See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on + // tagging GCP resources. GCP supports a maximum of 50 tags per resource. + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceTags are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ResourceTags []GCPResourceTag `json:"resourceTags,omitempty"` +} + +// GCPResourceLabel is a label to apply to GCP resources created for the cluster. +type GCPResourceLabel struct { + // key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. + // Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, + // and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` + // and `openshift-io`. + // +kubebuilder:validation:XValidation:rule="!self.startsWith('openshift-io') && !self.startsWith('kubernetes-io')",message="label keys must not start with either `openshift-io` or `kubernetes-io`" + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][0-9a-z_-]{0,62}$` + Key string `json:"key"` + + // value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. + // Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[0-9a-z_-]{1,63}$` + Value string `json:"value"` +} + +// GCPResourceTag is a tag to apply to GCP resources created for the cluster. +type GCPResourceTag struct { + // parentID is the ID of the hierarchical resource where the tags are defined, + // e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: + // https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + // https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + // An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. + // A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, + // and hyphens, and must start with a letter, and cannot end with a hyphen. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=32 + // +kubebuilder:validation:Pattern=`(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)` + ParentID string `json:"parentID"` + + // key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. + // Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `._-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$` + Key string `json:"key"` + + // value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. + // Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$` + Value string `json:"value"` } // BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 57383546056..44d7428e6c7 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2137,6 +2137,16 @@ func (in *GCPPlatformSpec) DeepCopy() *GCPPlatformSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = *in + if in.ResourceLabels != nil { + in, out := &in.ResourceLabels, &out.ResourceLabels + *out = make([]GCPResourceLabel, len(*in)) + copy(*out, *in) + } + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]GCPResourceTag, len(*in)) + copy(*out, *in) + } return } @@ -2150,6 +2160,38 @@ func (in *GCPPlatformStatus) DeepCopy() *GCPPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceLabel) DeepCopyInto(out *GCPResourceLabel) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceLabel. +func (in *GCPResourceLabel) DeepCopy() *GCPResourceLabel { + if in == nil { + return nil + } + out := new(GCPResourceLabel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceTag) DeepCopyInto(out *GCPResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceTag. +func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { + if in == nil { + return nil + } + out := new(GCPResourceTag) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { *out = *in @@ -4335,7 +4377,7 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { if in.GCP != nil { in, out := &in.GCP, &out.GCP *out = new(GCPPlatformStatus) - **out = **in + (*in).DeepCopyInto(*out) } if in.BareMetal != nil { in, out := &in.BareMetal, &out.BareMetal diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index f84e44573bb..33ec9223755 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1237,15 +1237,38 @@ func (GCPPlatformSpec) SwaggerDoc() map[string]string { } var map_GCPPlatformStatus = map[string]string{ - "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", - "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "region": "region holds the region for new GCP resources created for the cluster.", + "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", + "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", + "region": "region holds the region for new GCP resources created for the cluster.", + "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", + "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { return map_GCPPlatformStatus } +var map_GCPResourceLabel = map[string]string{ + "": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", + "key": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", + "value": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", +} + +func (GCPResourceLabel) SwaggerDoc() map[string]string { + return map_GCPResourceLabel +} + +var map_GCPResourceTag = map[string]string{ + "": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", + "parentID": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + "key": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + "value": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", +} + +func (GCPResourceTag) SwaggerDoc() map[string]string { + return map_GCPResourceTag +} + var map_IBMCloudPlatformSpec = map[string]string{ "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", } diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml index 00b5311a0f0..97c0ae60099 100644 --- a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml +++ b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml @@ -229,6 +229,11 @@ spec: required: - zone properties: + subnet: + description: subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used. + type: string + maxLength: 80 + pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$ zone: description: Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone. type: string @@ -261,7 +266,8 @@ spec: rootVolume: description: rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created. type: object - minProperties: 1 + required: + - volumeType properties: availabilityZone: description: availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits. @@ -270,7 +276,7 @@ spec: minLength: 1 pattern: ^[^ ]*$ volumeType: - description: volumeType specifies the type of the root volume that will be provisioned. If not specifified, the root volume will be created as the type in the machine template. The maximum length of a volume type name is 255 characters, as per the OpenStack limit. + description: volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit. type: string maxLength: 255 minLength: 1 diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml index e5759f4b06b..a09de51e0f1 100644 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml +++ b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml @@ -213,6 +213,7 @@ tests: openstack: - rootVolume: availabilityZone: foo + volumeType: fast expected: | apiVersion: machine.openshift.io/v1 kind: ControlPlaneMachineSet @@ -240,6 +241,7 @@ tests: openstack: - rootVolume: availabilityZone: foo + volumeType: fast - name: Should accept an OpenStack failure domain with only the root volume type provided initial: | apiVersion: machine.openshift.io/v1 @@ -316,6 +318,7 @@ tests: - availabilityZone: foo rootVolume: availabilityZone: foo + volumeType: fast expected: | apiVersion: machine.openshift.io/v1 kind: ControlPlaneMachineSet @@ -344,6 +347,7 @@ tests: - availabilityZone: foo rootVolume: availabilityZone: foo + volumeType: fast - name: Should accept an OpenStack failure domain with both availabilityZone and root volume type provided initial: | apiVersion: machine.openshift.io/v1 @@ -399,7 +403,7 @@ tests: rootVolume: availabilityZone: foo volumeType: bar - - name: Should reject an OpenStack failure domain with too long a rootVolume volumeType name + - name: Should reject an OpenStack failure domain with no rootVolume volumeType provided initial: | apiVersion: machine.openshift.io/v1 kind: ControlPlaneMachineSet @@ -421,11 +425,35 @@ tests: failureDomains: platform: OpenStack openstack: - - availabilityZone: foo - rootVolume: - volumeType: a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Too long: may not be longer than 255" - - name: Should reject an OpenStack failure domain with an empty rootVolume provided + - rootVolume: + availabilityZone: foo + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Required value, : Invalid value: \"null\": some validation rules were not checked" + - name: Should reject an OpenStack failure domain with an empty rootVolume volumeType provided + initial: | + apiVersion: machine.openshift.io/v1 + kind: ControlPlaneMachineSet + spec: + selector: + matchLabels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + template: + machineType: machines_v1beta1_machine_openshift_io + machines_v1beta1_machine_openshift_io: + metadata: + labels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + machine.openshift.io/cluster-api-cluster: cluster + spec: + providerSpec: {} + failureDomains: + platform: OpenStack + openstack: + - rootVolume: + volumeType: "" + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Invalid value: \"\": spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType in body should be at least 1 chars long" + - name: Should reject an OpenStack failure domain with too long a rootVolume volumeType name initial: | apiVersion: machine.openshift.io/v1 kind: ControlPlaneMachineSet @@ -448,8 +476,9 @@ tests: platform: OpenStack openstack: - availabilityZone: foo - rootVolume: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume in body should have at least 1 properties" + rootVolume: + volumeType: a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Too long: may not be longer than 255" - name: Should reject an OpenStack failure domain with both availabilityZone and root volume provided but with missing root volume availabilityZone initial: | apiVersion: machine.openshift.io/v1 @@ -549,6 +578,7 @@ tests: openstack: - rootVolume: availabilityZone: "" + volumeType: fast expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.availabilityZone in body should be at least 1 chars long" - name: Should reject an OpenStack failure domain with an invalid availabilityZone provided initial: | @@ -598,4 +628,5 @@ tests: openstack: - rootVolume: availabilityZone: "foo bar" + volumeType: fast expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.availabilityZone in body should match" diff --git a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go index b31e0e54867..e46c39b552f 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go +++ b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go @@ -287,6 +287,13 @@ type AzureFailureDomain struct { // If nil, the virtual machine should be deployed to no zone. // +kubebuilder:validation:Required Zone string `json:"zone"` + + // subnet is the name of the network subnet in which the VM will be created. + // When omitted, the subnet value from the machine providerSpec template will be used. + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$` + // +optional + Subnet string `json:"subnet,omitempty"` } // GCPFailureDomain configures failure domain information for the GCP platform @@ -325,7 +332,6 @@ type OpenStackFailureDomain struct { // RootVolume represents the volume metadata to boot from. // The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one // that should stay in sync with the original one. -// +kubebuilder:validation:MinProperties:=1 type RootVolume struct { // availabilityZone specifies the Cinder availability zone where the root volume will be created. // If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. @@ -343,12 +349,16 @@ type RootVolume struct { AvailabilityZone string `json:"availabilityZone,omitempty"` // volumeType specifies the type of the root volume that will be provisioned. - // If not specifified, the root volume will be created as the type in the machine template. // The maximum length of a volume type name is 255 characters, as per the OpenStack limit. + // + --- + // + Historically, the installer has always required a volume type to be specified when deploying + // + the control plane with a root volume. This is because the default volume type in Cinder is not guaranteed + // + to be available, therefore we prefer the user to be explicit about the volume type to use. + // + We apply the same logic in CPMS: if the failure domain specifies a root volume, we require the user to specify a volume type. + // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=255 - // +optional - VolumeType string `json:"volumeType,omitempty"` + VolumeType string `json:"volumeType"` } // ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD. diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go index 01269a67d14..6406220e7d9 100644 --- a/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go @@ -159,8 +159,9 @@ func (AWSFailureDomainPlacement) SwaggerDoc() map[string]string { } var map_AzureFailureDomain = map[string]string{ - "": "AzureFailureDomain configures failure domain information for the Azure platform.", - "zone": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", + "": "AzureFailureDomain configures failure domain information for the Azure platform.", + "zone": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", + "subnet": "subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.", } func (AzureFailureDomain) SwaggerDoc() map[string]string { @@ -287,7 +288,7 @@ func (OpenStackFailureDomain) SwaggerDoc() map[string]string { var map_RootVolume = map[string]string{ "": "RootVolume represents the volume metadata to boot from. The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one that should stay in sync with the original one.", "availabilityZone": "availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", - "volumeType": "volumeType specifies the type of the root volume that will be provisioned. If not specifified, the root volume will be created as the type in the machine template. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + "volumeType": "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit. ", } func (RootVolume) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go index 1d565e5d229..00a9497fd36 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go @@ -95,7 +95,7 @@ type AzureMachineProviderSpec struct { // Availability Zone for the virtual machine. // If nil, the virtual machine should be deployed to no zone // +optional - Zone *string `json:"zone,omitempty"` + Zone string `json:"zone,omitempty"` // NetworkResourceGroup is the resource group for the virtual machine's network // +optional NetworkResourceGroup string `json:"networkResourceGroup,omitempty"` @@ -145,6 +145,13 @@ type AzureMachineProviderSpec struct { // This is useful for debugging software based launch issues. // +optional Diagnostics AzureDiagnostics `json:"diagnostics,omitempty"` + // capacityReservationGroupID specifies the capacity reservation group resource id that should be + // used for allocating the virtual machine. + // The field size should be greater than 0 and the field input must start with '/'. + // The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. + // The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively. + // +optional + CapacityReservationGroupID string `json:"capacityReservationGroupID,omitempty"` } // SpotVMOptions defines the options relevant to running the Machine on Spot VMs diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go index 4cca127cb4c..caffc189890 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go @@ -303,11 +303,6 @@ func (in *AzureMachineProviderSpec) DeepCopyInto(out *AzureMachineProviderSpec) *out = new(int64) **out = **in } - if in.Zone != nil { - in, out := &in.Zone, &out.Zone - *out = new(string) - **out = **in - } if in.SpotVMOptions != nil { in, out := &in.SpotVMOptions, &out.SpotVMOptions *out = new(SpotVMOptions) diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go index 108ba557c5a..6cd9a1c7b42 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go @@ -179,34 +179,35 @@ func (AzureDiagnostics) SwaggerDoc() map[string]string { } var map_AzureMachineProviderSpec = map[string]string{ - "": "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "userDataSecret": "UserDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "credentialsSecret": "CredentialsSecret is a reference to the secret with Azure credentials.", - "location": "Location is the region to use to create the instance", - "vmSize": "VMSize is the size of the VM to create.", - "image": "Image is the OS image to use to create the instance.", - "osDisk": "OSDisk represents the parameters for creating the OS disk.", - "dataDisks": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", - "sshPublicKey": "SSHPublicKey is the public key to use to SSH to the virtual machine.", - "publicIP": "PublicIP if true a public IP will be used", - "tags": "Tags is a list of tags to apply to the machine.", - "securityGroup": "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", - "applicationSecurityGroups": "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", - "subnet": "Subnet to use for this instance", - "publicLoadBalancer": "PublicLoadBalancer to use for this instance", - "internalLoadBalancer": "InternalLoadBalancerName to use for this instance", - "natRule": "NatRule to set inbound NAT rule of the load balancer", - "managedIdentity": "ManagedIdentity to set managed identity name", - "vnet": "Vnet to set virtual network name", - "zone": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", - "networkResourceGroup": "NetworkResourceGroup is the resource group for the virtual machine's network", - "resourceGroup": "ResourceGroup is the resource group for the virtual machine", - "spotVMOptions": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM", - "securityProfile": "SecurityProfile specifies the Security profile settings for a virtual machine.", - "ultraSSDCapability": "UltraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", - "acceleratedNetworking": "AcceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", - "availabilitySet": "AvailabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", - "diagnostics": "Diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + "": "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "userDataSecret": "UserDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "credentialsSecret": "CredentialsSecret is a reference to the secret with Azure credentials.", + "location": "Location is the region to use to create the instance", + "vmSize": "VMSize is the size of the VM to create.", + "image": "Image is the OS image to use to create the instance.", + "osDisk": "OSDisk represents the parameters for creating the OS disk.", + "dataDisks": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", + "sshPublicKey": "SSHPublicKey is the public key to use to SSH to the virtual machine.", + "publicIP": "PublicIP if true a public IP will be used", + "tags": "Tags is a list of tags to apply to the machine.", + "securityGroup": "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", + "applicationSecurityGroups": "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", + "subnet": "Subnet to use for this instance", + "publicLoadBalancer": "PublicLoadBalancer to use for this instance", + "internalLoadBalancer": "InternalLoadBalancerName to use for this instance", + "natRule": "NatRule to set inbound NAT rule of the load balancer", + "managedIdentity": "ManagedIdentity to set managed identity name", + "vnet": "Vnet to set virtual network name", + "zone": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", + "networkResourceGroup": "NetworkResourceGroup is the resource group for the virtual machine's network", + "resourceGroup": "ResourceGroup is the resource group for the virtual machine", + "spotVMOptions": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM", + "securityProfile": "SecurityProfile specifies the Security profile settings for a virtual machine.", + "ultraSSDCapability": "UltraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", + "acceleratedNetworking": "AcceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", + "availabilitySet": "AvailabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", + "diagnostics": "Diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + "capacityReservationGroupID": "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", } func (AzureMachineProviderSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go index bb0f25024bb..3ec1e28426d 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go @@ -192,6 +192,29 @@ type JenkinsPipelineConfig struct { Parameters map[string]string `json:"parameters"` } +// OpenShiftControllerName defines a string type used to represent the various +// OpenShift controllers within openshift-controller-manager. These constants serve as identifiers +// for the controllers and are used on both openshift/openshift-controller-manager +// and openshift/cluster-openshift-controller-manager-operator repositories. +type OpenShiftControllerName string + +const ( + OpenShiftServiceAccountController OpenShiftControllerName = "openshift.io/serviceaccount" + OpenShiftDefaultRoleBindingsController OpenShiftControllerName = "openshift.io/default-rolebindings" + OpenShiftServiceAccountPullSecretsController OpenShiftControllerName = "openshift.io/serviceaccount-pull-secrets" + OpenshiftOriginNamespaceController OpenShiftControllerName = "openshift.io/origin-namespace" + OpenshiftBuildController OpenShiftControllerName = "openshift.io/build" + OpenshiftBuildConfigChangeController OpenShiftControllerName = "openshift.io/build-config-change" + OpenshiftDeployerController OpenShiftControllerName = "openshift.io/deployer" + OpenshiftDeploymentConfigController OpenShiftControllerName = "openshift.io/deploymentconfig" + OpenshiftImageTriggerController OpenShiftControllerName = "openshift.io/image-trigger" + OpenshiftImageImportController OpenShiftControllerName = "openshift.io/image-import" + OpenshiftImageSignatureImportController OpenShiftControllerName = "openshift.io/image-signature-import" + OpenshiftTemplateInstanceController OpenShiftControllerName = "openshift.io/templateinstance" + OpenshiftTemplateInstanceFinalizerController OpenShiftControllerName = "openshift.io/templateinstancefinalizer" + OpenshiftUnidlingController OpenShiftControllerName = "openshift.io/unidling" +) + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..6e9f72e132f --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,207 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Etcd provides information to configure an operator to manage etcd. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + controlPlaneHardwareSpeed: + description: HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are "", "Standard" and "Slower". "" means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. + type: string + enum: + - "" + - Standard + - Slower + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels + type: string + enum: + - "" + - Standard + - Slower + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most recent deployment + type: integer + format: int32 + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across individual nodes + type: array + items: + description: NodeStatus provides information about the current state of a particular node managed by this operator. + type: object + properties: + currentRevision: + description: currentRevision is the generation of the most recently successful deployment + type: integer + format: int32 + lastFailedCount: + description: lastFailedCount is how often the installer pod of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. + type: integer + format: int32 + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. + type: array + items: + type: string + lastFailedTime: + description: lastFailedTime is the time the last failed revision failed the last time. + type: string + format: date-time + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment we're trying to apply + type: integer + format: int32 + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml index 813d03ca72e..e6a79fe6c13 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml @@ -6,6 +6,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: Default name: etcds.operator.openshift.io spec: group: operator.openshift.io @@ -102,6 +103,13 @@ spec: type: string type: type: string + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels + type: string + enum: + - "" + - Standard + - Slower generations: description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. type: array diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 9c391d4a56b..c8614f0736d 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -261,6 +261,130 @@ spec: httpHeaders: description: "httpHeaders defines policy for HTTP headers. \n If this field is empty, the default values are used." properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + properties: + request: + description: 'request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".' + items: + description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise. + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: 'response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".' + items: + description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise. + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object forwardedHeaderPolicy: description: "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following: \n * \"Append\", which specifies that the IngressController appends the headers, preserving existing headers. \n * \"Replace\", which specifies that the IngressController sets the headers, replacing any existing Forwarded or X-Forwarded-* headers. \n * \"IfNone\", which specifies that the IngressController sets the headers if they are not already set. \n * \"Never\", which specifies that the IngressController never sets the headers, preserving any existing headers. \n By default, the policy is \"Append\"." enum: @@ -678,6 +802,10 @@ spec: description: "clientTimeout defines how long a connection will be held open while waiting for a client response. \n If unset, the default timeout is 30s" format: duration type: string + connectTimeout: + description: "ConnectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed. \n This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\". \n When omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s." + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string headerBufferBytes: description: "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes. \n Setting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary." format: int32 diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml index 0d944cbcd71..83222ab78cb 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml @@ -219,6 +219,59 @@ spec: ipForwarding: description: IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to "Global". The supported values are "Restricted" and "Global". type: string + ipv4: + description: ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values. + type: object + properties: + internalMasqueradeSubnet: + description: internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format + type: string + maxLength: 18 + x-kubernetes-validations: + - rule: self.indexOf('/') == self.lastIndexOf('/') + message: CIDR format must contain exactly one '/' + - rule: '[int(self.split(''/'')[1])].all(x, x <= 29 && x >= 0)' + message: subnet must be in the range /0 to /29 inclusive + - rule: self.split('/')[0].split('.').size() == 4 + message: a valid IPv4 address must contain 4 octets + - rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != ''0'' && int(x) <= 255 && !x.startsWith(''0''))' + message: first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255 + - rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], self.findAll(''[0-9]+'')[3]].all(x, int(x) <= 255 && (x == ''0'' || !x.startsWith(''0'')))' + message: IP address octets must not contain leading zeros, and must be less or equal to 255 + ipv6: + description: ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values. + type: object + properties: + internalMasqueradeSubnet: + description: internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - rule: self.indexOf('/') == self.lastIndexOf('/') + message: CIDR format must contain exactly one '/' + - rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0) + message: subnet must be in the range /0 to /125 inclusive + - rule: self.indexOf('::') == self.lastIndexOf('::') + message: IPv6 addresses must contain at most one '::' and may only be shortened once + - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() <= 8 : self.split(''/'')[0].split('':'').size() == 8' + message: a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments + - rule: 'self.split(''/'')[0].split('':'').size() >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1 + - rule: 'self.split(''/'')[0].split('':'').size() >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2 + - rule: 'self.split(''/'')[0].split('':'').size() >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3 + - rule: 'self.split(''/'')[0].split('':'').size() >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4 + - rule: 'self.split(''/'')[0].split('':'').size() >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5 + - rule: 'self.split(''/'')[0].split('':'').size() >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6 + - rule: 'self.split(''/'')[0].split('':'').size() >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7 + - rule: 'self.split(''/'')[0].split('':'').size() >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8 + - rule: '!self.contains(''.'')' + message: IPv6 dual addresses are not permitted, value should not contain `.` characters routingViaHost: description: RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified. type: boolean diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml index d90a1355782..8a807318a02 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml @@ -59,7 +59,7 @@ spec: properties: kmsKeyARN: description: kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key. - pattern: ^arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ type: string type: object azure: diff --git a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml index 01d02ce0969..b70cd9ecdb4 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml @@ -13,3 +13,548 @@ tests: kind: IngressController spec: httpEmptyRequestsPolicy: Respond + - name: Should be able to create an IngressController with valid Actions + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + - name: Should not allow to set/delete HSTS header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: Strict-Transport-Security + action: + type: Delete + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "strict-transport-security header may not be modified via header actions" + - name: Should not allow to set/delete Proxy header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Proxy + action: + type: Set + set: + value: example.xyz + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "proxy header may not be modified via header actions" + - name: Should not allow to set/delete Host header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Host + action: + type: Set + set: + value: example.xyz + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "host header may not be modified via header actions" + - name: Should not allow to set/delete cookie header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Cookie + action: + type: Set + set: + value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "cookie header may not be modified via header actions" + - name: Should not allow to set/delete set-cookie header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: Set-Cookie + action: + type: Set + set: + value: "sessionId=e8bb43229de9; Domain=foo.example.com" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "set-cookie header may not be modified via header actions" + - name: Should not allow to set/delete dynamic headers with unclosed braces. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-unclosed-braces + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + - name: expires + action: + type: Set + set: + value: "%[req.hdr(host),lower" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response header values with not allowed sample fetchers. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Target + action: + type: Set + set: + value: "%[req.hdrs(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow empty value in response. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow empty value in request. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-Frame-Options + action: + type: Set + set: + value: + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow to set dynamic response header values with not allowed converters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Source + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,bogus]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values containing sample fetcher res.hdr. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-Target + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response headers value containing sample fetcher req.hdr. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Source + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed converters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,hello]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed sample fetchers. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der1234,base64]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should be required to specify the set field when the discriminant type is Set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + expectedError: "set is required when type is Set, and forbidden otherwise" + - name: Should be able to add set field only when discriminant type is Set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + set: + value: DENY + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should be able to create an IngressController with valid nominal connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: 10s + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + tuningOptions: + connectTimeout: 10s + - name: Should be able to create an IngressController with valid composite connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: 100ms300μs + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + tuningOptions: + connectTimeout: 100ms300μs + - name: Should be able to create an IngressController with valid fraction connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: 1.5m + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + tuningOptions: + connectTimeout: 1.5m + - name: Should not be able to create an IngressController with invalid unit connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: 3d + expectedError: "IngressController.operator.openshift.io \"default\" is invalid: spec.tuningOptions.connectTimeout: Invalid value: \"3d\": spec.tuningOptions.connectTimeout in body should match '^(0|([0-9]+(\\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$'" + - name: Should not be able to create an IngressController with invalid space connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: "4 s" + expectedError: "IngressController.operator.openshift.io \"default\" is invalid: spec.tuningOptions.connectTimeout: Invalid value: \"4 s\": spec.tuningOptions.connectTimeout in body should match '^(0|([0-9]+(\\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$'" diff --git a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml index a40c21fabe1..698e4bf48c8 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml @@ -15,3 +15,216 @@ tests: disableNetworkDiagnostics: false logLevel: Normal operatorLogLevel: Normal + - name: Should be able to pass a valid IPV4 CIDR to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: "169.254.168.0/29" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipv4: + internalMasqueradeSubnet: "169.254.168.0/29" + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should not be able to pass CIDR with a subnet larger than /29 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.10/32 + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" + - name: Should not be able to pass CIDR with a subnet smaller than /0 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.10/-1 + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" + - name: Should not be able to add an IP address with the incorrect number of octets to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10/24 + expectedError: "Invalid value: \"string\": a valid IPv4 address must contain 4 octets" + - name: Should not be able to add an IP address with leading zeros in an octet to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.010.10/24 + expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" + - name: Should not be able to add an IP address with with zero for the first octet to internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 0.10.10.10/24 + expectedError: "Invalid value: \"string\": first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" + - name: Should not be able to add an IP address with an octet greater than 255 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.256/24 + expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" + - name: Should be able to pass a valid IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + routingViaHost: false + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to pass a valid shorthand IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should not be able to pass invalid IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "foo" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /125 inclusive" + - name: Should not be able to add an IP address with the more than 8 octets to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:6789:abcd/125 + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: Should not be able to add a dual IP address to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:1.2.3.4/125 + expectedError: "Invalid value: \"string\": IPv6 dual addresses are not permitted, value should not contain `.` characters" + - name: Should be able to pass a double elided IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd::ef01::2345:6789/20" + expectedError: "Invalid value: \"string\": IPv6 addresses must contain at most one '::' and may only be shortened once" + - name: "Should not be able to pass a complete IPV6 CIDR with a :: expander to v6InternalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::abcd:ef01:2345:6789/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: Should not be able to pass a IPV6 CIDR without enough segments to v6InternalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: "Should not be able to pass an elided IPV6 CIDR with only a single empty segment to IPV6 internalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345::/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + \ No newline at end of file diff --git a/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml new file mode 100644 index 00000000000..27108a3af18 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml @@ -0,0 +1,62 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] Etcd" +crd: 0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create with Standard hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Standard + - name: Should be able to create with Slower hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Slower + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Slower + onUpdate: + - name: Should be able to create with Standard, then set to Slower + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Slower + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Slower + - name: Should not be allowed to try to set invalid hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: foo + expectedError: Unsupported value diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index d2f05891038..e710f67b403 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -153,7 +153,7 @@ type AWSCSIDriverConfigSpec struct { // kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, // rather than the default KMS key used by AWS. // The value may be either the ARN or Alias ARN of a KMS key. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` + // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` // +optional KMSKeyARN string `json:"kmsKeyARN,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index f0b525a40da..f763556b878 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -28,12 +28,41 @@ type Etcd struct { type EtcdSpec struct { StaticPodOperatorSpec `json:",inline"` + // HardwareSpeed allows user to change the etcd tuning profile which configures + // the latency parameters for heartbeat interval and leader election timeouts + // allowing the cluster to tolerate longer round-trip-times between etcd members. + // Valid values are "", "Standard" and "Slower". + // "" means no opinion and the platform is left to choose a reasonable default + // which is subject to change without notice. + // +kubebuilder:validation:Optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +optional + HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` } type EtcdStatus struct { StaticPodOperatorStatus `json:",inline"` + HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` } +const ( + // StandardHardwareSpeed provides the normal tolerances for hardware speed and latency. + // Currently sets (values subject to change at any time): + // ETCD_HEARTBEAT_INTERVAL: 100ms + // ETCD_LEADER_ELECTION_TIMEOUT: 1000ms + StandardHardwareSpeed ControlPlaneHardwareSpeed = "Standard" + // SlowerHardwareSpeed provides more tolerance for slower hardware and/or higher latency networks. + // Sets (values subject to change): + // ETCD_HEARTBEAT_INTERVAL: 5x Standard + // ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard + SlowerHardwareSpeed ControlPlaneHardwareSpeed = "Slower" +) + +// ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels +// +enum +// +kubebuilder:validation:Enum:="";Standard;Slower +type ControlPlaneHardwareSpeed string + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeAPISOperatorConfigList is a collection of items diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 13d020420c7..92d862a50d4 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -1399,6 +1399,144 @@ type IngressControllerHTTPHeaders struct { // +nullable // +optional HeaderNameCaseAdjustments []IngressControllerHTTPHeaderNameCaseAdjustment `json:"headerNameCaseAdjustments,omitempty"` + + // actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + // may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + // accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // Headers set using this API cannot be captured for use in access logs. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + // +optional + Actions IngressControllerHTTPHeaderActions `json:"actions,omitempty"` +} + +// IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +type IngressControllerHTTPHeaderActions struct { + // response is a list of HTTP response headers to modify. + // Actions defined here will modify the response headers of all requests passing through an ingress controller. + // These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + // IngressController actions for response headers will be executed after Route actions. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + Response []IngressControllerHTTPHeader `json:"response"` + // request is a list of HTTP request headers to modify. + // Actions defined here will modify the request headers of all requests passing through an ingress controller. + // These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + // IngressController actions for request headers will be executed before Route actions. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + Request []IngressControllerHTTPHeader `json:"request"` +} + +// IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. +type IngressControllerHTTPHeader struct { + // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'host'",message="host header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions" + Name string `json:"name"` + // action specifies actions to perform on headers, such as setting or deleting headers. + // +kubebuilder:validation:Required + Action IngressControllerHTTPHeaderActionUnion `json:"action"` +} + +// IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise" +// +union +type IngressControllerHTTPHeaderActionUnion struct { + // type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + // +unionDiscriminator + // +kubebuilder:validation:Enum:=Set;Delete + // +kubebuilder:validation:Required + Type IngressControllerHTTPHeaderActionType `json:"type"` + + // set specifies how the HTTP header should be set. + // This field is required when type is Set and forbidden otherwise. + // +optional + // +unionMember + Set *IngressControllerSetHTTPHeader `json:"set,omitempty"` +} + +// IngressControllerHTTPHeaderActionType defines actions that can be performed on HTTP headers. +type IngressControllerHTTPHeaderActionType string + +const ( + // Set specifies that an HTTP header should be set. + Set IngressControllerHTTPHeaderActionType = "Set" + // Delete specifies that an HTTP header should be deleted. + Delete IngressControllerHTTPHeaderActionType = "Delete" +) + +// IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header. +type IngressControllerSetHTTPHeader struct { + // value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + // + --- + // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit. + // + See . + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16384 + Value string `json:"value"` } // IngressControllerTuningOptions specifies options for tuning the performance @@ -1507,6 +1645,23 @@ type IngressControllerTuningOptions struct { // +optional TunnelTimeout *metav1.Duration `json:"tunnelTimeout,omitempty"` + // ConnectTimeout defines the maximum time to wait for + // a connection attempt to a server/backend to succeed. + // + // This field expects an unsigned duration string of decimal numbers, each with optional + // fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + // Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + // + // When omitted, this means the user has no opinion and the platform is left + // to choose a reasonable default. This default is subject to change over time. + // The current default is 5s. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Pattern=^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + // +kubebuilder:validation:Type:=string + // +optional + ConnectTimeout *metav1.Duration `json:"connectTimeout,omitempty"` + // tlsInspectDelay defines how long the router can hold data to find a // matching route. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index ffa8e063629..17fbbed0dc0 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -507,6 +507,63 @@ type GatewayConfig struct { // The supported values are "Restricted" and "Global". // +optional IPForwarding IPForwardingMode `json:"ipForwarding,omitempty"` + // ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + // configuration is used. Check individual members fields within ipv4 for details of default values. + // +optional + IPv4 IPv4GatewayConfig `json:"ipv4,omitempty"` + // ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + // configuration is used. Check individual members fields within ipv6 for details of default values. + // +optional + IPv6 IPv6GatewayConfig `json:"ipv6,omitempty"` +} + +// IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes +type IPv4GatewayConfig struct { + // internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + // ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + // addresses, as well as the shared gateway bridge interface. The values can be changed after + // installation. The subnet chosen should not overlap with other networks specified for + // OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + // be large enough to accommodate 6 IPs (maximum prefix length /29). + // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + // The current default subnet is 169.254.169.0/29 + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="self.indexOf('/') == self.lastIndexOf('/')",message="CIDR format must contain exactly one '/'" + // +kubebuilder:validation:XValidation:rule="[int(self.split('/')[1])].all(x, x <= 29 && x >= 0)",message="subnet must be in the range /0 to /29 inclusive" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split('.').size() == 4",message="a valid IPv4 address must contain 4 octets" + // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[0]].all(x, x != '0' && int(x) <= 255 && !x.startsWith('0'))",message="first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" + // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[1], self.findAll('[0-9]+')[2], self.findAll('[0-9]+')[3]].all(x, int(x) <= 255 && (x == '0' || !x.startsWith('0')))",message="IP address octets must not contain leading zeros, and must be less or equal to 255" + // +optional + InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` +} + +// IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes +type IPv6GatewayConfig struct { + // internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + // ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + // addresses, as well as the shared gateway bridge interface. The values can be changed after + // installation. The subnet chosen should not overlap with other networks specified for + // OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + // be large enough to accommodate 6 IPs (maximum prefix length /125). + // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + // The current default subnet is fd69::/125 + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:XValidation:rule="self.indexOf('/') == self.lastIndexOf('/')",message="CIDR format must contain exactly one '/'" + // +kubebuilder:validation:XValidation:rule="self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0)",message="subnet must be in the range /0 to /125 inclusive" + // +kubebuilder:validation:XValidation:rule="self.indexOf('::') == self.lastIndexOf('::')",message="IPv6 addresses must contain at most one '::' and may only be shortened once" + // +kubebuilder:validation:XValidation:rule="self.contains('::') ? self.split('/')[0].split(':').size() <= 8 : self.split('/')[0].split(':').size() == 8",message="a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=1 ? [self.split('/')[0].split(':', 8)[0]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=2 ? [self.split('/')[0].split(':', 8)[1]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=3 ? [self.split('/')[0].split(':', 8)[2]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=4 ? [self.split('/')[0].split(':', 8)[3]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=5 ? [self.split('/')[0].split(':', 8)[4]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=6 ? [self.split('/')[0].split(':', 8)[5]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=7 ? [self.split('/')[0].split(':', 8)[6]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=8 ? [self.split('/')[0].split(':', 8)[7]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8" + // +kubebuilder:validation:XValidation:rule="!self.contains('.')",message="IPv6 dual addresses are not permitted, value should not contain `.` characters" + // +optional + InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` } type ExportNetworkFlows struct { diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index b72d5296fb2..d65d477cfd6 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -1533,6 +1533,8 @@ func (in *GCPLoadBalancerParameters) DeepCopy() *GCPLoadBalancerParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatewayConfig) DeepCopyInto(out *GatewayConfig) { *out = *in + out.IPv4 = in.IPv4 + out.IPv6 = in.IPv6 return } @@ -1764,6 +1766,38 @@ func (in *IPsecConfig) DeepCopy() *IPsecConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv4GatewayConfig) DeepCopyInto(out *IPv4GatewayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4GatewayConfig. +func (in *IPv4GatewayConfig) DeepCopy() *IPv4GatewayConfig { + if in == nil { + return nil + } + out := new(IPv4GatewayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv6GatewayConfig) DeepCopyInto(out *IPv6GatewayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv6GatewayConfig. +func (in *IPv6GatewayConfig) DeepCopy() *IPv6GatewayConfig { + if in == nil { + return nil + } + out := new(IPv6GatewayConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressController) DeepCopyInto(out *IngressController) { *out = *in @@ -1867,6 +1901,74 @@ func (in *IngressControllerCaptureHTTPHeaders) DeepCopy() *IngressControllerCapt return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeader) DeepCopyInto(out *IngressControllerHTTPHeader) { + *out = *in + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeader. +func (in *IngressControllerHTTPHeader) DeepCopy() *IngressControllerHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderActionUnion) DeepCopyInto(out *IngressControllerHTTPHeaderActionUnion) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = new(IngressControllerSetHTTPHeader) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderActionUnion. +func (in *IngressControllerHTTPHeaderActionUnion) DeepCopy() *IngressControllerHTTPHeaderActionUnion { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderActionUnion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderActions) DeepCopyInto(out *IngressControllerHTTPHeaderActions) { + *out = *in + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]IngressControllerHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]IngressControllerHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderActions. +func (in *IngressControllerHTTPHeaderActions) DeepCopy() *IngressControllerHTTPHeaderActions { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderActions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPHeaders) { *out = *in @@ -1876,6 +1978,7 @@ func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPH *out = make([]IngressControllerHTTPHeaderNameCaseAdjustment, len(*in)) copy(*out, *in) } + in.Actions.DeepCopyInto(&out.Actions) return } @@ -1959,6 +2062,22 @@ func (in *IngressControllerLogging) DeepCopy() *IngressControllerLogging { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerSetHTTPHeader) DeepCopyInto(out *IngressControllerSetHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerSetHTTPHeader. +func (in *IngressControllerSetHTTPHeader) DeepCopy() *IngressControllerSetHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerSetHTTPHeader) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerSpec) DeepCopyInto(out *IngressControllerSpec) { *out = *in @@ -2101,6 +2220,11 @@ func (in *IngressControllerTuningOptions) DeepCopyInto(out *IngressControllerTun *out = new(metav1.Duration) **out = **in } + if in.ConnectTimeout != nil { + in, out := &in.ConnectTimeout, &out.ConnectTimeout + *out = new(metav1.Duration) + **out = **in + } if in.TLSInspectDelay != nil { in, out := &in.TLSInspectDelay, &out.TLSInspectDelay *out = new(metav1.Duration) diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 0336ec25b01..1d86519e84a 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -686,6 +686,14 @@ func (EtcdList) SwaggerDoc() map[string]string { return map_EtcdList } +var map_EtcdSpec = map[string]string{ + "controlPlaneHardwareSpeed": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.", +} + +func (EtcdSpec) SwaggerDoc() map[string]string { + return map_EtcdSpec +} + var map_AWSClassicLoadBalancerParameters = map[string]string{ "": "AWSClassicLoadBalancerParameters holds configuration parameters for an AWS Classic load balancer.", "connectionIdleTimeout": "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", @@ -850,11 +858,42 @@ func (IngressControllerCaptureHTTPHeaders) SwaggerDoc() map[string]string { return map_IngressControllerCaptureHTTPHeaders } +var map_IngressControllerHTTPHeader = map[string]string{ + "": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "name": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "action": "action specifies actions to perform on headers, such as setting or deleting headers.", +} + +func (IngressControllerHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeader +} + +var map_IngressControllerHTTPHeaderActionUnion = map[string]string{ + "": "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "type": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "set": "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", +} + +func (IngressControllerHTTPHeaderActionUnion) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderActionUnion +} + +var map_IngressControllerHTTPHeaderActions = map[string]string{ + "": "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "response": "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", + "request": "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". ", +} + +func (IngressControllerHTTPHeaderActions) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderActions +} + var map_IngressControllerHTTPHeaders = map[string]string{ "": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", "forwardedHeaderPolicy": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", "uniqueId": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", "headerNameCaseAdjustments": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", + "actions": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", } func (IngressControllerHTTPHeaders) SwaggerDoc() map[string]string { @@ -889,6 +928,15 @@ func (IngressControllerLogging) SwaggerDoc() map[string]string { return map_IngressControllerLogging } +var map_IngressControllerSetHTTPHeader = map[string]string{ + "": "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", + "value": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. ", +} + +func (IngressControllerSetHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerSetHTTPHeader +} + var map_IngressControllerSpec = map[string]string{ "": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", "domain": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", @@ -941,6 +989,7 @@ var map_IngressControllerTuningOptions = map[string]string{ "serverTimeout": "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", "serverFinTimeout": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", "tunnelTimeout": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", + "connectTimeout": "ConnectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", "tlsInspectDelay": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", "healthCheckInterval": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", "maxConnections": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", @@ -1261,6 +1310,8 @@ var map_GatewayConfig = map[string]string{ "": "GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides", "routingViaHost": "RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.", "ipForwarding": "IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to \"Global\". The supported values are \"Restricted\" and \"Global\".", + "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.", + "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.", } func (GatewayConfig) SwaggerDoc() map[string]string { @@ -1294,6 +1345,24 @@ func (IPFIXConfig) SwaggerDoc() map[string]string { return map_IPFIXConfig } +var map_IPv4GatewayConfig = map[string]string{ + "": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes", + "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format", +} + +func (IPv4GatewayConfig) SwaggerDoc() map[string]string { + return map_IPv4GatewayConfig +} + +var map_IPv6GatewayConfig = map[string]string{ + "": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", + "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted", +} + +func (IPv6GatewayConfig) SwaggerDoc() map[string]string { + return map_IPv6GatewayConfig +} + var map_KuryrConfig = map[string]string{ "": "KuryrConfig configures the Kuryr-Kubernetes SDN", "daemonProbesPort": "The port kuryr-daemon will listen for readiness and liveness requests.", diff --git a/vendor/github.com/openshift/api/route/v1/generated.pb.go b/vendor/github.com/openshift/api/route/v1/generated.pb.go index e7c32848957..2adcd1cc869 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/route/v1/generated.pb.go @@ -86,10 +86,122 @@ func (m *Route) XXX_DiscardUnknown() { var xxx_messageInfo_Route proto.InternalMessageInfo +func (m *RouteHTTPHeader) Reset() { *m = RouteHTTPHeader{} } +func (*RouteHTTPHeader) ProtoMessage() {} +func (*RouteHTTPHeader) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{2} +} +func (m *RouteHTTPHeader) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteHTTPHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteHTTPHeader) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteHTTPHeader.Merge(m, src) +} +func (m *RouteHTTPHeader) XXX_Size() int { + return m.Size() +} +func (m *RouteHTTPHeader) XXX_DiscardUnknown() { + xxx_messageInfo_RouteHTTPHeader.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteHTTPHeader proto.InternalMessageInfo + +func (m *RouteHTTPHeaderActionUnion) Reset() { *m = RouteHTTPHeaderActionUnion{} } +func (*RouteHTTPHeaderActionUnion) ProtoMessage() {} +func (*RouteHTTPHeaderActionUnion) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{3} +} +func (m *RouteHTTPHeaderActionUnion) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteHTTPHeaderActionUnion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteHTTPHeaderActionUnion) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteHTTPHeaderActionUnion.Merge(m, src) +} +func (m *RouteHTTPHeaderActionUnion) XXX_Size() int { + return m.Size() +} +func (m *RouteHTTPHeaderActionUnion) XXX_DiscardUnknown() { + xxx_messageInfo_RouteHTTPHeaderActionUnion.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteHTTPHeaderActionUnion proto.InternalMessageInfo + +func (m *RouteHTTPHeaderActions) Reset() { *m = RouteHTTPHeaderActions{} } +func (*RouteHTTPHeaderActions) ProtoMessage() {} +func (*RouteHTTPHeaderActions) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{4} +} +func (m *RouteHTTPHeaderActions) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteHTTPHeaderActions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteHTTPHeaderActions) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteHTTPHeaderActions.Merge(m, src) +} +func (m *RouteHTTPHeaderActions) XXX_Size() int { + return m.Size() +} +func (m *RouteHTTPHeaderActions) XXX_DiscardUnknown() { + xxx_messageInfo_RouteHTTPHeaderActions.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteHTTPHeaderActions proto.InternalMessageInfo + +func (m *RouteHTTPHeaders) Reset() { *m = RouteHTTPHeaders{} } +func (*RouteHTTPHeaders) ProtoMessage() {} +func (*RouteHTTPHeaders) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{5} +} +func (m *RouteHTTPHeaders) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteHTTPHeaders) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteHTTPHeaders) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteHTTPHeaders.Merge(m, src) +} +func (m *RouteHTTPHeaders) XXX_Size() int { + return m.Size() +} +func (m *RouteHTTPHeaders) XXX_DiscardUnknown() { + xxx_messageInfo_RouteHTTPHeaders.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteHTTPHeaders proto.InternalMessageInfo + func (m *RouteIngress) Reset() { *m = RouteIngress{} } func (*RouteIngress) ProtoMessage() {} func (*RouteIngress) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{2} + return fileDescriptor_373b8fa7ff738721, []int{6} } func (m *RouteIngress) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -117,7 +229,7 @@ var xxx_messageInfo_RouteIngress proto.InternalMessageInfo func (m *RouteIngressCondition) Reset() { *m = RouteIngressCondition{} } func (*RouteIngressCondition) ProtoMessage() {} func (*RouteIngressCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{3} + return fileDescriptor_373b8fa7ff738721, []int{7} } func (m *RouteIngressCondition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -145,7 +257,7 @@ var xxx_messageInfo_RouteIngressCondition proto.InternalMessageInfo func (m *RouteList) Reset() { *m = RouteList{} } func (*RouteList) ProtoMessage() {} func (*RouteList) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{4} + return fileDescriptor_373b8fa7ff738721, []int{8} } func (m *RouteList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -173,7 +285,7 @@ var xxx_messageInfo_RouteList proto.InternalMessageInfo func (m *RoutePort) Reset() { *m = RoutePort{} } func (*RoutePort) ProtoMessage() {} func (*RoutePort) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{5} + return fileDescriptor_373b8fa7ff738721, []int{9} } func (m *RoutePort) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -198,10 +310,38 @@ func (m *RoutePort) XXX_DiscardUnknown() { var xxx_messageInfo_RoutePort proto.InternalMessageInfo +func (m *RouteSetHTTPHeader) Reset() { *m = RouteSetHTTPHeader{} } +func (*RouteSetHTTPHeader) ProtoMessage() {} +func (*RouteSetHTTPHeader) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{10} +} +func (m *RouteSetHTTPHeader) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteSetHTTPHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteSetHTTPHeader) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteSetHTTPHeader.Merge(m, src) +} +func (m *RouteSetHTTPHeader) XXX_Size() int { + return m.Size() +} +func (m *RouteSetHTTPHeader) XXX_DiscardUnknown() { + xxx_messageInfo_RouteSetHTTPHeader.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteSetHTTPHeader proto.InternalMessageInfo + func (m *RouteSpec) Reset() { *m = RouteSpec{} } func (*RouteSpec) ProtoMessage() {} func (*RouteSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{6} + return fileDescriptor_373b8fa7ff738721, []int{11} } func (m *RouteSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -229,7 +369,7 @@ var xxx_messageInfo_RouteSpec proto.InternalMessageInfo func (m *RouteStatus) Reset() { *m = RouteStatus{} } func (*RouteStatus) ProtoMessage() {} func (*RouteStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{7} + return fileDescriptor_373b8fa7ff738721, []int{12} } func (m *RouteStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -257,7 +397,7 @@ var xxx_messageInfo_RouteStatus proto.InternalMessageInfo func (m *RouteTargetReference) Reset() { *m = RouteTargetReference{} } func (*RouteTargetReference) ProtoMessage() {} func (*RouteTargetReference) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{8} + return fileDescriptor_373b8fa7ff738721, []int{13} } func (m *RouteTargetReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -285,7 +425,7 @@ var xxx_messageInfo_RouteTargetReference proto.InternalMessageInfo func (m *RouterShard) Reset() { *m = RouterShard{} } func (*RouterShard) ProtoMessage() {} func (*RouterShard) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{9} + return fileDescriptor_373b8fa7ff738721, []int{14} } func (m *RouterShard) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -313,7 +453,7 @@ var xxx_messageInfo_RouterShard proto.InternalMessageInfo func (m *TLSConfig) Reset() { *m = TLSConfig{} } func (*TLSConfig) ProtoMessage() {} func (*TLSConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{10} + return fileDescriptor_373b8fa7ff738721, []int{15} } func (m *TLSConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -341,10 +481,15 @@ var xxx_messageInfo_TLSConfig proto.InternalMessageInfo func init() { proto.RegisterType((*LocalObjectReference)(nil), "github.com.openshift.api.route.v1.LocalObjectReference") proto.RegisterType((*Route)(nil), "github.com.openshift.api.route.v1.Route") + proto.RegisterType((*RouteHTTPHeader)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeader") + proto.RegisterType((*RouteHTTPHeaderActionUnion)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaderActionUnion") + proto.RegisterType((*RouteHTTPHeaderActions)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaderActions") + proto.RegisterType((*RouteHTTPHeaders)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaders") proto.RegisterType((*RouteIngress)(nil), "github.com.openshift.api.route.v1.RouteIngress") proto.RegisterType((*RouteIngressCondition)(nil), "github.com.openshift.api.route.v1.RouteIngressCondition") proto.RegisterType((*RouteList)(nil), "github.com.openshift.api.route.v1.RouteList") proto.RegisterType((*RoutePort)(nil), "github.com.openshift.api.route.v1.RoutePort") + proto.RegisterType((*RouteSetHTTPHeader)(nil), "github.com.openshift.api.route.v1.RouteSetHTTPHeader") proto.RegisterType((*RouteSpec)(nil), "github.com.openshift.api.route.v1.RouteSpec") proto.RegisterType((*RouteStatus)(nil), "github.com.openshift.api.route.v1.RouteStatus") proto.RegisterType((*RouteTargetReference)(nil), "github.com.openshift.api.route.v1.RouteTargetReference") @@ -357,84 +502,96 @@ func init() { } var fileDescriptor_373b8fa7ff738721 = []byte{ - // 1217 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0xcf, 0x92, 0xd3, 0xc6, - 0x13, 0x5e, 0xd9, 0xde, 0x3f, 0x1e, 0x03, 0xbf, 0x1f, 0x03, 0x04, 0x43, 0x15, 0x36, 0xe8, 0x90, - 0x82, 0x14, 0x91, 0xb2, 0x1b, 0x92, 0x50, 0x95, 0xca, 0x01, 0x2d, 0x14, 0x59, 0x30, 0x0b, 0x35, - 0x76, 0x85, 0x0a, 0xc5, 0x21, 0xb3, 0xd2, 0x58, 0x9e, 0xac, 0x3d, 0xa3, 0xcc, 0x8c, 0x81, 0xbd, - 0xa4, 0xa8, 0xe4, 0x05, 0xc8, 0xdb, 0xe4, 0x9e, 0x0b, 0x47, 0x8e, 0x9c, 0x5c, 0x59, 0xe7, 0x98, - 0x37, 0xd8, 0x53, 0x6a, 0x46, 0x63, 0x49, 0xf6, 0xda, 0x60, 0x92, 0x9b, 0xd5, 0xfd, 0x7d, 0x5f, - 0xf7, 0x74, 0xb7, 0x7a, 0x64, 0xb0, 0x19, 0x53, 0xd5, 0x1b, 0xee, 0x79, 0x21, 0x1f, 0xf8, 0x3c, - 0x21, 0x4c, 0xf6, 0x68, 0x57, 0xf9, 0x38, 0xa1, 0xbe, 0xe0, 0x43, 0x45, 0xfc, 0x67, 0x9b, 0x7e, - 0x4c, 0x18, 0x11, 0x58, 0x91, 0xc8, 0x4b, 0x04, 0x57, 0x1c, 0x5e, 0xc9, 0x29, 0x5e, 0x46, 0xf1, - 0x70, 0x42, 0x3d, 0x43, 0xf1, 0x9e, 0x6d, 0x5e, 0xfc, 0xb4, 0xa0, 0x1a, 0xf3, 0x98, 0xfb, 0x86, - 0xb9, 0x37, 0xec, 0x9a, 0x27, 0xf3, 0x60, 0x7e, 0xa5, 0x8a, 0x17, 0xdd, 0xfd, 0x9b, 0xd2, 0xa3, - 0xdc, 0x84, 0x0d, 0xb9, 0x98, 0x17, 0xf5, 0xe2, 0x8d, 0x1c, 0x33, 0xc0, 0x61, 0x8f, 0x32, 0x22, - 0x0e, 0xfc, 0x64, 0x3f, 0xd6, 0x06, 0xe9, 0x0f, 0x88, 0xc2, 0xf3, 0x58, 0x5f, 0x2e, 0x62, 0x89, - 0x21, 0x53, 0x74, 0x40, 0x7c, 0x19, 0xf6, 0xc8, 0x00, 0x1f, 0xe3, 0x7d, 0xbe, 0x88, 0x37, 0x54, - 0xb4, 0xef, 0x53, 0xa6, 0xa4, 0x12, 0xb3, 0x24, 0xf7, 0x26, 0x38, 0xdb, 0xe2, 0x21, 0xee, 0x3f, - 0xdc, 0xfb, 0x91, 0x84, 0x0a, 0x91, 0x2e, 0x11, 0x84, 0x85, 0x04, 0x5e, 0x06, 0x15, 0x86, 0x07, - 0xa4, 0xee, 0x5c, 0x76, 0xae, 0x56, 0x83, 0x13, 0xaf, 0x47, 0xcd, 0x95, 0xf1, 0xa8, 0x59, 0xd9, - 0xc5, 0x03, 0x82, 0x8c, 0xc7, 0xfd, 0xad, 0x04, 0x56, 0x91, 0x2e, 0x1e, 0xfc, 0x01, 0x6c, 0xe8, - 0xb3, 0x44, 0x58, 0x61, 0x83, 0xaf, 0x6d, 0x7d, 0xe6, 0xa5, 0xb9, 0x78, 0xc5, 0x5c, 0xbc, 0x64, - 0x3f, 0xd6, 0x06, 0xe9, 0x69, 0xb4, 0xf7, 0x6c, 0xd3, 0x4b, 0x83, 0x3e, 0x20, 0x0a, 0x07, 0xd0, - 0x46, 0x00, 0xb9, 0x0d, 0x65, 0xaa, 0x70, 0x17, 0x54, 0x64, 0x42, 0xc2, 0x7a, 0xc9, 0xa8, 0x5f, - 0xf7, 0xde, 0xdb, 0x4d, 0xcf, 0x64, 0xd6, 0x4e, 0x48, 0x98, 0xe7, 0xae, 0x9f, 0x90, 0xd1, 0x81, - 0xdf, 0x81, 0x35, 0xa9, 0xb0, 0x1a, 0xca, 0x7a, 0xd9, 0x28, 0x7a, 0x4b, 0x2b, 0x1a, 0x56, 0x70, - 0xca, 0x6a, 0xae, 0xa5, 0xcf, 0xc8, 0xaa, 0xb9, 0xbf, 0x96, 0xc1, 0x09, 0x83, 0xdb, 0x61, 0xb1, - 0x20, 0x52, 0xea, 0x32, 0xf6, 0xb8, 0x54, 0xb3, 0x65, 0xfc, 0x96, 0x4b, 0x85, 0x8c, 0x07, 0x6e, - 0x01, 0x60, 0x42, 0x08, 0x5d, 0x5a, 0x73, 0xc0, 0x6a, 0x5e, 0x0c, 0x94, 0x79, 0x50, 0x01, 0x05, - 0xfb, 0x00, 0x84, 0x9c, 0x45, 0x54, 0x51, 0xce, 0xf4, 0x11, 0xca, 0x57, 0x6b, 0x5b, 0x37, 0x97, - 0x3d, 0x82, 0x4d, 0x6d, 0x7b, 0x22, 0x90, 0x47, 0xcb, 0x4c, 0x12, 0x15, 0xf4, 0x61, 0x07, 0x9c, - 0x7a, 0x4e, 0xfb, 0x51, 0x88, 0x45, 0xf4, 0x88, 0xf7, 0x69, 0x78, 0x50, 0xaf, 0x98, 0x2c, 0xaf, - 0x5b, 0xde, 0xa9, 0xc7, 0x53, 0xde, 0xa3, 0x51, 0x13, 0x4e, 0x5b, 0x3a, 0x07, 0x09, 0x41, 0x33, - 0x1a, 0xf0, 0x7b, 0x70, 0x3e, 0x3d, 0xd1, 0x36, 0x66, 0x9c, 0xd1, 0x10, 0xf7, 0x75, 0x51, 0xcc, - 0xcc, 0xad, 0x1a, 0xf9, 0xa6, 0x95, 0x3f, 0x8f, 0xe6, 0xc3, 0xd0, 0x22, 0xbe, 0xfb, 0x77, 0x09, - 0x9c, 0x9b, 0x7b, 0x54, 0xf8, 0x0d, 0xa8, 0xa8, 0x83, 0x64, 0x32, 0xd5, 0xd7, 0x26, 0xed, 0xd0, - 0x09, 0x1e, 0x8d, 0x9a, 0x17, 0xe6, 0x92, 0x4c, 0xf6, 0x86, 0x06, 0x5b, 0xd9, 0xd8, 0xa4, 0x7d, - 0xba, 0x31, 0x3d, 0x06, 0x47, 0xa3, 0xe6, 0x9c, 0xad, 0xe0, 0x65, 0x4a, 0xd3, 0xc3, 0x02, 0x3f, - 0x06, 0x6b, 0x82, 0x60, 0xc9, 0x99, 0x19, 0xc2, 0x6a, 0x3e, 0x54, 0xc8, 0x58, 0x91, 0xf5, 0xc2, - 0x6b, 0x60, 0x7d, 0x40, 0xa4, 0xc4, 0x31, 0xb1, 0x85, 0xff, 0x9f, 0x05, 0xae, 0x3f, 0x48, 0xcd, - 0x68, 0xe2, 0x87, 0x02, 0xc0, 0x3e, 0x96, 0xaa, 0x23, 0x30, 0x93, 0x69, 0xf2, 0xd4, 0xd6, 0xb3, - 0xb6, 0xf5, 0xc9, 0x72, 0xef, 0xa4, 0x66, 0x04, 0x1f, 0x8d, 0x47, 0x4d, 0xd8, 0x3a, 0xa6, 0x84, - 0xe6, 0xa8, 0xbb, 0xbf, 0x3b, 0xa0, 0x6a, 0x0a, 0xd7, 0xa2, 0x52, 0xc1, 0xa7, 0xc7, 0x76, 0x81, - 0xb7, 0x5c, 0x5c, 0xcd, 0x36, 0x9b, 0xe0, 0xff, 0xf6, 0x74, 0x1b, 0x13, 0x4b, 0x61, 0x0f, 0x3c, - 0x00, 0xab, 0x54, 0x91, 0x81, 0xae, 0xbf, 0x9e, 0xf9, 0xab, 0xcb, 0xce, 0x7c, 0x70, 0xd2, 0x8a, - 0xae, 0xee, 0x68, 0x3a, 0x4a, 0x55, 0xdc, 0x9f, 0x6c, 0xe6, 0x8f, 0xb8, 0x50, 0x30, 0x02, 0x40, - 0x61, 0x11, 0x13, 0xa5, 0x9f, 0xde, 0xbb, 0xc7, 0xf4, 0x4e, 0xf5, 0xd2, 0x9d, 0xea, 0xed, 0x30, - 0xf5, 0x50, 0xb4, 0x95, 0xa0, 0x2c, 0xce, 0x5f, 0xa6, 0x4e, 0xa6, 0x85, 0x0a, 0xba, 0xee, 0x1f, - 0x15, 0x1b, 0x53, 0x6f, 0xa3, 0x25, 0xd6, 0x83, 0x0f, 0xaa, 0x72, 0xb8, 0x17, 0xf1, 0x01, 0xa6, - 0xac, 0xbe, 0x61, 0x60, 0xa7, 0x2d, 0xac, 0xda, 0x9e, 0x38, 0x50, 0x8e, 0xd1, 0x92, 0x09, 0x56, - 0x3d, 0x3b, 0xa1, 0x99, 0xe4, 0x23, 0xac, 0x7a, 0xc8, 0x78, 0x60, 0x1b, 0x94, 0x14, 0xb7, 0x8b, - 0xef, 0xab, 0x65, 0x2b, 0x98, 0x1e, 0x27, 0xbb, 0x1f, 0x02, 0x60, 0x85, 0x4b, 0x1d, 0x8e, 0x4a, - 0x8a, 0xc3, 0x97, 0x0e, 0x38, 0x8d, 0xfb, 0x8a, 0x08, 0x86, 0x15, 0x09, 0x70, 0xb8, 0x4f, 0x58, - 0x24, 0xeb, 0x15, 0xd3, 0xa6, 0x7f, 0x1d, 0xe4, 0x82, 0x0d, 0x72, 0xfa, 0xd6, 0xac, 0x32, 0x3a, - 0x1e, 0x0c, 0xde, 0x03, 0x95, 0x44, 0xb7, 0x6e, 0xf5, 0xc3, 0x2e, 0x09, 0xdd, 0x96, 0x60, 0xc3, - 0xd4, 0x48, 0x37, 0xcb, 0x68, 0xc0, 0xbb, 0xa0, 0xac, 0xfa, 0xb2, 0xbe, 0xb6, 0xb4, 0x54, 0xa7, - 0xd5, 0xde, 0xe6, 0xac, 0x4b, 0xe3, 0x60, 0x7d, 0x3c, 0x6a, 0x96, 0x3b, 0xad, 0x36, 0xd2, 0x0a, - 0x73, 0x96, 0xe7, 0xfa, 0x7f, 0x5f, 0x9e, 0x2e, 0x05, 0xb5, 0xc2, 0x75, 0x04, 0x9f, 0x80, 0x75, - 0x9a, 0x6e, 0xad, 0xba, 0x63, 0x2a, 0xee, 0x7f, 0xe0, 0x65, 0x90, 0xaf, 0x14, 0x6b, 0x40, 0x13, - 0x41, 0xf7, 0x67, 0x70, 0x76, 0x5e, 0x6f, 0xf4, 0x9c, 0xed, 0x53, 0x16, 0xcd, 0x8e, 0xee, 0x7d, - 0xca, 0x22, 0x64, 0x3c, 0xd9, 0x27, 0x44, 0x69, 0xd1, 0x27, 0x04, 0x74, 0xc1, 0xda, 0x73, 0x42, - 0xe3, 0x9e, 0x32, 0xd3, 0xb8, 0x1a, 0x00, 0xbd, 0xfd, 0x1e, 0x1b, 0x0b, 0xb2, 0x1e, 0x97, 0xdb, - 0xa3, 0x8a, 0x76, 0x0f, 0x8b, 0xc8, 0xbc, 0x0f, 0xfa, 0xc7, 0x6e, 0xfe, 0x71, 0x92, 0xbf, 0x0f, - 0x13, 0x07, 0xca, 0x31, 0x9a, 0x10, 0x31, 0xd9, 0x1e, 0x76, 0xbb, 0xf4, 0x85, 0x4d, 0x25, 0x23, - 0xdc, 0xde, 0x6d, 0xa7, 0x0e, 0x94, 0x63, 0xdc, 0xc3, 0x0a, 0xa8, 0x66, 0xdd, 0x84, 0xf7, 0x41, - 0x4d, 0x11, 0x31, 0xa0, 0x0c, 0xeb, 0x85, 0x37, 0x73, 0x71, 0xd4, 0x3a, 0xb9, 0x4b, 0x77, 0xae, - 0xd3, 0x6a, 0x17, 0x2c, 0xa6, 0x73, 0x45, 0x36, 0xfc, 0x02, 0xd4, 0x42, 0x22, 0x14, 0xed, 0xd2, - 0x10, 0xab, 0x49, 0x61, 0xce, 0x4c, 0xc4, 0xb6, 0x73, 0x17, 0x2a, 0xe2, 0xe0, 0x25, 0x50, 0xde, - 0x27, 0x07, 0xf6, 0x96, 0xa8, 0x59, 0x78, 0xf9, 0x3e, 0x39, 0x40, 0xda, 0x0e, 0xbf, 0x06, 0x27, - 0x43, 0x5c, 0x20, 0xdb, 0x5b, 0xe2, 0x9c, 0x05, 0x9e, 0xdc, 0xbe, 0x55, 0x54, 0x9e, 0xc6, 0xc2, - 0xa7, 0xa0, 0x1e, 0x11, 0xa9, 0x6c, 0x86, 0x53, 0x50, 0x7b, 0x0f, 0x5f, 0xb6, 0x3a, 0xf5, 0xdb, - 0x0b, 0x70, 0x68, 0xa1, 0x02, 0x7c, 0xe5, 0x80, 0x4b, 0x94, 0x49, 0x12, 0x0e, 0x05, 0xb9, 0x13, - 0xc5, 0xa4, 0x50, 0x1d, 0xfb, 0x36, 0xac, 0x99, 0x18, 0xf7, 0x6c, 0x8c, 0x4b, 0x3b, 0xef, 0x02, - 0x1f, 0x8d, 0x9a, 0x57, 0xde, 0x09, 0x30, 0x15, 0x7f, 0x77, 0x40, 0xf8, 0x8b, 0x03, 0xce, 0x90, - 0x17, 0x66, 0x77, 0xf4, 0x8b, 0x87, 0x5d, 0x5f, 0x7a, 0x1f, 0xce, 0xfb, 0x5e, 0x0e, 0xce, 0x8f, - 0x47, 0xcd, 0x33, 0x77, 0x8e, 0xeb, 0xa2, 0x79, 0xc1, 0x82, 0xbb, 0xaf, 0x0f, 0x1b, 0x2b, 0x6f, - 0x0e, 0x1b, 0x2b, 0x6f, 0x0f, 0x1b, 0x2b, 0x2f, 0xc7, 0x0d, 0xe7, 0xf5, 0xb8, 0xe1, 0xbc, 0x19, - 0x37, 0x9c, 0xb7, 0xe3, 0x86, 0xf3, 0xe7, 0xb8, 0xe1, 0xbc, 0xfa, 0xab, 0xb1, 0xf2, 0xe4, 0xca, - 0x7b, 0xff, 0xe7, 0xfc, 0x13, 0x00, 0x00, 0xff, 0xff, 0x0c, 0xcd, 0xe6, 0xca, 0x0b, 0x0d, 0x00, - 0x00, + // 1420 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x58, 0xdd, 0x6e, 0x13, 0xc7, + 0x17, 0xcf, 0xc6, 0x76, 0x1c, 0x8f, 0xf9, 0x1c, 0xbe, 0x4c, 0x24, 0x6c, 0xd8, 0xbf, 0xf4, 0x17, + 0x54, 0x74, 0xdd, 0x04, 0x68, 0x41, 0x15, 0x17, 0x6c, 0x40, 0x10, 0x30, 0x21, 0x1a, 0xbb, 0xa0, + 0x22, 0x2a, 0x75, 0xb2, 0x3b, 0xb6, 0xa7, 0xb1, 0x67, 0x97, 0x99, 0x71, 0x20, 0x37, 0x15, 0x6a, + 0x5f, 0x80, 0xde, 0xf6, 0x15, 0xaa, 0xde, 0xf7, 0x11, 0xb8, 0xe4, 0x92, 0xde, 0x58, 0x8d, 0x7b, + 0xd9, 0x37, 0xc8, 0x55, 0x35, 0xb3, 0xe3, 0xdd, 0xb5, 0x63, 0x13, 0x07, 0xf5, 0xce, 0x7b, 0xce, + 0xf9, 0xfd, 0xce, 0xc7, 0x9c, 0x39, 0x67, 0x12, 0xb0, 0xdc, 0xa2, 0xb2, 0xdd, 0xdb, 0x74, 0xbc, + 0xa0, 0x5b, 0x0d, 0x42, 0xc2, 0x44, 0x9b, 0x36, 0x65, 0x15, 0x87, 0xb4, 0xca, 0x83, 0x9e, 0x24, + 0xd5, 0xed, 0xe5, 0x6a, 0x8b, 0x30, 0xc2, 0xb1, 0x24, 0xbe, 0x13, 0xf2, 0x40, 0x06, 0xf0, 0x52, + 0x02, 0x71, 0x62, 0x88, 0x83, 0x43, 0xea, 0x68, 0x88, 0xb3, 0xbd, 0xbc, 0xf4, 0x79, 0x8a, 0xb5, + 0x15, 0xb4, 0x82, 0xaa, 0x46, 0x6e, 0xf6, 0x9a, 0xfa, 0x4b, 0x7f, 0xe8, 0x5f, 0x11, 0xe3, 0x92, + 0xbd, 0x75, 0x53, 0x38, 0x34, 0xd0, 0x6e, 0xbd, 0x80, 0x4f, 0xf2, 0xba, 0x74, 0x3d, 0xb1, 0xe9, + 0x62, 0xaf, 0x4d, 0x19, 0xe1, 0x3b, 0xd5, 0x70, 0xab, 0xa5, 0x04, 0xa2, 0xda, 0x25, 0x12, 0x4f, + 0x42, 0x7d, 0x39, 0x0d, 0xc5, 0x7b, 0x4c, 0xd2, 0x2e, 0xa9, 0x0a, 0xaf, 0x4d, 0xba, 0x78, 0x1f, + 0xee, 0xda, 0x34, 0x5c, 0x4f, 0xd2, 0x4e, 0x95, 0x32, 0x29, 0x24, 0x1f, 0x07, 0xd9, 0x37, 0xc1, + 0xe9, 0x5a, 0xe0, 0xe1, 0xce, 0x93, 0xcd, 0x1f, 0x88, 0x27, 0x11, 0x69, 0x12, 0x4e, 0x98, 0x47, + 0xe0, 0x45, 0x90, 0x65, 0xb8, 0x4b, 0x4a, 0xd6, 0x45, 0xeb, 0x72, 0xc1, 0x3d, 0xf2, 0xae, 0x5f, + 0x99, 0x1b, 0xf4, 0x2b, 0xd9, 0x75, 0xdc, 0x25, 0x48, 0x6b, 0xec, 0x5f, 0xe6, 0x41, 0x0e, 0xa9, + 0xe2, 0xc1, 0xef, 0xc1, 0xa2, 0xca, 0xc5, 0xc7, 0x12, 0x6b, 0xfb, 0xe2, 0xca, 0x17, 0x4e, 0x14, + 0x8b, 0x93, 0x8e, 0xc5, 0x09, 0xb7, 0x5a, 0x4a, 0x20, 0x1c, 0x65, 0xed, 0x6c, 0x2f, 0x3b, 0x91, + 0xd3, 0xc7, 0x44, 0x62, 0x17, 0x1a, 0x0f, 0x20, 0x91, 0xa1, 0x98, 0x15, 0xae, 0x83, 0xac, 0x08, + 0x89, 0x57, 0x9a, 0xd7, 0xec, 0x57, 0x9d, 0x03, 0x4f, 0xd3, 0xd1, 0x91, 0xd5, 0x43, 0xe2, 0x25, + 0xb1, 0xab, 0x2f, 0xa4, 0x79, 0xe0, 0x53, 0xb0, 0x20, 0x24, 0x96, 0x3d, 0x51, 0xca, 0x68, 0x46, + 0x67, 0x66, 0x46, 0x8d, 0x72, 0x8f, 0x19, 0xce, 0x85, 0xe8, 0x1b, 0x19, 0x36, 0xfb, 0x57, 0x0b, + 0x1c, 0xd7, 0x76, 0x0f, 0x1a, 0x8d, 0x8d, 0x07, 0x04, 0xfb, 0x84, 0x1f, 0x5c, 0x49, 0x48, 0xc0, + 0x02, 0xf6, 0x24, 0x0d, 0x98, 0xc9, 0xef, 0xf6, 0xac, 0xd1, 0x24, 0x5e, 0xee, 0x68, 0xfc, 0x37, + 0x8c, 0x06, 0x2c, 0x09, 0x2e, 0x12, 0x22, 0x43, 0x6e, 0xff, 0x6e, 0x81, 0xa5, 0xe9, 0x30, 0x78, + 0x1b, 0x64, 0xe5, 0x4e, 0x38, 0x8c, 0xf3, 0xca, 0x30, 0xce, 0xc6, 0x4e, 0x48, 0xf6, 0xfa, 0x95, + 0xf3, 0x13, 0x91, 0x4a, 0x89, 0x34, 0x0c, 0x6e, 0x80, 0x8c, 0x20, 0xd2, 0x64, 0x70, 0x63, 0xe6, + 0x7a, 0x12, 0x99, 0x70, 0xba, 0xf9, 0x41, 0xbf, 0x92, 0xa9, 0x13, 0x89, 0x14, 0x95, 0xfd, 0xa7, + 0x05, 0xce, 0x4e, 0xf4, 0x2a, 0x54, 0xc7, 0x71, 0x22, 0xc2, 0x80, 0x09, 0x15, 0x6f, 0xe6, 0x72, + 0x71, 0x65, 0xe5, 0xf0, 0x35, 0x73, 0x4f, 0x98, 0x1c, 0x17, 0x91, 0xe1, 0x42, 0x31, 0x2b, 0xfc, + 0x0e, 0xe4, 0x39, 0x79, 0xd9, 0x23, 0x42, 0xa5, 0xf4, 0xa9, 0x0e, 0x8e, 0x1b, 0x07, 0x79, 0x14, + 0x51, 0xa1, 0x21, 0xa7, 0xfd, 0x1a, 0x9c, 0x18, 0x33, 0x16, 0xd0, 0x07, 0xf9, 0xe8, 0xa4, 0x84, + 0xb9, 0x45, 0xb7, 0x3e, 0xb5, 0x0f, 0x44, 0xe2, 0xd9, 0x08, 0xd0, 0x90, 0xda, 0xfe, 0x39, 0x03, + 0x8e, 0x68, 0xd0, 0x1a, 0x6b, 0x71, 0x22, 0x84, 0xea, 0xcf, 0x76, 0x20, 0xe4, 0x78, 0x7f, 0x3e, + 0x08, 0x84, 0x44, 0x5a, 0x03, 0x57, 0x00, 0xd0, 0xfe, 0xb8, 0xea, 0x59, 0x7d, 0xc2, 0x85, 0xe4, + 0xbe, 0xa2, 0x58, 0x83, 0x52, 0x56, 0xb0, 0x03, 0x80, 0x17, 0x30, 0x9f, 0x46, 0xf9, 0x64, 0x74, + 0x09, 0x6f, 0xce, 0x9a, 0x8f, 0x09, 0x6d, 0x75, 0x48, 0x90, 0x78, 0x8b, 0x45, 0x02, 0xa5, 0xf8, + 0x61, 0x03, 0x1c, 0x7b, 0x45, 0x3b, 0xbe, 0x87, 0xb9, 0xbf, 0x11, 0x74, 0xa8, 0xb7, 0x53, 0xca, + 0xea, 0x28, 0xaf, 0x1a, 0xdc, 0xb1, 0x67, 0x23, 0xda, 0xbd, 0x7e, 0x05, 0x8e, 0x4a, 0x74, 0x23, + 0x8f, 0x71, 0xc0, 0x6f, 0xc1, 0xb9, 0x28, 0xa3, 0x55, 0xcc, 0x02, 0x46, 0x3d, 0xdc, 0x51, 0x45, + 0xd1, 0x97, 0x39, 0xa7, 0xe9, 0x2b, 0x86, 0xfe, 0x1c, 0x9a, 0x6c, 0x86, 0xa6, 0xe1, 0xed, 0x7f, + 0xe6, 0xc1, 0x99, 0x89, 0xa9, 0xce, 0x74, 0x0d, 0xc7, 0x41, 0xa9, 0x6b, 0x58, 0x8b, 0x27, 0x5b, + 0x74, 0x4e, 0xd7, 0x47, 0x27, 0xd5, 0x5e, 0xbf, 0x32, 0x61, 0x71, 0x39, 0x31, 0xd3, 0xe8, 0x3c, + 0x83, 0xff, 0x07, 0x0b, 0x9c, 0x60, 0x11, 0x30, 0x3d, 0x27, 0x0b, 0xc9, 0x68, 0x41, 0x5a, 0x8a, + 0x8c, 0x16, 0x5e, 0x01, 0xf9, 0x2e, 0x11, 0x02, 0xb7, 0x88, 0x29, 0x7c, 0xdc, 0x7f, 0x8f, 0x23, + 0x31, 0x1a, 0xea, 0x21, 0x07, 0xb0, 0x83, 0x85, 0x6c, 0x70, 0xcc, 0x44, 0x14, 0x3c, 0x35, 0xf5, + 0x2c, 0xae, 0x7c, 0x36, 0xdb, 0xda, 0x50, 0x08, 0xf7, 0xec, 0xa0, 0x5f, 0x81, 0xb5, 0x7d, 0x4c, + 0x68, 0x02, 0xbb, 0xfd, 0x87, 0x05, 0x0a, 0xba, 0x70, 0x35, 0x2a, 0x24, 0x7c, 0xb1, 0x6f, 0x5d, + 0x39, 0xb3, 0xf9, 0x55, 0x68, 0xbd, 0xac, 0xe2, 0xc1, 0x31, 0x94, 0xa4, 0x56, 0xd5, 0x63, 0x90, + 0xa3, 0x92, 0x74, 0x85, 0x19, 0x1b, 0x97, 0x67, 0xed, 0x79, 0xf7, 0xa8, 0x21, 0xcd, 0xad, 0x29, + 0x38, 0x8a, 0x58, 0xec, 0x97, 0x26, 0xf2, 0x8d, 0x80, 0x4b, 0xe8, 0x03, 0x20, 0x31, 0x6f, 0x11, + 0xa9, 0xbe, 0x0e, 0x5c, 0xb5, 0x6a, 0xed, 0x3b, 0xd1, 0xda, 0x77, 0xd6, 0x98, 0x7c, 0xc2, 0xeb, + 0x92, 0x53, 0xd6, 0x4a, 0x2e, 0x53, 0x23, 0xe6, 0x42, 0x29, 0x5e, 0xfb, 0x16, 0x80, 0xfb, 0x67, + 0x33, 0xfc, 0x1f, 0xc8, 0x6d, 0xe3, 0x4e, 0x6f, 0xd8, 0x98, 0x71, 0xb4, 0x4f, 0x95, 0x10, 0x45, + 0x3a, 0xfb, 0xb7, 0x9c, 0x09, 0x57, 0xed, 0xda, 0x19, 0x26, 0x4b, 0x15, 0x14, 0x44, 0x6f, 0xd3, + 0x0f, 0xba, 0x98, 0xb2, 0xd2, 0xa2, 0x36, 0x3b, 0x69, 0xcc, 0x0a, 0xf5, 0xa1, 0x02, 0x25, 0x36, + 0x8a, 0x32, 0xc4, 0xb2, 0x6d, 0x9a, 0x3b, 0xa6, 0xdc, 0xc0, 0xb2, 0x8d, 0xb4, 0x06, 0xd6, 0xc1, + 0xbc, 0x0c, 0xcc, 0x5a, 0xff, 0x6a, 0xd6, 0xe2, 0x47, 0x95, 0x88, 0x5f, 0x3f, 0x2e, 0x30, 0xc4, + 0xf3, 0x8d, 0x00, 0xcd, 0xcb, 0x00, 0xbe, 0xb1, 0xc0, 0x49, 0xdc, 0x91, 0x84, 0x33, 0x2c, 0x89, + 0x8b, 0xbd, 0x2d, 0xc2, 0x7c, 0x51, 0xca, 0xea, 0x13, 0xfe, 0x64, 0x27, 0xe7, 0x8d, 0x93, 0x93, + 0x77, 0xc6, 0x99, 0xd1, 0x7e, 0x67, 0xf0, 0x21, 0xc8, 0x86, 0xea, 0xd4, 0x73, 0x87, 0x7b, 0x02, + 0xa9, 0x13, 0x75, 0x17, 0x75, 0x8d, 0xd4, 0x39, 0x6b, 0x0e, 0x78, 0x1f, 0x64, 0x64, 0x47, 0x94, + 0x16, 0x66, 0xa6, 0x6a, 0xd4, 0xea, 0xab, 0x01, 0x6b, 0xd2, 0x56, 0xb4, 0xa2, 0x1b, 0xb5, 0x3a, + 0x52, 0x0c, 0x13, 0xe6, 0x6e, 0xfe, 0x3f, 0x98, 0xbb, 0x4d, 0x50, 0x6c, 0x4b, 0x19, 0x9a, 0xbd, + 0x58, 0x2a, 0xe8, 0x30, 0xaf, 0x1d, 0x7e, 0x19, 0x0a, 0xf7, 0xf8, 0xa0, 0x5f, 0x29, 0xa6, 0x04, + 0x28, 0x4d, 0x6c, 0x53, 0x50, 0x4c, 0x3d, 0xea, 0xe0, 0x73, 0x90, 0xa7, 0xd1, 0x60, 0x35, 0x6f, + 0x8a, 0xea, 0x21, 0xf7, 0x55, 0x32, 0xf5, 0x8c, 0x00, 0x0d, 0x09, 0xed, 0x1f, 0xc1, 0xe9, 0x49, + 0x3d, 0xa0, 0xfa, 0x79, 0x8b, 0x32, 0x7f, 0xfc, 0x8a, 0x3c, 0xa2, 0xcc, 0x47, 0x5a, 0x13, 0x3f, + 0x1f, 0xe7, 0xa7, 0x3e, 0x1f, 0x6d, 0xb0, 0xf0, 0x8a, 0xd0, 0x56, 0x5b, 0xea, 0xae, 0xcf, 0xb9, + 0x40, 0x0d, 0xe8, 0x67, 0x5a, 0x82, 0x8c, 0xc6, 0x0e, 0x4c, 0xaa, 0xbc, 0xde, 0xc6, 0xdc, 0xd7, + 0xf7, 0x4e, 0xfd, 0x58, 0x4f, 0x1e, 0xa6, 0xc9, 0xbd, 0x1b, 0x2a, 0x50, 0x62, 0xa3, 0x00, 0x3e, + 0x13, 0xf5, 0x5e, 0xb3, 0x49, 0x5f, 0x9b, 0x50, 0x62, 0xc0, 0xdd, 0xf5, 0x7a, 0xa4, 0x40, 0x89, + 0x8d, 0xbd, 0x9b, 0x05, 0x85, 0xb8, 0x6b, 0xe0, 0x23, 0x50, 0x94, 0x84, 0x77, 0x29, 0xc3, 0xfa, + 0x99, 0x3b, 0xba, 0xdb, 0x8a, 0x8d, 0x44, 0xa5, 0x3a, 0xa4, 0x51, 0xab, 0xa7, 0x24, 0xba, 0x43, + 0xd2, 0x68, 0x78, 0x03, 0x14, 0x3d, 0xc2, 0x25, 0x6d, 0x52, 0x0f, 0xcb, 0x61, 0x61, 0x4e, 0x0d, + 0xc9, 0x56, 0x13, 0x15, 0x4a, 0xdb, 0xc1, 0x0b, 0x20, 0xb3, 0x45, 0x76, 0xcc, 0x22, 0x2b, 0x1a, + 0xf3, 0xcc, 0x23, 0xb2, 0x83, 0x94, 0x1c, 0x7e, 0x0d, 0x8e, 0x7a, 0x38, 0x05, 0x36, 0x8b, 0xec, + 0x8c, 0x31, 0x3c, 0xba, 0x7a, 0x27, 0xcd, 0x3c, 0x6a, 0x0b, 0x5f, 0x80, 0x92, 0x4f, 0x84, 0x34, + 0x11, 0x8e, 0x98, 0x9a, 0xa7, 0xc2, 0x45, 0xc3, 0x53, 0xba, 0x3b, 0xc5, 0x0e, 0x4d, 0x65, 0x80, + 0x6f, 0x2d, 0x70, 0x81, 0x32, 0x41, 0xbc, 0x1e, 0x27, 0xf7, 0xfc, 0x16, 0x49, 0x55, 0xc7, 0xdc, + 0xba, 0x05, 0xed, 0xe3, 0xa1, 0xf1, 0x71, 0x61, 0xed, 0x63, 0xc6, 0x7b, 0xfd, 0xca, 0xa5, 0x8f, + 0x1a, 0xe8, 0x8a, 0x7f, 0xdc, 0x21, 0xfc, 0xc9, 0x02, 0xa7, 0xc8, 0x6b, 0x3d, 0xa3, 0x3a, 0xe9, + 0x64, 0xf3, 0x33, 0xcf, 0xdd, 0x49, 0x7f, 0x75, 0xba, 0xe7, 0x06, 0xfd, 0xca, 0xa9, 0x7b, 0xfb, + 0x79, 0xd1, 0x24, 0x67, 0xee, 0xfd, 0x77, 0xbb, 0xe5, 0xb9, 0xf7, 0xbb, 0xe5, 0xb9, 0x0f, 0xbb, + 0xe5, 0xb9, 0x37, 0x83, 0xb2, 0xf5, 0x6e, 0x50, 0xb6, 0xde, 0x0f, 0xca, 0xd6, 0x87, 0x41, 0xd9, + 0xfa, 0x6b, 0x50, 0xb6, 0xde, 0xfe, 0x5d, 0x9e, 0x7b, 0x7e, 0xe9, 0xc0, 0xff, 0x16, 0xfc, 0x1b, + 0x00, 0x00, 0xff, 0xff, 0x62, 0x5d, 0xac, 0x2e, 0x51, 0x10, 0x00, 0x00, } func (m *LocalObjectReference) Marshal() (dAtA []byte, err error) { @@ -518,6 +675,168 @@ func (m *Route) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *RouteHTTPHeader) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteHTTPHeader) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteHTTPHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Action.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RouteHTTPHeaderActionUnion) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteHTTPHeaderActionUnion) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteHTTPHeaderActionUnion) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Set != nil { + { + size, err := m.Set.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RouteHTTPHeaderActions) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteHTTPHeaderActions) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteHTTPHeaderActions) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Request) > 0 { + for iNdEx := len(m.Request) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Request[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + if len(m.Response) > 0 { + for iNdEx := len(m.Response) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Response[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *RouteHTTPHeaders) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteHTTPHeaders) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteHTTPHeaders) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Actions.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *RouteIngress) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -710,7 +1029,7 @@ func (m *RoutePort) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *RouteSpec) Marshal() (dAtA []byte, err error) { +func (m *RouteSetHTTPHeader) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -720,33 +1039,73 @@ func (m *RouteSpec) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RouteSpec) MarshalTo(dAtA []byte) (int, error) { +func (m *RouteSetHTTPHeader) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RouteSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *RouteSetHTTPHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int _ = l - i -= len(m.Subdomain) - copy(dAtA[i:], m.Subdomain) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Subdomain))) - i-- - dAtA[i] = 0x42 - i -= len(m.WildcardPolicy) - copy(dAtA[i:], m.WildcardPolicy) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.WildcardPolicy))) + i -= len(m.Value) + copy(dAtA[i:], m.Value) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Value))) i-- - dAtA[i] = 0x3a - if m.TLS != nil { - { - size, err := m.TLS.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RouteSpec) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteSpec) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.HTTPHeaders != nil { + { + size, err := m.HTTPHeaders.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x4a + } + i -= len(m.Subdomain) + copy(dAtA[i:], m.Subdomain) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Subdomain))) + i-- + dAtA[i] = 0x42 + i -= len(m.WildcardPolicy) + copy(dAtA[i:], m.WildcardPolicy) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.WildcardPolicy))) + i-- + dAtA[i] = 0x3a + if m.TLS != nil { + { + size, err := m.TLS.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size i = encodeVarintGenerated(dAtA, i, uint64(size)) } i-- @@ -1011,6 +1370,66 @@ func (m *Route) Size() (n int) { return n } +func (m *RouteHTTPHeader) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + l = m.Action.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *RouteHTTPHeaderActionUnion) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Type) + n += 1 + l + sovGenerated(uint64(l)) + if m.Set != nil { + l = m.Set.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *RouteHTTPHeaderActions) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Response) > 0 { + for _, e := range m.Response { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.Request) > 0 { + for _, e := range m.Request { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *RouteHTTPHeaders) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Actions.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *RouteIngress) Size() (n int) { if m == nil { return 0 @@ -1083,6 +1502,17 @@ func (m *RoutePort) Size() (n int) { return n } +func (m *RouteSetHTTPHeader) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Value) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *RouteSpec) Size() (n int) { if m == nil { return 0 @@ -1113,6 +1543,10 @@ func (m *RouteSpec) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.Subdomain) n += 1 + l + sovGenerated(uint64(l)) + if m.HTTPHeaders != nil { + l = m.HTTPHeaders.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -1213,6 +1647,59 @@ func (this *Route) String() string { }, "") return s } +func (this *RouteHTTPHeader) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&RouteHTTPHeader{`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `Action:` + strings.Replace(strings.Replace(this.Action.String(), "RouteHTTPHeaderActionUnion", "RouteHTTPHeaderActionUnion", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *RouteHTTPHeaderActionUnion) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&RouteHTTPHeaderActionUnion{`, + `Type:` + fmt.Sprintf("%v", this.Type) + `,`, + `Set:` + strings.Replace(this.Set.String(), "RouteSetHTTPHeader", "RouteSetHTTPHeader", 1) + `,`, + `}`, + }, "") + return s +} +func (this *RouteHTTPHeaderActions) String() string { + if this == nil { + return "nil" + } + repeatedStringForResponse := "[]RouteHTTPHeader{" + for _, f := range this.Response { + repeatedStringForResponse += strings.Replace(strings.Replace(f.String(), "RouteHTTPHeader", "RouteHTTPHeader", 1), `&`, ``, 1) + "," + } + repeatedStringForResponse += "}" + repeatedStringForRequest := "[]RouteHTTPHeader{" + for _, f := range this.Request { + repeatedStringForRequest += strings.Replace(strings.Replace(f.String(), "RouteHTTPHeader", "RouteHTTPHeader", 1), `&`, ``, 1) + "," + } + repeatedStringForRequest += "}" + s := strings.Join([]string{`&RouteHTTPHeaderActions{`, + `Response:` + repeatedStringForResponse + `,`, + `Request:` + repeatedStringForRequest + `,`, + `}`, + }, "") + return s +} +func (this *RouteHTTPHeaders) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&RouteHTTPHeaders{`, + `Actions:` + strings.Replace(strings.Replace(this.Actions.String(), "RouteHTTPHeaderActions", "RouteHTTPHeaderActions", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} func (this *RouteIngress) String() string { if this == nil { return "nil" @@ -1272,6 +1759,16 @@ func (this *RoutePort) String() string { }, "") return s } +func (this *RouteSetHTTPHeader) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&RouteSetHTTPHeader{`, + `Value:` + fmt.Sprintf("%v", this.Value) + `,`, + `}`, + }, "") + return s +} func (this *RouteSpec) String() string { if this == nil { return "nil" @@ -1290,6 +1787,7 @@ func (this *RouteSpec) String() string { `TLS:` + strings.Replace(this.TLS.String(), "TLSConfig", "TLSConfig", 1) + `,`, `WildcardPolicy:` + fmt.Sprintf("%v", this.WildcardPolicy) + `,`, `Subdomain:` + fmt.Sprintf("%v", this.Subdomain) + `,`, + `HTTPHeaders:` + strings.Replace(this.HTTPHeaders.String(), "RouteHTTPHeaders", "RouteHTTPHeaders", 1) + `,`, `}`, }, "") return s @@ -1336,27 +1834,373 @@ func (this *TLSConfig) String() string { if this == nil { return "nil" } - s := strings.Join([]string{`&TLSConfig{`, - `Termination:` + fmt.Sprintf("%v", this.Termination) + `,`, - `Certificate:` + fmt.Sprintf("%v", this.Certificate) + `,`, - `Key:` + fmt.Sprintf("%v", this.Key) + `,`, - `CACertificate:` + fmt.Sprintf("%v", this.CACertificate) + `,`, - `DestinationCACertificate:` + fmt.Sprintf("%v", this.DestinationCACertificate) + `,`, - `InsecureEdgeTerminationPolicy:` + fmt.Sprintf("%v", this.InsecureEdgeTerminationPolicy) + `,`, - `ExternalCertificate:` + strings.Replace(this.ExternalCertificate.String(), "LocalObjectReference", "LocalObjectReference", 1) + `,`, - `}`, - }, "") - return s -} -func valueToStringGenerated(v interface{}) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" + s := strings.Join([]string{`&TLSConfig{`, + `Termination:` + fmt.Sprintf("%v", this.Termination) + `,`, + `Certificate:` + fmt.Sprintf("%v", this.Certificate) + `,`, + `Key:` + fmt.Sprintf("%v", this.Key) + `,`, + `CACertificate:` + fmt.Sprintf("%v", this.CACertificate) + `,`, + `DestinationCACertificate:` + fmt.Sprintf("%v", this.DestinationCACertificate) + `,`, + `InsecureEdgeTerminationPolicy:` + fmt.Sprintf("%v", this.InsecureEdgeTerminationPolicy) + `,`, + `ExternalCertificate:` + strings.Replace(this.ExternalCertificate.String(), "LocalObjectReference", "LocalObjectReference", 1) + `,`, + `}`, + }, "") + return s +} +func valueToStringGenerated(v interface{}) string { + rv := reflect.ValueOf(v) + if rv.IsNil() { + return "nil" + } + pv := reflect.Indirect(rv).Interface() + return fmt.Sprintf("*%v", pv) +} +func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: LocalObjectReference: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: LocalObjectReference: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Route) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Route: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Route: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RouteHTTPHeader) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteHTTPHeader: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteHTTPHeader: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Action.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("*%v", pv) + return nil } -func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { +func (m *RouteHTTPHeaderActionUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -1379,15 +2223,15 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: LocalObjectReference: wiretype end group for non-group") + return fmt.Errorf("proto: RouteHTTPHeaderActionUnion: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: LocalObjectReference: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RouteHTTPHeaderActionUnion: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -1415,7 +2259,43 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.Type = RouteHTTPHeaderActionType(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Set", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Set == nil { + m.Set = &RouteSetHTTPHeader{} + } + if err := m.Set.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -1438,7 +2318,7 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { } return nil } -func (m *Route) Unmarshal(dAtA []byte) error { +func (m *RouteHTTPHeaderActions) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -1461,15 +2341,15 @@ func (m *Route) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Route: wiretype end group for non-group") + return fmt.Errorf("proto: RouteHTTPHeaderActions: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Route: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RouteHTTPHeaderActions: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Response", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -1496,13 +2376,14 @@ func (m *Route) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Response = append(m.Response, RouteHTTPHeader{}) + if err := m.Response[len(m.Response)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Request", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -1529,13 +2410,64 @@ func (m *Route) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Request = append(m.Request, RouteHTTPHeader{}) + if err := m.Request[len(m.Request)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 3: + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RouteHTTPHeaders) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteHTTPHeaders: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteHTTPHeaders: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Actions", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -1562,7 +2494,7 @@ func (m *Route) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Actions.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -2213,6 +3145,88 @@ func (m *RoutePort) Unmarshal(dAtA []byte) error { } return nil } +func (m *RouteSetHTTPHeader) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteSetHTTPHeader: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteSetHTTPHeader: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Value = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *RouteSpec) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -2509,6 +3523,42 @@ func (m *RouteSpec) Unmarshal(dAtA []byte) error { } m.Subdomain = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field HTTPHeaders", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.HTTPHeaders == nil { + m.HTTPHeaders = &RouteHTTPHeaders{} + } + if err := m.HTTPHeaders.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index 93d78bf19e4..d31fa5222e7 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -57,6 +57,7 @@ message Route { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec is the desired state of the route + // +kubebuilder:validation:XValidation:rule="!has(self.tls) || self.tls.termination != 'passthrough' || !has(self.httpHeaders)",message="header actions are not permitted when tls termination is passthrough." optional RouteSpec spec = 2; // status is the current state of the route @@ -64,6 +65,131 @@ message Route { optional RouteStatus status = 3; } +// RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. +message RouteHTTPHeader { + // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions" + optional string name = 1; + + // action specifies actions to perform on headers, such as setting or deleting headers. + // +kubebuilder:validation:Required + optional RouteHTTPHeaderActionUnion action = 2; +} + +// RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise" +// +union +message RouteHTTPHeaderActionUnion { + // type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + // +unionDiscriminator + // +kubebuilder:validation:Enum:=Set;Delete + // +kubebuilder:validation:Required + optional string type = 1; + + // set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. + // This field is required when type is Set and forbidden otherwise. + // +optional + // +unionMember + optional RouteSetHTTPHeader set = 2; +} + +// RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +message RouteHTTPHeaderActions { + // response is a list of HTTP response headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the response headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Route actions will be executed before IngressController actions for response headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // You can use this field to specify HTTP response headers that should be set or deleted + // when forwarding responses from your application to the client. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Note: This field cannot be used if your route uses TLS passthrough. + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + repeated RouteHTTPHeader response = 1; + + // request is a list of HTTP request headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the request headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Route actions will be executed after IngressController actions for request headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // You can use this field to specify HTTP request headers that should be set or deleted + // when forwarding connections from the client to your application. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Any request header configuration applied directly via a Route resource using this API + // will override header configuration for a header of the same name applied via + // spec.httpHeaders.actions on the IngressController or route annotation. + // Note: This field cannot be used if your route uses TLS passthrough. + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + repeated RouteHTTPHeader request = 2; +} + +// RouteHTTPHeaders defines policy for HTTP headers. +message RouteHTTPHeaders { + // actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. + // `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" + // route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // The headers set via this API will not appear in access logs. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + // +optional + optional RouteHTTPHeaderActions actions = 1; +} + // RouteIngress holds information about the places where a route is exposed. message RouteIngress { // Host is the host string under which the route is exposed; this value is required @@ -126,6 +252,25 @@ message RoutePort { optional k8s.io.apimachinery.pkg.util.intstr.IntOrString targetPort = 1; } +// RouteSetHTTPHeader specifies what value needs to be set on an HTTP header. +message RouteSetHTTPHeader { + // value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + // + --- + // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit. + // + See . + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16384 + optional string value = 1; +} + // RouteSpec describes the hostname or path the route exposes, any security information, // and one to four backends (services) the route points to. Requests are distributed // among the backends depending on the weights assigned to each backend. When using @@ -202,6 +347,11 @@ message RouteSpec { // +kubebuilder:validation:Enum=None;Subdomain;"" // +kubebuilder:default=None optional string wildcardPolicy = 7; + + // httpHeaders defines policy for HTTP headers. + // + // +optional + optional RouteHTTPHeaders httpHeaders = 9; } // RouteStatus provides relevant info about the status of a route, including which routers @@ -262,6 +412,7 @@ message TLSConfig { // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend // + // Note: passthrough termination is incompatible with httpHeader actions // +kubebuilder:validation:Enum=edge;reencrypt;passthrough optional string termination = 1; diff --git a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml index 360d60053b8..13461f66694 100644 --- a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml @@ -82,6 +82,130 @@ spec: type: string maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + httpHeaders: + description: httpHeaders defines policy for HTTP headers. + type: object + properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + type: object + properties: + request: + description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.' + type: array + maxItems: 20 + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + type: object + required: + - action + - name + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + type: object + required: + - type + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + type: object + required: + - value + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + type: string + maxLength: 16384 + minLength: 1 + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + type: string + enum: + - Set + - Delete + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + message: set is required when type is Set, and forbidden otherwise + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + type: string + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + x-kubernetes-validations: + - rule: self.lowerAscii() != 'strict-transport-security' + message: strict-transport-security header may not be modified via header actions + - rule: self.lowerAscii() != 'proxy' + message: proxy header may not be modified via header actions + - rule: self.lowerAscii() != 'cookie' + message: cookie header may not be modified via header actions + - rule: self.lowerAscii() != 'set-cookie' + message: set-cookie header may not be modified via header actions + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + response: + description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.' + type: array + maxItems: 20 + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + type: object + required: + - action + - name + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + type: object + required: + - type + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + type: object + required: + - value + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + type: string + maxLength: 16384 + minLength: 1 + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + type: string + enum: + - Set + - Delete + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + message: set is required when type is Set, and forbidden otherwise + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + type: string + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + x-kubernetes-validations: + - rule: self.lowerAscii() != 'strict-transport-security' + message: strict-transport-security header may not be modified via header actions + - rule: self.lowerAscii() != 'proxy' + message: proxy header may not be modified via header actions + - rule: self.lowerAscii() != 'cookie' + message: cookie header may not be modified via header actions + - rule: self.lowerAscii() != 'set-cookie' + message: set-cookie header may not be modified via header actions + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. path: description: path that the router watches for, to route traffic for to the service. Optional type: string @@ -138,7 +262,7 @@ spec: description: key provides key file contents type: string termination: - description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend" + description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions" type: string enum: - edge @@ -182,6 +306,9 @@ spec: - None - Subdomain - "" + x-kubernetes-validations: + - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)' + message: header actions are not permitted when tls termination is passthrough. status: description: status is the current state of the route type: object diff --git a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml index fd6678f44d7..87b617cac11 100644 --- a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml @@ -82,6 +82,130 @@ spec: type: string maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + httpHeaders: + description: httpHeaders defines policy for HTTP headers. + type: object + properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + type: object + properties: + request: + description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.' + type: array + maxItems: 20 + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + type: object + required: + - action + - name + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + type: object + required: + - type + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + type: object + required: + - value + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + type: string + maxLength: 16384 + minLength: 1 + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + type: string + enum: + - Set + - Delete + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + message: set is required when type is Set, and forbidden otherwise + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + type: string + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + x-kubernetes-validations: + - rule: self.lowerAscii() != 'strict-transport-security' + message: strict-transport-security header may not be modified via header actions + - rule: self.lowerAscii() != 'proxy' + message: proxy header may not be modified via header actions + - rule: self.lowerAscii() != 'cookie' + message: cookie header may not be modified via header actions + - rule: self.lowerAscii() != 'set-cookie' + message: set-cookie header may not be modified via header actions + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + response: + description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.' + type: array + maxItems: 20 + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + type: object + required: + - action + - name + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + type: object + required: + - type + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + type: object + required: + - value + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + type: string + maxLength: 16384 + minLength: 1 + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + type: string + enum: + - Set + - Delete + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + message: set is required when type is Set, and forbidden otherwise + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + type: string + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + x-kubernetes-validations: + - rule: self.lowerAscii() != 'strict-transport-security' + message: strict-transport-security header may not be modified via header actions + - rule: self.lowerAscii() != 'proxy' + message: proxy header may not be modified via header actions + - rule: self.lowerAscii() != 'cookie' + message: cookie header may not be modified via header actions + - rule: self.lowerAscii() != 'set-cookie' + message: set-cookie header may not be modified via header actions + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. path: description: path that the router watches for, to route traffic for to the service. Optional type: string @@ -138,7 +262,7 @@ spec: description: key provides key file contents type: string termination: - description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend" + description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions" type: string enum: - edge @@ -182,6 +306,9 @@ spec: - None - Subdomain - "" + x-kubernetes-validations: + - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)' + message: header actions are not permitted when tls termination is passthrough. status: description: status is the current state of the route type: object diff --git a/vendor/github.com/openshift/api/route/v1/route.crd.yaml b/vendor/github.com/openshift/api/route/v1/route.crd.yaml index d4a7dfcf832..cda46fc33f9 100644 --- a/vendor/github.com/openshift/api/route/v1/route.crd.yaml +++ b/vendor/github.com/openshift/api/route/v1/route.crd.yaml @@ -101,6 +101,130 @@ spec: maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string + httpHeaders: + description: httpHeaders defines policy for HTTP headers. + properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + properties: + request: + description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.' + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.' + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object + type: object path: description: path that the router watches for, to route traffic for to the service. Optional pattern: ^/ @@ -174,7 +298,7 @@ spec: description: key provides key file contents type: string termination: - description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend" + description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions" enum: - edge - reencrypt @@ -222,6 +346,9 @@ spec: required: - to type: object + x-kubernetes-validations: + - message: header actions are not permitted when tls termination is passthrough. + rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)' status: description: status is the current state of the route properties: diff --git a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml index 0031afdb5b3..d1e47667353 100644 --- a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml +++ b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml @@ -82,3 +82,594 @@ tests: termination: passthrough insecureEdgeTerminationPolicy: None wildcardPolicy: None + - name: Should be able to create a Route with valid actions + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-actions + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + expected: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-actions + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + weight: 100 + wildcardPolicy: None + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + - name: "Should not allow response header actions if tls termination is set to passthrough" + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-passthrough + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: passthrough + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-XSS-Protection + action: + type: Delete + expectedError: "header actions are not permitted when tls termination is passthrough." + - name: "Should not allow request header actions if tls termination is set to passthrough" + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-passthrough + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: passthrough + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + expectedError: "header actions are not permitted when tls termination is passthrough." + - name: Should not allow to set/delete HSTS header. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-hsts + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: Strict-Transport-Security + action: + type: Delete + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "strict-transport-security header may not be modified via header actions" + - name: Should not allow to set proxy request header. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: hello-openshift-edge-proxy + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: Proxy + action: + type: Set + set: + value: example.xyz + expectedError: "proxy header may not be modified via header actions" + - name: Should not allow to set cookie header. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: hello-openshift-edge-proxy + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: Cookie + action: + type: Set + set: + value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" + expectedError: "cookie header may not be modified via header actions" + - name: Should not allow to set set-cookie header. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: hello-openshift-edge-proxy + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: Set-Cookie + action: + type: Set + set: + value: "sessionId=e8bb43229de9; Domain=foo.example.com" + expectedError: "set-cookie header may not be modified via header actions" + - name: Should not allow to set/delete dynamic headers with unclosed braces. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-unclosed-braces + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + - name: expires + action: + type: Set + set: + value: "%[req.hdr(host),lower" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response header values with not allowed sample fetchers. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Target + action: + type: Set + set: + value: "%{+Q}[ssl_c_der1,base64]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set/delete dynamic response header values with not allowed converters. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Target + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,bogus]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set/delete dynamic request header values with not allowed converters. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,bogus]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed sample fetchers. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der1122,base64]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow empty value in request + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: + expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow empty value in response + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: + expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should be required to specify the set field when the discriminant type is Set. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-actions + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + expectedError: "set is required when type is Set, and forbidden otherwise" + - name: Should be required to specify the set field when the discriminant type is Set. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-actions + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + set: + value: DENY + expectedError: 'Route.route.openshift.io "hello-openshift-actions" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index fb356bdd657..2de728bc00f 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -47,6 +47,7 @@ type Route struct { metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // spec is the desired state of the route + // +kubebuilder:validation:XValidation:rule="!has(self.tls) || self.tls.termination != 'passthrough' || !has(self.httpHeaders)",message="header actions are not permitted when tls termination is passthrough." Spec RouteSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // status is the current state of the route // +optional @@ -145,8 +146,166 @@ type RouteSpec struct { // +kubebuilder:validation:Enum=None;Subdomain;"" // +kubebuilder:default=None WildcardPolicy WildcardPolicyType `json:"wildcardPolicy,omitempty" protobuf:"bytes,7,opt,name=wildcardPolicy"` + + // httpHeaders defines policy for HTTP headers. + // + // +optional + HTTPHeaders *RouteHTTPHeaders `json:"httpHeaders,omitempty" protobuf:"bytes,9,opt,name=httpHeaders"` +} + +// RouteHTTPHeaders defines policy for HTTP headers. +type RouteHTTPHeaders struct { + // actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. + // `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" + // route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // The headers set via this API will not appear in access logs. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + // +optional + Actions RouteHTTPHeaderActions `json:"actions,omitempty" protobuf:"bytes,1,opt,name=actions"` } +// RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +type RouteHTTPHeaderActions struct { + // response is a list of HTTP response headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the response headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Route actions will be executed before IngressController actions for response headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // You can use this field to specify HTTP response headers that should be set or deleted + // when forwarding responses from your application to the client. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Note: This field cannot be used if your route uses TLS passthrough. + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + Response []RouteHTTPHeader `json:"response" protobuf:"bytes,1,rep,name=response"` + // request is a list of HTTP request headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the request headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Route actions will be executed after IngressController actions for request headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // You can use this field to specify HTTP request headers that should be set or deleted + // when forwarding connections from the client to your application. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Any request header configuration applied directly via a Route resource using this API + // will override header configuration for a header of the same name applied via + // spec.httpHeaders.actions on the IngressController or route annotation. + // Note: This field cannot be used if your route uses TLS passthrough. + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + Request []RouteHTTPHeader `json:"request" protobuf:"bytes,2,rep,name=request"` +} + +// RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. +type RouteHTTPHeader struct { + // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions" + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + + // action specifies actions to perform on headers, such as setting or deleting headers. + // +kubebuilder:validation:Required + Action RouteHTTPHeaderActionUnion `json:"action" protobuf:"bytes,2,opt,name=action"` +} + +// RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise" +// +union +type RouteHTTPHeaderActionUnion struct { + // type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + // +unionDiscriminator + // +kubebuilder:validation:Enum:=Set;Delete + // +kubebuilder:validation:Required + Type RouteHTTPHeaderActionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RouteHTTPHeaderActionType"` + + // set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. + // This field is required when type is Set and forbidden otherwise. + // +optional + // +unionMember + Set *RouteSetHTTPHeader `json:"set,omitempty" protobuf:"bytes,2,opt,name=set"` +} + +// RouteSetHTTPHeader specifies what value needs to be set on an HTTP header. +type RouteSetHTTPHeader struct { + // value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + // + --- + // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit. + // + See . + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16384 + Value string `json:"value" protobuf:"bytes,1,opt,name=value"` +} + +// RouteHTTPHeaderActionType defines actions that can be performed on HTTP headers. +type RouteHTTPHeaderActionType string + +const ( + // Set specifies that an HTTP header should be set. + Set RouteHTTPHeaderActionType = "Set" + // Delete specifies that an HTTP header should be deleted. + Delete RouteHTTPHeaderActionType = "Delete" +) + // RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' // kind is allowed. Use 'weight' field to emphasize one over others. type RouteTargetReference struct { @@ -256,6 +415,7 @@ type TLSConfig struct { // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend // + // Note: passthrough termination is incompatible with httpHeader actions // +kubebuilder:validation:Enum=edge;reencrypt;passthrough Termination TLSTerminationType `json:"termination" protobuf:"bytes,1,opt,name=termination,casttype=TLSTerminationType"` diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go index 113c2f07082..23a2edd423f 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go @@ -53,6 +53,91 @@ func (in *Route) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeader) DeepCopyInto(out *RouteHTTPHeader) { + *out = *in + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeader. +func (in *RouteHTTPHeader) DeepCopy() *RouteHTTPHeader { + if in == nil { + return nil + } + out := new(RouteHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaderActionUnion) DeepCopyInto(out *RouteHTTPHeaderActionUnion) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = new(RouteSetHTTPHeader) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaderActionUnion. +func (in *RouteHTTPHeaderActionUnion) DeepCopy() *RouteHTTPHeaderActionUnion { + if in == nil { + return nil + } + out := new(RouteHTTPHeaderActionUnion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaderActions) DeepCopyInto(out *RouteHTTPHeaderActions) { + *out = *in + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]RouteHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]RouteHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaderActions. +func (in *RouteHTTPHeaderActions) DeepCopy() *RouteHTTPHeaderActions { + if in == nil { + return nil + } + out := new(RouteHTTPHeaderActions) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaders) DeepCopyInto(out *RouteHTTPHeaders) { + *out = *in + in.Actions.DeepCopyInto(&out.Actions) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaders. +func (in *RouteHTTPHeaders) DeepCopy() *RouteHTTPHeaders { + if in == nil { + return nil + } + out := new(RouteHTTPHeaders) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteIngress) DeepCopyInto(out *RouteIngress) { *out = *in @@ -146,6 +231,22 @@ func (in *RoutePort) DeepCopy() *RoutePort { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteSetHTTPHeader) DeepCopyInto(out *RouteSetHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteSetHTTPHeader. +func (in *RouteSetHTTPHeader) DeepCopy() *RouteSetHTTPHeader { + if in == nil { + return nil + } + out := new(RouteSetHTTPHeader) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteSpec) DeepCopyInto(out *RouteSpec) { *out = *in @@ -167,6 +268,11 @@ func (in *RouteSpec) DeepCopyInto(out *RouteSpec) { *out = new(TLSConfig) (*in).DeepCopyInto(*out) } + if in.HTTPHeaders != nil { + in, out := &in.HTTPHeaders, &out.HTTPHeaders + *out = new(RouteHTTPHeaders) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go index 621b5d69bc8..8d495871771 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go @@ -31,6 +31,45 @@ func (Route) SwaggerDoc() map[string]string { return map_Route } +var map_RouteHTTPHeader = map[string]string{ + "": "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "name": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "action": "action specifies actions to perform on headers, such as setting or deleting headers.", +} + +func (RouteHTTPHeader) SwaggerDoc() map[string]string { + return map_RouteHTTPHeader +} + +var map_RouteHTTPHeaderActionUnion = map[string]string{ + "": "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "type": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "set": "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise.", +} + +func (RouteHTTPHeaderActionUnion) SwaggerDoc() map[string]string { + return map_RouteHTTPHeaderActionUnion +} + +var map_RouteHTTPHeaderActions = map[string]string{ + "": "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "response": "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough. ", + "request": "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough. ", +} + +func (RouteHTTPHeaderActions) SwaggerDoc() map[string]string { + return map_RouteHTTPHeaderActions +} + +var map_RouteHTTPHeaders = map[string]string{ + "": "RouteHTTPHeaders defines policy for HTTP headers.", + "actions": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", +} + +func (RouteHTTPHeaders) SwaggerDoc() map[string]string { + return map_RouteHTTPHeaders +} + var map_RouteIngress = map[string]string{ "": "RouteIngress holds information about the places where a route is exposed.", "host": "Host is the host string under which the route is exposed; this value is required", @@ -76,6 +115,15 @@ func (RoutePort) SwaggerDoc() map[string]string { return map_RoutePort } +var map_RouteSetHTTPHeader = map[string]string{ + "": "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.", + "value": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. ", +} + +func (RouteSetHTTPHeader) SwaggerDoc() map[string]string { + return map_RouteSetHTTPHeader +} + var map_RouteSpec = map[string]string{ "": "RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.", "host": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", @@ -86,6 +134,7 @@ var map_RouteSpec = map[string]string{ "port": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.", "tls": "The tls field provides the ability to configure certificates and termination for the route.", "wildcardPolicy": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", + "httpHeaders": "httpHeaders defines policy for HTTP headers.", } func (RouteSpec) SwaggerDoc() map[string]string { @@ -124,7 +173,7 @@ func (RouterShard) SwaggerDoc() map[string]string { var map_TLSConfig = map[string]string{ "": "TLSConfig defines config used to secure a route and provide termination", - "termination": "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend", + "termination": "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", "certificate": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", "key": "key provides key file contents", "caCertificate": "caCertificate provides the cert authority certificate contents", diff --git a/vendor/github.com/openshift/api/samples/v1/0000_10_samplesconfig.crd.yaml b/vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/samples/v1/0000_10_samplesconfig.crd.yaml rename to vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml diff --git a/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml b/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml index 34026a86aee..dbb8e14a480 100644 --- a/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml +++ b/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] Config" -crd: 0000_10_samplesconfig.crd.yaml +crd: 00_samplesconfig.crd.yaml tests: onCreate: - name: Should be able to create a minimal Config diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go new file mode 100644 index 00000000000..4f7ce43d14e --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// AWSDNSSpecApplyConfiguration represents an declarative configuration of the AWSDNSSpec type for use +// with apply. +type AWSDNSSpecApplyConfiguration struct { + PrivateZoneIAMRole *string `json:"privateZoneIAMRole,omitempty"` +} + +// AWSDNSSpecApplyConfiguration constructs an declarative configuration of the AWSDNSSpec type for use with +// apply. +func AWSDNSSpec() *AWSDNSSpecApplyConfiguration { + return &AWSDNSSpecApplyConfiguration{} +} + +// WithPrivateZoneIAMRole sets the PrivateZoneIAMRole field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrivateZoneIAMRole field is set to the value of the last call. +func (b *AWSDNSSpecApplyConfiguration) WithPrivateZoneIAMRole(value string) *AWSDNSSpecApplyConfiguration { + b.PrivateZoneIAMRole = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go new file mode 100644 index 00000000000..2d7a55a7834 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go @@ -0,0 +1,27 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/openshift/api/config/v1" +) + +// CloudControllerManagerStatusApplyConfiguration represents an declarative configuration of the CloudControllerManagerStatus type for use +// with apply. +type CloudControllerManagerStatusApplyConfiguration struct { + State *v1.CloudControllerManagerState `json:"state,omitempty"` +} + +// CloudControllerManagerStatusApplyConfiguration constructs an declarative configuration of the CloudControllerManagerStatus type for use with +// apply. +func CloudControllerManagerStatus() *CloudControllerManagerStatusApplyConfiguration { + return &CloudControllerManagerStatusApplyConfiguration{} +} + +// WithState sets the State field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the State field is set to the value of the last call. +func (b *CloudControllerManagerStatusApplyConfiguration) WithState(value v1.CloudControllerManagerState) *CloudControllerManagerStatusApplyConfiguration { + b.State = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go new file mode 100644 index 00000000000..8f43c8c5f83 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go @@ -0,0 +1,36 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/openshift/api/config/v1" +) + +// DNSPlatformSpecApplyConfiguration represents an declarative configuration of the DNSPlatformSpec type for use +// with apply. +type DNSPlatformSpecApplyConfiguration struct { + Type *v1.PlatformType `json:"type,omitempty"` + AWS *AWSDNSSpecApplyConfiguration `json:"aws,omitempty"` +} + +// DNSPlatformSpecApplyConfiguration constructs an declarative configuration of the DNSPlatformSpec type for use with +// apply. +func DNSPlatformSpec() *DNSPlatformSpecApplyConfiguration { + return &DNSPlatformSpecApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *DNSPlatformSpecApplyConfiguration) WithType(value v1.PlatformType) *DNSPlatformSpecApplyConfiguration { + b.Type = &value + return b +} + +// WithAWS sets the AWS field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AWS field is set to the value of the last call. +func (b *DNSPlatformSpecApplyConfiguration) WithAWS(value *AWSDNSSpecApplyConfiguration) *DNSPlatformSpecApplyConfiguration { + b.AWS = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go index cfa268744b6..b534ef9435e 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go @@ -5,9 +5,10 @@ package v1 // DNSSpecApplyConfiguration represents an declarative configuration of the DNSSpec type for use // with apply. type DNSSpecApplyConfiguration struct { - BaseDomain *string `json:"baseDomain,omitempty"` - PublicZone *DNSZoneApplyConfiguration `json:"publicZone,omitempty"` - PrivateZone *DNSZoneApplyConfiguration `json:"privateZone,omitempty"` + BaseDomain *string `json:"baseDomain,omitempty"` + PublicZone *DNSZoneApplyConfiguration `json:"publicZone,omitempty"` + PrivateZone *DNSZoneApplyConfiguration `json:"privateZone,omitempty"` + Platform *DNSPlatformSpecApplyConfiguration `json:"platform,omitempty"` } // DNSSpecApplyConfiguration constructs an declarative configuration of the DNSSpec type for use with @@ -39,3 +40,11 @@ func (b *DNSSpecApplyConfiguration) WithPrivateZone(value *DNSZoneApplyConfigura b.PrivateZone = value return b } + +// WithPlatform sets the Platform field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Platform field is set to the value of the last call. +func (b *DNSSpecApplyConfiguration) WithPlatform(value *DNSPlatformSpecApplyConfiguration) *DNSSpecApplyConfiguration { + b.Platform = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go new file mode 100644 index 00000000000..12e246227ad --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ExternalPlatformStatusApplyConfiguration represents an declarative configuration of the ExternalPlatformStatus type for use +// with apply. +type ExternalPlatformStatusApplyConfiguration struct { + CloudControllerManager *CloudControllerManagerStatusApplyConfiguration `json:"cloudControllerManager,omitempty"` +} + +// ExternalPlatformStatusApplyConfiguration constructs an declarative configuration of the ExternalPlatformStatus type for use with +// apply. +func ExternalPlatformStatus() *ExternalPlatformStatusApplyConfiguration { + return &ExternalPlatformStatusApplyConfiguration{} +} + +// WithCloudControllerManager sets the CloudControllerManager field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CloudControllerManager field is set to the value of the last call. +func (b *ExternalPlatformStatusApplyConfiguration) WithCloudControllerManager(value *CloudControllerManagerStatusApplyConfiguration) *ExternalPlatformStatusApplyConfiguration { + b.CloudControllerManager = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go index fdc2af9f343..c37c88b8d9a 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go @@ -5,8 +5,10 @@ package v1 // GCPPlatformStatusApplyConfiguration represents an declarative configuration of the GCPPlatformStatus type for use // with apply. type GCPPlatformStatusApplyConfiguration struct { - ProjectID *string `json:"projectID,omitempty"` - Region *string `json:"region,omitempty"` + ProjectID *string `json:"projectID,omitempty"` + Region *string `json:"region,omitempty"` + ResourceLabels []GCPResourceLabelApplyConfiguration `json:"resourceLabels,omitempty"` + ResourceTags []GCPResourceTagApplyConfiguration `json:"resourceTags,omitempty"` } // GCPPlatformStatusApplyConfiguration constructs an declarative configuration of the GCPPlatformStatus type for use with @@ -30,3 +32,29 @@ func (b *GCPPlatformStatusApplyConfiguration) WithRegion(value string) *GCPPlatf b.Region = &value return b } + +// WithResourceLabels adds the given value to the ResourceLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ResourceLabels field. +func (b *GCPPlatformStatusApplyConfiguration) WithResourceLabels(values ...*GCPResourceLabelApplyConfiguration) *GCPPlatformStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResourceLabels") + } + b.ResourceLabels = append(b.ResourceLabels, *values[i]) + } + return b +} + +// WithResourceTags adds the given value to the ResourceTags field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ResourceTags field. +func (b *GCPPlatformStatusApplyConfiguration) WithResourceTags(values ...*GCPResourceTagApplyConfiguration) *GCPPlatformStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResourceTags") + } + b.ResourceTags = append(b.ResourceTags, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go new file mode 100644 index 00000000000..685b14fe13a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// GCPResourceLabelApplyConfiguration represents an declarative configuration of the GCPResourceLabel type for use +// with apply. +type GCPResourceLabelApplyConfiguration struct { + Key *string `json:"key,omitempty"` + Value *string `json:"value,omitempty"` +} + +// GCPResourceLabelApplyConfiguration constructs an declarative configuration of the GCPResourceLabel type for use with +// apply. +func GCPResourceLabel() *GCPResourceLabelApplyConfiguration { + return &GCPResourceLabelApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *GCPResourceLabelApplyConfiguration) WithKey(value string) *GCPResourceLabelApplyConfiguration { + b.Key = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *GCPResourceLabelApplyConfiguration) WithValue(value string) *GCPResourceLabelApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go new file mode 100644 index 00000000000..9611b285349 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go @@ -0,0 +1,41 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// GCPResourceTagApplyConfiguration represents an declarative configuration of the GCPResourceTag type for use +// with apply. +type GCPResourceTagApplyConfiguration struct { + ParentID *string `json:"parentID,omitempty"` + Key *string `json:"key,omitempty"` + Value *string `json:"value,omitempty"` +} + +// GCPResourceTagApplyConfiguration constructs an declarative configuration of the GCPResourceTag type for use with +// apply. +func GCPResourceTag() *GCPResourceTagApplyConfiguration { + return &GCPResourceTagApplyConfiguration{} +} + +// WithParentID sets the ParentID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ParentID field is set to the value of the last call. +func (b *GCPResourceTagApplyConfiguration) WithParentID(value string) *GCPResourceTagApplyConfiguration { + b.ParentID = &value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *GCPResourceTagApplyConfiguration) WithKey(value string) *GCPResourceTagApplyConfiguration { + b.Key = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *GCPResourceTagApplyConfiguration) WithValue(value string) *GCPResourceTagApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go index 92c26406274..b6afa04a6c4 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go @@ -23,7 +23,7 @@ type PlatformStatusApplyConfiguration struct { PowerVS *PowerVSPlatformStatusApplyConfiguration `json:"powervs,omitempty"` AlibabaCloud *AlibabaCloudPlatformStatusApplyConfiguration `json:"alibabaCloud,omitempty"` Nutanix *NutanixPlatformStatusApplyConfiguration `json:"nutanix,omitempty"` - External *v1.ExternalPlatformStatus `json:"external,omitempty"` + External *ExternalPlatformStatusApplyConfiguration `json:"external,omitempty"` } // PlatformStatusApplyConfiguration constructs an declarative configuration of the PlatformStatus type for use with @@ -147,7 +147,7 @@ func (b *PlatformStatusApplyConfiguration) WithNutanix(value *NutanixPlatformSta // WithExternal sets the External field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the External field is set to the value of the last call. -func (b *PlatformStatusApplyConfiguration) WithExternal(value v1.ExternalPlatformStatus) *PlatformStatusApplyConfiguration { - b.External = &value +func (b *PlatformStatusApplyConfiguration) WithExternal(value *ExternalPlatformStatusApplyConfiguration) *PlatformStatusApplyConfiguration { + b.External = value return b } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go index 6aa765f554a..40ff54fbfcd 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go @@ -112,6 +112,13 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.config.v1.AWSDNSSpec + map: + fields: + - name: privateZoneIAMRole + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.AWSIngressSpec map: fields: @@ -481,6 +488,13 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.BuildOverrides default: {} +- name: com.github.openshift.api.config.v1.CloudControllerManagerStatus + map: + fields: + - name: state + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.ClusterCondition map: fields: @@ -932,6 +946,21 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.DNSStatus default: {} +- name: com.github.openshift.api.config.v1.DNSPlatformSpec + map: + fields: + - name: aws + type: + namedType: com.github.openshift.api.config.v1.AWSDNSSpec + - name: type + type: + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: aws + discriminatorValue: AWS - name: com.github.openshift.api.config.v1.DNSSpec map: fields: @@ -939,6 +968,10 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: platform + type: + namedType: com.github.openshift.api.config.v1.DNSPlatformSpec + default: {} - name: privateZone type: namedType: com.github.openshift.api.config.v1.DNSZone @@ -1032,16 +1065,11 @@ var schemaYAML = typed.YAMLObject(`types: default: Unknown - name: com.github.openshift.api.config.v1.ExternalPlatformStatus map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable + fields: + - name: cloudControllerManager + type: + namedType: com.github.openshift.api.config.v1.CloudControllerManagerStatus + default: {} - name: com.github.openshift.api.config.v1.FeatureGate map: fields: @@ -1145,6 +1173,48 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: resourceLabels + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.GCPResourceLabel + elementRelationship: associative + keys: + - key + - name: resourceTags + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.GCPResourceTag + elementRelationship: associative + keys: + - key +- name: com.github.openshift.api.config.v1.GCPResourceLabel + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: value + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.GCPResourceTag + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: parentID + type: + scalar: string + default: "" + - name: value + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.GitHubIdentityProvider map: fields: @@ -3035,6 +3105,65 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} +- name: com.github.openshift.api.config.v1alpha1.Backup + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1alpha1.BackupSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1alpha1.BackupStatus + default: {} +- name: com.github.openshift.api.config.v1alpha1.BackupSpec + map: + fields: + - name: etcd + type: + namedType: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec + default: {} +- name: com.github.openshift.api.config.v1alpha1.BackupStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec + map: + fields: + - name: pvcName + type: + scalar: string + default: "" + - name: retentionPolicy + type: + namedType: com.github.openshift.api.config.v1alpha1.RetentionPolicy + default: {} + - name: schedule + type: + scalar: string + default: "" + - name: timeZone + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1alpha1.GatherConfig map: fields: @@ -3087,6 +3216,38 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig + map: + fields: + - name: maxNumberOfBackups + type: + scalar: numeric +- name: com.github.openshift.api.config.v1alpha1.RetentionPolicy + map: + fields: + - name: retentionNumber + type: + namedType: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig + - name: retentionSize + type: + namedType: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig + - name: retentionType + type: + scalar: string + default: "" + unions: + - discriminator: retentionType + fields: + - fieldName: retentionNumber + discriminatorValue: RetentionNumber + - fieldName: retentionSize + discriminatorValue: RetentionSize +- name: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig + map: + fields: + - name: maxSizeOfBackupsGb + type: + scalar: numeric - name: io.k8s.api.core.v1.ConfigMapKeySelector map: fields: diff --git a/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go index ee781353429..1419792cba5 100644 --- a/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go @@ -212,6 +212,12 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: com.github.openshift.api.machine.v1.GCPFailureDomain elementRelationship: atomic + - name: openstack + type: + list: + elementType: + namedType: com.github.openshift.api.machine.v1.OpenStackFailureDomain + elementRelationship: atomic - name: platform type: scalar: string @@ -225,6 +231,8 @@ var schemaYAML = typed.YAMLObject(`types: discriminatorValue: Azure - fieldName: gcp discriminatorValue: GCP + - fieldName: openstack + discriminatorValue: OpenStack - name: com.github.openshift.api.machine.v1.GCPFailureDomain map: fields: @@ -247,6 +255,25 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.machine.v1beta1.MachineSpec default: {} +- name: com.github.openshift.api.machine.v1.OpenStackFailureDomain + map: + fields: + - name: availabilityZone + type: + scalar: string + - name: rootVolume + type: + namedType: com.github.openshift.api.machine.v1.RootVolume +- name: com.github.openshift.api.machine.v1.RootVolume + map: + fields: + - name: availabilityZone + type: + scalar: string + - name: volumeType + type: + scalar: string + default: "" - name: com.github.openshift.api.machine.v1beta1.Condition map: fields: diff --git a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/failuredomains.go b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/failuredomains.go index a24c74451ec..0fecd931ff5 100644 --- a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/failuredomains.go +++ b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/failuredomains.go @@ -9,10 +9,11 @@ import ( // FailureDomainsApplyConfiguration represents an declarative configuration of the FailureDomains type for use // with apply. type FailureDomainsApplyConfiguration struct { - Platform *v1.PlatformType `json:"platform,omitempty"` - AWS *[]AWSFailureDomainApplyConfiguration `json:"aws,omitempty"` - Azure *[]AzureFailureDomainApplyConfiguration `json:"azure,omitempty"` - GCP *[]GCPFailureDomainApplyConfiguration `json:"gcp,omitempty"` + Platform *v1.PlatformType `json:"platform,omitempty"` + AWS *[]AWSFailureDomainApplyConfiguration `json:"aws,omitempty"` + Azure *[]AzureFailureDomainApplyConfiguration `json:"azure,omitempty"` + GCP *[]GCPFailureDomainApplyConfiguration `json:"gcp,omitempty"` + OpenStack []OpenStackFailureDomainApplyConfiguration `json:"openstack,omitempty"` } // FailureDomainsApplyConfiguration constructs an declarative configuration of the FailureDomains type for use with @@ -88,3 +89,16 @@ func (b *FailureDomainsApplyConfiguration) WithGCP(values ...*GCPFailureDomainAp } return b } + +// WithOpenStack adds the given value to the OpenStack field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OpenStack field. +func (b *FailureDomainsApplyConfiguration) WithOpenStack(values ...*OpenStackFailureDomainApplyConfiguration) *FailureDomainsApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOpenStack") + } + b.OpenStack = append(b.OpenStack, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/openstackfailuredomain.go b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/openstackfailuredomain.go index 3b13d3d5461..cbee21bdf3b 100644 --- a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/openstackfailuredomain.go +++ b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/openstackfailuredomain.go @@ -5,7 +5,8 @@ package v1 // OpenStackFailureDomainApplyConfiguration represents an declarative configuration of the OpenStackFailureDomain type for use // with apply. type OpenStackFailureDomainApplyConfiguration struct { - AvailabilityZone *string `json:"availabilityZone,omitempty"` + AvailabilityZone *string `json:"availabilityZone,omitempty"` + RootVolume *RootVolumeApplyConfiguration `json:"rootVolume,omitempty"` } // OpenStackFailureDomainApplyConfiguration constructs an declarative configuration of the OpenStackFailureDomain type for use with @@ -21,3 +22,11 @@ func (b *OpenStackFailureDomainApplyConfiguration) WithAvailabilityZone(value st b.AvailabilityZone = &value return b } + +// WithRootVolume sets the RootVolume field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RootVolume field is set to the value of the last call. +func (b *OpenStackFailureDomainApplyConfiguration) WithRootVolume(value *RootVolumeApplyConfiguration) *OpenStackFailureDomainApplyConfiguration { + b.RootVolume = value + return b +} diff --git a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/rootvolume.go b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/rootvolume.go new file mode 100644 index 00000000000..4e3ccd99b71 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1/rootvolume.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// RootVolumeApplyConfiguration represents an declarative configuration of the RootVolume type for use +// with apply. +type RootVolumeApplyConfiguration struct { + AvailabilityZone *string `json:"availabilityZone,omitempty"` + VolumeType *string `json:"volumeType,omitempty"` +} + +// RootVolumeApplyConfiguration constructs an declarative configuration of the RootVolume type for use with +// apply. +func RootVolume() *RootVolumeApplyConfiguration { + return &RootVolumeApplyConfiguration{} +} + +// WithAvailabilityZone sets the AvailabilityZone field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AvailabilityZone field is set to the value of the last call. +func (b *RootVolumeApplyConfiguration) WithAvailabilityZone(value string) *RootVolumeApplyConfiguration { + b.AvailabilityZone = &value + return b +} + +// WithVolumeType sets the VolumeType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the VolumeType field is set to the value of the last call. +func (b *RootVolumeApplyConfiguration) WithVolumeType(value string) *RootVolumeApplyConfiguration { + b.VolumeType = &value + return b +} diff --git a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/failuredomain/failuredomain.go b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/failuredomain/failuredomain.go index 3dd3c305bb9..0781e67a347 100644 --- a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/failuredomain/failuredomain.go +++ b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/failuredomain/failuredomain.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "reflect" + "strings" configv1 "github.com/openshift/api/config/v1" machinev1 "github.com/openshift/api/machine/v1" @@ -59,6 +60,9 @@ type FailureDomain interface { // GCP returns the GCPFailureDomain if the platform type is GCP. GCP() machinev1.GCPFailureDomain + // OpenStack returns the OpenStackFailureDomain if the platform type is OpenStack. + OpenStack() machinev1.OpenStackFailureDomain + // Equal compares the underlying failure domain. Equal(other FailureDomain) bool } @@ -67,9 +71,10 @@ type FailureDomain interface { type failureDomain struct { platformType configv1.PlatformType - aws machinev1.AWSFailureDomain - azure machinev1.AzureFailureDomain - gcp machinev1.GCPFailureDomain + aws machinev1.AWSFailureDomain + azure machinev1.AzureFailureDomain + gcp machinev1.GCPFailureDomain + openstack machinev1.OpenStackFailureDomain } // String returns a string representation of the failure domain. @@ -81,6 +86,8 @@ func (f failureDomain) String() string { return azureFailureDomainToString(f.azure) case configv1.GCPPlatformType: return gcpFailureDomainToString(f.gcp) + case configv1.OpenStackPlatformType: + return openstackFailureDomainToString(f.openstack) default: return fmt.Sprintf("%sFailureDomain{}", f.platformType) } @@ -106,6 +113,11 @@ func (f failureDomain) GCP() machinev1.GCPFailureDomain { return f.gcp } +// OpenStack returns the OpenStackFailureDomain if the platform type is OpenStack. +func (f failureDomain) OpenStack() machinev1.OpenStackFailureDomain { + return f.openstack +} + // Equal compares the underlying failure domain. func (f failureDomain) Equal(other FailureDomain) bool { if other == nil { @@ -123,6 +135,8 @@ func (f failureDomain) Equal(other FailureDomain) bool { return f.azure == other.Azure() case configv1.GCPPlatformType: return f.gcp == other.GCP() + case configv1.OpenStackPlatformType: + return reflect.DeepEqual(f.openstack, other.OpenStack()) } return true @@ -138,6 +152,8 @@ func NewFailureDomains(failureDomains machinev1.FailureDomains) ([]FailureDomain return newAzureFailureDomains(failureDomains) case configv1.GCPPlatformType: return newGCPFailureDomains(failureDomains) + case configv1.OpenStackPlatformType: + return newOpenStackFailureDomains(failureDomains) case configv1.PlatformType(""): // An empty failure domains definition is allowed. return nil, nil @@ -188,6 +204,21 @@ func newGCPFailureDomains(failureDomains machinev1.FailureDomains) ([]FailureDom return foundFailureDomains, nil } +// newOpenStackFailureDomains constructs a slice of OpenStack FailureDomain from machinev1.FailureDomains. +func newOpenStackFailureDomains(failureDomains machinev1.FailureDomains) ([]FailureDomain, error) { + foundFailureDomains := []FailureDomain{} + + if len(failureDomains.OpenStack) == 0 { + return foundFailureDomains, errMissingFailureDomain + } + + for _, failureDomain := range failureDomains.OpenStack { + foundFailureDomains = append(foundFailureDomains, NewOpenStackFailureDomain(failureDomain)) + } + + return foundFailureDomains, nil +} + // NewAWSFailureDomain creates an AWS failure domain from the machinev1.AWSFailureDomain. // Note this is exported to allow other packages to construct individual failure domains // in tests. @@ -214,6 +245,14 @@ func NewGCPFailureDomain(fd machinev1.GCPFailureDomain) FailureDomain { } } +// NewOpenStackFailureDomain creates an OpenStack failure domain from the machinev1.OpenStackFailureDomain. +func NewOpenStackFailureDomain(fd machinev1.OpenStackFailureDomain) FailureDomain { + return &failureDomain{ + platformType: configv1.OpenStackPlatformType, + openstack: fd, + } +} + // NewGenericFailureDomain creates a dummy failure domain for generic platforms that don't support failure domains. func NewGenericFailureDomain() FailureDomain { return failureDomain{} @@ -276,3 +315,32 @@ func gcpFailureDomainToString(fd machinev1.GCPFailureDomain) string { return unknownFailureDomain } + +// openstackFailureDomainToString converts the OpenStackFailureDomain into a string. +func openstackFailureDomainToString(fd machinev1.OpenStackFailureDomain) string { + if fd.AvailabilityZone == "" && fd.RootVolume == nil { + return unknownFailureDomain + } + + var failureDomain []string + + if fd.AvailabilityZone != "" { + failureDomain = append(failureDomain, "AvailabilityZone:"+fd.AvailabilityZone) + } + + if fd.RootVolume != nil { + var rootVolume []string + + if fd.RootVolume.AvailabilityZone != "" { + rootVolume = append(rootVolume, "AvailabilityZone:"+fd.RootVolume.AvailabilityZone) + } + + if fd.RootVolume.VolumeType != "" { + rootVolume = append(rootVolume, "VolumeType:"+fd.RootVolume.VolumeType) + } + + failureDomain = append(failureDomain, "RootVolume:{"+strings.Join(rootVolume, ", ")+"}") + } + + return "OpenStackFailureDomain{" + strings.Join(failureDomain, ", ") + "}" +} diff --git a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/aws.go b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/aws.go index a125abdfb38..41930257cea 100644 --- a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/aws.go +++ b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/aws.go @@ -17,9 +17,9 @@ limitations under the License. package providerconfig import ( - "encoding/json" "fmt" + "github.com/go-logr/logr" configv1 "github.com/openshift/api/config/v1" machinev1 "github.com/openshift/api/machine/v1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" @@ -63,14 +63,15 @@ func (a AWSProviderConfig) Config() machinev1beta1.AWSMachineProviderConfig { // newAWSProviderConfig creates an AWS type ProviderConfig from the raw extension. // It should return an error if the provided RawExtension does not represent // an AWSMachineProviderConfig. -func newAWSProviderConfig(raw *runtime.RawExtension) (ProviderConfig, error) { +func newAWSProviderConfig(logger logr.Logger, raw *runtime.RawExtension) (ProviderConfig, error) { if raw == nil { return nil, errNilProviderSpec } awsMachineProviderConfig := machinev1beta1.AWSMachineProviderConfig{} - if err := json.Unmarshal(raw.Raw, &awsMachineProviderConfig); err != nil { - return nil, fmt.Errorf("could not unmarshal provider spec: %w", err) + + if err := checkForUnknownFieldsInProviderSpecAndUnmarshal(logger, raw, &awsMachineProviderConfig); err != nil { + return nil, fmt.Errorf("failed to check for unknown fields in the provider spec: %w", err) } awsProviderConfig := AWSProviderConfig{ diff --git a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/azure.go b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/azure.go index fcf35dee2e9..4c0b101b797 100644 --- a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/azure.go +++ b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/azure.go @@ -17,14 +17,13 @@ limitations under the License. package providerconfig import ( - "encoding/json" "fmt" + "github.com/go-logr/logr" v1 "github.com/openshift/api/config/v1" machinev1 "github.com/openshift/api/machine/v1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/pointer" ) // AzureProviderConfig holds the provider spec of an Azure Machine. @@ -39,7 +38,9 @@ type AzureProviderConfig struct { func (a AzureProviderConfig) InjectFailureDomain(fd machinev1.AzureFailureDomain) AzureProviderConfig { newAzureProviderConfig := a - newAzureProviderConfig.providerConfig.Zone = &fd.Zone + if fd.Zone != "" { + newAzureProviderConfig.providerConfig.Zone = fd.Zone + } return newAzureProviderConfig } @@ -48,7 +49,7 @@ func (a AzureProviderConfig) InjectFailureDomain(fd machinev1.AzureFailureDomain // information stored within the AzureProviderConfig. func (a AzureProviderConfig) ExtractFailureDomain() machinev1.AzureFailureDomain { return machinev1.AzureFailureDomain{ - Zone: pointer.StringDeref(a.providerConfig.Zone, ""), + Zone: a.providerConfig.Zone, } } @@ -60,10 +61,11 @@ func (a AzureProviderConfig) Config() machinev1beta1.AzureMachineProviderSpec { // newAzureProviderConfig creates an Azure type ProviderConfig from the raw extension. // It should return an error if the provided RawExtension does not represent // an AzureMachineProviderConfig. -func newAzureProviderConfig(raw *runtime.RawExtension) (ProviderConfig, error) { +func newAzureProviderConfig(logger logr.Logger, raw *runtime.RawExtension) (ProviderConfig, error) { azureMachineProviderSpec := machinev1beta1.AzureMachineProviderSpec{} - if err := json.Unmarshal(raw.Raw, &azureMachineProviderSpec); err != nil { - return nil, fmt.Errorf("could not unmarshal provider spec: %w", err) + + if err := checkForUnknownFieldsInProviderSpecAndUnmarshal(logger, raw, &azureMachineProviderSpec); err != nil { + return nil, fmt.Errorf("failed to check for unknown fields in the provider spec: %w", err) } azureProviderConfig := AzureProviderConfig{ diff --git a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/gcp.go b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/gcp.go index dff5436ccc5..1d2e2c6b7ed 100644 --- a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/gcp.go +++ b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/gcp.go @@ -17,9 +17,9 @@ limitations under the License. package providerconfig import ( - "encoding/json" "fmt" + "github.com/go-logr/logr" v1 "github.com/openshift/api/config/v1" machinev1 "github.com/openshift/api/machine/v1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" @@ -57,10 +57,11 @@ func (g GCPProviderConfig) Config() machinev1beta1.GCPMachineProviderSpec { // newGCPProviderConfig creates a GCP type ProviderConfig from the raw extension. // It should return an error if the provided RawExtension does not represent a GCPProviderConfig. -func newGCPProviderConfig(raw *runtime.RawExtension) (ProviderConfig, error) { +func newGCPProviderConfig(logger logr.Logger, raw *runtime.RawExtension) (ProviderConfig, error) { var gcpMachineProviderSpec machinev1beta1.GCPMachineProviderSpec - if err := json.Unmarshal(raw.Raw, &gcpMachineProviderSpec); err != nil { - return nil, fmt.Errorf("failed to unmarshal GCP provider config: %w", err) + + if err := checkForUnknownFieldsInProviderSpecAndUnmarshal(logger, raw, &gcpMachineProviderSpec); err != nil { + return nil, fmt.Errorf("failed to check for unknown fields in the provider spec: %w", err) } gcpProviderConfig := GCPProviderConfig{ diff --git a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/nutanix.go b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/nutanix.go new file mode 100644 index 00000000000..08f2cf75f1d --- /dev/null +++ b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/nutanix.go @@ -0,0 +1,55 @@ +/* +Copyright 2023 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package providerconfig + +import ( + "fmt" + + "github.com/go-logr/logr" + configv1 "github.com/openshift/api/config/v1" + machinev1 "github.com/openshift/api/machine/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// NutanixProviderConfig is a wrapper around machinev1.NutanixMachineProviderConfig. +type NutanixProviderConfig struct { + providerConfig machinev1.NutanixMachineProviderConfig +} + +// Config returns the stored NutanixMachineProviderConfig. +func (n NutanixProviderConfig) Config() machinev1.NutanixMachineProviderConfig { + return n.providerConfig +} + +func newNutanixProviderConfig(logger logr.Logger, raw *runtime.RawExtension) (ProviderConfig, error) { + nutanixMachineProviderconfig := machinev1.NutanixMachineProviderConfig{} + + if err := checkForUnknownFieldsInProviderSpecAndUnmarshal(logger, raw, &nutanixMachineProviderconfig); err != nil { + return nil, fmt.Errorf("failed to check for unknown fields in the provider spec: %w", err) + } + + npc := NutanixProviderConfig{ + providerConfig: nutanixMachineProviderconfig, + } + + config := providerConfig{ + platformType: configv1.NutanixPlatformType, + nutanix: npc, + } + + return config, nil +} diff --git a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/openstack.go b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/openstack.go new file mode 100644 index 00000000000..0b910e9cdc1 --- /dev/null +++ b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/openstack.go @@ -0,0 +1,104 @@ +/* +Copyright 2022 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package providerconfig + +import ( + "fmt" + + "github.com/go-logr/logr" + v1 "github.com/openshift/api/config/v1" + machinev1 "github.com/openshift/api/machine/v1" + machinev1alpha1 "github.com/openshift/api/machine/v1alpha1" + "k8s.io/apimachinery/pkg/runtime" +) + +// OpenStackProviderConfig holds the provider spec of an OpenStack Machine. +// It allows external code to extract and inject failure domain information, +// as well as gathering the stored config. +type OpenStackProviderConfig struct { + providerConfig machinev1alpha1.OpenstackProviderSpec +} + +// InjectFailureDomain returns a new OpenStackProviderConfig configured with the failure domain +// information provided. +func (a OpenStackProviderConfig) InjectFailureDomain(fd machinev1.OpenStackFailureDomain) OpenStackProviderConfig { + newOpenStackProviderConfig := a + + if fd.AvailabilityZone != "" { + newOpenStackProviderConfig.providerConfig.AvailabilityZone = fd.AvailabilityZone + } + + if fd.RootVolume != nil && newOpenStackProviderConfig.providerConfig.RootVolume != nil { + if fd.RootVolume.AvailabilityZone != "" { + newOpenStackProviderConfig.providerConfig.RootVolume.Zone = fd.RootVolume.AvailabilityZone + } + + if fd.RootVolume.VolumeType != "" { + newOpenStackProviderConfig.providerConfig.RootVolume.VolumeType = fd.RootVolume.VolumeType + } + } + + return newOpenStackProviderConfig +} + +// ExtractFailureDomain returns an OpenStackFailureDomain based on the failure domain +// information stored within the OpenStackProviderConfig. +func (a OpenStackProviderConfig) ExtractFailureDomain() machinev1.OpenStackFailureDomain { + var failureDomainRootVolume *machinev1.RootVolume + + if a.providerConfig.RootVolume != nil { + // Be liberal in accepting an empty rootVolume in the + // OpenStackFailureDomain. It should count as nil. + if az, vt := a.providerConfig.RootVolume.Zone, a.providerConfig.RootVolume.VolumeType; az != "" || vt != "" { + failureDomainRootVolume = &machinev1.RootVolume{ + AvailabilityZone: az, + VolumeType: vt, + } + } + } + + return machinev1.OpenStackFailureDomain{ + AvailabilityZone: a.providerConfig.AvailabilityZone, + RootVolume: failureDomainRootVolume, + } +} + +// Config returns the stored OpenStackMachineProviderSpec. +func (a OpenStackProviderConfig) Config() machinev1alpha1.OpenstackProviderSpec { + return a.providerConfig +} + +// newOpenStackProviderConfig creates an OpenStack type ProviderConfig from the raw extension. +// It should return an error if the provided RawExtension does not represent +// an OpenStackMachineProviderConfig. +func newOpenStackProviderConfig(logger logr.Logger, raw *runtime.RawExtension) (ProviderConfig, error) { + openstackProviderSpec := machinev1alpha1.OpenstackProviderSpec{} + if err := checkForUnknownFieldsInProviderSpecAndUnmarshal(logger, raw, &openstackProviderSpec); err != nil { + return nil, fmt.Errorf("failed to check for unknown fields in the provider spec: %w", err) + } + + openstackProviderConfig := OpenStackProviderConfig{ + providerConfig: openstackProviderSpec, + } + + config := providerConfig{ + platformType: v1.OpenStackPlatformType, + openstack: openstackProviderConfig, + } + + return config, nil +} diff --git a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/providerconfig.go b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/providerconfig.go index 4d2c865f23e..dd73114d02c 100644 --- a/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/providerconfig.go +++ b/vendor/github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig/providerconfig.go @@ -22,12 +22,15 @@ import ( "fmt" "reflect" + "github.com/go-logr/logr" "github.com/go-test/deep" configv1 "github.com/openshift/api/config/v1" machinev1 "github.com/openshift/api/machine/v1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" "github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/failuredomain" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/yaml" ) var ( @@ -79,42 +82,52 @@ type ProviderConfig interface { // GCP returns the GCPProviderConfig if the platform type is GCP. GCP() GCPProviderConfig + // Nutanix returns the NutanixProviderConfig if the platform type is Nutanix. + Nutanix() NutanixProviderConfig + + // OpenStack returns the OpenStackProviderConfig if the platform type is OpenStack. + OpenStack() OpenStackProviderConfig + // Generic returns the GenericProviderConfig if we are on a platform that is using generic provider abstraction. Generic() GenericProviderConfig } // NewProviderConfigFromMachineTemplate creates a new ProviderConfig from the provided machine template. -func NewProviderConfigFromMachineTemplate(tmpl machinev1.OpenShiftMachineV1Beta1MachineTemplate) (ProviderConfig, error) { +func NewProviderConfigFromMachineTemplate(logger logr.Logger, tmpl machinev1.OpenShiftMachineV1Beta1MachineTemplate) (ProviderConfig, error) { platformType, err := getPlatformTypeFromMachineTemplate(tmpl) if err != nil { return nil, fmt.Errorf("could not determine platform type: %w", err) } - return newProviderConfigFromProviderSpec(tmpl.Spec.ProviderSpec, platformType) + return newProviderConfigFromProviderSpec(logger, tmpl.Spec.ProviderSpec, platformType) } // NewProviderConfigFromMachineSpec creates a new ProviderConfig from the provided machineSpec object. -func NewProviderConfigFromMachineSpec(machineSpec machinev1beta1.MachineSpec) (ProviderConfig, error) { +func NewProviderConfigFromMachineSpec(logger logr.Logger, machineSpec machinev1beta1.MachineSpec) (ProviderConfig, error) { platformType, err := getPlatformTypeFromProviderSpec(machineSpec.ProviderSpec) if err != nil { return nil, fmt.Errorf("could not determine platform type: %w", err) } - return newProviderConfigFromProviderSpec(machineSpec.ProviderSpec, platformType) + return newProviderConfigFromProviderSpec(logger, machineSpec.ProviderSpec, platformType) } -func newProviderConfigFromProviderSpec(providerSpec machinev1beta1.ProviderSpec, platformType configv1.PlatformType) (ProviderConfig, error) { +func newProviderConfigFromProviderSpec(logger logr.Logger, providerSpec machinev1beta1.ProviderSpec, platformType configv1.PlatformType) (ProviderConfig, error) { if providerSpec.Value == nil { return nil, errNilProviderSpec } switch platformType { case configv1.AWSPlatformType: - return newAWSProviderConfig(providerSpec.Value) + return newAWSProviderConfig(logger, providerSpec.Value) case configv1.AzurePlatformType: - return newAzureProviderConfig(providerSpec.Value) + return newAzureProviderConfig(logger, providerSpec.Value) case configv1.GCPPlatformType: - return newGCPProviderConfig(providerSpec.Value) + return newGCPProviderConfig(logger, providerSpec.Value) + case configv1.NutanixPlatformType: + return newNutanixProviderConfig(logger, providerSpec.Value) + case configv1.OpenStackPlatformType: + return newOpenStackProviderConfig(logger, providerSpec.Value) case configv1.NonePlatformType: return nil, fmt.Errorf("%w: %s", errUnsupportedPlatformType, platformType) default: @@ -128,7 +141,9 @@ type providerConfig struct { aws AWSProviderConfig azure AzureProviderConfig gcp GCPProviderConfig + nutanix NutanixProviderConfig generic GenericProviderConfig + openstack OpenStackProviderConfig } // InjectFailureDomain is used to inject a failure domain into the ProviderConfig. @@ -148,6 +163,8 @@ func (p providerConfig) InjectFailureDomain(fd failuredomain.FailureDomain) (Pro newConfig.azure = p.Azure().InjectFailureDomain(fd.Azure()) case configv1.GCPPlatformType: newConfig.gcp = p.GCP().InjectFailureDomain(fd.GCP()) + case configv1.OpenStackPlatformType: + newConfig.openstack = p.OpenStack().InjectFailureDomain(fd.OpenStack()) case configv1.NonePlatformType: return nil, fmt.Errorf("%w: %s", errUnsupportedPlatformType, p.platformType) } @@ -164,6 +181,8 @@ func (p providerConfig) ExtractFailureDomain() failuredomain.FailureDomain { return failuredomain.NewAzureFailureDomain(p.Azure().ExtractFailureDomain()) case configv1.GCPPlatformType: return failuredomain.NewGCPFailureDomain(p.GCP().ExtractFailureDomain()) + case configv1.OpenStackPlatformType: + return failuredomain.NewOpenStackFailureDomain(p.OpenStack().ExtractFailureDomain()) case configv1.NonePlatformType: return nil default: @@ -173,6 +192,8 @@ func (p providerConfig) ExtractFailureDomain() failuredomain.FailureDomain { // Diff compares two ProviderConfigs and returns a list of differences, // or nil if there are none. +// +//nolint:dupl func (p providerConfig) Diff(other ProviderConfig) ([]string, error) { if other == nil { return nil, nil @@ -189,6 +210,10 @@ func (p providerConfig) Diff(other ProviderConfig) ([]string, error) { return deep.Equal(p.azure.providerConfig, other.Azure().providerConfig), nil case configv1.GCPPlatformType: return deep.Equal(p.gcp.providerConfig, other.GCP().providerConfig), nil + case configv1.NutanixPlatformType: + return deep.Equal(p.nutanix.providerConfig, other.Nutanix().providerConfig), nil + case configv1.OpenStackPlatformType: + return deep.Equal(p.openstack.providerConfig, other.OpenStack().providerConfig), nil case configv1.NonePlatformType: return nil, errUnsupportedPlatformType default: @@ -197,6 +222,8 @@ func (p providerConfig) Diff(other ProviderConfig) ([]string, error) { } // Equal compares two ProviderConfigs to determine whether or not they are equal. +// +//nolint:dupl func (p providerConfig) Equal(other ProviderConfig) (bool, error) { if other == nil { return false, nil @@ -213,6 +240,10 @@ func (p providerConfig) Equal(other ProviderConfig) (bool, error) { return reflect.DeepEqual(p.azure.providerConfig, other.Azure().providerConfig), nil case configv1.GCPPlatformType: return reflect.DeepEqual(p.gcp.providerConfig, other.GCP().providerConfig), nil + case configv1.NutanixPlatformType: + return reflect.DeepEqual(p.nutanix.providerConfig, other.Nutanix().providerConfig), nil + case configv1.OpenStackPlatformType: + return reflect.DeepEqual(p.openstack.providerConfig, other.OpenStack().providerConfig), nil case configv1.NonePlatformType: return false, errUnsupportedPlatformType default: @@ -234,6 +265,10 @@ func (p providerConfig) RawConfig() ([]byte, error) { rawConfig, err = json.Marshal(p.azure.providerConfig) case configv1.GCPPlatformType: rawConfig, err = json.Marshal(p.gcp.providerConfig) + case configv1.NutanixPlatformType: + rawConfig, err = json.Marshal(p.nutanix.providerConfig) + case configv1.OpenStackPlatformType: + rawConfig, err = json.Marshal(p.openstack.providerConfig) case configv1.NonePlatformType: return nil, errUnsupportedPlatformType default: @@ -267,6 +302,16 @@ func (p providerConfig) GCP() GCPProviderConfig { return p.gcp } +// Nutanix returns the NutanixProviderConfig if the platform type is Nutanix. +func (p providerConfig) Nutanix() NutanixProviderConfig { + return p.nutanix +} + +// OpenStack returns the OpenStackProviderConfig if the platform type is OpenStack. +func (p providerConfig) OpenStack() OpenStackProviderConfig { + return p.openstack +} + // Generic returns the GenericProviderConfig if the platform type is generic. func (p providerConfig) Generic() GenericProviderConfig { return p.generic @@ -276,9 +321,11 @@ func (p providerConfig) Generic() GenericProviderConfig { // When platform is unknown, it returns "UnknownPlatform". func getPlatformTypeFromProviderSpecKind(kind string) configv1.PlatformType { var providerSpecKindToPlatformType = map[string]configv1.PlatformType{ - "AWSMachineProviderConfig": configv1.AWSPlatformType, - "AzureMachineProviderSpec": configv1.AzurePlatformType, - "GCPMachineProviderSpec": configv1.GCPPlatformType, + "AWSMachineProviderConfig": configv1.AWSPlatformType, + "AzureMachineProviderSpec": configv1.AzurePlatformType, + "GCPMachineProviderSpec": configv1.GCPPlatformType, + "NutanixMachineProviderConfig": configv1.NutanixPlatformType, + "OpenstackProviderSpec": configv1.OpenStackPlatformType, } platformType, ok := providerSpecKindToPlatformType[kind] @@ -326,11 +373,11 @@ func getPlatformTypeFromProviderSpec(providerSpec machinev1beta1.ProviderSpec) ( } // ExtractFailureDomainsFromMachines creates list of FailureDomains extracted from the provided list of machines. -func ExtractFailureDomainsFromMachines(machines []machinev1beta1.Machine) ([]failuredomain.FailureDomain, error) { +func ExtractFailureDomainsFromMachines(logger logr.Logger, machines []machinev1beta1.Machine) ([]failuredomain.FailureDomain, error) { machineFailureDomains := failuredomain.NewSet() for _, machine := range machines { - providerconfig, err := NewProviderConfigFromMachineSpec(machine.Spec) + providerconfig, err := NewProviderConfigFromMachineSpec(logger, machine.Spec) if err != nil { return nil, fmt.Errorf("error getting failure domain from machine %s: %w", machine.Name, err) } @@ -342,8 +389,8 @@ func ExtractFailureDomainsFromMachines(machines []machinev1beta1.Machine) ([]fai } // ExtractFailureDomainFromMachine FailureDomain extracted from the provided machine. -func ExtractFailureDomainFromMachine(machine machinev1beta1.Machine) (failuredomain.FailureDomain, error) { - providerConfig, err := NewProviderConfigFromMachineSpec(machine.Spec) +func ExtractFailureDomainFromMachine(logger logr.Logger, machine machinev1beta1.Machine) (failuredomain.FailureDomain, error) { + providerConfig, err := NewProviderConfigFromMachineSpec(logger, machine.Spec) if err != nil { return nil, fmt.Errorf("error getting failure domain from machine %s: %w", machine.Name, err) } @@ -352,11 +399,11 @@ func ExtractFailureDomainFromMachine(machine machinev1beta1.Machine) (failuredom } // ExtractFailureDomainsFromMachineSets creates list of FailureDomains extracted from the provided list of machineSets. -func ExtractFailureDomainsFromMachineSets(machineSets []machinev1beta1.MachineSet) ([]failuredomain.FailureDomain, error) { +func ExtractFailureDomainsFromMachineSets(logger logr.Logger, machineSets []machinev1beta1.MachineSet) ([]failuredomain.FailureDomain, error) { machineSetFailureDomains := failuredomain.NewSet() for _, machineSet := range machineSets { - providerconfig, err := NewProviderConfigFromMachineSpec(machineSet.Spec.Template.Spec) + providerconfig, err := NewProviderConfigFromMachineSpec(logger, machineSet.Spec.Template.Spec) if err != nil { return nil, fmt.Errorf("error getting failure domain from machineSet %s: %w", machineSet.Name, err) } @@ -366,3 +413,22 @@ func ExtractFailureDomainsFromMachineSets(machineSets []machinev1beta1.MachineSe return machineSetFailureDomains.List(), nil } + +// checkForUnknownFieldsInProviderSpecAndUnmarshal tries to unmarshal content into a platform specific provider spec +// and detect invalid fields. +// +// If the provider spec contains an unknown field, we want to log a warning to the user +// instead of just omitting the unknown field. This also catches only the first unknown field +// in the provider spec. In order to not break any live clusters, we keep the original json +// style of unmarshaling if the strict version fails. +func checkForUnknownFieldsInProviderSpecAndUnmarshal(logger logr.Logger, raw *runtime.RawExtension, platformProviderSpec interface{}) error { + if err := yaml.UnmarshalStrict(raw.Raw, platformProviderSpec); err != nil { + logger.Error(err, "failed to strictly unmarshal provider config due to unknown field") + + if err := json.Unmarshal(raw.Raw, platformProviderSpec); err != nil { + return fmt.Errorf("failed to unmarshal provider config: %w", err) + } + } + + return nil +} diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/alibabacloud/alibabacloud.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/alibabacloud/alibabacloud.go index a30fa6841af..5834c7a2f4d 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/alibabacloud/alibabacloud.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/alibabacloud/alibabacloud.go @@ -63,11 +63,6 @@ func Platform() (*alibabacloud.Platform, error) { return nil, err } - err = bypassDeprecation() - if err != nil { - return nil, err - } - region, err := selectRegion(client) if err != nil { return nil, err @@ -141,23 +136,3 @@ func selectRegion(client *Client) (string, error) { } return selectedRegion, nil } - -func bypassDeprecation() error { - confirmationMsg := "DEPRECATED. Alibaba Cloud is deprecated and will be " + - "removed in a future OpenShift version. Would you still like to continue?" - - shouldContinue := false - prompt := &survey.Confirm{ - Message: confirmationMsg, - } - err := survey.AskOne(prompt, &shouldContinue) - if err != nil { - return err - } - - if !shouldContinue { - return errors.Errorf("deprecated platform") - } - - return nil -} diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/availabilityzones.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/availabilityzones.go index fcc30522bc2..992f76be316 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/availabilityzones.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/availabilityzones.go @@ -11,10 +11,40 @@ import ( typesaws "github.com/openshift/installer/pkg/types/aws" ) +// Zones stores the map of Zone attributes indexed by Zone Name. +type Zones map[string]*Zone + +// Zone stores the Availability or Local Zone attributes used to set machine attributes, and to +// feed VPC resources as a source for for terraform variables. +type Zone struct { + + // Name is the availability, local or wavelength zone name. + Name string + + // ZoneType is the type of subnet's availability zone. + // The valid values are availability-zone and local-zone. + Type string + + // ZoneGroupName is the AWS zone group name. + // For Availability Zones, this parameter has the same value as the Region name. + // + // For Local Zones, the name of the associated group, for example us-west-2-lax-1. + GroupName string + + // ParentZoneName is the name of the zone that handles some of the Local Zone + // control plane operations, such as API calls. + ParentZoneName string + + // PreferredInstanceType is the offered instance type on the subnet's zone. + // It's used for the edge pools which does not offer the same type across different zone groups. + PreferredInstanceType string +} + // describeAvailabilityZones retrieves a list of all zones for the given region. -func describeAvailabilityZones(ctx context.Context, session *session.Session, region string) ([]*ec2.AvailabilityZone, error) { +func describeAvailabilityZones(ctx context.Context, session *session.Session, region string, zones []string) ([]*ec2.AvailabilityZone, error) { client := ec2.New(session, aws.NewConfig().WithRegion(region)) - resp, err := client.DescribeAvailabilityZonesWithContext(ctx, &ec2.DescribeAvailabilityZonesInput{ + input := &ec2.DescribeAvailabilityZonesInput{ + AllAvailabilityZones: aws.Bool(true), Filters: []*ec2.Filter{ { Name: aws.String("region-name"), @@ -25,7 +55,13 @@ func describeAvailabilityZones(ctx context.Context, session *session.Session, re Values: []*string{aws.String("available")}, }, }, - }) + } + if len(zones) > 0 { + for _, zone := range zones { + input.ZoneNames = append(input.ZoneNames, aws.String(zone)) + } + } + resp, err := client.DescribeAvailabilityZonesWithContext(ctx, input) if err != nil { return nil, errors.Wrap(err, "fetching zones") } @@ -33,22 +69,43 @@ func describeAvailabilityZones(ctx context.Context, session *session.Session, re return resp.AvailabilityZones, nil } -// availabilityZones retrieves a list of zones type 'availability-zone' for the region. -func availabilityZones(ctx context.Context, session *session.Session, region string) ([]string, error) { - azs, err := describeAvailabilityZones(ctx, session, region) +// zonesByType retrieves a list of zones by a given ZoneType attribute within the region. +// ZoneType can be availability-zone, local-zone or wavelength-zone. +func zonesByType(ctx context.Context, session *session.Session, region string, zoneType string) ([]string, error) { + azs, err := describeAvailabilityZones(ctx, session, region, []string{}) if err != nil { - return nil, errors.Wrap(err, "fetching availability zones") + return nil, errors.Wrapf(err, "fetching %s", zoneType) } zones := []string{} for _, zone := range azs { - if *zone.ZoneType == typesaws.AvailabilityZoneType { - zones = append(zones, *zone.ZoneName) + if aws.StringValue(zone.ZoneType) == zoneType { + zones = append(zones, aws.StringValue(zone.ZoneName)) } } if len(zones) == 0 { - return nil, errors.Errorf("no available zones in %s", region) + return nil, errors.Errorf("no zones with type %s in %s", zoneType, region) } return zones, nil } + +// availabilityZones retrieves a list of zones type 'availability-zone' for the region. +func availabilityZones(ctx context.Context, session *session.Session, region string) ([]string, error) { + return zonesByType(ctx, session, region, typesaws.AvailabilityZoneType) +} + +// localZones retrieves a list of zones type 'local-zone' for the region. +func localZones(ctx context.Context, session *session.Session, region string) ([]string, error) { + return zonesByType(ctx, session, region, typesaws.LocalZoneType) +} + +// describeFilteredZones retrieves a list of all zones for the given region. +func describeFilteredZones(ctx context.Context, session *session.Session, region string, zones []string) ([]*ec2.AvailabilityZone, error) { + azs, err := describeAvailabilityZones(ctx, session, region, zones) + if err != nil { + return nil, errors.Wrapf(err, "fetching %s", zones) + } + + return azs, nil +} diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/metadata.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/metadata.go index 296ec49d912..3803156f4da 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/metadata.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/metadata.go @@ -4,6 +4,7 @@ import ( "context" "sync" + awssdk "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/pkg/errors" @@ -16,9 +17,10 @@ import ( type Metadata struct { session *session.Session availabilityZones []string - privateSubnets map[string]Subnet - publicSubnets map[string]Subnet - edgeSubnets map[string]Subnet + edgeZones []string + privateSubnets Subnets + publicSubnets Subnets + edgeSubnets Subnets vpc string instanceTypes map[string]InstanceType @@ -74,10 +76,30 @@ func (m *Metadata) AvailabilityZones(ctx context.Context) ([]string, error) { return m.availabilityZones, nil } +// EdgeZones retrieves a list of Local zones for the configured region. +func (m *Metadata) EdgeZones(ctx context.Context) ([]string, error) { + m.mutex.Lock() + defer m.mutex.Unlock() + + if len(m.edgeZones) == 0 { + session, err := m.unlockedSession(ctx) + if err != nil { + return nil, err + } + + m.edgeZones, err = localZones(ctx, session, m.Region) + if err != nil { + return nil, errors.Wrap(err, "getting Local Zones") + } + } + + return m.edgeZones, nil +} + // EdgeSubnets retrieves subnet metadata indexed by subnet ID, for // subnets that the cloud-provider logic considers to be edge // (i.e. Local Zone). -func (m *Metadata) EdgeSubnets(ctx context.Context) (map[string]Subnet, error) { +func (m *Metadata) EdgeSubnets(ctx context.Context) (Subnets, error) { err := m.populateSubnets(ctx) if err != nil { return nil, errors.Wrap(err, "error retrieving Edge Subnets") @@ -85,10 +107,64 @@ func (m *Metadata) EdgeSubnets(ctx context.Context) (map[string]Subnet, error) { return m.edgeSubnets, nil } +// SetZoneAttributes retrieves AWS Zone attributes and update required fields in zones. +func (m *Metadata) SetZoneAttributes(ctx context.Context, zoneNames []string, zones Zones) error { + sess, err := m.Session(ctx) + if err != nil { + return errors.Wrap(err, "unable to get aws session to populate zone details") + } + azs, err := describeFilteredZones(ctx, sess, m.Region, zoneNames) + if err != nil { + return errors.Wrap(err, "unable to filter zones") + } + + for _, az := range azs { + zoneName := awssdk.StringValue(az.ZoneName) + if _, ok := zones[zoneName]; !ok { + zones[zoneName] = &Zone{Name: zoneName} + } + if zones[zoneName].GroupName == "" { + zones[zoneName].GroupName = awssdk.StringValue(az.GroupName) + } + if zones[zoneName].Type == "" { + zones[zoneName].Type = awssdk.StringValue(az.ZoneType) + } + if az.ParentZoneName != nil { + zones[zoneName].ParentZoneName = awssdk.StringValue(az.ParentZoneName) + } + } + return nil +} + +// AllZones return all the zones and it's attributes available on the region. +func (m *Metadata) AllZones(ctx context.Context) (Zones, error) { + sess, err := m.Session(ctx) + if err != nil { + return nil, errors.Wrap(err, "unable to get aws session to populate zone details") + } + azs, err := describeAvailabilityZones(ctx, sess, m.Region, []string{}) + if err != nil { + return nil, errors.Wrap(err, "unable to gather availability zones") + } + zoneDesc := make(Zones, len(azs)) + for _, az := range azs { + zoneName := awssdk.StringValue(az.ZoneName) + zoneDesc[zoneName] = &Zone{ + Name: zoneName, + GroupName: awssdk.StringValue(az.GroupName), + Type: awssdk.StringValue(az.ZoneType), + } + if az.ParentZoneName != nil { + zoneDesc[zoneName].ParentZoneName = awssdk.StringValue(az.ParentZoneName) + } + } + return zoneDesc, nil +} + // PrivateSubnets retrieves subnet metadata indexed by subnet ID, for // subnets that the cloud-provider logic considers to be private // (i.e. not public). -func (m *Metadata) PrivateSubnets(ctx context.Context) (map[string]Subnet, error) { +func (m *Metadata) PrivateSubnets(ctx context.Context) (Subnets, error) { err := m.populateSubnets(ctx) if err != nil { return nil, errors.Wrap(err, "error retrieving Private Subnets") @@ -99,7 +175,7 @@ func (m *Metadata) PrivateSubnets(ctx context.Context) (map[string]Subnet, error // PublicSubnets retrieves subnet metadata indexed by subnet ID, for // subnets that the cloud-provider logic considers to be public // (e.g. with suitable routing for hosting public load balancers). -func (m *Metadata) PublicSubnets(ctx context.Context) (map[string]Subnet, error) { +func (m *Metadata) PublicSubnets(ctx context.Context) (Subnets, error) { err := m.populateSubnets(ctx) if err != nil { return nil, errors.Wrap(err, "error retrieving Public Subnets") diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/permissions.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/permissions.go index 0e437ec85b0..b6aac82d950 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/permissions.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/permissions.go @@ -38,6 +38,9 @@ const ( // PermissionDeleteHostedZone is a set of permissions required when the installer destroys a route53 hosted zone. PermissionDeleteHostedZone PermissionGroup = "delete-hosted-zone" + + // PermissionKMSEncryptionKeys is an additional set of permissions required when the installer uses user provided kms encryption keys. + PermissionKMSEncryptionKeys PermissionGroup = "kms-encryption-keys" ) var permissions = map[PermissionGroup][]string{ @@ -72,6 +75,7 @@ var permissions = map[PermissionGroup][]string{ "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", + "ec2:DescribeSecurityGroupRules", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes", @@ -243,6 +247,16 @@ var permissions = map[PermissionGroup][]string{ PermissionDeleteHostedZone: { "route53:DeleteHostedZone", }, + PermissionKMSEncryptionKeys: { + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:GenerateDataKeyWithoutPlainText", + "kms:DescribeKey", + "kms:RevokeGrant", + "kms:CreateGrant", + "kms:ListGrants", + }, } // ValidateCreds will try to create an AWS session, and also verify that the current credentials diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/subnet.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/subnet.go index ac15be172b1..e316e8fe2be 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/subnet.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/subnet.go @@ -24,30 +24,16 @@ type Subnet struct { ARN string // Zone is the subnet's availability zone. - Zone string + Zone *Zone // CIDR is the subnet's CIDR block. CIDR string - // ZoneType is the type of subnet's availability zone. - // The valid values are availability-zone and local-zone. - ZoneType string - - // ZoneGroupName is the AWS zone group name. - // For Availability Zones, this parameter has the same value as the Region name. - // - // For Local Zones, the name of the associated group, for example us-west-2-lax-1. - ZoneGroupName string - // Public is the flag to define the subnet public. Public bool - - // PreferredEdgeInstanceType is the preferred instance type on the subnet's zone. - // It's used for the edge pools which does not offer the same type across zone groups. - PreferredEdgeInstanceType string } -// Subnets is the map for the Subnet metadata. +// Subnets is the map for the Subnet metadata indexed by zone. type Subnets map[string]Subnet // SubnetGroups is the group of subnets used by installer. @@ -60,13 +46,13 @@ type SubnetGroups struct { // subnets retrieves metadata for the given subnet(s). func subnets(ctx context.Context, session *session.Session, region string, ids []string) (subnetGroups SubnetGroups, err error) { - metas := make(map[string]Subnet, len(ids)) + metas := make(Subnets, len(ids)) zoneNames := make([]*string, len(ids)) availabilityZones := make(map[string]*ec2.AvailabilityZone, len(ids)) subnetGroups = SubnetGroups{ - Public: make(map[string]Subnet, len(ids)), - Private: make(map[string]Subnet, len(ids)), - Edge: make(map[string]Subnet, len(ids)), + Public: make(Subnets, len(ids)), + Private: make(Subnets, len(ids)), + Edge: make(Subnets, len(ids)), } var vpcFromSubnet string @@ -106,12 +92,11 @@ func subnets(ctx context.Context, session *session.Session, region string, ids [ lastError = errors.Errorf("all subnets must belong to the same VPC: %s is from %s, but %s is from %s", *subnet.SubnetId, *subnet.VpcId, vpcFromSubnet, subnetGroups.VPC) return false } - - metas[*subnet.SubnetId] = Subnet{ - ID: *subnet.SubnetId, - ARN: *subnet.SubnetArn, - Zone: *subnet.AvailabilityZone, - CIDR: *subnet.CidrBlock, + metas[aws.StringValue(subnet.SubnetId)] = Subnet{ + ID: aws.StringValue(subnet.SubnetId), + ARN: aws.StringValue(subnet.SubnetArn), + Zone: &Zone{Name: aws.StringValue(subnet.AvailabilityZone)}, + CIDR: aws.StringValue(subnet.CidrBlock), Public: false, } zoneNames = append(zoneNames, subnet.AvailabilityZone) @@ -165,15 +150,21 @@ func subnets(ctx context.Context, session *session.Session, region string, ids [ return subnetGroups, err } meta.Public = isPublic - meta.ZoneType = *availabilityZones[meta.Zone].ZoneType - meta.ZoneGroupName = *availabilityZones[meta.Zone].GroupName + + zoneName := meta.Zone.Name + if _, ok := availabilityZones[zoneName]; !ok { + errMsg := fmt.Sprintf("unable to read properties of zone name %s from the list %v", zoneName, zoneNames) + return subnetGroups, errors.Wrap(err, errMsg) + } + zone := availabilityZones[zoneName] + meta.Zone.Type = aws.StringValue(zone.ZoneType) + meta.Zone.GroupName = aws.StringValue(zone.GroupName) + if availabilityZones[zoneName].ParentZoneName != nil { + meta.Zone.ParentZoneName = aws.StringValue(zone.ParentZoneName) + } // AWS Local Zones are grouped as Edge subnets - if meta.ZoneType == typesaws.LocalZoneType { - // Local Zones is supported only in Public subnets - if !meta.Public { - return subnetGroups, errors.Errorf("subnet tyoe local-zone must be associated with public route tables: subnet %s from availability zone %s[%s] is public[%v]", id, meta.Zone, meta.ZoneType, meta.Public) - } + if meta.Zone.Type == typesaws.LocalZoneType { subnetGroups.Edge[id] = meta continue } diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/validation.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/validation.go index 45454d76336..a7c83b1dd57 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/validation.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/aws/validation.go @@ -54,20 +54,11 @@ func Validate(ctx context.Context, meta *Metadata, config *types.InstallConfig) for idx, compute := range config.Compute { fldPath := field.NewPath("compute").Index(idx) - - // Pool's specific validation. - // Edge Compute Pool: AWS Local Zones is valid only when installing in existing VPC. if compute.Name == types.MachinePoolEdgeRoleName { if len(config.Platform.AWS.Subnets) == 0 { - return errors.New(field.Required(fldPath, "invalid install config. edge machine pool is valid when installing in existing VPC").Error()) - } - edgeSubnets, err := meta.EdgeSubnets(ctx) - if err != nil { - errMsg := fmt.Sprintf("%s pool. %v", compute.Name, err.Error()) - return errors.New(field.Invalid(field.NewPath("platform", "aws", "subnets"), config.Platform.AWS.Subnets, errMsg).Error()) - } - if len(edgeSubnets) == 0 { - return errors.New(field.Required(fldPath, "invalid install config. There is no valid subnets for edge machine pool").Error()) + if compute.Platform.AWS == nil { + allErrs = append(allErrs, field.Required(fldPath.Child("platform", "aws"), "edge compute pools are only supported on the AWS platform")) + } } } @@ -191,10 +182,10 @@ func validateSubnets(ctx context.Context, meta *Metadata, fldPath *field.Path, s privateZones := sets.NewString() publicZones := sets.NewString() for _, subnet := range privateSubnets { - privateZones.Insert(subnet.Zone) + privateZones.Insert(subnet.Zone.Name) } for _, subnet := range publicSubnets { - publicZones.Insert(subnet.Zone) + publicZones.Insert(subnet.Zone.Name) } if publish == types.ExternalPublishingStrategy && !publicZones.IsSuperset(privateZones) { errMsg := fmt.Sprintf("No public subnet provided for zones %s", privateZones.Difference(publicZones).List()) @@ -205,26 +196,64 @@ func validateSubnets(ctx context.Context, meta *Metadata, fldPath *field.Path, s } func validateMachinePool(ctx context.Context, meta *Metadata, fldPath *field.Path, platform *awstypes.Platform, pool *awstypes.MachinePool, req resourceRequirements, poolName string) field.ErrorList { + var err error allErrs := field.ErrorList{} - if len(pool.Zones) > 0 { + + // Pool's specific validation. + // Edge Compute Pool / AWS Local Zones: + // - is valid when installing in existing VPC; or + // - is valid in new VPC when Local Zone name is defined + if poolName == types.MachinePoolEdgeRoleName { + if len(platform.Subnets) > 0 { + edgeSubnets, err := meta.EdgeSubnets(ctx) + if err != nil { + errMsg := fmt.Sprintf("%s pool. %v", poolName, err.Error()) + return append(allErrs, field.Invalid(field.NewPath("subnets"), platform.Subnets, errMsg)) + } + if len(edgeSubnets) == 0 { + return append(allErrs, field.Required(fldPath, "the provided subnets must include valid subnets for the specified edge zones")) + } + } else { + if pool.Zones == nil || len(pool.Zones) == 0 { + return append(allErrs, field.Required(fldPath, "zone is required when using edge machine pools")) + } + for _, zone := range pool.Zones { + err := validateZoneLocal(ctx, meta, fldPath.Child("zones"), zone) + if err != nil { + allErrs = append(allErrs, err) + } + } + if len(allErrs) > 0 { + return allErrs + } + } + } + + if pool.Zones != nil && len(pool.Zones) > 0 { availableZones := sets.String{} + diffErrMsgPrefix := "One or more zones are unavailable" if len(platform.Subnets) > 0 { - var err error + diffErrMsgPrefix = "No subnets provided for zones" var subnets Subnets - switch poolName { - case types.MachinePoolEdgeRoleName: + if poolName == types.MachinePoolEdgeRoleName { subnets, err = meta.EdgeSubnets(ctx) - default: + } else { subnets, err = meta.PrivateSubnets(ctx) } + if err != nil { return append(allErrs, field.InternalError(fldPath, err)) } for _, subnet := range subnets { - availableZones.Insert(subnet.Zone) + availableZones.Insert(subnet.Zone.Name) } } else { - allzones, err := meta.AvailabilityZones(ctx) + var allzones []string + if poolName == types.MachinePoolEdgeRoleName { + allzones, err = meta.EdgeZones(ctx) + } else { + allzones, err = meta.AvailabilityZones(ctx) + } if err != nil { return append(allErrs, field.InternalError(fldPath, err)) } @@ -232,7 +261,7 @@ func validateMachinePool(ctx context.Context, meta *Metadata, fldPath *field.Pat } if diff := sets.NewString(pool.Zones...).Difference(availableZones); diff.Len() > 0 { - errMsg := fmt.Sprintf("No subnets provided for zones %s", diff.List()) + errMsg := fmt.Sprintf("%s %s", diffErrMsgPrefix, diff.List()) allErrs = append(allErrs, field.Invalid(fldPath.Child("zones"), pool.Zones, errMsg)) } } @@ -288,7 +317,7 @@ func validateSecurityGroupIDs(ctx context.Context, meta *Metadata, fldPath *fiel return allErrs } -func validateSubnetCIDR(fldPath *field.Path, subnets map[string]Subnet, idxMap map[string]int, networks []types.MachineNetworkEntry) field.ErrorList { +func validateSubnetCIDR(fldPath *field.Path, subnets Subnets, idxMap map[string]int, networks []types.MachineNetworkEntry) field.ErrorList { allErrs := field.ErrorList{} for id, v := range subnets { fp := fldPath.Index(idxMap[id]) @@ -311,7 +340,7 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet's CIDR range start %s is outside of the specified machine networks", ip))} } -func validateDuplicateSubnetZones(fldPath *field.Path, subnets map[string]Subnet, idxMap map[string]int, typ string) field.ErrorList { +func validateDuplicateSubnetZones(fldPath *field.Path, subnets Subnets, idxMap map[string]int, typ string) field.ErrorList { var keys []string for id := range subnets { keys = append(keys, id) @@ -322,11 +351,11 @@ func validateDuplicateSubnetZones(fldPath *field.Path, subnets map[string]Subnet zones := map[string]string{} for _, id := range keys { subnet := subnets[id] - if conflictingSubnet, ok := zones[subnet.Zone]; ok { - errMsg := fmt.Sprintf("%s subnet %s is also in zone %s", typ, conflictingSubnet, subnet.Zone) + if conflictingSubnet, ok := zones[subnet.Zone.Name]; ok { + errMsg := fmt.Sprintf("%s subnet %s is also in zone %s", typ, conflictingSubnet, subnet.Zone.Name) allErrs = append(allErrs, field.Invalid(fldPath.Index(idxMap[id]), id, errMsg)) } else { - zones[subnet.Zone] = id + zones[subnet.Zone.Name] = id } } return allErrs @@ -381,6 +410,33 @@ func validateRegion(region string) error { return validateEndpointAccessibility(ec2Session.Endpoint) } +func validateZoneLocal(ctx context.Context, meta *Metadata, fldPath *field.Path, zoneName string) *field.Error { + sess, err := meta.Session(ctx) + if err != nil { + return field.Invalid(fldPath, zoneName, fmt.Sprintf("unable to start a session: %s", err.Error())) + } + zones, err := describeFilteredZones(ctx, sess, meta.Region, []string{zoneName}) + if err != nil { + return field.Invalid(fldPath, zoneName, fmt.Sprintf("unable to get describe zone: %s", err.Error())) + } + validZone := false + for _, zone := range zones { + if aws.StringValue(zone.ZoneName) == zoneName { + if aws.StringValue(zone.ZoneType) != awstypes.LocalZoneType { + return field.Invalid(fldPath, zoneName, fmt.Sprintf("only zone type local-zone is valid in the edge machine pool: %s", aws.StringValue(zone.ZoneType))) + } + if aws.StringValue(zone.OptInStatus) != awstypes.ZoneOptInStatusOptedIn { + return field.Invalid(fldPath, zoneName, fmt.Sprintf("zone group is not opted-in: %s", aws.StringValue(zone.GroupName))) + } + validZone = true + } + } + if !validZone { + return field.Invalid(fldPath, zoneName, fmt.Sprintf("invalid local zone name: %s", zoneName)) + } + return nil +} + func validateEndpointAccessibility(endpointURL string) error { // For each provided service endpoint, verify we can resolve and connect with net.Dial. // Ignore e2e.local from unit tests. diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/azure/capabilities.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/azure/capabilities.go index 72ef08d0cd5..ec317236540 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/azure/capabilities.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/azure/capabilities.go @@ -19,7 +19,7 @@ func GetHyperVGenerationVersion(capabilities map[string]string, imageHyperVGen s if imageHyperVGen != "" && generations.Has(imageHyperVGen) { return imageHyperVGen, nil } else if generations.Len() > 0 { // otherwise, return the highest version available - return generations.List()[generations.Len()-1], nil + return sets.List(generations)[generations.Len()-1], nil } if generations.Has("V2") { return "V2", nil @@ -28,9 +28,9 @@ func GetHyperVGenerationVersion(capabilities map[string]string, imageHyperVGen s } // GetHyperVGenerationVersions returns all the HyperVGeneration versions supported by the instance type according to its capabilities as a string set V = {"V1", "V2", ...} -func GetHyperVGenerationVersions(capabilities map[string]string) (sets.String, error) { +func GetHyperVGenerationVersions(capabilities map[string]string) (sets.Set[string], error) { if val, ok := capabilities["HyperVGenerations"]; ok { - generations := sets.NewString() + generations := sets.New[string]() for _, g := range strings.Split(val, ",") { g = strings.TrimSpace(g) g = strings.ToUpper(g) diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/azure/validation.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/azure/validation.go index 0c39b76f919..5a3da09f8a4 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/azure/validation.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/azure/validation.go @@ -54,7 +54,7 @@ func Validate(client API, ic *types.InstallConfig) error { } allErrs = append(allErrs, validateAzureStackClusterOSImage(StorageEndpointSuffix, ic.Azure.ClusterOSImage, field.NewPath("platform").Child("azure"))...) } - allErrs = append(allErrs, validateMarketplaceImage(client, ic)...) + allErrs = append(allErrs, validateMarketplaceImages(client, ic)...) return allErrs.ToAggregate() } @@ -159,22 +159,11 @@ func validateMininumRequirements(fieldPath *field.Path, req resourceRequirements } func validateFamily(fieldPath *field.Path, instanceType, family string) field.ErrorList { - confidentialVMFamilies := sets.NewString( - "standardDCASv5Family", - "standardDCADSv5Family", - "standardECASv5Family", - "standardECADSv5Family", - "standardECIADSv5Family", - "standardECIASv5Family", - ) windowsVMFamilies := sets.NewString( "standardNVSv4Family", ) allErrs := field.ErrorList{} - if confidentialVMFamilies.Has(family) { - errMsg := fmt.Sprintf("%s is not currently supported but will be in a future release", family) - allErrs = append(allErrs, field.Invalid(fieldPath, instanceType, errMsg)) - } else if windowsVMFamilies.Has(family) { + if windowsVMFamilies.Has(family) { errMsg := fmt.Sprintf("%s is currently only supported on Windows", family) allErrs = append(allErrs, field.Invalid(fieldPath, instanceType, errMsg)) } @@ -377,14 +366,18 @@ func validateInstanceTypes(client API, ic *types.InstallConfig) field.ErrorList // The assumption here is that since cp and compute arches cannot differ today, it's ok to not check the // default instance as long as it is used in any one place. if !useDefaultInstanceType && defaultInstanceType != "" { + architecture := types.Architecture(types.ArchitectureAMD64) if ic.ControlPlane != nil { - fieldPath := field.NewPath("platform", "azure", "defaultMachinePlatform") - capabilities, err := client.GetVMCapabilities(context.TODO(), defaultInstanceType, ic.Azure.Region) - if err != nil { - return append(allErrs, field.Invalid(fieldPath.Child("type"), defaultInstanceType, err.Error())) - } - allErrs = append(allErrs, validateVMArchitecture(fieldPath.Child("type"), defaultInstanceType, ic.ControlPlane.Architecture, capabilities)...) + architecture = ic.ControlPlane.Architecture } + minReq := computeReq + if ic.ControlPlane == nil || ic.ControlPlane.Platform.Azure == nil { + minReq = controlPlaneReq + } + fieldPath := field.NewPath("platform", "azure", "defaultMachinePlatform") + ultraSSDEnabled := strings.EqualFold(defaultUltraSSDCapability, "Enabled") + allErrs = append(allErrs, ValidateInstanceType(client, fieldPath, + ic.Azure.Region, defaultInstanceType, defaultDiskType, minReq, ultraSSDEnabled, defaultVMNetworkingType, defaultZones, architecture)...) } return allErrs } @@ -595,67 +588,147 @@ func validateAzureStackClusterOSImage(StorageEndpointSuffix string, ClusterOSIma return allErrs } -func validateMarketplaceImage(client API, installConfig *types.InstallConfig) field.ErrorList { +func validateMarketplaceImages(client API, installConfig *types.InstallConfig) field.ErrorList { var allErrs field.ErrorList - for i, compute := range installConfig.Compute { - platform := compute.Platform.Azure - if platform == nil { - continue + + region := installConfig.Azure.Region + cloudName := installConfig.Azure.CloudName + + var defaultInstanceType string + var defaultOSImage aztypes.OSImage + if installConfig.Azure.DefaultMachinePlatform != nil { + defaultInstanceType = installConfig.Azure.DefaultMachinePlatform.InstanceType + defaultOSImage = installConfig.Azure.DefaultMachinePlatform.OSImage + } + + // Validate ControlPlane marketplace images + if installConfig.ControlPlane != nil { + platform := installConfig.ControlPlane.Platform.Azure + fldPath := field.NewPath("controlPlane") + + // Determine instance type + instanceType := "" + if platform != nil { + instanceType = platform.InstanceType } - if platform.OSImage.Publisher == "" { - continue + if instanceType == "" { + instanceType = defaultInstanceType } - osImageFieldPath := field.NewPath("compute").Index(i).Child("platform", "azure", "osImage") - vmImage, err := client.GetMarketplaceImage( - context.Background(), - installConfig.Platform.Azure.Region, - platform.OSImage.Publisher, - platform.OSImage.Offer, - platform.OSImage.SKU, - platform.OSImage.Version, - ) + if instanceType == "" { + instanceType = defaults.ControlPlaneInstanceType(cloudName, region, installConfig.ControlPlane.Architecture) + } + + capabilities, err := client.GetVMCapabilities(context.Background(), instanceType, region) if err != nil { - allErrs = append(allErrs, field.Invalid(osImageFieldPath, platform.OSImage, err.Error())) - continue + allErrs = append(allErrs, field.Invalid(fldPath.Child("platform", "azure", "type"), instanceType, err.Error())) + } + + generations, err := GetHyperVGenerationVersions(capabilities) + if err != nil { + allErrs = append(allErrs, field.Invalid(fldPath.Child("platform", "azure", "type"), instanceType, err.Error())) + } + + // If not set, try to use the OS Image definition from the default machine pool + var osImage aztypes.OSImage + if platform != nil { + osImage = platform.OSImage + } + if osImage.Publisher == "" { + osImage = defaultOSImage + } + + imgErr := validateMarketplaceImage(client, region, generations, &osImage, fldPath) + if imgErr != nil { + allErrs = append(allErrs, imgErr) + } + } + + // Validate Compute marketplace images + for i, compute := range installConfig.Compute { + platform := compute.Platform.Azure + fldPath := field.NewPath("compute").Index(i) + + // Determine instance type + instanceType := "" + if platform != nil { + instanceType = platform.InstanceType } - instanceType := platform.InstanceType - if instanceType == "" && installConfig.Platform.Azure.DefaultMachinePlatform != nil { - instanceType = installConfig.Platform.Azure.DefaultMachinePlatform.InstanceType + if instanceType == "" { + instanceType = defaultInstanceType } if instanceType == "" { - instanceType = defaults.ComputeInstanceType(installConfig.Azure.CloudName, installConfig.Azure.Region, compute.Architecture) + instanceType = defaults.ComputeInstanceType(cloudName, region, compute.Architecture) } - capabilities, err := client.GetVMCapabilities(context.Background(), instanceType, installConfig.Azure.Region) + + capabilities, err := client.GetVMCapabilities(context.Background(), instanceType, region) if err != nil { - allErrs = append(allErrs, field.Invalid(field.NewPath("compute").Index(i).Child("platform", "azure", "type"), instanceType, err.Error())) + allErrs = append(allErrs, field.Invalid(fldPath.Child("platform", "azure", "type"), instanceType, err.Error())) continue } generations, err := GetHyperVGenerationVersions(capabilities) if err != nil { - allErrs = append(allErrs, field.Invalid(field.NewPath("compute").Index(i).Child("platform", "azure", "type"), instanceType, err.Error())) - continue - } - imageHyperVGen := string(vmImage.HyperVGeneration) - if !generations.Has(imageHyperVGen) { - errMsg := fmt.Sprintf("instance type %s supports HyperVGenerations %v but the specified image is for HyperVGeneration %s; to correct this issue either specify a compatible instance type or change the HyperVGeneration for the image by using a different SKU", instanceType, generations.UnsortedList(), imageHyperVGen) - allErrs = append(allErrs, field.Invalid(osImageFieldPath, platform.OSImage.SKU, errMsg)) + allErrs = append(allErrs, field.Invalid(fldPath.Child("platform", "azure", "type"), instanceType, err.Error())) continue } - termsAccepted, err := client.AreMarketplaceImageTermsAccepted(context.Background(), platform.OSImage.Publisher, platform.OSImage.Offer, platform.OSImage.SKU) - if err == nil { - if !termsAccepted { - allErrs = append(allErrs, field.Invalid(osImageFieldPath, platform.OSImage, "the license terms for the marketplace image have not been accepted")) - } - } else { - allErrs = append(allErrs, field.Invalid(osImageFieldPath, platform.OSImage, - fmt.Sprintf("could not determine if the license terms for the marketplace image have been accepted: %v", err))) + // If not set, try to use the OS Image definition from the default machine pool + var osImage aztypes.OSImage + if platform != nil { + osImage = platform.OSImage + } + if osImage.Publisher == "" { + osImage = defaultOSImage + } + imgErr := validateMarketplaceImage(client, region, generations, &osImage, fldPath) + if imgErr != nil { + allErrs = append(allErrs, imgErr) } } + return allErrs } +func validateMarketplaceImage(client API, region string, instanceHyperVGenSet sets.Set[string], osImage *aztypes.OSImage, fldPath *field.Path) *field.Error { + // Marketplace image not specified + if osImage.Publisher == "" { + return nil + } + + osImageFieldPath := fldPath.Child("platform", "azure", "osImage") + vmImage, err := client.GetMarketplaceImage( + context.Background(), + region, + osImage.Publisher, + osImage.Offer, + osImage.SKU, + osImage.Version, + ) + if err != nil { + return field.Invalid(osImageFieldPath, osImage, err.Error()) + } + imageHyperVGen := string(vmImage.HyperVGeneration) + if !instanceHyperVGenSet.Has(imageHyperVGen) { + errMsg := fmt.Sprintf("instance type supports HyperVGenerations %v but the specified image is for HyperVGeneration %s; to correct this issue either specify a compatible instance type or change the HyperVGeneration for the image by using a different SKU", instanceHyperVGenSet.UnsortedList(), imageHyperVGen) + return field.Invalid(osImageFieldPath, osImage.SKU, errMsg) + } + + // Images with no purchase plan have no terms to be accepted + if osImage.Plan == aztypes.ImageNoPurchasePlan { + return nil + } + + termsAccepted, err := client.AreMarketplaceImageTermsAccepted(context.Background(), osImage.Publisher, osImage.Offer, osImage.SKU) + if err != nil { + return field.Invalid(osImageFieldPath, osImage, fmt.Sprintf("could not determine if the license terms for the marketplace image have been accepted: %v", err)) + } + if !termsAccepted { + return field.Invalid(osImageFieldPath, osImage, "the license terms for the marketplace image have not been accepted") + } + + return nil +} + func validateAzureStackDiskType(_ API, installConfig *types.InstallConfig) field.ErrorList { var allErrs field.ErrorList diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/gcp/client.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/gcp/client.go index 87a347cebc0..7ac9caef040 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/gcp/client.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/gcp/client.go @@ -44,6 +44,7 @@ type API interface { GetEnabledServices(ctx context.Context, project string) ([]string, error) GetServiceAccount(ctx context.Context, project, serviceAccount string) (string, error) GetCredentials() *googleoauth.Credentials + GetImage(ctx context.Context, name string, project string) (*compute.Image, error) GetProjectPermissions(ctx context.Context, project string, permissions []string) (sets.Set[string], error) GetProjectByID(ctx context.Context, project string) (*cloudresourcemanager.Project, error) ValidateServiceAccountHasPermissions(ctx context.Context, project string, permissions []string) (bool, error) @@ -88,7 +89,7 @@ func (c *Client) GetMachineType(ctx context.Context, project, zone, machineType func GetMachineTypeList(ctx context.Context, svc *compute.Service, project, region, machineType, fields string) ([]*compute.MachineType, error) { var machines []*compute.MachineType - ctx, cancel := context.WithTimeout(ctx, 1*time.Minute) + ctx, cancel := context.WithTimeout(ctx, defaultTimeout) defer cancel() filter := fmt.Sprintf("name = \"%s\" AND zone : %s-*", machineType, region) @@ -96,15 +97,13 @@ func GetMachineTypeList(ctx context.Context, svc *compute.Service, project, regi if len(fields) > 0 { req.Fields(googleapi.Field(fields)) } + err := req.Pages(ctx, func(page *compute.MachineTypeAggregatedList) error { for _, scopedList := range page.Items { machines = append(machines, scopedList.MachineTypes...) } return nil }) - if len(machines) == 0 { - return nil, errors.New("failed to fetch instance type, this error usually occurs if the region or the instance type is not found") - } return machines, err } @@ -116,25 +115,38 @@ func (c *Client) GetMachineTypeWithZones(ctx context.Context, project, region, m return nil, nil, err } - machines, err := GetMachineTypeList(ctx, svc, project, region, machineType, "") + pz, err := GetZones(ctx, svc, project, fmt.Sprintf("region eq .*%s", region)) if err != nil { return nil, nil, err } - - zones := sets.New[string]() - for _, machine := range machines { - zones.Insert(machine.Zone) + projZones := sets.New[string]() + for _, zone := range pz { + projZones.Insert(zone.Name) } - // Restrict to zones available in the project - pz, err := GetZones(ctx, svc, project, fmt.Sprintf("region eq .*%s", region)) + machines, err := GetMachineTypeList(ctx, svc, project, region, machineType, "") if err != nil { return nil, nil, err } - projZones := sets.New[string]() - for _, zone := range pz { - projZones.Insert(zone.Name) + + // Custom machine types are not included in aggregated lists, so let's try + // to get the machine type directly before returning an error. Also + // fallback to all the zones in the project + if len(machines) == 0 { + cctx, cancel := context.WithTimeout(ctx, defaultTimeout) + defer cancel() + machine, err := svc.MachineTypes.Get(project, pz[0].Name, machineType).Context(cctx).Do() + if err != nil { + return nil, nil, fmt.Errorf("failed to fetch instance type: %w", err) + } + return machine, projZones, nil + } + + zones := sets.New[string]() + for _, machine := range machines { + zones.Insert(machine.Zone) } + // Restrict to zones avaialable in the project zones = zones.Intersection(projZones) return machines[0], zones, nil @@ -353,7 +365,7 @@ func (c *Client) GetRegions(ctx context.Context, project string) ([]string, erro return computeRegions, nil } -// GetZones retrieves the available zones for the project. +// GetZones uses the GCP Compute Service API to get a list of zones from a project. func GetZones(ctx context.Context, svc *compute.Service, project, filter string) ([]*compute.Zone, error) { req := svc.Zones.List(project) if filter != "" { @@ -449,6 +461,19 @@ func (c *Client) GetCredentials() *googleoauth.Credentials { return c.ssn.Credentials } +// GetImage returns the marketplace image specified by the user. +func (c *Client) GetImage(ctx context.Context, name string, project string) (*compute.Image, error) { + svc, err := c.getComputeService(ctx) + if err != nil { + return nil, err + } + + ctx, cancel := context.WithTimeout(ctx, 1*time.Minute) + defer cancel() + + return svc.Images.Get(project, name).Context(ctx).Do() +} + func (c *Client) getPermissions(ctx context.Context, project string, permissions []string) ([]string, error) { ctx, cancel := context.WithTimeout(ctx, defaultTimeout) defer cancel() diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/gcp/validation.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/gcp/validation.go index 319b95bc0d7..4e7793f8891 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/gcp/validation.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/gcp/validation.go @@ -15,6 +15,7 @@ import ( "k8s.io/apimachinery/pkg/util/validation/field" "github.com/openshift/installer/pkg/types" + "github.com/openshift/installer/pkg/types/gcp" "github.com/openshift/installer/pkg/validate" ) @@ -59,6 +60,7 @@ func Validate(client API, ic *types.InstallConfig) error { allErrs = append(allErrs, validateCredentialMode(client, ic)...) allErrs = append(allErrs, validatePreexistingServiceAccountXpn(client, ic)...) allErrs = append(allErrs, validateServiceAccountPresent(client, ic)...) + allErrs = append(allErrs, validateMarketplaceImages(client, ic)...) return allErrs.ToAggregate() } @@ -67,20 +69,19 @@ func Validate(client API, ic *types.InstallConfig) error { func ValidateInstanceType(client API, fieldPath *field.Path, project, region string, zones []string, instanceType string, req resourceRequirements) field.ErrorList { allErrs := field.ErrorList{} - typeMeta, instanceZones, err := client.GetMachineTypeWithZones(context.TODO(), project, region, instanceType) + typeMeta, typeZones, err := client.GetMachineTypeWithZones(context.TODO(), project, region, instanceType) if err != nil { - var gErr *googleapi.Error - if errors.As(err, &gErr) { - return append(allErrs, field.Invalid(fieldPath.Child("type"), instanceType, gErr.Message)) + if _, ok := err.(*googleapi.Error); ok { + return append(allErrs, field.Invalid(fieldPath.Child("type"), instanceType, err.Error())) } return append(allErrs, field.InternalError(nil, err)) } userZones := sets.New(zones...) if len(userZones) == 0 { - userZones = instanceZones + userZones = typeZones } - if diff := userZones.Difference(instanceZones); len(diff) > 0 { + if diff := userZones.Difference(typeZones); len(diff) > 0 { errMsg := fmt.Sprintf("instance type not available in zones: %v", sets.List(diff)) allErrs = append(allErrs, field.Invalid(fieldPath.Child("type"), instanceType, errMsg)) } @@ -112,32 +113,96 @@ func validateServiceAccountPresent(client API, ic *types.InstallConfig) field.Er return allErrs } +// DefaultInstanceTypeForArch returns the appropriate instance type based on the target architecture. +func DefaultInstanceTypeForArch(arch types.Architecture) string { + if arch == types.ArchitectureARM64 { + return "t2a-standard-4" + } + return "n2-standard-4" +} + // validateInstanceTypes checks that the user-provided instance types are valid. func validateInstanceTypes(client API, ic *types.InstallConfig) field.ErrorList { allErrs := field.ErrorList{} + defaultInstanceType := "" + defaultZones := []string{} + // Default requirements need to be sufficient to support Control Plane instances. defaultInstanceReq := controlPlaneReq - if ic.ControlPlane != nil && ic.ControlPlane.Platform.GCP != nil && ic.ControlPlane.Platform.GCP.InstanceType != "" { // Default requirements can be relaxed when the controlPlane type is set explicitly. defaultInstanceReq = computeReq + } - allErrs = append(allErrs, ValidateInstanceType(client, field.NewPath("controlPlane", "platform", "gcp"), ic.GCP.ProjectID, ic.GCP.Region, ic.ControlPlane.Platform.GCP.Zones, - ic.ControlPlane.Platform.GCP.InstanceType, controlPlaneReq)...) + if ic.GCP.DefaultMachinePlatform != nil { + defaultZones = ic.GCP.DefaultMachinePlatform.Zones + defaultInstanceType = ic.GCP.DefaultMachinePlatform.InstanceType + if ic.GCP.DefaultMachinePlatform.InstanceType != "" { + allErrs = append(allErrs, + ValidateInstanceType( + client, + field.NewPath("platform", "gcp", "defaultMachinePlatform"), + ic.GCP.ProjectID, + ic.GCP.Region, + ic.GCP.DefaultMachinePlatform.Zones, + ic.GCP.DefaultMachinePlatform.InstanceType, + defaultInstanceReq, + )...) + } } - if ic.Platform.GCP.DefaultMachinePlatform != nil && ic.Platform.GCP.DefaultMachinePlatform.InstanceType != "" { - allErrs = append(allErrs, ValidateInstanceType(client, field.NewPath("platform", "gcp", "defaultMachinePlatform"), ic.GCP.ProjectID, ic.GCP.Region, ic.Platform.GCP.DefaultMachinePlatform.Zones, - ic.Platform.GCP.DefaultMachinePlatform.InstanceType, defaultInstanceReq)...) + zones := defaultZones + instanceType := defaultInstanceType + if ic.ControlPlane != nil { + if instanceType == "" { + instanceType = DefaultInstanceTypeForArch(ic.ControlPlane.Architecture) + } + if ic.ControlPlane.Platform.GCP != nil { + if ic.ControlPlane.Platform.GCP.InstanceType != "" { + instanceType = ic.ControlPlane.Platform.GCP.InstanceType + } + if len(ic.ControlPlane.Platform.GCP.Zones) > 0 { + zones = ic.ControlPlane.Platform.GCP.Zones + } + } } + allErrs = append(allErrs, + ValidateInstanceType( + client, + field.NewPath("controlPlane", "platform", "gcp"), + ic.GCP.ProjectID, + ic.GCP.Region, + zones, + instanceType, + controlPlaneReq, + )...) for idx, compute := range ic.Compute { fieldPath := field.NewPath("compute").Index(idx) - if compute.Platform.GCP != nil && compute.Platform.GCP.InstanceType != "" { - allErrs = append(allErrs, ValidateInstanceType(client, fieldPath.Child("platform", "gcp"), ic.GCP.ProjectID, ic.GCP.Region, compute.Platform.GCP.Zones, - compute.Platform.GCP.InstanceType, computeReq)...) + zones := defaultZones + instanceType := defaultInstanceType + if instanceType == "" { + instanceType = DefaultInstanceTypeForArch(compute.Architecture) } + if compute.Platform.GCP != nil { + if compute.Platform.GCP.InstanceType != "" { + instanceType = compute.Platform.GCP.InstanceType + } + if len(compute.Platform.GCP.Zones) > 0 { + zones = compute.Platform.GCP.Zones + } + } + allErrs = append(allErrs, + ValidateInstanceType( + client, + fieldPath.Child("platform", "gcp"), + ic.GCP.ProjectID, + ic.GCP.Region, + zones, + instanceType, + computeReq, + )...) } return allErrs @@ -475,3 +540,77 @@ func validateZones(client API, ic *types.InstallConfig) field.ErrorList { return allErrs } + +func validateMarketplaceImages(client API, ic *types.InstallConfig) field.ErrorList { + allErrs := field.ErrorList{} + + const errorMessage string = "could not find the boot image: %v" + var err error + var defaultImage *compute.Image + var defaultOsImage *gcp.OSImage + + if ic.GCP.DefaultMachinePlatform != nil && ic.GCP.DefaultMachinePlatform.OSImage != nil { + defaultOsImage = ic.GCP.DefaultMachinePlatform.OSImage + defaultImage, err = client.GetImage(context.TODO(), defaultOsImage.Name, defaultOsImage.Project) + if err != nil { + allErrs = append(allErrs, field.Invalid(field.NewPath("platform", "gcp", "defaultMachinePlatform", "osImage"), *defaultOsImage, fmt.Sprintf(errorMessage, err))) + } + } + + if ic.ControlPlane != nil { + image := defaultImage + osImage := defaultOsImage + if ic.ControlPlane.Platform.GCP != nil && ic.ControlPlane.Platform.GCP.OSImage != nil { + osImage = ic.ControlPlane.Platform.GCP.OSImage + image, err = client.GetImage(context.TODO(), osImage.Name, osImage.Project) + if err != nil { + allErrs = append(allErrs, field.Invalid(field.NewPath("controlPlane", "platform", "gcp", "osImage"), *osImage, fmt.Sprintf(errorMessage, err))) + } + } + if image != nil { + if errMsg := checkArchitecture(image.Architecture, ic.ControlPlane.Architecture, "controlPlane"); errMsg != "" { + allErrs = append(allErrs, field.Invalid(field.NewPath("controlPlane", "platform", "gcp", "osImage"), *osImage, errMsg)) + } + } + } + + for idx, compute := range ic.Compute { + image := defaultImage + osImage := defaultOsImage + fieldPath := field.NewPath("compute").Index(idx) + if compute.Platform.GCP != nil && compute.Platform.GCP.OSImage != nil { + osImage = compute.Platform.GCP.OSImage + image, err = client.GetImage(context.TODO(), osImage.Name, osImage.Project) + if err != nil { + allErrs = append(allErrs, field.Invalid(fieldPath.Child("platform", "gcp", "osImage"), *osImage, fmt.Sprintf(errorMessage, err))) + } + } + if image != nil { + if errMsg := checkArchitecture(image.Architecture, compute.Architecture, "compute"); errMsg != "" { + allErrs = append(allErrs, field.Invalid(fieldPath.Child("platform", "gcp", "osImage"), *osImage, errMsg)) + } + } + } + + return allErrs +} + +func checkArchitecture(imageArch string, icArch types.Architecture, role string) string { + const unspecifiedArch string = "ARCHITECTURE_UNSPECIFIED" + // The possible architecture names from image.Architecture are of type string hence we cannot directly obtain the possible values + // In the docs the possible values are ARM64, X86_64, and ARCHITECTURE_UNSPECIFIED + // There is no simple translation between the architecture values from Google and the architecture names used in the install config so a map is used + var ( + translateArchName = map[string]types.Architecture{ + "ARM64": types.ArchitectureARM64, + "X86_64": types.ArchitectureAMD64, + } + ) + + if imageArch == "" || imageArch == unspecifiedArch { + logrus.Warn(fmt.Sprintf("Boot image architecture is unspecified and might not be compatible with %s %s nodes", icArch, role)) + } else if translateArchName[imageArch] != icArch { + return fmt.Sprintf("image architecture %s does not match %s node architecture %s", imageArch, role, icArch) + } + return "" +} diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/openstack/validation/cloudinfo.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/openstack/validation/cloudinfo.go index 4d88b5c25fe..7205c36248b 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/openstack/validation/cloudinfo.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/openstack/validation/cloudinfo.go @@ -185,7 +185,8 @@ func (ci *CloudInfo) collectInfo(ic *types.InstallConfig, opts *clientconfig.Cli if err != nil { return err } - ci.ControlPlanePortNetwork, err = ci.getNetwork(controlPlanePort.Network.Name, controlPlanePort.Network.ID) + + ci.ControlPlanePortNetwork, err = ci.getNetwork(controlPlanePort) if err != nil { return err } @@ -317,10 +318,18 @@ func (ci *CloudInfo) getNetworkByName(networkName string) (*networks.Network, er return network, nil } -func (ci *CloudInfo) getNetwork(networkName, networkID string) (*networks.Network, error) { - opts := networks.ListOpts{ - ID: networkID, - Name: networkName, +func (ci *CloudInfo) getNetwork(controlPlanePort *openstack.PortTarget) (*networks.Network, error) { + networkName := controlPlanePort.Network.Name + networkID := controlPlanePort.Network.ID + if networkName == "" && networkID == "" { + return nil, nil + } + opts := networks.ListOpts{} + if networkID != "" { + opts.ID = controlPlanePort.Network.ID + } + if networkName != "" { + opts.Name = controlPlanePort.Network.Name } allPages, err := networks.List(ci.clients.networkClient, opts).AllPages() if err != nil { diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/vsphere/client.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/vsphere/client.go index 63666f9e8e2..34a229319af 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/vsphere/client.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/vsphere/client.go @@ -33,6 +33,7 @@ type Finder interface { VirtualMachine(ctx context.Context, path string) (*object.VirtualMachine, error) VirtualMachineList(ctx context.Context, path string) ([]*object.VirtualMachine, error) HostSystemList(ctx context.Context, path string) ([]*object.HostSystem, error) + ObjectReference(ctx context.Context, ref types.ManagedObjectReference) (object.Reference, error) } // NewFinder creates a new client that conforms with the Finder interface and returns a diff --git a/vendor/github.com/openshift/installer/pkg/asset/installconfig/vsphere/validation.go b/vendor/github.com/openshift/installer/pkg/asset/installconfig/vsphere/validation.go index 614a012eace..ea6ed72b88e 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/installconfig/vsphere/validation.go +++ b/vendor/github.com/openshift/installer/pkg/asset/installconfig/vsphere/validation.go @@ -283,15 +283,24 @@ func validateESXiVersion(validationCtx *validationContext, clusterPath string, v } for _, h := range hosts { + var esxiHostVersion *version.Version var mh mo.HostSystem - err := h.Properties(context.TODO(), h.Reference(), []string{"config.product"}, &mh) + err := h.Properties(context.TODO(), h.Reference(), []string{"config.product", "runtime"}, &mh) if err != nil { return append(allErrs, field.InternalError(vSphereFldPath, err)) } - esxiHostVersion, err := version.NewVersion(mh.Config.Product.Version) - if err != nil { - return append(allErrs, field.InternalError(vSphereFldPath, err)) + if mh.Runtime.InMaintenanceMode || mh.Runtime.ConnectionState == vim25types.HostSystemConnectionStateDisconnected || mh.Runtime.ConnectionState == vim25types.HostSystemConnectionStateNotResponding { + continue + } + + if mh.Config != nil { + esxiHostVersion, err = version.NewVersion(mh.Config.Product.Version) + if err != nil { + return append(allErrs, field.InternalError(vSphereFldPath, err)) + } + } else { + return append(allErrs, field.InternalError(vSphereFldPath, errors.Errorf("vCenter is failing to retrieve config product version information for the ESXi host: %s", h.Name()))) } detail := fmt.Sprintf("The vSphere storage driver requires a minimum of vSphere 7 Update 2. The ESXi host: %s is version: %s and build: %s", diff --git a/vendor/github.com/openshift/installer/pkg/asset/machines/aws/machinesets.go b/vendor/github.com/openshift/installer/pkg/asset/machines/aws/machinesets.go index 7273f15e561..a2d423265ff 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/machines/aws/machinesets.go +++ b/vendor/github.com/openshift/installer/pkg/asset/machines/aws/machinesets.go @@ -15,17 +15,28 @@ import ( "github.com/openshift/installer/pkg/types/aws" ) +// MachineSetInput holds the input arguments required to MachineSets for a machinepool. +type MachineSetInput struct { + ClusterID string + InstallConfigPlatformAWS *aws.Platform + Subnets icaws.Subnets + Zones icaws.Zones + Pool *types.MachinePool + Role string + UserDataSecret string +} + // MachineSets returns a list of machinesets for a machinepool. -func MachineSets(clusterID string, region string, subnets icaws.Subnets, pool *types.MachinePool, role, userDataSecret string, userTags map[string]string) ([]*machineapi.MachineSet, error) { - if poolPlatform := pool.Platform.Name(); poolPlatform != aws.Name { +func MachineSets(in *MachineSetInput) ([]*machineapi.MachineSet, error) { + if poolPlatform := in.Pool.Platform.Name(); poolPlatform != aws.Name { return nil, fmt.Errorf("non-AWS machine-pool: %q", poolPlatform) } - mpool := pool.Platform.AWS + mpool := in.Pool.Platform.AWS azs := mpool.Zones total := int64(0) - if pool.Replicas != nil { - total = *pool.Replicas + if in.Pool.Replicas != nil { + total = *in.Pool.Replicas } numOfAZs := int64(len(azs)) var machinesets []*machineapi.MachineSet @@ -34,27 +45,35 @@ func MachineSets(clusterID string, region string, subnets icaws.Subnets, pool *t if int64(idx) < total%numOfAZs { replicas++ } - subnet, ok := subnets[az] - if len(subnets) > 0 && !ok { - return nil, errors.Errorf("no subnet for zone %s", az) - } - publicSubnet := subnet.Public - instanceType := mpool.InstanceType nodeLabels := make(map[string]string, 3) nodeTaints := []corev1.Taint{} + instanceType := mpool.InstanceType + publicSubnet := false + subnetID := "" + if len(in.Subnets) > 0 { + subnet, ok := in.Subnets[az] + if !ok { + return nil, errors.Errorf("no subnet for zone %s", az) + } + publicSubnet = subnet.Public + subnetID = subnet.ID + } - if pool.Name == types.MachinePoolEdgeRoleName { - // edge pools typically do not receive the same workloads between - // different zoneGroups, thus the installer will discover preferred - // instance based on the installer's preferred instance lookup. - if subnet.PreferredEdgeInstanceType != "" { - instanceType = subnet.PreferredEdgeInstanceType + if in.Pool.Name == types.MachinePoolEdgeRoleName { + // edge pools not share same instance type and regular cluster workloads. + // The instance type is selected based in the offerings for the location. + // The labels and taints are set to prevent regular workloads. + // https://github.com/openshift/enhancements/blob/master/enhancements/installer/aws-custom-edge-machineset-local-zones.md + zone := in.Zones[az] + if zone.PreferredInstanceType != "" { + instanceType = zone.PreferredInstanceType } nodeLabels = map[string]string{ - "node-role.kubernetes.io/edge": "", - "machine.openshift.io/zone-type": subnet.ZoneType, - "machine.openshift.io/zone-group": subnet.ZoneGroupName, + "node-role.kubernetes.io/edge": "", + "machine.openshift.io/zone-type": zone.Type, + "machine.openshift.io/zone-group": zone.GroupName, + "machine.openshift.io/parent-zone-name": zone.ParentZoneName, } nodeTaints = append(nodeTaints, corev1.Taint{ Key: "node-role.kubernetes.io/edge", @@ -63,24 +82,24 @@ func MachineSets(clusterID string, region string, subnets icaws.Subnets, pool *t } provider, err := provider(&machineProviderInput{ - clusterID: clusterID, - region: region, - subnet: subnet.ID, + clusterID: in.ClusterID, + region: in.InstallConfigPlatformAWS.Region, + subnet: subnetID, instanceType: instanceType, osImage: mpool.AMIID, zone: az, role: "worker", - userDataSecret: userDataSecret, + userDataSecret: in.UserDataSecret, root: &mpool.EC2RootVolume, imds: mpool.EC2Metadata, - userTags: userTags, + userTags: in.InstallConfigPlatformAWS.UserTags, publicSubnet: publicSubnet, - securityGroupIDs: pool.Platform.AWS.AdditionalSecurityGroupIDs, + securityGroupIDs: in.Pool.Platform.AWS.AdditionalSecurityGroupIDs, }) if err != nil { return nil, errors.Wrap(err, "failed to create provider") } - name := fmt.Sprintf("%s-%s-%s", clusterID, pool.Name, az) + name := fmt.Sprintf("%s-%s-%s", in.ClusterID, in.Pool.Name, az) spec := machineapi.MachineSpec{ ProviderSpec: machineapi.ProviderSpec{ Value: &runtime.RawExtension{Object: provider}, @@ -100,7 +119,7 @@ func MachineSets(clusterID string, region string, subnets icaws.Subnets, pool *t Namespace: "openshift-machine-api", Name: name, Labels: map[string]string{ - "machine.openshift.io/cluster-api-cluster": clusterID, + "machine.openshift.io/cluster-api-cluster": in.ClusterID, }, }, Spec: machineapi.MachineSetSpec{ @@ -108,16 +127,16 @@ func MachineSets(clusterID string, region string, subnets icaws.Subnets, pool *t Selector: metav1.LabelSelector{ MatchLabels: map[string]string{ "machine.openshift.io/cluster-api-machineset": name, - "machine.openshift.io/cluster-api-cluster": clusterID, + "machine.openshift.io/cluster-api-cluster": in.ClusterID, }, }, Template: machineapi.MachineTemplateSpec{ ObjectMeta: machineapi.ObjectMeta{ Labels: map[string]string{ "machine.openshift.io/cluster-api-machineset": name, - "machine.openshift.io/cluster-api-cluster": clusterID, - "machine.openshift.io/cluster-api-machine-role": role, - "machine.openshift.io/cluster-api-machine-type": role, + "machine.openshift.io/cluster-api-cluster": in.ClusterID, + "machine.openshift.io/cluster-api-machine-role": in.Role, + "machine.openshift.io/cluster-api-machine-type": in.Role, }, }, Spec: spec, diff --git a/vendor/github.com/openshift/installer/pkg/asset/machines/azure/machines.go b/vendor/github.com/openshift/installer/pkg/asset/machines/azure/machines.go index 61c43735b12..66986f458e2 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/machines/azure/machines.go +++ b/vendor/github.com/openshift/installer/pkg/asset/machines/azure/machines.go @@ -83,16 +83,22 @@ func Machines(clusterID string, config *types.InstallConfig, pool *types.Machine machines = append(machines, machine) } replicas := int32(total) + failureDomains := []machinev1.AzureFailureDomain{} - sort.Strings(mpool.Zones) - for _, zone := range mpool.Zones { - domain := machinev1.AzureFailureDomain{ - Zone: zone, - } + if len(mpool.Zones) > 1 { + sort.Strings(mpool.Zones) + for _, zone := range mpool.Zones { + domain := machinev1.AzureFailureDomain{ + Zone: zone, + } - failureDomains = append(failureDomains, domain) + failureDomains = append(failureDomains, domain) + } + machineSetProvider.Zone = "" + } else if len(mpool.Zones) == 1 { + machineSetProvider.Zone = mpool.Zones[0] } - machineSetProvider.Zone = nil + controlPlaneMachineSet := &machinev1.ControlPlaneMachineSet{ TypeMeta: metav1.TypeMeta{ APIVersion: "machine.openshift.io/v1", @@ -118,10 +124,6 @@ func Machines(clusterID string, config *types.InstallConfig, pool *types.Machine Template: machinev1.ControlPlaneMachineSetTemplate{ MachineType: machinev1.OpenShiftMachineV1Beta1MachineType, OpenShiftMachineV1Beta1Machine: &machinev1.OpenShiftMachineV1Beta1MachineTemplate{ - FailureDomains: machinev1.FailureDomains{ - Platform: v1.AzurePlatformType, - Azure: &failureDomains, - }, ObjectMeta: machinev1.ControlPlaneMachineSetTemplateObjectMeta{ Labels: map[string]string{ "machine.openshift.io/cluster-api-cluster": clusterID, @@ -138,13 +140,21 @@ func Machines(clusterID string, config *types.InstallConfig, pool *types.Machine }, }, } + + if len(failureDomains) > 0 { + controlPlaneMachineSet.Spec.Template.OpenShiftMachineV1Beta1Machine.FailureDomains = machinev1.FailureDomains{ + Platform: v1.AzurePlatformType, + Azure: &failureDomains, + } + } + return machines, controlPlaneMachineSet, nil } func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string, userDataSecret string, clusterID string, role string, azIdx *int, capabilities map[string]string, useImageGallery bool) (*machineapi.AzureMachineProviderSpec, error) { - var az *string + var az string if len(mpool.Zones) > 0 && azIdx != nil { - az = &mpool.Zones[*azIdx] + az = mpool.Zones[*azIdx] } hyperVGen, err := icazure.GetHyperVGenerationVersion(capabilities, "") @@ -165,6 +175,9 @@ func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string var image machineapi.Image if mpool.OSImage.Publisher != "" { image.Type = machineapi.AzureImageTypeMarketplaceWithPlan + if mpool.OSImage.Plan == azure.ImageNoPurchasePlan { + image.Type = machineapi.AzureImageTypeMarketplaceNoPlan + } image.Publisher = mpool.OSImage.Publisher image.Offer = mpool.OSImage.Offer image.SKU = mpool.OSImage.SKU @@ -212,13 +225,21 @@ func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string } } - var securityProfile *machineapi.SecurityProfile - if mpool.EncryptionAtHost { - securityProfile = &machineapi.SecurityProfile{ - EncryptionAtHost: &mpool.EncryptionAtHost, + var diskSecurityProfile machineapi.VMDiskSecurityProfile + if mpool.OSDisk.SecurityProfile != nil && mpool.OSDisk.SecurityProfile.SecurityEncryptionType != "" { + diskSecurityProfile = machineapi.VMDiskSecurityProfile{ + SecurityEncryptionType: machineapi.SecurityEncryptionTypes(mpool.OSDisk.SecurityProfile.SecurityEncryptionType), + } + + if mpool.OSDisk.SecurityProfile.DiskEncryptionSet != nil { + diskSecurityProfile.DiskEncryptionSet = machineapi.DiskEncryptionSetParameters{ + ID: mpool.OSDisk.SecurityProfile.DiskEncryptionSet.ToID(), + } } } + securityProfile := generateSecurityProfile(mpool) + ultraSSDCapability := machineapi.AzureUltraSSDCapabilityState(mpool.UltraSSDCapability) spec := &machineapi.AzureMachineProviderSpec{ @@ -237,6 +258,7 @@ func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string ManagedDisk: machineapi.OSDiskManagedDiskParameters{ StorageAccountType: mpool.OSDisk.DiskType, DiskEncryptionSet: diskEncryptionSet, + SecurityProfile: diskSecurityProfile, }, }, SecurityProfile: securityProfile, @@ -294,3 +316,48 @@ func getNetworkInfo(platform *azure.Platform, clusterID, role string) (string, s func getVMNetworkingType(value string) bool { return value == string(azure.VMnetworkingTypeAccelerated) } + +func generateSecurityProfile(mpool *azure.MachinePool) *machineapi.SecurityProfile { + securityProfile := &machineapi.SecurityProfile{} + + if mpool.EncryptionAtHost { + securityProfile.EncryptionAtHost = &mpool.EncryptionAtHost + } + + if mpool.Settings != nil && mpool.Settings.SecurityType != "" { + securityProfile.Settings = machineapi.SecuritySettings{ + SecurityType: machineapi.SecurityTypes(mpool.Settings.SecurityType), + } + + var uefiSettings machineapi.UEFISettings + if securityProfile.Settings.SecurityType == machineapi.SecurityTypesTrustedLaunch { + if mpool.Settings.TrustedLaunch != nil && mpool.Settings.TrustedLaunch.UEFISettings != nil { + if sb := mpool.Settings.TrustedLaunch.UEFISettings.SecureBoot; sb != nil { + uefiSettings.SecureBoot = machineapi.SecureBootPolicy(*sb) + } + if vtpm := mpool.Settings.TrustedLaunch.UEFISettings.VirtualizedTrustedPlatformModule; vtpm != nil { + uefiSettings.VirtualizedTrustedPlatformModule = machineapi.VirtualizedTrustedPlatformModulePolicy(*vtpm) + } + + securityProfile.Settings.TrustedLaunch = &machineapi.TrustedLaunch{ + UEFISettings: uefiSettings, + } + } + } else if securityProfile.Settings.SecurityType == machineapi.SecurityTypesConfidentialVM { + if mpool.Settings.ConfidentialVM != nil && mpool.Settings.ConfidentialVM.UEFISettings != nil { + if sb := mpool.Settings.ConfidentialVM.UEFISettings.SecureBoot; sb != nil { + uefiSettings.SecureBoot = machineapi.SecureBootPolicy(*sb) + } + if vtpm := mpool.Settings.ConfidentialVM.UEFISettings.VirtualizedTrustedPlatformModule; vtpm != nil { + uefiSettings.VirtualizedTrustedPlatformModule = machineapi.VirtualizedTrustedPlatformModulePolicy(*vtpm) + } + + securityProfile.Settings.ConfidentialVM = &machineapi.ConfidentialVM{ + UEFISettings: uefiSettings, + } + } + } + } + + return securityProfile +} diff --git a/vendor/github.com/openshift/installer/pkg/asset/machines/gcp/machines.go b/vendor/github.com/openshift/installer/pkg/asset/machines/gcp/machines.go index f19a94e274a..cfc06f5505b 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/machines/gcp/machines.go +++ b/vendor/github.com/openshift/installer/pkg/asset/machines/gcp/machines.go @@ -132,8 +132,8 @@ func Machines(clusterID string, config *types.InstallConfig, pool *types.Machine func provider(clusterID string, platform *gcp.Platform, mpool *gcp.MachinePool, osImage string, azIdx int, role, userDataSecret string, credentialsMode types.CredentialsMode) (*machineapi.GCPMachineProviderSpec, error) { az := mpool.Zones[azIdx] - if len(platform.Licenses) > 0 { - osImage = fmt.Sprintf("%s-rhcos-image", clusterID) + if mpool.OSImage != nil { + osImage = fmt.Sprintf("projects/%s/global/images/%s", mpool.OSImage.Project, mpool.OSImage.Name) } network, subnetwork, err := getNetworks(platform, clusterID, role) if err != nil { @@ -168,6 +168,12 @@ func provider(clusterID string, platform *gcp.Platform, mpool *gcp.MachinePool, return nil, err } + // The JSON can be `nil` if auth is provided from env + // https://pkg.go.dev/golang.org/x/oauth2@v0.17.0/google#Credentials + if len(sess.Credentials.JSON) == 0 { + return nil, fmt.Errorf("could not extract service account from loaded credentials. Please specify a service account to be used for shared vpc installations in the install-config.yaml") + } + var found bool serviceAccount := make(map[string]interface{}) err = json.Unmarshal(sess.Credentials.JSON, &serviceAccount) @@ -185,6 +191,10 @@ func provider(clusterID string, platform *gcp.Platform, mpool *gcp.MachinePool, if mpool.SecureBoot == string(machineapi.SecureBootPolicyEnabled) { shieldedInstanceConfig.SecureBoot = machineapi.SecureBootPolicyEnabled } + labels := make(map[string]string, len(platform.UserLabels)) + for _, label := range platform.UserLabels { + labels[label.Key] = label.Value + } return &machineapi.GCPMachineProviderSpec{ TypeMeta: metav1.TypeMeta{ APIVersion: "machine.openshift.io/v1beta1", @@ -198,6 +208,7 @@ func provider(clusterID string, platform *gcp.Platform, mpool *gcp.MachinePool, SizeGB: mpool.OSDisk.DiskSizeGB, Type: mpool.OSDisk.DiskType, Image: osImage, + Labels: labels, EncryptionKey: encryptionKey, }}, NetworkInterfaces: []*machineapi.GCPNetworkInterface{{ @@ -217,6 +228,7 @@ func provider(clusterID string, platform *gcp.Platform, mpool *gcp.MachinePool, ShieldedInstanceConfig: shieldedInstanceConfig, ConfidentialCompute: machineapi.ConfidentialComputePolicy(mpool.ConfidentialCompute), OnHostMaintenance: machineapi.GCPHostMaintenanceType(mpool.OnHostMaintenance), + Labels: labels, }, nil } diff --git a/vendor/github.com/openshift/installer/pkg/asset/machines/gcp/zones.go b/vendor/github.com/openshift/installer/pkg/asset/machines/gcp/zones.go index bbf941595a6..0c6e01b5d31 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/machines/gcp/zones.go +++ b/vendor/github.com/openshift/installer/pkg/asset/machines/gcp/zones.go @@ -34,9 +34,6 @@ func AvailabilityZones(project, region string) ([]string, error) { filter := fmt.Sprintf("(region eq %s) (status eq UP)", regionURL) zones, err := gcpconfig.GetZones(ctx, svc, project, filter) if err != nil { - return nil, errors.Wrap(err, "failed to list zones") - } - if len(zones) == 0 { return nil, errors.New("no zone was found") } @@ -54,28 +51,42 @@ func AvailabilityZones(project, region string) ([]string, error) { // arm64, since the instance t2a-standard-* is not available in all // availability zones. func ZonesForInstanceType(project, region, instanceType string) ([]string, error) { - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) - defer cancel() + ssn, err := gcpconfig.GetSession(context.Background()) + if err != nil { + return nil, fmt.Errorf("failed to get session: %w", err) + } - ssn, err := gcpconfig.GetSession(ctx) + svc, err := compute.NewService(context.Background(), option.WithCredentials(ssn.Credentials)) if err != nil { - return nil, errors.Wrap(err, "failed to get session") + return nil, fmt.Errorf("failed to create compute service: %w", err) } - svc, err := compute.NewService(ctx, option.WithCredentials(ssn.Credentials)) + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) + defer cancel() + + pZones, err := gcpconfig.GetZones(ctx, svc, project, fmt.Sprintf("(region eq .*%s) (status eq UP)", region)) if err != nil { - return nil, errors.Wrap(err, "failed to create compute service") + return nil, fmt.Errorf("failed to get zones for project: %w", err) + } + pZoneNames := sets.New[string]() + for _, z := range pZones { + pZoneNames.Insert(z.Name) } machines, err := gcpconfig.GetMachineTypeList(ctx, svc, project, region, instanceType, "items/*/machineTypes(zone),nextPageToken") if err != nil { - return nil, errors.Wrap(err, "failed to get zones for instance type") + return nil, fmt.Errorf("failed to get zones for instance type: %w", err) + } + // Custom machine types do not show up in the list. Let's fallback to the project zones + if len(machines) == 0 { + return sets.List(pZoneNames), nil } - found := sets.New[string]() + zones := sets.New[string]() for _, machine := range machines { - found.Insert(machine.Zone) + zones.Insert(machine.Zone) } - return sets.List(found), nil + // Not all instance zones might be available in the project + return sets.List(zones.Intersection(pZoneNames)), nil } diff --git a/vendor/github.com/openshift/installer/pkg/asset/machines/openstack/machinesets.go b/vendor/github.com/openshift/installer/pkg/asset/machines/openstack/machinesets.go index f269b813a4d..d620b75f5f9 100644 --- a/vendor/github.com/openshift/installer/pkg/asset/machines/openstack/machinesets.go +++ b/vendor/github.com/openshift/installer/pkg/asset/machines/openstack/machinesets.go @@ -31,9 +31,6 @@ func MachineSets(clusterID string, config *types.InstallConfig, pool *types.Mach if poolPlatform := pool.Platform.Name(); poolPlatform != openstack.Name { return nil, fmt.Errorf("non-OpenStack machine-pool: %q", poolPlatform) } - if pool.Replicas == nil || *pool.Replicas < 1 { - return nil, nil - } platform := config.Platform.OpenStack mpool := pool.Platform.OpenStack trunkSupport, err := checkNetworkExtensionAvailability(platform.Cloud, "trunk", clientOpts) @@ -48,6 +45,9 @@ func MachineSets(clusterID string, config *types.InstallConfig, pool *types.Mach for idx := range machinesets { var replicaNumber int32 { + // The replica number is set to 3 by default when install-config does not have + // any Compute machine-pool, or when the Compute machine-pool does not have the + // `replicas` property. As a consequence, pool.Replicas is never nil replicas := *pool.Replicas / numberOfFailureDomains if int64(idx) < *pool.Replicas%numberOfFailureDomains { replicas++ diff --git a/vendor/github.com/openshift/installer/pkg/destroy/aws/iamhelpers.go b/vendor/github.com/openshift/installer/pkg/destroy/aws/iamhelpers.go index a6688eba727..da3bd0af101 100644 --- a/vendor/github.com/openshift/installer/pkg/destroy/aws/iamhelpers.go +++ b/vendor/github.com/openshift/installer/pkg/destroy/aws/iamhelpers.go @@ -112,13 +112,24 @@ func (search *iamUserSearch) arns(ctx context.Context) ([]string, error) { // Unfortunately user.Tags is empty from ListUsers, so we need to query each one response, err := search.client.GetUserWithContext(ctx, &iam.GetUserInput{UserName: aws.String(*user.UserName)}) if err != nil { - if err.(awserr.Error).Code() == iam.ErrCodeNoSuchEntityException { - search.unmatched[*user.Arn] = exists - } else { - if lastError != nil { - search.logger.Debug(lastError) + + var awsErr awserr.Error + if errors.As(err, &awsErr) { + switch { + case awsErr.Code() == iam.ErrCodeNoSuchEntityException: + // The role does not exist. + // Ignore this IAM Role and do not report this error via lastError. + search.unmatched[*user.Arn] = exists + case strings.Contains(err.Error(), "AccessDenied"): + // Installer does not have access to this IAM role. + // Ignore this IAM Role and do not report this error via lastError. + search.unmatched[*user.Arn] = exists + default: + if lastError != nil { + search.logger.Debug(lastError) + } + lastError = errors.Wrapf(err, "get tags for %s", *user.Arn) } - lastError = errors.Wrapf(err, "get tags for %s", *user.Arn) } } else { user = response.User diff --git a/vendor/github.com/openshift/installer/pkg/destroy/azure/azure.go b/vendor/github.com/openshift/installer/pkg/destroy/azure/azure.go index 57eb8f546f0..1f5627a9193 100644 --- a/vendor/github.com/openshift/installer/pkg/destroy/azure/azure.go +++ b/vendor/github.com/openshift/installer/pkg/destroy/azure/azure.go @@ -314,11 +314,13 @@ func deletePublicRecords(ctx context.Context, dnsClient dns.ZonesClient, records } } + pageCount := 0 for ; zonesPage.NotDone(); err = zonesPage.NextWithContext(ctx) { if err != nil { errs = append(errs, errors.Wrap(err, "failed to advance to next dns zone")) continue } + pageCount++ for _, zone := range zonesPage.Values() { if zone.ZoneType == dns.Private { @@ -350,6 +352,7 @@ func deletePublicRecords(ctx context.Context, dnsClient dns.ZonesClient, records errs = append(errs, errors.Wrap(err, "failed to advance to next dns zone")) continue } + pageCount++ for _, zone := range privateZonesPage.Values() { if err := deletePublicRecordsForPrivateZone(ctx, privateRecordsClient, dnsClient, recordsClient, logger, rgName, to.String(zone.Name)); err != nil { @@ -362,6 +365,10 @@ func deletePublicRecords(ctx context.Context, dnsClient dns.ZonesClient, records } } + if pageCount == 0 { + logger.Warn("no DNS records found: either they were already deleted or the service principal lacks permissions to list them") + } + return utilerrors.NewAggregate(errs) } diff --git a/vendor/github.com/openshift/installer/pkg/destroy/gcp/disk.go b/vendor/github.com/openshift/installer/pkg/destroy/gcp/disk.go index 28f2c7728b4..f0f2d4344e9 100644 --- a/vendor/github.com/openshift/installer/pkg/destroy/gcp/disk.go +++ b/vendor/github.com/openshift/installer/pkg/destroy/gcp/disk.go @@ -65,24 +65,32 @@ func (o *ClusterUninstaller) listDisksWithFilter(ctx context.Context, fields str for _, scopedList := range list.Items { for _, item := range scopedList.Disks { if filterFunc == nil || filterFunc != nil && filterFunc(item) { - zone := o.getZoneName(item.Zone) - o.Logger.Debugf("Found disk: %s in zone %s", item.Name, zone) - result = append(result, cloudResource{ - key: fmt.Sprintf("%s/%s", zone, item.Name), - name: item.Name, - typeName: "disk", - zone: zone, - quota: []gcp.QuotaUsage{{ - Metric: &gcp.Metric{ - Service: gcp.ServiceComputeEngineAPI, - Limit: getDiskLimit(item.Type), - Dimensions: map[string]string{ - "region": getRegionFromZone(zone), + // Regional disks are replicated in multiple zones, so we + // need to destroy all the replicas + zoneUrls := item.ReplicaZones + if len(item.Zone) > 0 { + zoneUrls = append(zoneUrls, item.Zone) + } + for _, url := range zoneUrls { + zone := o.getZoneName(url) + o.Logger.Debugf("Found disk: %s in zone %s", item.Name, zone) + result = append(result, cloudResource{ + key: fmt.Sprintf("%s/%s", zone, item.Name), + name: item.Name, + typeName: "disk", + zone: zone, + quota: []gcp.QuotaUsage{{ + Metric: &gcp.Metric{ + Service: gcp.ServiceComputeEngineAPI, + Limit: getDiskLimit(item.Type), + Dimensions: map[string]string{ + "region": getRegionFromZone(zone), + }, }, - }, - Amount: item.SizeGb, - }}, - }) + Amount: item.SizeGb, + }}, + }) + } } } } diff --git a/vendor/github.com/openshift/installer/pkg/destroy/gcp/gcp.go b/vendor/github.com/openshift/installer/pkg/destroy/gcp/gcp.go index d76e1894bd9..0a198fe622a 100644 --- a/vendor/github.com/openshift/installer/pkg/destroy/gcp/gcp.go +++ b/vendor/github.com/openshift/installer/pkg/destroy/gcp/gcp.go @@ -215,7 +215,7 @@ func getRegionFromZone(zoneName string) string { // projects/project/zones/zone/diskTypes/pd-standard -> "ssd_total_storage" func getDiskLimit(typeURL string) string { switch getNameFromURL("diskTypes", typeURL) { - case "pd-ssd": + case "pd-balanced", "pd-ssd": return "ssd_total_storage" case "pd-standard": return "disks_total_storage" diff --git a/vendor/github.com/openshift/installer/pkg/destroy/ibmcloud/disk.go b/vendor/github.com/openshift/installer/pkg/destroy/ibmcloud/disk.go index 8405eb6acc1..b3eb92877a4 100644 --- a/vendor/github.com/openshift/installer/pkg/destroy/ibmcloud/disk.go +++ b/vendor/github.com/openshift/installer/pkg/destroy/ibmcloud/disk.go @@ -1,6 +1,7 @@ package ibmcloud import ( + "fmt" "net/http" "strings" @@ -58,14 +59,16 @@ func (o *ClusterUninstaller) deleteDisk(item cloudResource) error { options := o.vpcSvc.NewDeleteVolumeOptions(item.id) details, err := o.vpcSvc.DeleteVolumeWithContext(ctx, options) - if err != nil && details.StatusCode != http.StatusNotFound { - return errors.Wrapf(err, "Failed to delete disk name=%s, id=%s.If this error continues to persist for more than 20 minutes then please try to manually cleanup the volume using - ibmcloud is vold %s", item.name, item.id, item.id) - } + if err != nil { + if details == nil || details.StatusCode != http.StatusNotFound { + return fmt.Errorf("failed to delete disk name=%s, id=%s.If this error continues to persist for more than 20 minutes then please try to manually cleanup the volume using - ibmcloud is vold %s: %w", item.name, item.id, item.id, err) + } - if err != nil && details.StatusCode == http.StatusNotFound { - // The resource is gone - o.deletePendingItems(item.typeName, []cloudResource{item}) - o.Logger.Infof("Deleted disk %s", item.id) + if details.StatusCode == http.StatusNotFound { + // The resource is gone + o.deletePendingItems(item.typeName, []cloudResource{item}) + o.Logger.Infof("Deleted disk %s", item.id) + } } return nil @@ -81,9 +84,11 @@ func (o *ClusterUninstaller) waitForDiskDeletion(item cloudResource) error { volumeOptions := o.vpcSvc.NewGetVolumeOptions(item.id) _, response, err := o.vpcSvc.GetVolumeWithContext(ctx, volumeOptions) // Keep retry, until GetVolume returns volume not found - if err != nil && response.StatusCode == http.StatusNotFound { - skip = true - return nil, skip + if err != nil { + if response != nil && response.StatusCode == http.StatusNotFound { + skip = true + return nil, skip + } } return err, false // continue retry as we are not seeing error which means volume is available }) diff --git a/vendor/github.com/openshift/installer/pkg/destroy/openstack/openstack.go b/vendor/github.com/openshift/installer/pkg/destroy/openstack/openstack.go index 200f7765ec4..4a857b3970b 100644 --- a/vendor/github.com/openshift/installer/pkg/destroy/openstack/openstack.go +++ b/vendor/github.com/openshift/installer/pkg/destroy/openstack/openstack.go @@ -3,6 +3,7 @@ package openstack import ( "errors" "fmt" + "regexp" "strings" "time" @@ -43,6 +44,7 @@ const ( cinderCSIClusterIDKey = "cinder.csi.openstack.org/cluster" manilaCSIClusterIDKey = "manila.csi.openstack.org/cluster" minOctaviaVersionWithTagSupport = "v2.5" + cloudProviderSGNamePattern = `^lb-sg-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}` ) // Filter holds the key/value pairs for the tags we will be matching @@ -372,6 +374,27 @@ func getFIPsByPort(conn *gophercloud.ServiceClient, logger logrus.FieldLogger) ( return fipByPort, err } +// getSGsByID prefetches a list of SGs and organizes it by ID for easy lookup. +func getSGsByID(conn *gophercloud.ServiceClient, logger logrus.FieldLogger) (map[string]sg.SecGroup, error) { + sgByID := make(map[string]sg.SecGroup) + allPages, err := sg.List(conn, sg.ListOpts{}).AllPages() + if err != nil { + logger.Error(err) + return sgByID, nil + } + allSGs, err := sg.ExtractGroups(allPages) + if err != nil { + logger.Error(err) + return sgByID, nil + } + + // Organize SGs for easy lookup + for _, group := range allSGs { + sgByID[group.ID] = group + } + return sgByID, err +} + func deletePorts(opts *clientconfig.ClientOpts, listOpts ports.ListOpts, logger logrus.FieldLogger) (bool, error) { logger.Debug("Deleting openstack ports") defer logger.Debugf("Exiting deleting openstack ports") @@ -402,6 +425,13 @@ func deletePorts(opts *clientconfig.ClientOpts, listOpts ports.ListOpts, logger return false, nil } + sgByID, err := getSGsByID(conn, logger) + if err != nil { + logger.Error(err) + return false, nil + } + cloudProviderSGNameRegexp := regexp.MustCompile(cloudProviderSGNamePattern) + deletePortsWorker := func(portsChannel <-chan ports.Port, deletedChannel chan<- int) { localDeleted := 0 for port := range portsChannel { @@ -422,6 +452,32 @@ func deletePorts(opts *clientconfig.ClientOpts, listOpts ports.ListOpts, logger } } + // If there is a security group created by cloud-provider-openstack we should find it and delete it. + // We'll look through the ones on each of the ports and attempt to remove it from the port and delete it. + // Most of the time it's a conflict, but last port should be guaranteed to allow deletion. + // TODO(dulek): Currently this is the only way to do it and if delete fails there's no way to get back to + // that SG. This is bad and we should make groups created by CPO tagged by cluster ID ASAP. + assignedSGs := port.SecurityGroups + ports.Update(conn, port.ID, ports.UpdateOpts{ + SecurityGroups: &[]string{}, // We can just detach all, we're deleting this port anyway. + }) + for _, groupID := range assignedSGs { + if group, ok := sgByID[groupID]; ok { + if cloudProviderSGNameRegexp.MatchString(group.Name) { + logger.Debugf("Deleting cloud-provider-openstack SG %q", groupID) + err := sg.Delete(conn, groupID).ExtractErr() + var err404 gophercloud.ErrDefault404 + var err409 gophercloud.ErrDefault409 + if err == nil || errors.As(err, &err404) { + // If SG is gone let's remove it from the map and it'll save us these calls later on. + delete(sgByID, groupID) + } else if !errors.As(err, &err409) { // Ignore 404 Not Found (clause before) and 409 Conflict + logger.Errorf("Deleting SG %q at port %q failed. SG might get orphaned: %v", groupID, port.ID, err) + } + } + } + } + logger.Debugf("Deleting Port %q", port.ID) err = ports.Delete(conn, port.ID).ExtractErr() if err != nil { diff --git a/vendor/github.com/openshift/installer/pkg/destroy/vsphere/client.go b/vendor/github.com/openshift/installer/pkg/destroy/vsphere/client.go index a62579b8ef8..3585bf562c8 100644 --- a/vendor/github.com/openshift/installer/pkg/destroy/vsphere/client.go +++ b/vendor/github.com/openshift/installer/pkg/destroy/vsphere/client.go @@ -250,8 +250,8 @@ func (c *Client) DeleteTag(ctx context.Context, id string) error { return err } -// DeleteTagCategory deletes a Tag Category named `id`. -func (c *Client) DeleteTagCategory(ctx context.Context, id string) error { +// DeleteTagCategory deletes a Tag Category named `categoryName`. +func (c *Client) DeleteTagCategory(ctx context.Context, categoryName string) error { ctx, cancel := context.WithTimeout(ctx, defaultTimeout) defer cancel() @@ -270,7 +270,7 @@ func (c *Client) DeleteTagCategory(ctx context.Context, id string) error { } continue } - if category.Name == id { + if category.Name == categoryName { if err = tagManager.DeleteCategory(ctx, category); err != nil { return err } diff --git a/vendor/github.com/openshift/installer/pkg/hostcrypt/hostcrypt.go b/vendor/github.com/openshift/installer/pkg/hostcrypt/hostcrypt.go new file mode 100644 index 00000000000..845738510f0 --- /dev/null +++ b/vendor/github.com/openshift/installer/pkg/hostcrypt/hostcrypt.go @@ -0,0 +1,40 @@ +package hostcrypt + +import ( + "fmt" + "os" + "runtime" + "strconv" + "strings" +) + +const ( + fipsFile = "/proc/sys/crypto/fips_enabled" +) + +// VerifyHostTargetState checks that the current binary matches the expected cryptographic state +// for the target cluster. +func VerifyHostTargetState(fips bool) error { + if !fips { + return nil + } + if runtime.GOOS != "linux" { + return fmt.Errorf("target cluster is in FIPS mode, operation requires a Linux client") + } + + hostFIPSData, err := os.ReadFile(fipsFile) + if err != nil { + return fmt.Errorf("target cluster is in FIPS mode, but failed to read client FIPS state %s: %w", fipsFile, err) + } + + hostFIPS, err := strconv.ParseBool(strings.TrimSuffix(string(hostFIPSData), "\n")) + if err != nil { + return fmt.Errorf("target cluster is in FIPS mode, but failed to parse client FIPS state %s: %w", fipsFile, err) + } + + if !hostFIPS { + return fmt.Errorf("target cluster is in FIPS mode, operation requires a FIPS enabled client") + } + + return nil +} diff --git a/vendor/github.com/openshift/installer/pkg/types/alibabacloud/validation/platform.go b/vendor/github.com/openshift/installer/pkg/types/alibabacloud/validation/platform.go index 5068c7bfe2e..808113bd4b6 100644 --- a/vendor/github.com/openshift/installer/pkg/types/alibabacloud/validation/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/alibabacloud/validation/platform.go @@ -4,7 +4,6 @@ import ( "fmt" "net" - "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/util/validation/field" "github.com/openshift/installer/pkg/types" @@ -15,8 +14,6 @@ import ( func ValidatePlatform(p *alibabacloud.Platform, n *types.Networking, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} - logrus.Warn("Alibaba Cloud is deprecated and will be removed in a future OpenShift version. Please reach out to your Red Hat Support or Technical Account Manager for more information.") - if p.Region == "" { allErrs = append(allErrs, field.Required(fldPath.Child("region"), "region must be specified")) } diff --git a/vendor/github.com/openshift/installer/pkg/types/aws/availabilityzones.go b/vendor/github.com/openshift/installer/pkg/types/aws/availabilityzones.go index 81d8daa145d..098e79c7fcf 100644 --- a/vendor/github.com/openshift/installer/pkg/types/aws/availabilityzones.go +++ b/vendor/github.com/openshift/installer/pkg/types/aws/availabilityzones.go @@ -5,4 +5,8 @@ const ( AvailabilityZoneType = "availability-zone" // LocalZoneType is the type of Local zone placed on the metropolitan areas. LocalZoneType = "local-zone" + // ZoneOptInStatusOptedIn is the opt-in status of the zone. + // For Availability Zones, this parameter always has the value of opt-in-not-required. + // For Local Zones and Wavelength Zones, this parameter is the opt-in status. + ZoneOptInStatusOptedIn = "opted-in" ) diff --git a/vendor/github.com/openshift/installer/pkg/types/aws/platform.go b/vendor/github.com/openshift/installer/pkg/types/aws/platform.go index 131d4a491f5..230d3889868 100644 --- a/vendor/github.com/openshift/installer/pkg/types/aws/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/aws/platform.go @@ -101,6 +101,11 @@ type Platform struct { // // +optional LBType configv1.AWSLBType `json:"lbType,omitempty"` + + // PreserveBootstrapIgnition is an optional field that can be used to make the S3 deletion optional + // during bootstrap destroy. + // +optional + PreserveBootstrapIgnition bool `json:"preserveBootstrapIgnition,omitempty"` } // ServiceEndpoint store the configuration for services to diff --git a/vendor/github.com/openshift/installer/pkg/types/aws/validation/machinepool.go b/vendor/github.com/openshift/installer/pkg/types/aws/validation/machinepool.go index edbf7affa1e..815234c15cb 100644 --- a/vendor/github.com/openshift/installer/pkg/types/aws/validation/machinepool.go +++ b/vendor/github.com/openshift/installer/pkg/types/aws/validation/machinepool.go @@ -29,6 +29,9 @@ var ( validMetadataAuthValues = sets.NewString("Required", "Optional") ) +// https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html +const maxSecurityGroupsCount = 16 + // ValidateMachinePool checks that the specified machine pool is valid. func ValidateMachinePool(platform *aws.Platform, p *aws.MachinePool, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} @@ -58,6 +61,12 @@ func validateSecurityGroups(platform *aws.Platform, p *aws.MachinePool, fldPath if len(p.AdditionalSecurityGroupIDs) > 0 && len(platform.Subnets) == 0 { allErrs = append(allErrs, field.Required(fldPath.Child("platform.subnets"), "subnets must be provided when additional security groups are present")) } + + // The installer also creates a security group: `${var.cluster_id}-master-sg/${var.cluster_id}-worker-sg` + if count := len(p.AdditionalSecurityGroupIDs); count > maxSecurityGroupsCount-1 { + allErrs = append(allErrs, field.TooMany(fldPath, count, maxSecurityGroupsCount-1)) + } + return allErrs } diff --git a/vendor/github.com/openshift/installer/pkg/types/azure/defaults/platform.go b/vendor/github.com/openshift/installer/pkg/types/azure/defaults/platform.go index 09f121774af..086162f8d79 100644 --- a/vendor/github.com/openshift/installer/pkg/types/azure/defaults/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/azure/defaults/platform.go @@ -7,6 +7,11 @@ import ( var ( // Overrides defaultMachineClass = map[string]string{} + + // AzurestackMinimumDiskSize is the minimum disk size value for azurestack. + AzurestackMinimumDiskSize int32 = 128 + // AzurestackMaximumDiskSize is the maximum disk size value for azurestack. + AzurestackMaximumDiskSize int32 = 1023 ) // SetPlatformDefaults sets the defaults for the platform. diff --git a/vendor/github.com/openshift/installer/pkg/types/azure/disk.go b/vendor/github.com/openshift/installer/pkg/types/azure/disk.go index 8671988af0c..0dcb87bdaa9 100644 --- a/vendor/github.com/openshift/installer/pkg/types/azure/disk.go +++ b/vendor/github.com/openshift/installer/pkg/types/azure/disk.go @@ -13,6 +13,18 @@ func (d *DiskEncryptionSet) ToID() string { d.SubscriptionID, d.ResourceGroup, d.Name) } +// SecurityEncryptionTypes represents the Encryption Type when the Azure Virtual Machine is a +// Confidential VM. +type SecurityEncryptionTypes string + +const ( + // SecurityEncryptionTypesVMGuestStateOnly disables OS disk confidential encryption. + SecurityEncryptionTypesVMGuestStateOnly SecurityEncryptionTypes = "VMGuestStateOnly" + // SecurityEncryptionTypesDiskWithVMGuestState enables OS disk confidential encryption with + // a platform-managed key (PMK) or a customer-managed key (CMK). + SecurityEncryptionTypesDiskWithVMGuestState SecurityEncryptionTypes = "DiskWithVMGuestState" +) + // OSDisk defines the disk for machines on Azure. type OSDisk struct { // DiskSizeGB defines the size of disk in GB. @@ -25,11 +37,13 @@ type OSDisk struct { // +optional // +kubebuilder:validation:Enum=Standard_LRS;Premium_LRS;StandardSSD_LRS DiskType string `json:"diskType"` - // DiskEncryptionSet defines a disk encryption set. // // +optional *DiskEncryptionSet `json:"diskEncryptionSet,omitempty"` + // SecurityProfile specifies the security profile for the managed disk. + // +optional + SecurityProfile *VMDiskSecurityProfile `json:"securityProfile,omitempty"` } // DiskEncryptionSet defines the configuration for a disk encryption set. @@ -44,5 +58,24 @@ type DiskEncryptionSet struct { Name string `json:"name"` } +// VMDiskSecurityProfile specifies the security profile settings for the managed disk. +// It can be set only for Confidential VMs. +type VMDiskSecurityProfile struct { + // DiskEncryptionSet specifies the customer managed disk encryption set resource id for the + // managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and + // VMGuestState blob. + // +optional + DiskEncryptionSet *DiskEncryptionSet `json:"diskEncryptionSet,omitempty"` + // SecurityEncryptionType specifies the encryption type of the managed disk. + // It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState + // blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. + // When set to VMGuestStateOnly, the VTpmEnabled should be set to true. + // When set to DiskWithVMGuestState, both SecureBootEnabled and VTpmEnabled should be set to true. + // It can be set only for Confidential VMs. + // +kubebuilder:validation:Enum=VMGuestStateOnly;DiskWithVMGuestState + // +optional + SecurityEncryptionType SecurityEncryptionTypes `json:"securityEncryptionType,omitempty"` +} + // DefaultDiskType holds the default Azure disk type used by the VMs. const DefaultDiskType string = "Premium_LRS" diff --git a/vendor/github.com/openshift/installer/pkg/types/azure/machinepool.go b/vendor/github.com/openshift/installer/pkg/types/azure/machinepool.go index 323a3953fb1..6ba6bd222f2 100644 --- a/vendor/github.com/openshift/installer/pkg/types/azure/machinepool.go +++ b/vendor/github.com/openshift/installer/pkg/types/azure/machinepool.go @@ -1,5 +1,15 @@ package azure +// SecurityTypes represents the SecurityType of the virtual machine. +type SecurityTypes string + +const ( + // SecurityTypesConfidentialVM defines the SecurityType of the virtual machine as a Confidential VM. + SecurityTypesConfidentialVM SecurityTypes = "ConfidentialVM" + // SecurityTypesTrustedLaunch defines the SecurityType of the virtual machine as a Trusted Launch VM. + SecurityTypesTrustedLaunch SecurityTypes = "TrustedLaunch" +) + // MachinePool stores the configuration for a machine pool installed // on Azure. type MachinePool struct { @@ -43,6 +53,67 @@ type MachinePool struct { // OSImage defines the image to use for the OS. // +optional OSImage OSImage `json:"osImage,omitempty"` + + // Settings specify the security type and the UEFI settings of the virtual machine. This field can + // be set for Confidential VMs and Trusted Launch for VMs. + // +optional + Settings *SecuritySettings `json:"settings,omitempty"` +} + +// SecuritySettings define the security type and the UEFI settings of the virtual machine. +type SecuritySettings struct { + // SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to + // enable secure boot and vTPM. The default behavior is: secure boot and vTPM will not be enabled unless this property is set. + // +kubebuilder:validation:Enum=ConfidentialVM;TrustedLaunch + // +kubebuilder:validation:Required + SecurityType SecurityTypes `json:"securityType,omitempty"` + + // ConfidentialVM specifies the security configuration of the virtual machine. + // For more information regarding Confidential VMs, please refer to: + // https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview + // +optional + ConfidentialVM *ConfidentialVM `json:"confidentialVM,omitempty"` + + // TrustedLaunch specifies the security configuration of the virtual machine. + // For more information regarding TrustedLaunch for VMs, please refer to: + // https://learn.microsoft.com/azure/virtual-machines/trusted-launch + // +optional + TrustedLaunch *TrustedLaunch `json:"trustedLaunch,omitempty"` +} + +// ConfidentialVM defines the UEFI settings for the virtual machine. +type ConfidentialVM struct { + // UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine. + // +kubebuilder:validation:Required + UEFISettings *UEFISettings `json:"uefiSettings,omitempty"` +} + +// TrustedLaunch defines the UEFI settings for the virtual machine. +type TrustedLaunch struct { + // UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine. + // +kubebuilder:validation:Required + UEFISettings *UEFISettings `json:"uefiSettings,omitempty"` +} + +// UEFISettings specifies the security settings like secure boot and vTPM used while creating the +// virtual machine. +type UEFISettings struct { + // SecureBoot specifies whether secure boot should be enabled on the virtual machine. + // Secure Boot verifies the digital signature of all boot components and halts the boot process if + // signature verification fails. + // If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled. + // +kubebuilder:validation:Enum=Enabled;Disabled + // +optional + SecureBoot *string `json:"secureBoot,omitempty"` + + // VirtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. + // When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. + // The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. + // This is required to be set to enabled if the SecurityEncryptionType is defined. + // If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled. + // +kubebuilder:validation:Enum=Enabled;Disabled + // +optional + VirtualizedTrustedPlatformModule *string `json:"virtualizedTrustedPlatformModule,omitempty"` } // VMNetworkingCapability defines the states for accelerated networking feature @@ -102,10 +173,33 @@ func (a *MachinePool) Set(required *MachinePool) { if required.OSImage != emptyOSImage { a.OSImage = required.OSImage } + + if required.OSDisk.SecurityProfile != nil { + a.OSDisk.SecurityProfile = required.OSDisk.SecurityProfile + } + + if required.Settings != nil { + a.Settings = required.Settings + } } +// ImagePurchasePlan defines the purchase plan of a Marketplace image. +// +kubebuilder:validation:Enum=WithPurchasePlan;NoPurchasePlan +type ImagePurchasePlan string + +const ( + // ImageWithPurchasePlan enum attribute which is the default setting. + ImageWithPurchasePlan ImagePurchasePlan = "WithPurchasePlan" + // ImageNoPurchasePlan enum attribute which speficies the image does not need a purchase plan. + ImageNoPurchasePlan ImagePurchasePlan = "NoPurchasePlan" +) + // OSImage is the image to use for the OS of a machine. type OSImage struct { + // Plan is the purchase plan of the image. + // If omitted, it defaults to "WithPurchasePlan". + // +optional + Plan ImagePurchasePlan `json:"plan"` // Publisher is the publisher of the image. Publisher string `json:"publisher"` // Offer is the offer of the image. diff --git a/vendor/github.com/openshift/installer/pkg/types/azure/platform.go b/vendor/github.com/openshift/installer/pkg/types/azure/platform.go index ba4072da843..2d2125e6e8d 100644 --- a/vendor/github.com/openshift/installer/pkg/types/azure/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/azure/platform.go @@ -76,6 +76,7 @@ type Platform struct { CloudName CloudEnvironment `json:"cloudName,omitempty"` // OutboundType is a strategy for how egress from cluster is achieved. When not specified default is "Loadbalancer". + // "NatGateway" is only available in TechPreview. // // +kubebuilder:default=Loadbalancer // +optional diff --git a/vendor/github.com/openshift/installer/pkg/types/azure/validation/machinepool.go b/vendor/github.com/openshift/installer/pkg/types/azure/validation/machinepool.go index 4d7efa492dd..18cfc891695 100644 --- a/vendor/github.com/openshift/installer/pkg/types/azure/validation/machinepool.go +++ b/vendor/github.com/openshift/installer/pkg/types/azure/validation/machinepool.go @@ -1,10 +1,34 @@ package validation import ( + "fmt" + "sort" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" "github.com/openshift/installer/pkg/types/azure" + "github.com/openshift/installer/pkg/types/azure/defaults" +) + +const ( + enabled = "Enabled" +) + +var ( + validSecurityEncryptionTypes = map[azure.SecurityEncryptionTypes]bool{ + azure.SecurityEncryptionTypesVMGuestStateOnly: true, + azure.SecurityEncryptionTypesDiskWithVMGuestState: true, + } + + validSecurityEncryptionTypeValues = func() []string { + v := make([]string, 0, len(validSecurityEncryptionTypes)) + for n := range validSecurityEncryptionTypes { + v = append(v, string(n)) + } + sort.Strings(v) + return v + }() ) // ValidateMachinePool checks that the specified machine pool is valid. @@ -13,6 +37,8 @@ func ValidateMachinePool(p *azure.MachinePool, poolName string, platform *azure. if p.OSDisk.DiskSizeGB < 0 { allErrs = append(allErrs, field.Invalid(fldPath.Child("diskSizeGB"), p.OSDisk.DiskSizeGB, "Storage DiskSizeGB must be positive")) + } else if platform.CloudName == azure.StackCloud && p.OSDisk.DiskSizeGB != 0 && (p.OSDisk.DiskSizeGB < defaults.AzurestackMinimumDiskSize || p.OSDisk.DiskSizeGB > defaults.AzurestackMaximumDiskSize) { + allErrs = append(allErrs, field.Invalid(fldPath.Child("diskSizeGB"), p.OSDisk.DiskSizeGB, "Storage DiskSizeGB must be between 128 and 1023 inclusive for Azure Stack")) } if p.OSDisk.DiskType != "" { @@ -44,6 +70,8 @@ func ValidateMachinePool(p *azure.MachinePool, poolName string, platform *azure. allErrs = append(allErrs, ValidateDiskEncryption(p, platform.CloudName, fldPath.Child("defaultMachinePlatform"))...) } + allErrs = append(allErrs, validateSecurityProfile(p, platform.CloudName, fldPath.Child("defaultMachinePlatform"))...) + if p.VMNetworkingType != "" { acceleratedNetworkingOptions := sets.NewString(string(azure.VMnetworkingTypeAccelerated), string(azure.VMNetworkingTypeBasic)) if !acceleratedNetworkingOptions.Has(p.VMNetworkingType) { @@ -53,25 +81,27 @@ func ValidateMachinePool(p *azure.MachinePool, poolName string, platform *azure. } } - allErrs = append(allErrs, validateOSImage(p, poolName, fldPath)...) + allErrs = append(allErrs, validateOSImage(p, fldPath)...) return allErrs } -func validateOSImage(p *azure.MachinePool, poolName string, fldPath *field.Path) field.ErrorList { +func validateOSImage(p *azure.MachinePool, fldPath *field.Path) field.ErrorList { var allErrs field.ErrorList osImageFldPath := fldPath.Child("osImage") emptyOSImage := azure.OSImage{} if p.OSImage != emptyOSImage { - // The control plane cannot use the marketplace image. Don't let the default machine pool specify the - // marketplace image either. - if poolName == "" || poolName == "master" { - allErrs = append(allErrs, field.Invalid(osImageFldPath, p.OSImage, "cannot specify the OS image for the master machines")) - return allErrs + if p.OSImage.Plan != "" { + planOptions := sets.NewString( + string(azure.ImageNoPurchasePlan), + string(azure.ImageWithPurchasePlan), + ) + if !planOptions.Has(string(p.OSImage.Plan)) { + allErrs = append(allErrs, field.NotSupported(osImageFldPath.Child("plan"), p.OSImage.Plan, planOptions.List())) + } } - if p.OSImage.Publisher == "" { allErrs = append(allErrs, field.Required(osImageFldPath.Child("publisher"), "must specify publisher for the OS image")) } @@ -88,3 +118,99 @@ func validateOSImage(p *azure.MachinePool, poolName string, fldPath *field.Path) return allErrs } + +func validateSecurityProfile(p *azure.MachinePool, cloudName azure.CloudEnvironment, fieldPath *field.Path) field.ErrorList { + var errs field.ErrorList + + if p.Settings == nil && p.OSDisk.SecurityProfile == nil { + return errs + } + if p.Settings == nil && p.OSDisk.SecurityProfile.SecurityEncryptionType != "" { + return append(errs, field.Required(fieldPath.Child("settings"), + "settings should be set when osDisk.securityProfile.securityEncryptionType is defined.")) + } + + switch p.Settings.SecurityType { + case azure.SecurityTypesConfidentialVM: + if cloudName == azure.StackCloud { + return append(errs, field.Invalid(fieldPath.Child("settings").Child("securityType"), + p.Settings.SecurityType, + fmt.Sprintf("securityType %s is not supported on %s.", azure.SecurityTypesConfidentialVM, azure.StackCloud))) + } + + if p.OSDisk.SecurityProfile == nil || p.OSDisk.SecurityProfile.SecurityEncryptionType == "" { + securityProfileFieldPath := fieldPath.Child("osDisk").Child("securityProfile") + return append(errs, field.Required(securityProfileFieldPath.Child("securityEncryptionType"), + fmt.Sprintf("securityEncryptionType should be set when securityType is set to %s.", + azure.SecurityTypesConfidentialVM))) + } + + if !validSecurityEncryptionTypes[p.OSDisk.SecurityProfile.SecurityEncryptionType] { + securityProfileFieldPath := fieldPath.Child("osDisk").Child("securityProfile") + return append(errs, field.NotSupported(securityProfileFieldPath.Child("securityEncryptionType"), + p.OSDisk.SecurityProfile.SecurityEncryptionType, validSecurityEncryptionTypeValues)) + } + + if p.Settings.ConfidentialVM == nil { + return append(errs, field.Required(fieldPath.Child("settings").Child("confidentialVM"), + fmt.Sprintf("confidentialVM should be set when securityType is set to %s.", + azure.SecurityTypesConfidentialVM))) + } + + if p.Settings.ConfidentialVM.UEFISettings == nil { + return append(errs, field.Required(fieldPath.Child("settings").Child("confidentialVM").Child("uefiSettings"), + fmt.Sprintf("uefiSettings should be set when securityType is set to %s.", + azure.SecurityTypesConfidentialVM))) + } + + if p.Settings.ConfidentialVM.UEFISettings.VirtualizedTrustedPlatformModule != nil && + *p.Settings.ConfidentialVM.UEFISettings.VirtualizedTrustedPlatformModule != enabled { + uefiSettingsFieldPath := fieldPath.Child("settings").Child("confidentialVM").Child("uefiSettings") + return append(errs, field.Invalid(uefiSettingsFieldPath.Child("virtualizedTrustedPlatformModule"), + *p.Settings.ConfidentialVM.UEFISettings.VirtualizedTrustedPlatformModule, + fmt.Sprintf("virtualizedTrustedPlatformModule should be enabled when securityType is set to %s.", + azure.SecurityTypesConfidentialVM))) + } + + if p.OSDisk.SecurityProfile.SecurityEncryptionType == azure.SecurityEncryptionTypesDiskWithVMGuestState { + if p.EncryptionAtHost { + return append(errs, field.Invalid(fieldPath.Child("encryptionAtHost"), p.EncryptionAtHost, + fmt.Sprintf("encryptionAtHost cannot be set to true when securityEncryptionType is set to %s.", + azure.SecurityEncryptionTypesDiskWithVMGuestState))) + } + + if p.Settings.ConfidentialVM.UEFISettings.SecureBoot != nil && + *p.Settings.ConfidentialVM.UEFISettings.SecureBoot != enabled { + uefiSettingsFieldPath := fieldPath.Child("settings").Child("confidentialVM").Child("uefiSettings") + return append(errs, field.Invalid(uefiSettingsFieldPath.Child("secureBoot"), + *p.Settings.ConfidentialVM.UEFISettings.SecureBoot, + fmt.Sprintf("secureBoot should be enabled when securityEncryptionType is set to %s.", + azure.SecurityEncryptionTypesDiskWithVMGuestState))) + } + } + case azure.SecurityTypesTrustedLaunch: + if p.Settings.TrustedLaunch == nil { + return append(errs, field.Required(fieldPath.Child("settings").Child("trustedLaunch"), + fmt.Sprintf("trustedLaunch should be set when securityType is set to %s.", + azure.SecurityTypesTrustedLaunch))) + } + default: + if p.OSDisk.SecurityProfile != nil && p.OSDisk.SecurityProfile.SecurityEncryptionType != "" { + return append(errs, field.Invalid(fieldPath.Child("settings").Child("securityType"), + p.Settings.SecurityType, + fmt.Sprintf("securityType should be set to %s when securityEncryptionType is defined.", + azure.SecurityTypesConfidentialVM))) + } + + if p.Settings.TrustedLaunch != nil && p.Settings.TrustedLaunch.UEFISettings != nil && + ((p.Settings.TrustedLaunch.UEFISettings.SecureBoot != nil && *p.Settings.TrustedLaunch.UEFISettings.SecureBoot == enabled) || + (p.Settings.TrustedLaunch.UEFISettings.VirtualizedTrustedPlatformModule != nil && *p.Settings.TrustedLaunch.UEFISettings.VirtualizedTrustedPlatformModule == enabled)) { + return append(errs, field.Invalid(fieldPath.Child("settings").Child("securityType"), + p.Settings.SecurityType, + fmt.Sprintf("securityType should be set to %s when uefiSettings are enabled.", + azure.SecurityTypesTrustedLaunch))) + } + } + + return errs +} diff --git a/vendor/github.com/openshift/installer/pkg/types/azure/validation/platform.go b/vendor/github.com/openshift/installer/pkg/types/azure/validation/platform.go index 08e82605b76..81f9b991531 100644 --- a/vendor/github.com/openshift/installer/pkg/types/azure/validation/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/azure/validation/platform.go @@ -8,6 +8,7 @@ import ( "k8s.io/apimachinery/pkg/util/validation/field" + configv1 "github.com/openshift/api/config/v1" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/azure" ) @@ -46,7 +47,7 @@ var ( const maxUserTagLimit = 10 // ValidatePlatform checks that the specified platform is valid. -func ValidatePlatform(p *azure.Platform, publish types.PublishingStrategy, fldPath *field.Path) field.ErrorList { +func ValidatePlatform(p *azure.Platform, publish types.PublishingStrategy, fldPath *field.Path, ic *types.InstallConfig) field.ErrorList { allErrs := field.ErrorList{} if p.Region == "" { allErrs = append(allErrs, field.Required(fldPath.Child("region"), "region should be set to one of the supported Azure regions")) @@ -88,9 +89,14 @@ func ValidatePlatform(p *azure.Platform, publish types.PublishingStrategy, fldPa if p.OutboundType == azure.UserDefinedRoutingOutboundType && p.VirtualNetwork == "" { allErrs = append(allErrs, field.Invalid(fldPath.Child("outboundType"), p.OutboundType, fmt.Sprintf("%s is only allowed when installing to pre-existing network", azure.UserDefinedRoutingOutboundType))) } - if p.OutboundType == azure.NatGatewayOutboundType && p.VirtualNetwork != "" { - // For now, BYO network and NAT gateways are not compatible - allErrs = append(allErrs, field.Invalid(fldPath.Child("outboundType"), p.OutboundType, fmt.Sprintf("%s is not allowed when installing to pre-existing network", azure.NatGatewayOutboundType))) + if p.OutboundType == azure.NatGatewayOutboundType { + if ic.FeatureSet != configv1.TechPreviewNoUpgrade { + allErrs = append(allErrs, field.Invalid(fldPath.Child("outboundType"), p.OutboundType, "not supported in this feature set")) + } + if p.VirtualNetwork != "" { + // For now, BYO network and NAT gateways are not compatible + allErrs = append(allErrs, field.Invalid(fldPath.Child("outboundType"), p.OutboundType, fmt.Sprintf("%s is not allowed when installing to pre-existing network", azure.NatGatewayOutboundType))) + } } // support for Azure user-defined tags made available through @@ -208,8 +214,11 @@ func validateAzureStack(p *azure.Platform, fldPath *field.Path) field.ErrorList if p.ARMEndpoint == "" { allErrs = append(allErrs, field.Required(fldPath.Child("armEndpoint"), "ARM endpoint must be set when installing on Azure Stack")) } - if p.OutboundType == azure.UserDefinedRoutingOutboundType { + switch p.OutboundType { + case azure.UserDefinedRoutingOutboundType: allErrs = append(allErrs, field.Invalid(fldPath.Child("outboundType"), p.OutboundType, "Azure Stack does not support user-defined routing")) + case azure.NatGatewayOutboundType: + allErrs = append(allErrs, field.Invalid(fldPath.Child("outboundType"), p.OutboundType, "Azure Stack does not support NAT routing currently")) } return allErrs } diff --git a/vendor/github.com/openshift/installer/pkg/types/defaults/machinepools.go b/vendor/github.com/openshift/installer/pkg/types/defaults/machinepools.go index 0e4e6a2ba41..c074a4c78c4 100644 --- a/vendor/github.com/openshift/installer/pkg/types/defaults/machinepools.go +++ b/vendor/github.com/openshift/installer/pkg/types/defaults/machinepools.go @@ -26,15 +26,20 @@ func SetMachinePoolDefaults(p *types.MachinePool, platform string) { } } -// CreateEdgeMachinePoolDefaults create the edge compute pool when it is not already defined. -func CreateEdgeMachinePoolDefaults(pools []types.MachinePool, platform string, replicas int64) *types.MachinePool { +// hasEdgePoolConfig checks if the Edge compute pool has been defined on install-config. +func hasEdgePoolConfig(pools []types.MachinePool) bool { edgePoolDefined := false for _, compute := range pools { if compute.Name == types.MachinePoolEdgeRoleName { edgePoolDefined = true } } - if edgePoolDefined { + return edgePoolDefined +} + +// CreateEdgeMachinePoolDefaults create the edge compute pool when it is not already defined. +func CreateEdgeMachinePoolDefaults(pools []types.MachinePool, platform string, replicas int64) *types.MachinePool { + if hasEdgePoolConfig(pools) { return nil } pool := &types.MachinePool{ diff --git a/vendor/github.com/openshift/installer/pkg/types/external/platform.go b/vendor/github.com/openshift/installer/pkg/types/external/platform.go index 5a57fe2fe4e..a636d86313e 100644 --- a/vendor/github.com/openshift/installer/pkg/types/external/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/external/platform.go @@ -1,5 +1,16 @@ package external +// CloudControllerManager describes the type of cloud controller manager to be enabled. +type CloudControllerManager string + +const ( + // CloudControllerManagerTypeExternal specifies that an external cloud provider is to be configured. + CloudControllerManagerTypeExternal = "External" + + // CloudControllerManagerTypeNone specifies that no cloud provider is to be configured. + CloudControllerManagerTypeNone = "" +) + // Platform stores configuration related to external cloud providers. type Platform struct { // PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. @@ -9,4 +20,11 @@ type Platform struct { // +kubebuilder:validation:XValidation:rule="oldSelf == 'Unknown' || self == oldSelf",message="platform name cannot be changed once set" // +optional PlatformName string `json:"platformName,omitempty"` + + // CloudControllerManager when set to external, this property will enable an external cloud provider. + // +kubebuilder:default:="" + // +default="" + // +kubebuilder:validation:Enum="";External + // +optional + CloudControllerManager CloudControllerManager `json:"cloudControllerManager,omitempty"` } diff --git a/vendor/github.com/openshift/installer/pkg/types/gcp/machinepools.go b/vendor/github.com/openshift/installer/pkg/types/gcp/machinepools.go index ce0f558f225..68d266fe766 100644 --- a/vendor/github.com/openshift/installer/pkg/types/gcp/machinepools.go +++ b/vendor/github.com/openshift/installer/pkg/types/gcp/machinepools.go @@ -18,6 +18,11 @@ type MachinePool struct { // +optional OSDisk `json:"osDisk"` + // OSImage defines a custom image for instance. + // + // +optional + OSImage *OSImage `json:"osImage,omitempty"` + // Tags defines a set of network tags which will be added to instances in the machineset // // +optional @@ -45,8 +50,9 @@ type MachinePool struct { ConfidentialCompute string `json:"confidentialCompute,omitempty"` // ServiceAccount is the email of a gcp service account to be used for shared - // vpn installations. The provided service account will be attached to control-plane nodes + // vpc installations. The provided service account will be attached to control-plane nodes // in order to provide the permissions required by the cloud provider in the host project. + // This field is only supported in the control-plane machinepool. // // +optional ServiceAccount string `json:"serviceAccount,omitempty"` @@ -57,7 +63,7 @@ type OSDisk struct { // DiskType defines the type of disk. // For control plane nodes, the valid value is pd-ssd. // +optional - // +kubebuilder:validation:Enum=pd-ssd;pd-standard + // +kubebuilder:validation:Enum=pd-balanced;pd-ssd;pd-standard DiskType string `json:"diskType"` // DiskSizeGB defines the size of disk in GB. @@ -72,6 +78,19 @@ type OSDisk struct { EncryptionKey *EncryptionKeyReference `json:"encryptionKey,omitempty"` } +// OSImage defines the image to use for the OS. +type OSImage struct { + // Name defines the name of the image. + // + // +required + Name string `json:"name"` + + // Project defines the name of the project containing the image. + // + // +required + Project string `json:"project"` +} + // Set sets the values from `required` to `a`. func (a *MachinePool) Set(required *MachinePool) { if required == nil || a == nil { @@ -98,6 +117,10 @@ func (a *MachinePool) Set(required *MachinePool) { a.OSDisk.DiskType = required.OSDisk.DiskType } + if required.OSImage != nil { + a.OSImage = required.OSImage + } + if required.EncryptionKey != nil { if a.EncryptionKey == nil { a.EncryptionKey = &EncryptionKeyReference{} diff --git a/vendor/github.com/openshift/installer/pkg/types/gcp/platform.go b/vendor/github.com/openshift/installer/pkg/types/gcp/platform.go index 06829d4724e..bf5658c0cbf 100644 --- a/vendor/github.com/openshift/installer/pkg/types/gcp/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/gcp/platform.go @@ -35,11 +35,55 @@ type Platform struct { // +optional ComputeSubnet string `json:"computeSubnet,omitempty"` - // Licenses is a list of licenses to apply to the compute images - // The value should a list of strings (https URLs only) representing the license keys. - // When set, this will cause the installer to copy the image into user's project. - // This option is incompatible with any mechanism that makes use of pre-built images - // such as the current env OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE - // +optional - Licenses []string `json:"licenses,omitempty"` + // userLabels has additional keys and values that the installer will add as + // labels to all resources that it creates on GCP. Resources created by the + // cluster itself may not include these labels. This is a TechPreview feature + // and requires setting CustomNoUpgrade featureSet with GCPLabelsTags featureGate + // enabled or TechPreviewNoUpgrade featureSet to configure labels. + UserLabels []UserLabel `json:"userLabels,omitempty"` + + // userTags has additional keys and values that the installer will add as + // tags to all resources that it creates on GCP. Resources created by the + // cluster itself may not include these tags. Tag key and tag value should + // be the shortnames of the tag key and tag value resource. This is a TechPreview + // feature and requires setting CustomNoUpgrade featureSet with GCPLabelsTags + // featureGate enabled or TechPreviewNoUpgrade featureSet to configure tags. + UserTags []UserTag `json:"userTags,omitempty"` +} + +// UserLabel is a label to apply to GCP resources created for the cluster. +type UserLabel struct { + // key is the key part of the label. A label key can have a maximum of 63 characters + // and cannot be empty. Label must begin with a lowercase letter, and must contain + // only lowercase letters, numeric characters, and the following special characters `_-`. + Key string `json:"key"` + + // value is the value part of the label. A label value can have a maximum of 63 characters + // and cannot be empty. Value must contain only lowercase letters, numeric characters, and + // the following special characters `_-`. + Value string `json:"value"` +} + +// UserTag is a tag to apply to GCP resources created for the cluster. +type UserTag struct { + // parentID is the ID of the hierarchical resource where the tags are defined, + // e.g. at the Organization or the Project level. To find the Organization ID or Project ID refer to the following pages: + // https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + // https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + // An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. + // A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, + // numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. + ParentID string `json:"parentID"` + + // key is the key part of the tag. A tag key can have a maximum of 63 characters and + // cannot be empty. Tag key must begin and end with an alphanumeric character, and + // must contain only uppercase, lowercase alphanumeric characters, and the following + // special characters `._-`. + Key string `json:"key"` + + // value is the value part of the tag. A tag value can have a maximum of 63 characters + // and cannot be empty. Tag value must begin and end with an alphanumeric character, and + // must contain only uppercase, lowercase alphanumeric characters, and the following + // special characters `_-.@%=+:,*#&(){}[]` and spaces. + Value string `json:"value"` } diff --git a/vendor/github.com/openshift/installer/pkg/types/gcp/validation/machinepool.go b/vendor/github.com/openshift/installer/pkg/types/gcp/validation/machinepool.go index a673fc6247d..25915ee42b5 100644 --- a/vendor/github.com/openshift/installer/pkg/types/gcp/validation/machinepool.go +++ b/vendor/github.com/openshift/installer/pkg/types/gcp/validation/machinepool.go @@ -30,7 +30,7 @@ func ValidateMachinePool(platform *gcp.Platform, p *gcp.MachinePool, fldPath *fi } if p.OSDisk.DiskType != "" { - diskTypes := sets.NewString("pd-standard", "pd-ssd") + diskTypes := sets.NewString("pd-balanced", "pd-ssd", "pd-standard") if !diskTypes.Has(p.OSDisk.DiskType) { allErrs = append(allErrs, field.NotSupported(fldPath.Child("diskType"), p.OSDisk.DiskType, diskTypes.List())) } @@ -69,11 +69,12 @@ func ValidateServiceAccount(platform *gcp.Platform, p *types.MachinePool, fldPat // ValidateMasterDiskType checks that the specified disk type is valid for control plane. func ValidateMasterDiskType(p *types.MachinePool, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} - - if p.Name == "master" && p.Platform.GCP.OSDisk.DiskType == "pd-standard" { - allErrs = append(allErrs, field.Invalid(fldPath.Child("diskType"), p.Platform.GCP.OSDisk.DiskType, fmt.Sprintf("%s not compatible with control planes.", p.Platform.GCP.OSDisk.DiskType))) + if p.Name == "master" && p.Platform.GCP.OSDisk.DiskType != "" { + diskTypes := sets.NewString("pd-ssd") + if !diskTypes.Has(p.Platform.GCP.OSDisk.DiskType) { + allErrs = append(allErrs, field.NotSupported(fldPath.Child("diskType"), p.Platform.GCP.OSDisk.DiskType, diskTypes.List())) + } } - return allErrs } diff --git a/vendor/github.com/openshift/installer/pkg/types/gcp/validation/platform.go b/vendor/github.com/openshift/installer/pkg/types/gcp/validation/platform.go index 4a3faf9d828..12f02f75b50 100644 --- a/vendor/github.com/openshift/installer/pkg/types/gcp/validation/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/gcp/validation/platform.go @@ -1,14 +1,14 @@ package validation import ( - "os" + "fmt" + "regexp" "sort" "k8s.io/apimachinery/pkg/util/validation/field" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/gcp" - "github.com/openshift/installer/pkg/validate" ) var ( @@ -65,8 +65,34 @@ var ( sort.Strings(validValues) return validValues }() + + // userLabelKeyRegex is for verifying that the label key contains only allowed characters. + userLabelKeyRegex = regexp.MustCompile(`^[a-z][0-9a-z_-]{0,62}$`) + + // userLabelValueRegex is for verifying that the label value contains only allowed characters. + userLabelValueRegex = regexp.MustCompile(`^[0-9a-z_-]{1,63}$`) + + // userLabelKeyPrefixRegex is for verifying that the label key does not contain restricted prefixes. + userLabelKeyPrefixRegex = regexp.MustCompile(`^(?i)(kubernetes\-io|openshift\-io)`) + + // userTagKeyRegex is for verifying that the tag key contains only allowed characters. + userTagKeyRegex = regexp.MustCompile(`^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$`) + + // userTagValueRegex is for verifying that the tag value contains only allowed characters. + userTagValueRegex = regexp.MustCompile(`^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$`) + + // userTagParentIDRegex is for verifying that the tag parentID contains only allowed characters. + userTagParentIDRegex = regexp.MustCompile(`(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)`) ) +// maxUserLabelLimit is the maximum userLabels that can be configured as defined in openshift/api. +// https://github.com/openshift/api/commit/ae73a19d05c35068af16c9aeff375d0b7c936a8a#diff-07b264a49084976b670fb699badaca1795027d6ea732a99226a5388104f6174fR592-R602 +const maxUserLabelLimit = 32 + +// maxUserTagLimit is the maximum userTags that can be configured as defined in openshift/api. +// https://github.com/openshift/api/commit/ae73a19d05c35068af16c9aeff375d0b7c936a8a#diff-07b264a49084976b670fb699badaca1795027d6ea732a99226a5388104f6174fR604-R613 +const maxUserTagLimit = 50 + // ValidatePlatform checks that the specified platform is valid. func ValidatePlatform(p *gcp.Platform, fldPath *field.Path, ic *types.InstallConfig) field.ErrorList { allErrs := field.ErrorList{} @@ -99,15 +125,94 @@ func ValidatePlatform(p *gcp.Platform, fldPath *field.Path, ic *types.InstallCon allErrs = append(allErrs, field.Required(fldPath.Child("network"), "must provide a VPC network when supplying subnets")) } - if oi, ok := os.LookupEnv("OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE"); ok && oi != "" && len(p.Licenses) > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("licenses"), "the use of custom image licenses is forbidden if an OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE is specified")) + // check if configured userLabels are valid. + allErrs = append(allErrs, validateUserLabels(p.UserLabels, fldPath.Child("userLabels"))...) + + // check if configured userTags are valid. + allErrs = append(allErrs, validateUserTags(p.UserTags, fldPath.Child("userTags"))...) + + return allErrs +} + +// validateUserLabels verifies if configured number of UserLabels is not more than +// allowed limit and the label keys and values are valid. +func validateUserLabels(labels []gcp.UserLabel, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + if len(labels) == 0 { + return allErrs + } + + if len(labels) > maxUserLabelLimit { + allErrs = append(allErrs, field.TooMany(fldPath, len(labels), maxUserLabelLimit)) + } + + for _, label := range labels { + if err := validateLabel(label.Key, label.Value); err != nil { + allErrs = append(allErrs, field.Invalid(fldPath.Key(label.Key), label.Value, err.Error())) + } + } + return allErrs +} + +// validateLabel checks the following to ensure that the label configured is acceptable. +// - The key and value contain only allowed characters. +// - The key is not empty and at most 63 characters and starts with a lowercase letter. +// - The value is not empty and at most 63 characters. +// - The key and value must contain only lowercase letters, numeric characters, +// underscores, and dashes. +// - The key cannot be Name or have kubernetes.io, openshift.io prefixes. +func validateLabel(key, value string) error { + if !userLabelKeyRegex.MatchString(key) { + return fmt.Errorf("label key is invalid or contains invalid characters. Label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`") + } + if !userLabelValueRegex.MatchString(value) { + return fmt.Errorf("label value is invalid or contains invalid characters. Label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`") + } + if userLabelKeyPrefixRegex.MatchString(key) { + return fmt.Errorf("label key contains restricted prefix. Label key cannot have `kubernetes-io`, `openshift-io` prefixes") + } + return nil +} + +// validateUserTags verifies if configured number of UserTags is not more than +// allowed limit and the tag keys and values are valid. +func validateUserTags(tags []gcp.UserTag, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + if len(tags) == 0 { + return allErrs } - for i, license := range p.Licenses { - if validate.URIWithProtocol(license, "https") != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("licenses").Index(i), license, "licenses must be URLs (https) only")) + if len(tags) > maxUserTagLimit { + allErrs = append(allErrs, field.TooMany(fldPath, len(tags), maxUserTagLimit)) + } + + for _, tag := range tags { + if err := validateTag(tag.ParentID, tag.Key, tag.Value); err != nil { + allErrs = append(allErrs, field.Invalid(fldPath.Key(tag.Key), tag.Value, err.Error())) } } return allErrs } + +// validateTag checks the following to ensure that the tag configured is acceptable. Though +// the criteria is for tag resources to pre-exist, tags will be validated to catch the +// error much earlier. +// - The key and value contain only allowed characters. +// - The key and value is not empty and can have at most 63 characters. +// - The ParentID can be either OrganizationID or ProjectID. +// - OrganizationID must consist of decimal numbers, and cannot have leading zeroes. +// - ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, +// and hyphens, and must start with a letter, and cannot end with a hyphen. +func validateTag(parentID, key, value string) error { + if !userTagParentIDRegex.MatchString(parentID) { + return fmt.Errorf("tag parentID is invalid or contains invalid characters. ParentID can have a maximum of 32 characters and cannot be empty. ParentID can be either OrganizationID or ProjectID. OrganizationID must consist of decimal numbers, and cannot have leading zeroes and ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen") + } + if !userTagKeyRegex.MatchString(key) { + return fmt.Errorf("tag key is invalid or contains invalid characters. Tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`") + } + if !userTagValueRegex.MatchString(value) { + return fmt.Errorf("tag value is invalid or contains invalid characters. Tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%%=+:,*#&(){}[]` and spaces") + } + return nil +} diff --git a/vendor/github.com/openshift/installer/pkg/types/ibmcloud/validation/platform.go b/vendor/github.com/openshift/installer/pkg/types/ibmcloud/validation/platform.go index 595dbcc1ba2..97b27095540 100644 --- a/vendor/github.com/openshift/installer/pkg/types/ibmcloud/validation/platform.go +++ b/vendor/github.com/openshift/installer/pkg/types/ibmcloud/validation/platform.go @@ -16,6 +16,7 @@ var ( "us-east": "US East (Washington DC)", "eu-gb": "United Kindom (London)", "eu-de": "EU Germany (Frankfurt)", + "eu-es": "Spain (Madrid)", "jp-tok": "Japan (Tokyo)", "jp-osa": "Japan (Osaka)", "au-syd": "Australia (Sydney)", diff --git a/vendor/github.com/openshift/installer/pkg/types/installconfig.go b/vendor/github.com/openshift/installer/pkg/types/installconfig.go index 00da36ee59f..5cf699bb4b9 100644 --- a/vendor/github.com/openshift/installer/pkg/types/installconfig.go +++ b/vendor/github.com/openshift/installer/pkg/types/installconfig.go @@ -164,7 +164,6 @@ type InstallConfig struct { // When this field is set the cluster will be flagged for CPU Partitioning allowing users to segregate workloads to // specific CPU Sets. This does not make any decisions on workloads it only configures the nodes to allow CPU Partitioning. // The "AllNodes" value will setup all nodes for CPU Partitioning, the default is "None". - // This feature is currently in TechPreview. // // +kubebuilder:default="None" // +optional diff --git a/vendor/github.com/openshift/installer/pkg/types/powervs/powervs_regions.go b/vendor/github.com/openshift/installer/pkg/types/powervs/powervs_regions.go index edae0b84b85..b7fe244cde7 100644 --- a/vendor/github.com/openshift/installer/pkg/types/powervs/powervs_regions.go +++ b/vendor/github.com/openshift/installer/pkg/types/powervs/powervs_regions.go @@ -20,7 +20,10 @@ var Regions = map[string]Region{ "dal": { Description: "Dallas, USA", VPCRegion: "us-south", - Zones: []string{"dal12"}, + Zones: []string{ + "dal10", + "dal12", + }, }, "eu-de": { Description: "Frankfurt, Germany", diff --git a/vendor/github.com/openshift/installer/pkg/types/validation/installconfig.go b/vendor/github.com/openshift/installer/pkg/types/validation/installconfig.go index a7155e5d62e..a36c380b2f0 100644 --- a/vendor/github.com/openshift/installer/pkg/types/validation/installconfig.go +++ b/vendor/github.com/openshift/installer/pkg/types/validation/installconfig.go @@ -10,7 +10,7 @@ import ( "strconv" "strings" - dockerref "github.com/containers/image/docker/reference" + dockerref "github.com/containers/image/v5/docker/reference" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/crypto/ssh" @@ -21,6 +21,7 @@ import ( configv1 "github.com/openshift/api/config/v1" operv1 "github.com/openshift/api/operator/v1" + "github.com/openshift/installer/pkg/hostcrypt" "github.com/openshift/installer/pkg/ipnet" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/alibabacloud" @@ -68,13 +69,11 @@ func ValidateInstallConfig(c *types.InstallConfig, usingAgentMethod bool) field. return field.ErrorList{field.Invalid(field.NewPath("apiVersion"), c.TypeMeta.APIVersion, fmt.Sprintf("install-config version must be %q", types.InstallConfigVersion))} } - if c.SSHKey != "" { - if c.FIPS == true { - allErrs = append(allErrs, validateFIPSconfig(c)...) - } else { - if err := validate.SSHPublicKey(c.SSHKey); err != nil { - allErrs = append(allErrs, field.Invalid(field.NewPath("sshKey"), c.SSHKey, err.Error())) - } + if c.FIPS { + allErrs = append(allErrs, validateFIPSconfig(c)...) + } else if c.SSHKey != "" { + if err := validate.SSHPublicKey(c.SSHKey); err != nil { + allErrs = append(allErrs, field.Invalid(field.NewPath("sshKey"), c.SSHKey, err.Error())) } } @@ -141,7 +140,7 @@ func ValidateInstallConfig(c *types.InstallConfig, usingAgentMethod bool) field. allErrs = append(allErrs, field.Invalid(field.NewPath("imageContentSources"), c.Publish, "cannot set imageContentSources and imageDigestSources at the same time")) } if len(c.DeprecatedImageContentSources) != 0 { - logrus.Warningln("imageContentSources is deprecated, please use ImageDigestSource") + logrus.Warningln("imageContentSources is deprecated, please use ImageDigestSources") } allErrs = append(allErrs, validateCloudCredentialsMode(c.CredentialsMode, field.NewPath("credentialsMode"), c.Platform)...) if c.Capabilities != nil { @@ -156,6 +155,16 @@ func ValidateInstallConfig(c *types.InstallConfig, usingAgentMethod bool) field. } } + if c.Capabilities != nil { + if c.Capabilities.BaselineCapabilitySet == configv1.ClusterVersionCapabilitySetNone { + enabledCaps := sets.New[configv1.ClusterVersionCapability](c.Capabilities.AdditionalEnabledCapabilities...) + if enabledCaps.Has(configv1.ClusterVersionCapabilityBaremetal) && !enabledCaps.Has(configv1.ClusterVersionCapabilityMachineAPI) { + allErrs = append(allErrs, field.Invalid(field.NewPath("additionalEnabledCapabilities"), c.Capabilities.AdditionalEnabledCapabilities, + "the baremetal capability requires the MachineAPI capability")) + } + } + } + allErrs = append(allErrs, validateFeatureSet(c)...) return allErrs @@ -315,8 +324,12 @@ func validateNetworking(n *types.Networking, singleNodeOpenShift bool, fldPath * allErrs = append(allErrs, field.Required(fldPath.Child("networkType"), "network provider type required")) } - if singleNodeOpenShift && n.NetworkType == string(operv1.NetworkTypeOpenShiftSDN) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("networkType"), n.NetworkType, "networkType OpenShiftSDN is currently not supported on Single Node OpenShift")) + if n.NetworkType == string(operv1.NetworkTypeOpenShiftSDN) { + if singleNodeOpenShift { + allErrs = append(allErrs, field.Invalid(fldPath.Child("networkType"), n.NetworkType, "networkType OpenShiftSDN is currently not supported on Single Node OpenShift")) + } else { + logrus.Warnf("networkType OpenShiftSDN is deprecated, please consider using OVNKubernetes") + } } if len(n.MachineNetwork) > 0 { @@ -731,7 +744,7 @@ func validatePlatform(platform *types.Platform, usingAgentMethod bool, fldPath * } if platform.Azure != nil { validate(azure.Name, platform.Azure, func(f *field.Path) field.ErrorList { - return azurevalidation.ValidatePlatform(platform.Azure, c.Publish, f) + return azurevalidation.ValidatePlatform(platform.Azure, c.Publish, f, c) }) } if platform.GCP != nil { @@ -980,16 +993,22 @@ func validateIPProxy(proxy string, n *types.Networking, fldPath *field.Path) fie // for ssh keys on FIPS. func validateFIPSconfig(c *types.InstallConfig) field.ErrorList { allErrs := field.ErrorList{} - sshParsedKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(c.SSHKey)) - if err != nil { - allErrs = append(allErrs, field.Invalid(field.NewPath("sshKey"), c.SSHKey, fmt.Sprintf("Fatal error trying to parse configured public key: %s", err))) - } else { - sshKeyType := sshParsedKey.Type() - re := regexp.MustCompile(`^ecdsa-sha2-nistp\d{3}$|^ssh-rsa$`) - if !re.MatchString(sshKeyType) { - allErrs = append(allErrs, field.Invalid(field.NewPath("sshKey"), c.SSHKey, fmt.Sprintf("SSH key type %s unavailable when FIPS is enabled. Please use rsa or ecdsa.", sshKeyType))) + if c.SSHKey != "" { + sshParsedKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(c.SSHKey)) + if err != nil { + allErrs = append(allErrs, field.Invalid(field.NewPath("sshKey"), c.SSHKey, fmt.Sprintf("Fatal error trying to parse configured public key: %s", err))) + } else { + sshKeyType := sshParsedKey.Type() + re := regexp.MustCompile(`^ecdsa-sha2-nistp\d{3}$|^ssh-rsa$`) + if !re.MatchString(sshKeyType) { + allErrs = append(allErrs, field.Invalid(field.NewPath("sshKey"), c.SSHKey, fmt.Sprintf("SSH key type %s unavailable when FIPS is enabled. Please use rsa or ecdsa.", sshKeyType))) + } } } + + if err := hostcrypt.VerifyHostTargetState(c.FIPS); err != nil { + logrus.Warnf("%v", err) + } return allErrs } @@ -1067,6 +1086,15 @@ func validateFeatureSet(c *types.InstallConfig) field.ErrorList { allErrs = append(allErrs, field.Forbidden(field.NewPath("platform", "vsphere", "hosts"), errMsg)) } } + + if c.GCP != nil { + if len(c.GCP.UserTags) > 0 { + allErrs = append(allErrs, field.Forbidden(field.NewPath("platform", "gcp", "userTags"), errMsg)) + } + if len(c.GCP.UserLabels) > 0 { + allErrs = append(allErrs, field.Forbidden(field.NewPath("platform", "gcp", "userLabels"), errMsg)) + } + } } return allErrs diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go index 3aa8d0590ba..b22d862fbc6 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go @@ -22,7 +22,7 @@ import "github.com/prometheus/client_golang/prometheus" // Prometheus metrics. Note that the data models of expvar and Prometheus are // fundamentally different, and that the expvar Collector is inherently slower // than native Prometheus metrics. Thus, the expvar Collector is probably great -// for experiments and prototying, but you should seriously consider a more +// for experiments and prototyping, but you should seriously consider a more // direct implementation of Prometheus metrics for monitoring production // systems. // diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go b/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go index 2f5616894e7..bcfa4fa10e0 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go @@ -132,16 +132,19 @@ type GoCollectionOption uint32 const ( // GoRuntimeMemStatsCollection represents the metrics represented by runtime.MemStats structure. - // Deprecated. Use WithGoCollectorMemStatsMetricsDisabled() function to disable those metrics in the collector. + // + // Deprecated: Use WithGoCollectorMemStatsMetricsDisabled() function to disable those metrics in the collector. GoRuntimeMemStatsCollection GoCollectionOption = 1 << iota // GoRuntimeMetricsCollection is the new set of metrics represented by runtime/metrics package. - // Deprecated. Use WithGoCollectorRuntimeMetrics(GoRuntimeMetricsRule{Matcher: regexp.MustCompile("/.*")}) + // + // Deprecated: Use WithGoCollectorRuntimeMetrics(GoRuntimeMetricsRule{Matcher: regexp.MustCompile("/.*")}) // function to enable those metrics in the collector. GoRuntimeMetricsCollection ) // WithGoCollections allows enabling different collections for Go collector on top of base metrics. -// Deprecated. Use WithGoCollectorRuntimeMetrics() and WithGoCollectorMemStatsMetricsDisabled() instead to control metrics. +// +// Deprecated: Use WithGoCollectorRuntimeMetrics() and WithGoCollectorMemStatsMetricsDisabled() instead to control metrics. func WithGoCollections(flags GoCollectionOption) func(options *internal.GoCollectorOptions) { return func(options *internal.GoCollectorOptions) { if flags&GoRuntimeMemStatsCollection == 0 { diff --git a/vendor/github.com/prometheus/client_golang/prometheus/counter.go b/vendor/github.com/prometheus/client_golang/prometheus/counter.go index 62de4dc59aa..4ce84e7a80e 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/counter.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/counter.go @@ -20,6 +20,7 @@ import ( "time" dto "github.com/prometheus/client_model/go" + "google.golang.org/protobuf/types/known/timestamppb" ) // Counter is a Metric that represents a single numerical value that only ever @@ -66,7 +67,7 @@ type CounterVecOpts struct { CounterOpts // VariableLabels are used to partition the metric vector by the given set - // of labels. Each label value will be constrained with the optional Contraint + // of labels. Each label value will be constrained with the optional Constraint // function, if provided. VariableLabels ConstrainableLabels } @@ -90,8 +91,12 @@ func NewCounter(opts CounterOpts) Counter { nil, opts.ConstLabels, ) - result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: time.Now} + if opts.now == nil { + opts.now = time.Now + } + result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: opts.now} result.init(result) // Init self-collection. + result.createdTs = timestamppb.New(opts.now()) return result } @@ -106,10 +111,12 @@ type counter struct { selfCollector desc *Desc + createdTs *timestamppb.Timestamp labelPairs []*dto.LabelPair exemplar atomic.Value // Containing nil or a *dto.Exemplar. - now func() time.Time // To mock out time.Now() for testing. + // now is for testing purposes, by default it's time.Now. + now func() time.Time } func (c *counter) Desc() *Desc { @@ -159,8 +166,7 @@ func (c *counter) Write(out *dto.Metric) error { exemplar = e.(*dto.Exemplar) } val := c.get() - - return populateMetric(CounterValue, val, c.labelPairs, exemplar, out) + return populateMetric(CounterValue, val, c.labelPairs, exemplar, out, c.createdTs) } func (c *counter) updateExemplar(v float64, l Labels) { @@ -200,13 +206,17 @@ func (v2) NewCounterVec(opts CounterVecOpts) *CounterVec { opts.VariableLabels, opts.ConstLabels, ) + if opts.now == nil { + opts.now = time.Now + } return &CounterVec{ MetricVec: NewMetricVec(desc, func(lvs ...string) Metric { - if len(lvs) != len(desc.variableLabels) { - panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs)) + if len(lvs) != len(desc.variableLabels.names) { + panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, lvs)) } - result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: time.Now} + result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: opts.now} result.init(result) // Init self-collection. + result.createdTs = timestamppb.New(opts.now()) return result }), } diff --git a/vendor/github.com/prometheus/client_golang/prometheus/desc.go b/vendor/github.com/prometheus/client_golang/prometheus/desc.go index deedc2dfbe7..68ffe3c2480 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/desc.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/desc.go @@ -52,7 +52,7 @@ type Desc struct { constLabelPairs []*dto.LabelPair // variableLabels contains names of labels and normalization function for // which the metric maintains variable values. - variableLabels ConstrainedLabels + variableLabels *compiledLabels // id is a hash of the values of the ConstLabels and fqName. This // must be unique among all registered descriptors and can therefore be // used as an identifier of the descriptor. @@ -93,7 +93,7 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const d := &Desc{ fqName: fqName, help: help, - variableLabels: variableLabels.constrainedLabels(), + variableLabels: variableLabels.compile(), } if !model.IsValidMetricName(model.LabelValue(fqName)) { d.err = fmt.Errorf("%q is not a valid metric name", fqName) @@ -103,7 +103,7 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const // their sorted label names) plus the fqName (at position 0). labelValues := make([]string, 1, len(constLabels)+1) labelValues[0] = fqName - labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels)) + labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels.names)) labelNameSet := map[string]struct{}{} // First add only the const label names and sort them... for labelName := range constLabels { @@ -128,13 +128,13 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const // Now add the variable label names, but prefix them with something that // cannot be in a regular label name. That prevents matching the label // dimension with a different mix between preset and variable labels. - for _, label := range d.variableLabels { - if !checkLabelName(label.Name) { - d.err = fmt.Errorf("%q is not a valid label name for metric %q", label.Name, fqName) + for _, label := range d.variableLabels.names { + if !checkLabelName(label) { + d.err = fmt.Errorf("%q is not a valid label name for metric %q", label, fqName) return d } - labelNames = append(labelNames, "$"+label.Name) - labelNameSet[label.Name] = struct{}{} + labelNames = append(labelNames, "$"+label) + labelNameSet[label] = struct{}{} } if len(labelNames) != len(labelNameSet) { d.err = fmt.Errorf("duplicate label names in constant and variable labels for metric %q", fqName) @@ -189,11 +189,19 @@ func (d *Desc) String() string { fmt.Sprintf("%s=%q", lp.GetName(), lp.GetValue()), ) } + vlStrings := make([]string, 0, len(d.variableLabels.names)) + for _, vl := range d.variableLabels.names { + if fn, ok := d.variableLabels.labelConstraints[vl]; ok && fn != nil { + vlStrings = append(vlStrings, fmt.Sprintf("c(%s)", vl)) + } else { + vlStrings = append(vlStrings, vl) + } + } return fmt.Sprintf( - "Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: %v}", + "Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: {%s}}", d.fqName, d.help, strings.Join(lpStrings, ","), - d.variableLabels, + strings.Join(vlStrings, ","), ) } diff --git a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go index c41ab37f3bb..de5a8562931 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go @@ -48,7 +48,7 @@ func (e *expvarCollector) Collect(ch chan<- Metric) { continue } var v interface{} - labels := make([]string, len(desc.variableLabels)) + labels := make([]string, len(desc.variableLabels.names)) if err := json.Unmarshal([]byte(expVar.String()), &v); err != nil { ch <- NewInvalidMetric(desc, err) continue diff --git a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go index f1ea6c76f75..dd2eac94067 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go @@ -62,7 +62,7 @@ type GaugeVecOpts struct { GaugeOpts // VariableLabels are used to partition the metric vector by the given set - // of labels. Each label value will be constrained with the optional Contraint + // of labels. Each label value will be constrained with the optional Constraint // function, if provided. VariableLabels ConstrainableLabels } @@ -135,7 +135,7 @@ func (g *gauge) Sub(val float64) { func (g *gauge) Write(out *dto.Metric) error { val := math.Float64frombits(atomic.LoadUint64(&g.valBits)) - return populateMetric(GaugeValue, val, g.labelPairs, nil, out) + return populateMetric(GaugeValue, val, g.labelPairs, nil, out, nil) } // GaugeVec is a Collector that bundles a set of Gauges that all share the same @@ -166,8 +166,8 @@ func (v2) NewGaugeVec(opts GaugeVecOpts) *GaugeVec { ) return &GaugeVec{ MetricVec: NewMetricVec(desc, func(lvs ...string) Metric { - if len(lvs) != len(desc.variableLabels) { - panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs)) + if len(lvs) != len(desc.variableLabels.names) { + panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, lvs)) } result := &gauge{desc: desc, labelPairs: MakeLabelPairs(desc, lvs)} result.init(result) // Init self-collection. diff --git a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go index 8d818afe90d..1feba62c6c9 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go @@ -25,6 +25,7 @@ import ( dto "github.com/prometheus/client_model/go" "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/timestamppb" ) // nativeHistogramBounds for the frac of observed values. Only relevant for @@ -391,7 +392,7 @@ type HistogramOpts struct { // zero, it is replaced by default buckets. The default buckets are // DefBuckets if no buckets for a native histogram (see below) are used, // otherwise the default is no buckets. (In other words, if you want to - // use both reguler buckets and buckets for a native histogram, you have + // use both regular buckets and buckets for a native histogram, you have // to define the regular buckets here explicitly.) Buckets []float64 @@ -413,8 +414,8 @@ type HistogramOpts struct { // and 2, same as between 2 and 4, and 4 and 8, etc.). // // Details about the actually used factor: The factor is calculated as - // 2^(2^n), where n is an integer number between (and including) -8 and - // 4. n is chosen so that the resulting factor is the largest that is + // 2^(2^-n), where n is an integer number between (and including) -4 and + // 8. n is chosen so that the resulting factor is the largest that is // still smaller or equal to NativeHistogramBucketFactor. Note that the // smallest possible factor is therefore approx. 1.00271 (i.e. 2^(2^-8) // ). If NativeHistogramBucketFactor is greater than 1 but smaller than @@ -428,12 +429,12 @@ type HistogramOpts struct { // a major version bump. NativeHistogramBucketFactor float64 // All observations with an absolute value of less or equal - // NativeHistogramZeroThreshold are accumulated into a “zero” - // bucket. For best results, this should be close to a bucket - // boundary. This is usually the case if picking a power of two. If + // NativeHistogramZeroThreshold are accumulated into a “zero” bucket. + // For best results, this should be close to a bucket boundary. This is + // usually the case if picking a power of two. If // NativeHistogramZeroThreshold is left at zero, - // DefNativeHistogramZeroThreshold is used as the threshold. To configure - // a zero bucket with an actual threshold of zero (i.e. only + // DefNativeHistogramZeroThreshold is used as the threshold. To + // configure a zero bucket with an actual threshold of zero (i.e. only // observations of precisely zero will go into the zero bucket), set // NativeHistogramZeroThreshold to the NativeHistogramZeroThresholdZero // constant (or any negative float value). @@ -446,26 +447,34 @@ type HistogramOpts struct { // Histogram are sufficiently wide-spread. In particular, this could be // used as a DoS attack vector. Where the observed values depend on // external inputs, it is highly recommended to set a - // NativeHistogramMaxBucketNumber.) Once the set + // NativeHistogramMaxBucketNumber.) Once the set // NativeHistogramMaxBucketNumber is exceeded, the following strategy is - // enacted: First, if the last reset (or the creation) of the histogram - // is at least NativeHistogramMinResetDuration ago, then the whole - // histogram is reset to its initial state (including regular - // buckets). If less time has passed, or if - // NativeHistogramMinResetDuration is zero, no reset is - // performed. Instead, the zero threshold is increased sufficiently to - // reduce the number of buckets to or below - // NativeHistogramMaxBucketNumber, but not to more than - // NativeHistogramMaxZeroThreshold. Thus, if - // NativeHistogramMaxZeroThreshold is already at or below the current - // zero threshold, nothing happens at this step. After that, if the - // number of buckets still exceeds NativeHistogramMaxBucketNumber, the - // resolution of the histogram is reduced by doubling the width of the - // sparse buckets (up to a growth factor between one bucket to the next - // of 2^(2^4) = 65536, see above). + // enacted: + // - First, if the last reset (or the creation) of the histogram is at + // least NativeHistogramMinResetDuration ago, then the whole + // histogram is reset to its initial state (including regular + // buckets). + // - If less time has passed, or if NativeHistogramMinResetDuration is + // zero, no reset is performed. Instead, the zero threshold is + // increased sufficiently to reduce the number of buckets to or below + // NativeHistogramMaxBucketNumber, but not to more than + // NativeHistogramMaxZeroThreshold. Thus, if + // NativeHistogramMaxZeroThreshold is already at or below the current + // zero threshold, nothing happens at this step. + // - After that, if the number of buckets still exceeds + // NativeHistogramMaxBucketNumber, the resolution of the histogram is + // reduced by doubling the width of the sparse buckets (up to a + // growth factor between one bucket to the next of 2^(2^4) = 65536, + // see above). + // - Any increased zero threshold or reduced resolution is reset back + // to their original values once NativeHistogramMinResetDuration has + // passed (since the last reset or the creation of the histogram). NativeHistogramMaxBucketNumber uint32 NativeHistogramMinResetDuration time.Duration NativeHistogramMaxZeroThreshold float64 + + // now is for testing purposes, by default it's time.Now. + now func() time.Time } // HistogramVecOpts bundles the options to create a HistogramVec metric. @@ -475,7 +484,7 @@ type HistogramVecOpts struct { HistogramOpts // VariableLabels are used to partition the metric vector by the given set - // of labels. Each label value will be constrained with the optional Contraint + // of labels. Each label value will be constrained with the optional Constraint // function, if provided. VariableLabels ConstrainableLabels } @@ -499,12 +508,12 @@ func NewHistogram(opts HistogramOpts) Histogram { } func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogram { - if len(desc.variableLabels) != len(labelValues) { - panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues)) + if len(desc.variableLabels.names) != len(labelValues) { + panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, labelValues)) } - for _, n := range desc.variableLabels { - if n.Name == bucketLabel { + for _, n := range desc.variableLabels.names { + if n == bucketLabel { panic(errBucketLabelNotAllowed) } } @@ -514,6 +523,10 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr } } + if opts.now == nil { + opts.now = time.Now + } + h := &histogram{ desc: desc, upperBounds: opts.Buckets, @@ -521,8 +534,8 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr nativeHistogramMaxBuckets: opts.NativeHistogramMaxBucketNumber, nativeHistogramMaxZeroThreshold: opts.NativeHistogramMaxZeroThreshold, nativeHistogramMinResetDuration: opts.NativeHistogramMinResetDuration, - lastResetTime: time.Now(), - now: time.Now, + lastResetTime: opts.now(), + now: opts.now, } if len(h.upperBounds) == 0 && opts.NativeHistogramBucketFactor <= 1 { h.upperBounds = DefBuckets @@ -701,9 +714,11 @@ type histogram struct { nativeHistogramMaxZeroThreshold float64 nativeHistogramMaxBuckets uint32 nativeHistogramMinResetDuration time.Duration - lastResetTime time.Time // Protected by mtx. + // lastResetTime is protected by mtx. It is also used as created timestamp. + lastResetTime time.Time - now func() time.Time // To mock out time.Now() for testing. + // now is for testing purposes, by default it's time.Now. + now func() time.Time } func (h *histogram) Desc() *Desc { @@ -742,9 +757,10 @@ func (h *histogram) Write(out *dto.Metric) error { waitForCooldown(count, coldCounts) his := &dto.Histogram{ - Bucket: make([]*dto.Bucket, len(h.upperBounds)), - SampleCount: proto.Uint64(count), - SampleSum: proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))), + Bucket: make([]*dto.Bucket, len(h.upperBounds)), + SampleCount: proto.Uint64(count), + SampleSum: proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))), + CreatedTimestamp: timestamppb.New(h.lastResetTime), } out.Histogram = his out.Label = h.labelPairs @@ -782,6 +798,16 @@ func (h *histogram) Write(out *dto.Metric) error { his.ZeroCount = proto.Uint64(zeroBucket) his.NegativeSpan, his.NegativeDelta = makeBuckets(&coldCounts.nativeHistogramBucketsNegative) his.PositiveSpan, his.PositiveDelta = makeBuckets(&coldCounts.nativeHistogramBucketsPositive) + + // Add a no-op span to a histogram without observations and with + // a zero threshold of zero. Otherwise, a native histogram would + // look like a classic histogram to scrapers. + if *his.ZeroThreshold == 0 && *his.ZeroCount == 0 && len(his.PositiveSpan) == 0 && len(his.NegativeSpan) == 0 { + his.PositiveSpan = []*dto.BucketSpan{{ + Offset: proto.Int32(0), + Length: proto.Uint32(0), + }} + } } addAndResetCounts(hotCounts, coldCounts) return nil @@ -854,20 +880,23 @@ func (h *histogram) limitBuckets(counts *histogramCounts, value float64, bucket h.doubleBucketWidth(hotCounts, coldCounts) } -// maybeReset resests the whole histogram if at least h.nativeHistogramMinResetDuration +// maybeReset resets the whole histogram if at least h.nativeHistogramMinResetDuration // has been passed. It returns true if the histogram has been reset. The caller // must have locked h.mtx. -func (h *histogram) maybeReset(hot, cold *histogramCounts, coldIdx uint64, value float64, bucket int) bool { +func (h *histogram) maybeReset( + hot, cold *histogramCounts, coldIdx uint64, value float64, bucket int, +) bool { // We are using the possibly mocked h.now() rather than // time.Since(h.lastResetTime) to enable testing. - if h.nativeHistogramMinResetDuration == 0 || h.now().Sub(h.lastResetTime) < h.nativeHistogramMinResetDuration { + if h.nativeHistogramMinResetDuration == 0 || + h.now().Sub(h.lastResetTime) < h.nativeHistogramMinResetDuration { return false } // Completely reset coldCounts. h.resetCounts(cold) // Repeat the latest observation to not lose it completely. cold.observe(value, bucket, true) - // Make coldCounts the new hot counts while ressetting countAndHotIdx. + // Make coldCounts the new hot counts while resetting countAndHotIdx. n := atomic.SwapUint64(&h.countAndHotIdx, (coldIdx<<63)+1) count := n & ((1 << 63) - 1) waitForCooldown(count, hot) @@ -1176,6 +1205,7 @@ type constHistogram struct { sum float64 buckets map[float64]uint64 labelPairs []*dto.LabelPair + createdTs *timestamppb.Timestamp } func (h *constHistogram) Desc() *Desc { @@ -1183,7 +1213,9 @@ func (h *constHistogram) Desc() *Desc { } func (h *constHistogram) Write(out *dto.Metric) error { - his := &dto.Histogram{} + his := &dto.Histogram{ + CreatedTimestamp: h.createdTs, + } buckets := make([]*dto.Bucket, 0, len(h.buckets)) @@ -1230,7 +1262,7 @@ func NewConstHistogram( if desc.err != nil { return nil, desc.err } - if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil { + if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil { return nil, err } return &constHistogram{ @@ -1324,7 +1356,7 @@ func makeBuckets(buckets *sync.Map) ([]*dto.BucketSpan, []int64) { // Multiple spans with only small gaps in between are probably // encoded more efficiently as one larger span with a few empty // buckets. Needs some research to find the sweet spot. For now, - // we assume that gaps of one ore two buckets should not create + // we assume that gaps of one or two buckets should not create // a new span. iDelta := int32(i - nextI) if n == 0 || iDelta > 2 { diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go index fd0750f2cf5..a595a203625 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go @@ -14,7 +14,7 @@ // It provides tools to compare sequences of strings and generate textual diffs. // // Maintaining `GetUnifiedDiffString` here because original repository -// (https://github.com/pmezard/go-difflib) is no loger maintained. +// (https://github.com/pmezard/go-difflib) is no longer maintained. package internal import ( diff --git a/vendor/github.com/prometheus/client_golang/prometheus/labels.go b/vendor/github.com/prometheus/client_golang/prometheus/labels.go index 63ff8683ce5..b3c4eca2bc1 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/labels.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/labels.go @@ -32,19 +32,15 @@ import ( // create a Desc. type Labels map[string]string +// LabelConstraint normalizes label values. +type LabelConstraint func(string) string + // ConstrainedLabels represents a label name and its constrain function // to normalize label values. This type is commonly used when constructing // metric vector Collectors. type ConstrainedLabel struct { Name string - Constraint func(string) string -} - -func (cl ConstrainedLabel) Constrain(v string) string { - if cl.Constraint == nil { - return v - } - return cl.Constraint(v) + Constraint LabelConstraint } // ConstrainableLabels is an interface that allows creating of labels that can @@ -58,7 +54,7 @@ func (cl ConstrainedLabel) Constrain(v string) string { // }, // }) type ConstrainableLabels interface { - constrainedLabels() ConstrainedLabels + compile() *compiledLabels labelNames() []string } @@ -67,8 +63,20 @@ type ConstrainableLabels interface { // metric vector Collectors. type ConstrainedLabels []ConstrainedLabel -func (cls ConstrainedLabels) constrainedLabels() ConstrainedLabels { - return cls +func (cls ConstrainedLabels) compile() *compiledLabels { + compiled := &compiledLabels{ + names: make([]string, len(cls)), + labelConstraints: map[string]LabelConstraint{}, + } + + for i, label := range cls { + compiled.names[i] = label.Name + if label.Constraint != nil { + compiled.labelConstraints[label.Name] = label.Constraint + } + } + + return compiled } func (cls ConstrainedLabels) labelNames() []string { @@ -92,18 +100,36 @@ func (cls ConstrainedLabels) labelNames() []string { // } type UnconstrainedLabels []string -func (uls UnconstrainedLabels) constrainedLabels() ConstrainedLabels { - constrainedLabels := make([]ConstrainedLabel, len(uls)) - for i, l := range uls { - constrainedLabels[i] = ConstrainedLabel{Name: l} +func (uls UnconstrainedLabels) compile() *compiledLabels { + return &compiledLabels{ + names: uls, } - return constrainedLabels } func (uls UnconstrainedLabels) labelNames() []string { return uls } +type compiledLabels struct { + names []string + labelConstraints map[string]LabelConstraint +} + +func (cls *compiledLabels) compile() *compiledLabels { + return cls +} + +func (cls *compiledLabels) labelNames() []string { + return cls.names +} + +func (cls *compiledLabels) constrain(labelName, value string) string { + if fn, ok := cls.labelConstraints[labelName]; ok && fn != nil { + return fn(value) + } + return value +} + // reservedLabelPrefix is a prefix which is not legal in user-supplied // label names. const reservedLabelPrefix = "__" diff --git a/vendor/github.com/prometheus/client_golang/prometheus/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/metric.go index 07bbc9d7687..f018e57237d 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/metric.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/metric.go @@ -92,6 +92,9 @@ type Opts struct { // machine_role metric). See also // https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels ConstLabels Labels + + // now is for testing purposes, by default it's time.Now. + now func() time.Time } // BuildFQName joins the given three name components by "_". Empty name diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go index 3793036ad09..356edb7868c 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go @@ -389,15 +389,12 @@ func isLabelCurried(c prometheus.Collector, label string) bool { return true } -// emptyLabels is a one-time allocation for non-partitioned metrics to avoid -// unnecessary allocations on each request. -var emptyLabels = prometheus.Labels{} - func labels(code, method bool, reqMethod string, status int, extraMethods ...string) prometheus.Labels { + labels := prometheus.Labels{} + if !(code || method) { - return emptyLabels + return labels } - labels := prometheus.Labels{} if code { labels["code"] = sanitizeCode(status) diff --git a/vendor/github.com/prometheus/client_golang/prometheus/registry.go b/vendor/github.com/prometheus/client_golang/prometheus/registry.go index 44da9433bee..5e2ced25a02 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/registry.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/registry.go @@ -548,7 +548,7 @@ func (r *Registry) Gather() ([]*dto.MetricFamily, error) { goroutineBudget-- runtime.Gosched() } - // Once both checkedMetricChan and uncheckdMetricChan are closed + // Once both checkedMetricChan and uncheckedMetricChan are closed // and drained, the contraption above will nil out cmc and umc, // and then we can leave the collect loop here. if cmc == nil && umc == nil { @@ -963,9 +963,9 @@ func checkDescConsistency( // Is the desc consistent with the content of the metric? lpsFromDesc := make([]*dto.LabelPair, len(desc.constLabelPairs), len(dtoMetric.Label)) copy(lpsFromDesc, desc.constLabelPairs) - for _, l := range desc.variableLabels { + for _, l := range desc.variableLabels.names { lpsFromDesc = append(lpsFromDesc, &dto.LabelPair{ - Name: proto.String(l.Name), + Name: proto.String(l), }) } if len(lpsFromDesc) != len(dtoMetric.Label) { diff --git a/vendor/github.com/prometheus/client_golang/prometheus/summary.go b/vendor/github.com/prometheus/client_golang/prometheus/summary.go index dd359264e59..1462704446c 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/summary.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/summary.go @@ -26,6 +26,7 @@ import ( "github.com/beorn7/perks/quantile" "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/timestamppb" ) // quantileLabel is used for the label that defines the quantile in a @@ -145,6 +146,9 @@ type SummaryOpts struct { // is the internal buffer size of the underlying package // "github.com/bmizerany/perks/quantile"). BufCap uint32 + + // now is for testing purposes, by default it's time.Now. + now func() time.Time } // SummaryVecOpts bundles the options to create a SummaryVec metric. @@ -154,7 +158,7 @@ type SummaryVecOpts struct { SummaryOpts // VariableLabels are used to partition the metric vector by the given set - // of labels. Each label value will be constrained with the optional Contraint + // of labels. Each label value will be constrained with the optional Constraint // function, if provided. VariableLabels ConstrainableLabels } @@ -188,12 +192,12 @@ func NewSummary(opts SummaryOpts) Summary { } func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary { - if len(desc.variableLabels) != len(labelValues) { - panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues)) + if len(desc.variableLabels.names) != len(labelValues) { + panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, labelValues)) } - for _, n := range desc.variableLabels { - if n.Name == quantileLabel { + for _, n := range desc.variableLabels.names { + if n == quantileLabel { panic(errQuantileLabelNotAllowed) } } @@ -222,6 +226,9 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary { opts.BufCap = DefBufCap } + if opts.now == nil { + opts.now = time.Now + } if len(opts.Objectives) == 0 { // Use the lock-free implementation of a Summary without objectives. s := &noObjectivesSummary{ @@ -230,6 +237,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary { counts: [2]*summaryCounts{{}, {}}, } s.init(s) // Init self-collection. + s.createdTs = timestamppb.New(opts.now()) return s } @@ -245,7 +253,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary { coldBuf: make([]float64, 0, opts.BufCap), streamDuration: opts.MaxAge / time.Duration(opts.AgeBuckets), } - s.headStreamExpTime = time.Now().Add(s.streamDuration) + s.headStreamExpTime = opts.now().Add(s.streamDuration) s.hotBufExpTime = s.headStreamExpTime for i := uint32(0); i < opts.AgeBuckets; i++ { @@ -259,6 +267,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary { sort.Float64s(s.sortedObjectives) s.init(s) // Init self-collection. + s.createdTs = timestamppb.New(opts.now()) return s } @@ -286,6 +295,8 @@ type summary struct { headStream *quantile.Stream headStreamIdx int headStreamExpTime, hotBufExpTime time.Time + + createdTs *timestamppb.Timestamp } func (s *summary) Desc() *Desc { @@ -307,7 +318,9 @@ func (s *summary) Observe(v float64) { } func (s *summary) Write(out *dto.Metric) error { - sum := &dto.Summary{} + sum := &dto.Summary{ + CreatedTimestamp: s.createdTs, + } qs := make([]*dto.Quantile, 0, len(s.objectives)) s.bufMtx.Lock() @@ -440,6 +453,8 @@ type noObjectivesSummary struct { counts [2]*summaryCounts labelPairs []*dto.LabelPair + + createdTs *timestamppb.Timestamp } func (s *noObjectivesSummary) Desc() *Desc { @@ -490,8 +505,9 @@ func (s *noObjectivesSummary) Write(out *dto.Metric) error { } sum := &dto.Summary{ - SampleCount: proto.Uint64(count), - SampleSum: proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))), + SampleCount: proto.Uint64(count), + SampleSum: proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))), + CreatedTimestamp: s.createdTs, } out.Summary = sum @@ -681,6 +697,7 @@ type constSummary struct { sum float64 quantiles map[float64]float64 labelPairs []*dto.LabelPair + createdTs *timestamppb.Timestamp } func (s *constSummary) Desc() *Desc { @@ -688,7 +705,9 @@ func (s *constSummary) Desc() *Desc { } func (s *constSummary) Write(out *dto.Metric) error { - sum := &dto.Summary{} + sum := &dto.Summary{ + CreatedTimestamp: s.createdTs, + } qs := make([]*dto.Quantile, 0, len(s.quantiles)) sum.SampleCount = proto.Uint64(s.count) @@ -737,7 +756,7 @@ func NewConstSummary( if desc.err != nil { return nil, desc.err } - if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil { + if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil { return nil, err } return &constSummary{ diff --git a/vendor/github.com/prometheus/client_golang/prometheus/value.go b/vendor/github.com/prometheus/client_golang/prometheus/value.go index 5f6bb80014d..cc23011fad2 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/value.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/value.go @@ -14,6 +14,7 @@ package prometheus import ( + "errors" "fmt" "sort" "time" @@ -91,7 +92,7 @@ func (v *valueFunc) Desc() *Desc { } func (v *valueFunc) Write(out *dto.Metric) error { - return populateMetric(v.valType, v.function(), v.labelPairs, nil, out) + return populateMetric(v.valType, v.function(), v.labelPairs, nil, out, nil) } // NewConstMetric returns a metric with one fixed value that cannot be @@ -105,12 +106,12 @@ func NewConstMetric(desc *Desc, valueType ValueType, value float64, labelValues if desc.err != nil { return nil, desc.err } - if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil { + if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil { return nil, err } metric := &dto.Metric{} - if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric); err != nil { + if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric, nil); err != nil { return nil, err } @@ -130,6 +131,43 @@ func MustNewConstMetric(desc *Desc, valueType ValueType, value float64, labelVal return m } +// NewConstMetricWithCreatedTimestamp does the same thing as NewConstMetric, but generates Counters +// with created timestamp set and returns an error for other metric types. +func NewConstMetricWithCreatedTimestamp(desc *Desc, valueType ValueType, value float64, ct time.Time, labelValues ...string) (Metric, error) { + if desc.err != nil { + return nil, desc.err + } + if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil { + return nil, err + } + switch valueType { + case CounterValue: + break + default: + return nil, errors.New("created timestamps are only supported for counters") + } + + metric := &dto.Metric{} + if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric, timestamppb.New(ct)); err != nil { + return nil, err + } + + return &constMetric{ + desc: desc, + metric: metric, + }, nil +} + +// MustNewConstMetricWithCreatedTimestamp is a version of NewConstMetricWithCreatedTimestamp that panics where +// NewConstMetricWithCreatedTimestamp would have returned an error. +func MustNewConstMetricWithCreatedTimestamp(desc *Desc, valueType ValueType, value float64, ct time.Time, labelValues ...string) Metric { + m, err := NewConstMetricWithCreatedTimestamp(desc, valueType, value, ct, labelValues...) + if err != nil { + panic(err) + } + return m +} + type constMetric struct { desc *Desc metric *dto.Metric @@ -153,11 +191,12 @@ func populateMetric( labelPairs []*dto.LabelPair, e *dto.Exemplar, m *dto.Metric, + ct *timestamppb.Timestamp, ) error { m.Label = labelPairs switch t { case CounterValue: - m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e} + m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e, CreatedTimestamp: ct} case GaugeValue: m.Gauge = &dto.Gauge{Value: proto.Float64(v)} case UntypedValue: @@ -176,19 +215,19 @@ func populateMetric( // This function is only needed for custom Metric implementations. See MetricVec // example. func MakeLabelPairs(desc *Desc, labelValues []string) []*dto.LabelPair { - totalLen := len(desc.variableLabels) + len(desc.constLabelPairs) + totalLen := len(desc.variableLabels.names) + len(desc.constLabelPairs) if totalLen == 0 { // Super fast path. return nil } - if len(desc.variableLabels) == 0 { + if len(desc.variableLabels.names) == 0 { // Moderately fast path. return desc.constLabelPairs } labelPairs := make([]*dto.LabelPair, 0, totalLen) - for i, l := range desc.variableLabels { + for i, l := range desc.variableLabels.names { labelPairs = append(labelPairs, &dto.LabelPair{ - Name: proto.String(l.Name), + Name: proto.String(l), Value: proto.String(labelValues[i]), }) } diff --git a/vendor/github.com/prometheus/client_golang/prometheus/vec.go b/vendor/github.com/prometheus/client_golang/prometheus/vec.go index f0d0015a0ff..955cfd59f83 100644 --- a/vendor/github.com/prometheus/client_golang/prometheus/vec.go +++ b/vendor/github.com/prometheus/client_golang/prometheus/vec.go @@ -20,24 +20,6 @@ import ( "github.com/prometheus/common/model" ) -var labelsPool = &sync.Pool{ - New: func() interface{} { - return make(Labels) - }, -} - -func getLabelsFromPool() Labels { - return labelsPool.Get().(Labels) -} - -func putLabelsToPool(labels Labels) { - for k := range labels { - delete(labels, k) - } - - labelsPool.Put(labels) -} - // MetricVec is a Collector to bundle metrics of the same name that differ in // their label values. MetricVec is not used directly but as a building block // for implementations of vectors of a given metric type, like GaugeVec, @@ -91,6 +73,7 @@ func NewMetricVec(desc *Desc, newMetric func(lvs ...string) Metric) *MetricVec { // See also the CounterVec example. func (m *MetricVec) DeleteLabelValues(lvs ...string) bool { lvs = constrainLabelValues(m.desc, lvs, m.curry) + h, err := m.hashLabelValues(lvs) if err != nil { return false @@ -110,8 +93,8 @@ func (m *MetricVec) DeleteLabelValues(lvs ...string) bool { // This method is used for the same purpose as DeleteLabelValues(...string). See // there for pros and cons of the two methods. func (m *MetricVec) Delete(labels Labels) bool { - labels = constrainLabels(m.desc, labels) - defer putLabelsToPool(labels) + labels, closer := constrainLabels(m.desc, labels) + defer closer() h, err := m.hashLabels(labels) if err != nil { @@ -128,8 +111,8 @@ func (m *MetricVec) Delete(labels Labels) bool { // Note that curried labels will never be matched if deleting from the curried vector. // To match curried labels with DeletePartialMatch, it must be called on the base vector. func (m *MetricVec) DeletePartialMatch(labels Labels) int { - labels = constrainLabels(m.desc, labels) - defer putLabelsToPool(labels) + labels, closer := constrainLabels(m.desc, labels) + defer closer() return m.metricMap.deleteByLabels(labels, m.curry) } @@ -169,11 +152,11 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) { oldCurry = m.curry iCurry int ) - for i, label := range m.desc.variableLabels { - val, ok := labels[label.Name] + for i, labelName := range m.desc.variableLabels.names { + val, ok := labels[labelName] if iCurry < len(oldCurry) && oldCurry[iCurry].index == i { if ok { - return nil, fmt.Errorf("label name %q is already curried", label.Name) + return nil, fmt.Errorf("label name %q is already curried", labelName) } newCurry = append(newCurry, oldCurry[iCurry]) iCurry++ @@ -181,7 +164,10 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) { if !ok { continue // Label stays uncurried. } - newCurry = append(newCurry, curriedLabelValue{i, label.Constrain(val)}) + newCurry = append(newCurry, curriedLabelValue{ + i, + m.desc.variableLabels.constrain(labelName, val), + }) } } if l := len(oldCurry) + len(labels) - len(newCurry); l > 0 { @@ -250,8 +236,8 @@ func (m *MetricVec) GetMetricWithLabelValues(lvs ...string) (Metric, error) { // around MetricVec, implementing a vector for a specific Metric implementation, // for example GaugeVec. func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) { - labels = constrainLabels(m.desc, labels) - defer putLabelsToPool(labels) + labels, closer := constrainLabels(m.desc, labels) + defer closer() h, err := m.hashLabels(labels) if err != nil { @@ -262,7 +248,7 @@ func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) { } func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) { - if err := validateLabelValues(vals, len(m.desc.variableLabels)-len(m.curry)); err != nil { + if err := validateLabelValues(vals, len(m.desc.variableLabels.names)-len(m.curry)); err != nil { return 0, err } @@ -271,7 +257,7 @@ func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) { curry = m.curry iVals, iCurry int ) - for i := 0; i < len(m.desc.variableLabels); i++ { + for i := 0; i < len(m.desc.variableLabels.names); i++ { if iCurry < len(curry) && curry[iCurry].index == i { h = m.hashAdd(h, curry[iCurry].value) iCurry++ @@ -285,7 +271,7 @@ func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) { } func (m *MetricVec) hashLabels(labels Labels) (uint64, error) { - if err := validateValuesInLabels(labels, len(m.desc.variableLabels)-len(m.curry)); err != nil { + if err := validateValuesInLabels(labels, len(m.desc.variableLabels.names)-len(m.curry)); err != nil { return 0, err } @@ -294,17 +280,17 @@ func (m *MetricVec) hashLabels(labels Labels) (uint64, error) { curry = m.curry iCurry int ) - for i, label := range m.desc.variableLabels { - val, ok := labels[label.Name] + for i, labelName := range m.desc.variableLabels.names { + val, ok := labels[labelName] if iCurry < len(curry) && curry[iCurry].index == i { if ok { - return 0, fmt.Errorf("label name %q is already curried", label.Name) + return 0, fmt.Errorf("label name %q is already curried", labelName) } h = m.hashAdd(h, curry[iCurry].value) iCurry++ } else { if !ok { - return 0, fmt.Errorf("label name %q missing in label map", label.Name) + return 0, fmt.Errorf("label name %q missing in label map", labelName) } h = m.hashAdd(h, val) } @@ -482,7 +468,7 @@ func valueMatchesVariableOrCurriedValue(targetValue string, index int, values [] func matchPartialLabels(desc *Desc, values []string, labels Labels, curry []curriedLabelValue) bool { for l, v := range labels { // Check if the target label exists in our metrics and get the index. - varLabelIndex, validLabel := indexOf(l, desc.variableLabels.labelNames()) + varLabelIndex, validLabel := indexOf(l, desc.variableLabels.names) if validLabel { // Check the value of that label against the target value. // We don't consider curried values in partial matches. @@ -626,7 +612,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe return false } iCurry := 0 - for i, k := range desc.variableLabels { + for i, k := range desc.variableLabels.names { if iCurry < len(curry) && curry[iCurry].index == i { if values[i] != curry[iCurry].value { return false @@ -634,7 +620,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe iCurry++ continue } - if values[i] != labels[k.Name] { + if values[i] != labels[k] { return false } } @@ -644,13 +630,13 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe func extractLabelValues(desc *Desc, labels Labels, curry []curriedLabelValue) []string { labelValues := make([]string, len(labels)+len(curry)) iCurry := 0 - for i, k := range desc.variableLabels { + for i, k := range desc.variableLabels.names { if iCurry < len(curry) && curry[iCurry].index == i { labelValues[i] = curry[iCurry].value iCurry++ continue } - labelValues[i] = labels[k.Name] + labelValues[i] = labels[k] } return labelValues } @@ -670,20 +656,37 @@ func inlineLabelValues(lvs []string, curry []curriedLabelValue) []string { return labelValues } -func constrainLabels(desc *Desc, labels Labels) Labels { - constrainedLabels := getLabelsFromPool() - for l, v := range labels { - if i, ok := indexOf(l, desc.variableLabels.labelNames()); ok { - v = desc.variableLabels[i].Constrain(v) - } +var labelsPool = &sync.Pool{ + New: func() interface{} { + return make(Labels) + }, +} - constrainedLabels[l] = v +func constrainLabels(desc *Desc, labels Labels) (Labels, func()) { + if len(desc.variableLabels.labelConstraints) == 0 { + // Fast path when there's no constraints + return labels, func() {} } - return constrainedLabels + constrainedLabels := labelsPool.Get().(Labels) + for l, v := range labels { + constrainedLabels[l] = desc.variableLabels.constrain(l, v) + } + + return constrainedLabels, func() { + for k := range constrainedLabels { + delete(constrainedLabels, k) + } + labelsPool.Put(constrainedLabels) + } } func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) []string { + if len(desc.variableLabels.labelConstraints) == 0 { + // Fast path when there's no constraints + return lvs + } + constrainedValues := make([]string, len(lvs)) var iCurry, iLVs int for i := 0; i < len(lvs)+len(curry); i++ { @@ -692,8 +695,11 @@ func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) [ continue } - if i < len(desc.variableLabels) { - constrainedValues[iLVs] = desc.variableLabels[i].Constrain(lvs[iLVs]) + if i < len(desc.variableLabels.names) { + constrainedValues[iLVs] = desc.variableLabels.constrain( + desc.variableLabels.names[i], + lvs[iLVs], + ) } else { constrainedValues[iLVs] = lvs[iLVs] } diff --git a/vendor/github.com/prometheus/client_model/go/metrics.pb.go b/vendor/github.com/prometheus/client_model/go/metrics.pb.go index 2b5bca4b999..cee360db7f3 100644 --- a/vendor/github.com/prometheus/client_model/go/metrics.pb.go +++ b/vendor/github.com/prometheus/client_model/go/metrics.pb.go @@ -215,8 +215,9 @@ type Counter struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Value *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"` - Exemplar *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"` + Value *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"` + Exemplar *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"` + CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"` } func (x *Counter) Reset() { @@ -265,6 +266,13 @@ func (x *Counter) GetExemplar() *Exemplar { return nil } +func (x *Counter) GetCreatedTimestamp() *timestamppb.Timestamp { + if x != nil { + return x.CreatedTimestamp + } + return nil +} + type Quantile struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -325,9 +333,10 @@ type Summary struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - SampleCount *uint64 `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"` - SampleSum *float64 `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"` - Quantile []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"` + SampleCount *uint64 `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"` + SampleSum *float64 `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"` + Quantile []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"` + CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"` } func (x *Summary) Reset() { @@ -383,6 +392,13 @@ func (x *Summary) GetQuantile() []*Quantile { return nil } +func (x *Summary) GetCreatedTimestamp() *timestamppb.Timestamp { + if x != nil { + return x.CreatedTimestamp + } + return nil +} + type Untyped struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -439,7 +455,8 @@ type Histogram struct { SampleCountFloat *float64 `protobuf:"fixed64,4,opt,name=sample_count_float,json=sampleCountFloat" json:"sample_count_float,omitempty"` // Overrides sample_count if > 0. SampleSum *float64 `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"` // Buckets for the conventional histogram. - Bucket []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional. + Bucket []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional. + CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"` // schema defines the bucket schema. Currently, valid numbers are -4 <= n <= 8. // They are all for base-2 bucket schemas, where 1 is a bucket boundary in each case, and // then each power of two is divided into 2^n logarithmic buckets. @@ -457,6 +474,9 @@ type Histogram struct { NegativeDelta []int64 `protobuf:"zigzag64,10,rep,name=negative_delta,json=negativeDelta" json:"negative_delta,omitempty"` // Count delta of each bucket compared to previous one (or to zero for 1st bucket). NegativeCount []float64 `protobuf:"fixed64,11,rep,name=negative_count,json=negativeCount" json:"negative_count,omitempty"` // Absolute count of each bucket. // Positive buckets for the native histogram. + // Use a no-op span (offset 0, length 0) for a native histogram without any + // observations yet and with a zero_threshold of 0. Otherwise, it would be + // indistinguishable from a classic histogram. PositiveSpan []*BucketSpan `protobuf:"bytes,12,rep,name=positive_span,json=positiveSpan" json:"positive_span,omitempty"` // Use either "positive_delta" or "positive_count", the former for // regular histograms with integer counts, the latter for float @@ -525,6 +545,13 @@ func (x *Histogram) GetBucket() []*Bucket { return nil } +func (x *Histogram) GetCreatedTimestamp() *timestamppb.Timestamp { + if x != nil { + return x.CreatedTimestamp + } + return nil +} + func (x *Histogram) GetSchema() int32 { if x != nil && x.Schema != nil { return *x.Schema @@ -972,137 +999,151 @@ var file_io_prometheus_client_metrics_proto_rawDesc = []byte{ 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x1d, 0x0a, 0x05, 0x47, 0x61, 0x75, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x22, 0x5b, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, - 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d, - 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c, - 0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75, - 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75, - 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x87, 0x01, 0x0a, - 0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, + 0x65, 0x22, 0xa4, 0x01, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, + 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, + 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12, + 0x47, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, + 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54, + 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x3c, 0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e, + 0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, + 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61, + 0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, + 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, + 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, + 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75, + 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, + 0x12, 0x47, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, + 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74, + 0x79, 0x70, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xac, 0x05, 0x0a, 0x09, 0x48, + 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, - 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, - 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, - 0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75, - 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, + 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73, + 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, + 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, + 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, + 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b, + 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, + 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, + 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x47, + 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, + 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, + 0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, + 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72, 0x6f, 0x54, 0x68, 0x72, + 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x63, + 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x7a, 0x65, 0x72, 0x6f, + 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x01, 0x52, + 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, + 0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e, + 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, + 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, + 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, + 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, + 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d, + 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a, + 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, + 0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, + 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, + 0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, + 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x70, + 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x70, + 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0d, 0x20, + 0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, + 0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, + 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, + 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01, 0x0a, 0x06, 0x42, 0x75, + 0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, + 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, + 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, + 0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, + 0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, + 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70, 0x65, 0x72, 0x5f, 0x62, + 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x75, 0x70, 0x70, 0x65, + 0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, + 0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, + 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, + 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, + 0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, + 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x11, + 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67, + 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, + 0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12, 0x35, 0x0a, + 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75, - 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, - 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xe3, 0x04, 0x0a, 0x09, 0x48, 0x69, 0x73, 0x74, - 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, - 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, - 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, - 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x18, - 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, - 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, - 0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, - 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68, - 0x65, 0x6d, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65, - 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72, - 0x6f, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65, - 0x72, 0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, - 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72, - 0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x01, 0x52, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, - 0x6f, 0x61, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, - 0x73, 0x70, 0x61, 0x6e, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, + 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52, 0x05, 0x6c, + 0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, + 0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, + 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, + 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52, + 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, + 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x47, 0x61, 0x75, + 0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, - 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65, - 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, - 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03, - 0x28, 0x12, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74, - 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, - 0x75, 0x6e, 0x74, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, - 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69, - 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, - 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, - 0x6e, 0x52, 0x0c, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, - 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, - 0x61, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, - 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, - 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, - 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01, - 0x0a, 0x06, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75, - 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x0f, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, - 0x75, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, - 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x01, 0x52, 0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, - 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70, - 0x65, 0x72, 0x5f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, - 0x75, 0x70, 0x70, 0x65, 0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, - 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, + 0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, + 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x75, 0x6d, 0x6d, 0x61, + 0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x37, 0x0a, 0x07, 0x75, + 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, - 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, - 0x53, 0x70, 0x61, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, - 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, - 0x6e, 0x67, 0x74, 0x68, 0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, - 0x72, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, - 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, - 0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, - 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74, - 0x72, 0x69, 0x63, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, - 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, - 0x61, 0x69, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61, - 0x75, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70, - 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x2e, 0x47, 0x61, 0x75, 0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a, - 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, - 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, - 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, - 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53, - 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, - 0x37, 0x0a, 0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, - 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52, - 0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74, - 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, - 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, - 0x6e, 0x74, 0x2e, 0x48, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69, - 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d, - 0x65, 0x74, 0x72, 0x69, 0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x12, 0x0a, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, - 0x65, 0x6c, 0x70, 0x12, 0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, - 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74, - 0x72, 0x69, 0x63, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, - 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a, - 0x62, 0x0a, 0x0a, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, - 0x07, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41, - 0x55, 0x47, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59, - 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12, - 0x0d, 0x0a, 0x09, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13, - 0x0a, 0x0f, 0x47, 0x41, 0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, - 0x4d, 0x10, 0x05, 0x42, 0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, - 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, - 0x75, 0x73, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f, - 0x67, 0x6f, 0x3b, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, - 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, + 0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52, 0x07, 0x75, 0x6e, 0x74, + 0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, + 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, + 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x48, + 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, + 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x73, + 0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d, 0x65, 0x74, 0x72, 0x69, + 0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, + 0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x12, + 0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, + 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x52, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, + 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, + 0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a, 0x62, 0x0a, 0x0a, 0x4d, + 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, 0x55, + 0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41, 0x55, 0x47, 0x45, 0x10, + 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59, 0x10, 0x02, 0x12, 0x0b, + 0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x48, + 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x47, 0x41, + 0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x05, 0x42, + 0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, + 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2f, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f, 0x67, 0x6f, 0x3b, 0x69, + 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, } var ( @@ -1137,26 +1178,29 @@ var file_io_prometheus_client_metrics_proto_goTypes = []interface{}{ } var file_io_prometheus_client_metrics_proto_depIdxs = []int32{ 10, // 0: io.prometheus.client.Counter.exemplar:type_name -> io.prometheus.client.Exemplar - 4, // 1: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile - 8, // 2: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket - 9, // 3: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan - 9, // 4: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan - 10, // 5: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar - 1, // 6: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair - 13, // 7: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp - 1, // 8: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair - 2, // 9: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge - 3, // 10: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter - 5, // 11: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary - 6, // 12: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped - 7, // 13: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram - 0, // 14: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType - 11, // 15: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric - 16, // [16:16] is the sub-list for method output_type - 16, // [16:16] is the sub-list for method input_type - 16, // [16:16] is the sub-list for extension type_name - 16, // [16:16] is the sub-list for extension extendee - 0, // [0:16] is the sub-list for field type_name + 13, // 1: io.prometheus.client.Counter.created_timestamp:type_name -> google.protobuf.Timestamp + 4, // 2: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile + 13, // 3: io.prometheus.client.Summary.created_timestamp:type_name -> google.protobuf.Timestamp + 8, // 4: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket + 13, // 5: io.prometheus.client.Histogram.created_timestamp:type_name -> google.protobuf.Timestamp + 9, // 6: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan + 9, // 7: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan + 10, // 8: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar + 1, // 9: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair + 13, // 10: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp + 1, // 11: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair + 2, // 12: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge + 3, // 13: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter + 5, // 14: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary + 6, // 15: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped + 7, // 16: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram + 0, // 17: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType + 11, // 18: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric + 19, // [19:19] is the sub-list for method output_type + 19, // [19:19] is the sub-list for method input_type + 19, // [19:19] is the sub-list for extension type_name + 19, // [19:19] is the sub-list for extension extendee + 0, // [0:19] is the sub-list for field type_name } func init() { file_io_prometheus_client_metrics_proto_init() } diff --git a/vendor/github.com/prometheus/procfs/.golangci.yml b/vendor/github.com/prometheus/procfs/.golangci.yml index a197699a1ee..c24864a9273 100644 --- a/vendor/github.com/prometheus/procfs/.golangci.yml +++ b/vendor/github.com/prometheus/procfs/.golangci.yml @@ -2,6 +2,7 @@ linters: enable: - godot + - misspell - revive linter-settings: @@ -10,3 +11,5 @@ linter-settings: exclude: # Ignore "See: URL" - 'See:' + misspell: + locale: US diff --git a/vendor/github.com/prometheus/procfs/Makefile.common b/vendor/github.com/prometheus/procfs/Makefile.common index b111d256200..0ce7ea4612e 100644 --- a/vendor/github.com/prometheus/procfs/Makefile.common +++ b/vendor/github.com/prometheus/procfs/Makefile.common @@ -49,19 +49,19 @@ endif GOTEST := $(GO) test GOTEST_DIR := ifneq ($(CIRCLE_JOB),) -ifneq ($(shell which gotestsum),) +ifneq ($(shell command -v gotestsum > /dev/null),) GOTEST_DIR := test-results GOTEST := gotestsum --junitfile $(GOTEST_DIR)/unit-tests.xml -- endif endif -PROMU_VERSION ?= 0.14.0 +PROMU_VERSION ?= 0.15.0 PROMU_URL := https://github.com/prometheus/promu/releases/download/v$(PROMU_VERSION)/promu-$(PROMU_VERSION).$(GO_BUILD_PLATFORM).tar.gz SKIP_GOLANGCI_LINT := GOLANGCI_LINT := GOLANGCI_LINT_OPTS ?= -GOLANGCI_LINT_VERSION ?= v1.51.2 +GOLANGCI_LINT_VERSION ?= v1.53.3 # golangci-lint only supports linux, darwin and windows platforms on i386/amd64. # windows isn't included here because of the path separator being different. ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux darwin)) @@ -178,7 +178,7 @@ endif .PHONY: common-yamllint common-yamllint: @echo ">> running yamllint on all YAML files in the repository" -ifeq (, $(shell which yamllint)) +ifeq (, $(shell command -v yamllint > /dev/null)) @echo "yamllint not installed so skipping" else yamllint . diff --git a/vendor/github.com/prometheus/procfs/README.md b/vendor/github.com/prometheus/procfs/README.md index 43c37735a70..1224816c2ad 100644 --- a/vendor/github.com/prometheus/procfs/README.md +++ b/vendor/github.com/prometheus/procfs/README.md @@ -51,11 +51,11 @@ ensure the `fixtures` directory is up to date by removing the existing directory extracting the ttar file using `make fixtures/.unpacked` or just `make test`. ```bash -rm -rf fixtures +rm -rf testdata/fixtures make test ``` Next, make the required changes to the extracted files in the `fixtures` directory. When the changes are complete, run `make update_fixtures` to create a new `fixtures.ttar` file based on the updated `fixtures` directory. And finally, verify the changes using -`git diff fixtures.ttar`. +`git diff testdata/fixtures.ttar`. diff --git a/vendor/github.com/prometheus/procfs/arp.go b/vendor/github.com/prometheus/procfs/arp.go index 68f36e888f9..28783e2ddc6 100644 --- a/vendor/github.com/prometheus/procfs/arp.go +++ b/vendor/github.com/prometheus/procfs/arp.go @@ -55,7 +55,7 @@ type ARPEntry struct { func (fs FS) GatherARPEntries() ([]ARPEntry, error) { data, err := os.ReadFile(fs.proc.Path("net/arp")) if err != nil { - return nil, fmt.Errorf("error reading arp %q: %w", fs.proc.Path("net/arp"), err) + return nil, fmt.Errorf("%s: error reading arp %s: %w", ErrFileRead, fs.proc.Path("net/arp"), err) } return parseARPEntries(data) @@ -78,11 +78,11 @@ func parseARPEntries(data []byte) ([]ARPEntry, error) { } else if width == expectedDataWidth { entry, err := parseARPEntry(columns) if err != nil { - return []ARPEntry{}, fmt.Errorf("failed to parse ARP entry: %w", err) + return []ARPEntry{}, fmt.Errorf("%s: Failed to parse ARP entry: %v: %w", ErrFileParse, entry, err) } entries = append(entries, entry) } else { - return []ARPEntry{}, fmt.Errorf("%d columns were detected, but %d were expected", width, expectedDataWidth) + return []ARPEntry{}, fmt.Errorf("%s: %d columns found, but expected %d: %w", ErrFileParse, width, expectedDataWidth, err) } } diff --git a/vendor/github.com/prometheus/procfs/buddyinfo.go b/vendor/github.com/prometheus/procfs/buddyinfo.go index f5b7939b266..4a173636c96 100644 --- a/vendor/github.com/prometheus/procfs/buddyinfo.go +++ b/vendor/github.com/prometheus/procfs/buddyinfo.go @@ -55,7 +55,7 @@ func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) { parts := strings.Fields(line) if len(parts) < 4 { - return nil, fmt.Errorf("invalid number of fields when parsing buddyinfo") + return nil, fmt.Errorf("%w: Invalid number of fields, found: %v", ErrFileParse, parts) } node := strings.TrimRight(parts[1], ",") @@ -66,7 +66,7 @@ func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) { bucketCount = arraySize } else { if bucketCount != arraySize { - return nil, fmt.Errorf("mismatch in number of buddyinfo buckets, previous count %d, new count %d", bucketCount, arraySize) + return nil, fmt.Errorf("%w: mismatch in number of buddyinfo buckets, previous count %d, new count %d", ErrFileParse, bucketCount, arraySize) } } @@ -74,7 +74,7 @@ func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) { for i := 0; i < arraySize; i++ { sizes[i], err = strconv.ParseFloat(parts[i+4], 64) if err != nil { - return nil, fmt.Errorf("invalid value in buddyinfo: %w", err) + return nil, fmt.Errorf("%s: Invalid valid in buddyinfo: %f: %w", ErrFileParse, sizes[i], err) } } diff --git a/vendor/github.com/prometheus/procfs/cpuinfo.go b/vendor/github.com/prometheus/procfs/cpuinfo.go index 06968ca2ed4..f4f5501c68b 100644 --- a/vendor/github.com/prometheus/procfs/cpuinfo.go +++ b/vendor/github.com/prometheus/procfs/cpuinfo.go @@ -79,7 +79,7 @@ func parseCPUInfoX86(info []byte) ([]CPUInfo, error) { // find the first "processor" line firstLine := firstNonEmptyLine(scanner) if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") { - return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine) + return nil, fmt.Errorf("%w: Cannot parse line: %q", ErrFileParse, firstLine) } field := strings.SplitN(firstLine, ": ", 2) v, err := strconv.ParseUint(field[1], 0, 32) @@ -192,9 +192,10 @@ func parseCPUInfoARM(info []byte) ([]CPUInfo, error) { scanner := bufio.NewScanner(bytes.NewReader(info)) firstLine := firstNonEmptyLine(scanner) - match, _ := regexp.MatchString("^[Pp]rocessor", firstLine) + match, err := regexp.MatchString("^[Pp]rocessor", firstLine) if !match || !strings.Contains(firstLine, ":") { - return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine) + return nil, fmt.Errorf("%s: Cannot parse line: %q: %w", ErrFileParse, firstLine, err) + } field := strings.SplitN(firstLine, ": ", 2) cpuinfo := []CPUInfo{} @@ -258,7 +259,7 @@ func parseCPUInfoS390X(info []byte) ([]CPUInfo, error) { firstLine := firstNonEmptyLine(scanner) if !strings.HasPrefix(firstLine, "vendor_id") || !strings.Contains(firstLine, ":") { - return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine) + return nil, fmt.Errorf("%w: Cannot parse line: %q", ErrFileParse, firstLine) } field := strings.SplitN(firstLine, ": ", 2) cpuinfo := []CPUInfo{} @@ -283,7 +284,7 @@ func parseCPUInfoS390X(info []byte) ([]CPUInfo, error) { if strings.HasPrefix(line, "processor") { match := cpuinfoS390XProcessorRegexp.FindStringSubmatch(line) if len(match) < 2 { - return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine) + return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine) } cpu := commonCPUInfo v, err := strconv.ParseUint(match[1], 0, 32) @@ -343,7 +344,7 @@ func parseCPUInfoMips(info []byte) ([]CPUInfo, error) { // find the first "processor" line firstLine := firstNonEmptyLine(scanner) if !strings.HasPrefix(firstLine, "system type") || !strings.Contains(firstLine, ":") { - return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine) + return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine) } field := strings.SplitN(firstLine, ": ", 2) cpuinfo := []CPUInfo{} @@ -421,7 +422,7 @@ func parseCPUInfoPPC(info []byte) ([]CPUInfo, error) { firstLine := firstNonEmptyLine(scanner) if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") { - return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine) + return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine) } field := strings.SplitN(firstLine, ": ", 2) v, err := strconv.ParseUint(field[1], 0, 32) @@ -466,7 +467,7 @@ func parseCPUInfoRISCV(info []byte) ([]CPUInfo, error) { firstLine := firstNonEmptyLine(scanner) if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") { - return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine) + return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine) } field := strings.SplitN(firstLine, ": ", 2) v, err := strconv.ParseUint(field[1], 0, 32) diff --git a/vendor/github.com/prometheus/procfs/crypto.go b/vendor/github.com/prometheus/procfs/crypto.go index 5048ad1f214..9a73e263932 100644 --- a/vendor/github.com/prometheus/procfs/crypto.go +++ b/vendor/github.com/prometheus/procfs/crypto.go @@ -55,12 +55,13 @@ func (fs FS) Crypto() ([]Crypto, error) { path := fs.proc.Path("crypto") b, err := util.ReadFileNoStat(path) if err != nil { - return nil, fmt.Errorf("error reading crypto %q: %w", path, err) + return nil, fmt.Errorf("%s: Cannot read file %v: %w", ErrFileRead, b, err) + } crypto, err := parseCrypto(bytes.NewReader(b)) if err != nil { - return nil, fmt.Errorf("error parsing crypto %q: %w", path, err) + return nil, fmt.Errorf("%s: Cannot parse %v: %w", ErrFileParse, crypto, err) } return crypto, nil @@ -83,7 +84,7 @@ func parseCrypto(r io.Reader) ([]Crypto, error) { kv := strings.Split(text, ":") if len(kv) != 2 { - return nil, fmt.Errorf("malformed crypto line: %q", text) + return nil, fmt.Errorf("%w: Cannot parae line: %q", ErrFileParse, text) } k := strings.TrimSpace(kv[0]) diff --git a/vendor/github.com/prometheus/procfs/fs.go b/vendor/github.com/prometheus/procfs/fs.go index 60c551e026b..4980c875bfc 100644 --- a/vendor/github.com/prometheus/procfs/fs.go +++ b/vendor/github.com/prometheus/procfs/fs.go @@ -20,8 +20,8 @@ import ( // FS represents the pseudo-filesystem sys, which provides an interface to // kernel data structures. type FS struct { - proc fs.FS - real bool + proc fs.FS + isReal bool } // DefaultMountPoint is the common mount point of the proc filesystem. @@ -41,10 +41,10 @@ func NewFS(mountPoint string) (FS, error) { return FS{}, err } - real, err := isRealProc(mountPoint) + isReal, err := isRealProc(mountPoint) if err != nil { return FS{}, err } - return FS{fs, real}, nil + return FS{fs, isReal}, nil } diff --git a/vendor/github.com/prometheus/procfs/fs_statfs_notype.go b/vendor/github.com/prometheus/procfs/fs_statfs_notype.go index 80057696896..13d74e39571 100644 --- a/vendor/github.com/prometheus/procfs/fs_statfs_notype.go +++ b/vendor/github.com/prometheus/procfs/fs_statfs_notype.go @@ -11,8 +11,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -//go:build netbsd || openbsd || solaris || windows -// +build netbsd openbsd solaris windows +//go:build netbsd || openbsd || solaris || windows || nostatfs +// +build netbsd openbsd solaris windows nostatfs package procfs diff --git a/vendor/github.com/prometheus/procfs/fs_statfs_type.go b/vendor/github.com/prometheus/procfs/fs_statfs_type.go index 6233217ad29..bee151445a0 100644 --- a/vendor/github.com/prometheus/procfs/fs_statfs_type.go +++ b/vendor/github.com/prometheus/procfs/fs_statfs_type.go @@ -11,8 +11,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -//go:build !netbsd && !openbsd && !solaris && !windows -// +build !netbsd,!openbsd,!solaris,!windows +//go:build !netbsd && !openbsd && !solaris && !windows && !nostatfs +// +build !netbsd,!openbsd,!solaris,!windows,!nostatfs package procfs diff --git a/vendor/github.com/prometheus/procfs/fscache.go b/vendor/github.com/prometheus/procfs/fscache.go index f8070e6e2be..f560a8db301 100644 --- a/vendor/github.com/prometheus/procfs/fscache.go +++ b/vendor/github.com/prometheus/procfs/fscache.go @@ -236,7 +236,7 @@ func (fs FS) Fscacheinfo() (Fscacheinfo, error) { m, err := parseFscacheinfo(bytes.NewReader(b)) if err != nil { - return Fscacheinfo{}, fmt.Errorf("failed to parse Fscacheinfo: %w", err) + return Fscacheinfo{}, fmt.Errorf("%s: Cannot parse %v: %w", ErrFileParse, m, err) } return *m, nil @@ -245,7 +245,7 @@ func (fs FS) Fscacheinfo() (Fscacheinfo, error) { func setFSCacheFields(fields []string, setFields ...*uint64) error { var err error if len(fields) < len(setFields) { - return fmt.Errorf("Insufficient number of fields, expected %v, got %v", len(setFields), len(fields)) + return fmt.Errorf("%s: Expected %d, but got %d: %w", ErrFileParse, len(setFields), len(fields), err) } for i := range setFields { @@ -263,7 +263,7 @@ func parseFscacheinfo(r io.Reader) (*Fscacheinfo, error) { for s.Scan() { fields := strings.Fields(s.Text()) if len(fields) < 2 { - return nil, fmt.Errorf("malformed Fscacheinfo line: %q", s.Text()) + return nil, fmt.Errorf("%w: malformed Fscacheinfo line: %q", ErrFileParse, s.Text()) } switch fields[0] { diff --git a/vendor/github.com/prometheus/procfs/ipvs.go b/vendor/github.com/prometheus/procfs/ipvs.go index 391c07957e9..5a145bbfe1f 100644 --- a/vendor/github.com/prometheus/procfs/ipvs.go +++ b/vendor/github.com/prometheus/procfs/ipvs.go @@ -221,15 +221,16 @@ func parseIPPort(s string) (net.IP, uint16, error) { case 46: ip = net.ParseIP(s[1:40]) if ip == nil { - return nil, 0, fmt.Errorf("invalid IPv6 address: %s", s[1:40]) + return nil, 0, fmt.Errorf("%s: Invalid IPv6 addr %s: %w", ErrFileParse, s[1:40], err) } default: - return nil, 0, fmt.Errorf("unexpected IP:Port: %s", s) + return nil, 0, fmt.Errorf("%s: Unexpected IP:Port %s: %w", ErrFileParse, s, err) } portString := s[len(s)-4:] if len(portString) != 4 { - return nil, 0, fmt.Errorf("unexpected port string format: %s", portString) + return nil, 0, + fmt.Errorf("%s: Unexpected port string format %s: %w", ErrFileParse, portString, err) } port, err := strconv.ParseUint(portString, 16, 16) if err != nil { diff --git a/vendor/github.com/prometheus/procfs/loadavg.go b/vendor/github.com/prometheus/procfs/loadavg.go index 0096cafbdf8..59465c5bbcb 100644 --- a/vendor/github.com/prometheus/procfs/loadavg.go +++ b/vendor/github.com/prometheus/procfs/loadavg.go @@ -44,14 +44,14 @@ func parseLoad(loadavgBytes []byte) (*LoadAvg, error) { loads := make([]float64, 3) parts := strings.Fields(string(loadavgBytes)) if len(parts) < 3 { - return nil, fmt.Errorf("malformed loadavg line: too few fields in loadavg string: %q", string(loadavgBytes)) + return nil, fmt.Errorf("%w: Malformed line %q", ErrFileParse, string(loadavgBytes)) } var err error for i, load := range parts[0:3] { loads[i], err = strconv.ParseFloat(load, 64) if err != nil { - return nil, fmt.Errorf("could not parse load %q: %w", load, err) + return nil, fmt.Errorf("%s: Cannot parse load: %f: %w", ErrFileParse, loads[i], err) } } return &LoadAvg{ diff --git a/vendor/github.com/prometheus/procfs/mdstat.go b/vendor/github.com/prometheus/procfs/mdstat.go index a95c889cb9e..fdd4b95445b 100644 --- a/vendor/github.com/prometheus/procfs/mdstat.go +++ b/vendor/github.com/prometheus/procfs/mdstat.go @@ -70,7 +70,7 @@ func (fs FS) MDStat() ([]MDStat, error) { } mdstat, err := parseMDStat(data) if err != nil { - return nil, fmt.Errorf("error parsing mdstat %q: %w", fs.proc.Path("mdstat"), err) + return nil, fmt.Errorf("%s: Cannot parse %v: %w", ErrFileParse, fs.proc.Path("mdstat"), err) } return mdstat, nil } @@ -90,13 +90,13 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) { deviceFields := strings.Fields(line) if len(deviceFields) < 3 { - return nil, fmt.Errorf("not enough fields in mdline (expected at least 3): %s", line) + return nil, fmt.Errorf("%s: Expected 3+ lines, got %q", ErrFileParse, line) } mdName := deviceFields[0] // mdx state := deviceFields[2] // active or inactive if len(lines) <= i+3 { - return nil, fmt.Errorf("error parsing %q: too few lines for md device", mdName) + return nil, fmt.Errorf("%w: Too few lines for md device: %q", ErrFileParse, mdName) } // Failed disks have the suffix (F) & Spare disks have the suffix (S). @@ -105,7 +105,7 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) { active, total, down, size, err := evalStatusLine(lines[i], lines[i+1]) if err != nil { - return nil, fmt.Errorf("error parsing md device lines: %w", err) + return nil, fmt.Errorf("%s: Cannot parse md device lines: %v: %w", ErrFileParse, active, err) } syncLineIdx := i + 2 @@ -140,7 +140,7 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) { } else { syncedBlocks, pct, finish, speed, err = evalRecoveryLine(lines[syncLineIdx]) if err != nil { - return nil, fmt.Errorf("error parsing sync line in md device %q: %w", mdName, err) + return nil, fmt.Errorf("%s: Cannot parse sync line in md device: %q: %w", ErrFileParse, mdName, err) } } } @@ -168,13 +168,13 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) { func evalStatusLine(deviceLine, statusLine string) (active, total, down, size int64, err error) { statusFields := strings.Fields(statusLine) if len(statusFields) < 1 { - return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q", statusLine) + return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected statusline %q: %w", ErrFileParse, statusLine, err) } sizeStr := statusFields[0] size, err = strconv.ParseInt(sizeStr, 10, 64) if err != nil { - return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err) + return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected statusline %q: %w", ErrFileParse, statusLine, err) } if strings.Contains(deviceLine, "raid0") || strings.Contains(deviceLine, "linear") { @@ -189,17 +189,17 @@ func evalStatusLine(deviceLine, statusLine string) (active, total, down, size in matches := statusLineRE.FindStringSubmatch(statusLine) if len(matches) != 5 { - return 0, 0, 0, 0, fmt.Errorf("couldn't find all the substring matches: %s", statusLine) + return 0, 0, 0, 0, fmt.Errorf("%s: Could not fild all substring matches %s: %w", ErrFileParse, statusLine, err) } total, err = strconv.ParseInt(matches[2], 10, 64) if err != nil { - return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err) + return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected statusline %q: %w", ErrFileParse, statusLine, err) } active, err = strconv.ParseInt(matches[3], 10, 64) if err != nil { - return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err) + return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected active %d: %w", ErrFileParse, active, err) } down = int64(strings.Count(matches[4], "_")) @@ -209,42 +209,42 @@ func evalStatusLine(deviceLine, statusLine string) (active, total, down, size in func evalRecoveryLine(recoveryLine string) (syncedBlocks int64, pct float64, finish float64, speed float64, err error) { matches := recoveryLineBlocksRE.FindStringSubmatch(recoveryLine) if len(matches) != 2 { - return 0, 0, 0, 0, fmt.Errorf("unexpected recoveryLine: %s", recoveryLine) + return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected recoveryLine %s: %w", ErrFileParse, recoveryLine, err) } syncedBlocks, err = strconv.ParseInt(matches[1], 10, 64) if err != nil { - return 0, 0, 0, 0, fmt.Errorf("error parsing int from recoveryLine %q: %w", recoveryLine, err) + return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected parsing of recoveryLine %q: %w", ErrFileParse, recoveryLine, err) } // Get percentage complete matches = recoveryLinePctRE.FindStringSubmatch(recoveryLine) if len(matches) != 2 { - return syncedBlocks, 0, 0, 0, fmt.Errorf("unexpected recoveryLine matching percentage: %s", recoveryLine) + return syncedBlocks, 0, 0, 0, fmt.Errorf("%w: Unexpected recoveryLine matching percentage %s", ErrFileParse, recoveryLine) } pct, err = strconv.ParseFloat(strings.TrimSpace(matches[1]), 64) if err != nil { - return syncedBlocks, 0, 0, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err) + return syncedBlocks, 0, 0, 0, fmt.Errorf("%w: Error parsing float from recoveryLine %q", ErrFileParse, recoveryLine) } // Get time expected left to complete matches = recoveryLineFinishRE.FindStringSubmatch(recoveryLine) if len(matches) != 2 { - return syncedBlocks, pct, 0, 0, fmt.Errorf("unexpected recoveryLine matching est. finish time: %s", recoveryLine) + return syncedBlocks, pct, 0, 0, fmt.Errorf("%w: Unexpected recoveryLine matching est. finish time: %s", ErrFileParse, recoveryLine) } finish, err = strconv.ParseFloat(matches[1], 64) if err != nil { - return syncedBlocks, pct, 0, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err) + return syncedBlocks, pct, 0, 0, fmt.Errorf("%w: Unable to parse float from recoveryLine: %q", ErrFileParse, recoveryLine) } // Get recovery speed matches = recoveryLineSpeedRE.FindStringSubmatch(recoveryLine) if len(matches) != 2 { - return syncedBlocks, pct, finish, 0, fmt.Errorf("unexpected recoveryLine matching speed: %s", recoveryLine) + return syncedBlocks, pct, finish, 0, fmt.Errorf("%w: Unexpected recoveryLine value: %s", ErrFileParse, recoveryLine) } speed, err = strconv.ParseFloat(matches[1], 64) if err != nil { - return syncedBlocks, pct, finish, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err) + return syncedBlocks, pct, finish, 0, fmt.Errorf("%s: Error parsing float from recoveryLine: %q: %w", ErrFileParse, recoveryLine, err) } return syncedBlocks, pct, finish, speed, nil diff --git a/vendor/github.com/prometheus/procfs/meminfo.go b/vendor/github.com/prometheus/procfs/meminfo.go index f65e174e57b..eaf00e22482 100644 --- a/vendor/github.com/prometheus/procfs/meminfo.go +++ b/vendor/github.com/prometheus/procfs/meminfo.go @@ -152,7 +152,7 @@ func (fs FS) Meminfo() (Meminfo, error) { m, err := parseMemInfo(bytes.NewReader(b)) if err != nil { - return Meminfo{}, fmt.Errorf("failed to parse meminfo: %w", err) + return Meminfo{}, fmt.Errorf("%s: %w", ErrFileParse, err) } return *m, nil @@ -165,7 +165,7 @@ func parseMemInfo(r io.Reader) (*Meminfo, error) { // Each line has at least a name and value; we ignore the unit. fields := strings.Fields(s.Text()) if len(fields) < 2 { - return nil, fmt.Errorf("malformed meminfo line: %q", s.Text()) + return nil, fmt.Errorf("%w: Malformed line %q", ErrFileParse, s.Text()) } v, err := strconv.ParseUint(fields[1], 0, 64) diff --git a/vendor/github.com/prometheus/procfs/mountinfo.go b/vendor/github.com/prometheus/procfs/mountinfo.go index 59f4d505583..388ebf396d5 100644 --- a/vendor/github.com/prometheus/procfs/mountinfo.go +++ b/vendor/github.com/prometheus/procfs/mountinfo.go @@ -78,11 +78,11 @@ func parseMountInfoString(mountString string) (*MountInfo, error) { mountInfo := strings.Split(mountString, " ") mountInfoLength := len(mountInfo) if mountInfoLength < 10 { - return nil, fmt.Errorf("couldn't find enough fields in mount string: %s", mountString) + return nil, fmt.Errorf("%w: Too few fields in mount string: %s", ErrFileParse, mountString) } if mountInfo[mountInfoLength-4] != "-" { - return nil, fmt.Errorf("couldn't find separator in expected field: %s", mountInfo[mountInfoLength-4]) + return nil, fmt.Errorf("%w: couldn't find separator in expected field: %s", ErrFileParse, mountInfo[mountInfoLength-4]) } mount := &MountInfo{ @@ -98,18 +98,18 @@ func parseMountInfoString(mountString string) (*MountInfo, error) { mount.MountID, err = strconv.Atoi(mountInfo[0]) if err != nil { - return nil, fmt.Errorf("failed to parse mount ID") + return nil, fmt.Errorf("%w: mount ID: %q", ErrFileParse, mount.MountID) } mount.ParentID, err = strconv.Atoi(mountInfo[1]) if err != nil { - return nil, fmt.Errorf("failed to parse parent ID") + return nil, fmt.Errorf("%w: parent ID: %q", ErrFileParse, mount.ParentID) } // Has optional fields, which is a space separated list of values. // Example: shared:2 master:7 if mountInfo[6] != "" { mount.OptionalFields, err = mountOptionsParseOptionalFields(mountInfo[6 : mountInfoLength-4]) if err != nil { - return nil, err + return nil, fmt.Errorf("%s: %w", ErrFileParse, err) } } return mount, nil diff --git a/vendor/github.com/prometheus/procfs/mountstats.go b/vendor/github.com/prometheus/procfs/mountstats.go index 7f68890cff1..852c8c4a0e4 100644 --- a/vendor/github.com/prometheus/procfs/mountstats.go +++ b/vendor/github.com/prometheus/procfs/mountstats.go @@ -266,7 +266,7 @@ func parseMountStats(r io.Reader) ([]*Mount, error) { if len(ss) > deviceEntryLen { // Only NFSv3 and v4 are supported for parsing statistics if m.Type != nfs3Type && m.Type != nfs4Type { - return nil, fmt.Errorf("cannot parse MountStats for fstype %q", m.Type) + return nil, fmt.Errorf("%w: Cannot parse MountStats for %q", ErrFileParse, m.Type) } statVersion := strings.TrimPrefix(ss[8], statVersionPrefix) @@ -290,7 +290,7 @@ func parseMountStats(r io.Reader) ([]*Mount, error) { // device [device] mounted on [mount] with fstype [type] func parseMount(ss []string) (*Mount, error) { if len(ss) < deviceEntryLen { - return nil, fmt.Errorf("invalid device entry: %v", ss) + return nil, fmt.Errorf("%w: Invalid device %q", ErrFileParse, ss) } // Check for specific words appearing at specific indices to ensure @@ -308,7 +308,7 @@ func parseMount(ss []string) (*Mount, error) { for _, f := range format { if ss[f.i] != f.s { - return nil, fmt.Errorf("invalid device entry: %v", ss) + return nil, fmt.Errorf("%w: Invalid device %q", ErrFileParse, ss) } } @@ -345,7 +345,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e switch ss[0] { case fieldOpts: if len(ss) < 2 { - return nil, fmt.Errorf("not enough information for NFS stats: %v", ss) + return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss) } if stats.Opts == nil { stats.Opts = map[string]string{} @@ -360,7 +360,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e } case fieldAge: if len(ss) < 2 { - return nil, fmt.Errorf("not enough information for NFS stats: %v", ss) + return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss) } // Age integer is in seconds d, err := time.ParseDuration(ss[1] + "s") @@ -371,7 +371,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e stats.Age = d case fieldBytes: if len(ss) < 2 { - return nil, fmt.Errorf("not enough information for NFS stats: %v", ss) + return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss) } bstats, err := parseNFSBytesStats(ss[1:]) if err != nil { @@ -381,7 +381,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e stats.Bytes = *bstats case fieldEvents: if len(ss) < 2 { - return nil, fmt.Errorf("not enough information for NFS stats: %v", ss) + return nil, fmt.Errorf("%w: Incomplete information for NFS events: %v", ErrFileParse, ss) } estats, err := parseNFSEventsStats(ss[1:]) if err != nil { @@ -391,7 +391,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e stats.Events = *estats case fieldTransport: if len(ss) < 3 { - return nil, fmt.Errorf("not enough information for NFS transport stats: %v", ss) + return nil, fmt.Errorf("%w: Incomplete information for NFS transport stats: %v", ErrFileParse, ss) } tstats, err := parseNFSTransportStats(ss[1:], statVersion) @@ -430,7 +430,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e // integer fields. func parseNFSBytesStats(ss []string) (*NFSBytesStats, error) { if len(ss) != fieldBytesLen { - return nil, fmt.Errorf("invalid NFS bytes stats: %v", ss) + return nil, fmt.Errorf("%w: Invalid NFS bytes stats: %v", ErrFileParse, ss) } ns := make([]uint64, 0, fieldBytesLen) @@ -459,7 +459,7 @@ func parseNFSBytesStats(ss []string) (*NFSBytesStats, error) { // integer fields. func parseNFSEventsStats(ss []string) (*NFSEventsStats, error) { if len(ss) != fieldEventsLen { - return nil, fmt.Errorf("invalid NFS events stats: %v", ss) + return nil, fmt.Errorf("%w: invalid NFS events stats: %v", ErrFileParse, ss) } ns := make([]uint64, 0, fieldEventsLen) @@ -523,7 +523,7 @@ func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) { } if len(ss) < minFields { - return nil, fmt.Errorf("invalid NFS per-operations stats: %v", ss) + return nil, fmt.Errorf("%w: invalid NFS per-operations stats: %v", ErrFileParse, ss) } // Skip string operation name for integers @@ -576,10 +576,10 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats } else if protocol == "udp" { expectedLength = fieldTransport10UDPLen } else { - return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.0 statement: %v", protocol, ss) + return nil, fmt.Errorf("%w: Invalid NFS protocol \"%s\" in stats 1.0 statement: %v", ErrFileParse, protocol, ss) } if len(ss) != expectedLength { - return nil, fmt.Errorf("invalid NFS transport stats 1.0 statement: %v", ss) + return nil, fmt.Errorf("%w: Invalid NFS transport stats 1.0 statement: %v", ErrFileParse, ss) } case statVersion11: var expectedLength int @@ -588,13 +588,13 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats } else if protocol == "udp" { expectedLength = fieldTransport11UDPLen } else { - return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.1 statement: %v", protocol, ss) + return nil, fmt.Errorf("%w: invalid NFS protocol \"%s\" in stats 1.1 statement: %v", ErrFileParse, protocol, ss) } if len(ss) != expectedLength { - return nil, fmt.Errorf("invalid NFS transport stats 1.1 statement: %v", ss) + return nil, fmt.Errorf("%w: invalid NFS transport stats 1.1 statement: %v", ErrFileParse, ss) } default: - return nil, fmt.Errorf("unrecognized NFS transport stats version: %q", statVersion) + return nil, fmt.Errorf("%s: Unrecognized NFS transport stats version: %q", ErrFileParse, statVersion) } // Allocate enough for v1.1 stats since zero value for v1.1 stats will be okay diff --git a/vendor/github.com/prometheus/procfs/net_conntrackstat.go b/vendor/github.com/prometheus/procfs/net_conntrackstat.go index 64a0e946068..fdfa4561197 100644 --- a/vendor/github.com/prometheus/procfs/net_conntrackstat.go +++ b/vendor/github.com/prometheus/procfs/net_conntrackstat.go @@ -58,7 +58,7 @@ func readConntrackStat(path string) ([]ConntrackStatEntry, error) { stat, err := parseConntrackStat(bytes.NewReader(b)) if err != nil { - return nil, fmt.Errorf("failed to read conntrack stats from %q: %w", path, err) + return nil, fmt.Errorf("%s: Cannot read file: %v: %w", ErrFileRead, path, err) } return stat, nil @@ -86,11 +86,12 @@ func parseConntrackStat(r io.Reader) ([]ConntrackStatEntry, error) { func parseConntrackStatEntry(fields []string) (*ConntrackStatEntry, error) { entries, err := util.ParseHexUint64s(fields) if err != nil { - return nil, fmt.Errorf("invalid conntrackstat entry, couldn't parse fields: %s", err) + return nil, fmt.Errorf("%s: Cannot parse entry: %d: %w", ErrFileParse, entries, err) } numEntries := len(entries) if numEntries < 16 || numEntries > 17 { - return nil, fmt.Errorf("invalid conntrackstat entry, invalid number of fields: %d", numEntries) + return nil, + fmt.Errorf("%w: invalid conntrackstat entry, invalid number of fields: %d", ErrFileParse, numEntries) } stats := &ConntrackStatEntry{ diff --git a/vendor/github.com/prometheus/procfs/net_ip_socket.go b/vendor/github.com/prometheus/procfs/net_ip_socket.go index 7fd57d7f463..4da81ea577c 100644 --- a/vendor/github.com/prometheus/procfs/net_ip_socket.go +++ b/vendor/github.com/prometheus/procfs/net_ip_socket.go @@ -130,7 +130,7 @@ func parseIP(hexIP string) (net.IP, error) { var byteIP []byte byteIP, err := hex.DecodeString(hexIP) if err != nil { - return nil, fmt.Errorf("cannot parse address field in socket line %q", hexIP) + return nil, fmt.Errorf("%s: Cannot parse socket field in %q: %w", ErrFileParse, hexIP, err) } switch len(byteIP) { case 4: @@ -144,7 +144,7 @@ func parseIP(hexIP string) (net.IP, error) { } return i, nil default: - return nil, fmt.Errorf("Unable to parse IP %s", hexIP) + return nil, fmt.Errorf("%s: Unable to parse IP %s: %w", ErrFileParse, hexIP, nil) } } @@ -153,7 +153,8 @@ func parseNetIPSocketLine(fields []string) (*netIPSocketLine, error) { line := &netIPSocketLine{} if len(fields) < 10 { return nil, fmt.Errorf( - "cannot parse net socket line as it has less then 10 columns %q", + "%w: Less than 10 columns found %q", + ErrFileParse, strings.Join(fields, " "), ) } @@ -162,64 +163,65 @@ func parseNetIPSocketLine(fields []string) (*netIPSocketLine, error) { // sl s := strings.Split(fields[0], ":") if len(s) != 2 { - return nil, fmt.Errorf("cannot parse sl field in socket line %q", fields[0]) + return nil, fmt.Errorf("%w: Unable to parse sl field in line %q", ErrFileParse, fields[0]) } if line.Sl, err = strconv.ParseUint(s[0], 0, 64); err != nil { - return nil, fmt.Errorf("cannot parse sl value in socket line: %w", err) + return nil, fmt.Errorf("%s: Unable to parse sl field in %q: %w", ErrFileParse, line.Sl, err) } // local_address l := strings.Split(fields[1], ":") if len(l) != 2 { - return nil, fmt.Errorf("cannot parse local_address field in socket line %q", fields[1]) + return nil, fmt.Errorf("%w: Unable to parse local_address field in %q", ErrFileParse, fields[1]) } if line.LocalAddr, err = parseIP(l[0]); err != nil { return nil, err } if line.LocalPort, err = strconv.ParseUint(l[1], 16, 64); err != nil { - return nil, fmt.Errorf("cannot parse local_address port value in socket line: %w", err) + return nil, fmt.Errorf("%s: Unable to parse local_address port value line %q: %w", ErrFileParse, line.LocalPort, err) } // remote_address r := strings.Split(fields[2], ":") if len(r) != 2 { - return nil, fmt.Errorf("cannot parse rem_address field in socket line %q", fields[1]) + return nil, fmt.Errorf("%w: Unable to parse rem_address field in %q", ErrFileParse, fields[1]) } if line.RemAddr, err = parseIP(r[0]); err != nil { return nil, err } if line.RemPort, err = strconv.ParseUint(r[1], 16, 64); err != nil { - return nil, fmt.Errorf("cannot parse rem_address port value in socket line: %w", err) + return nil, fmt.Errorf("%s: Cannot parse rem_address port value in %q: %w", ErrFileParse, line.RemPort, err) } // st if line.St, err = strconv.ParseUint(fields[3], 16, 64); err != nil { - return nil, fmt.Errorf("cannot parse st value in socket line: %w", err) + return nil, fmt.Errorf("%s: Cannot parse st value in %q: %w", ErrFileParse, line.St, err) } // tx_queue and rx_queue q := strings.Split(fields[4], ":") if len(q) != 2 { return nil, fmt.Errorf( - "cannot parse tx/rx queues in socket line as it has a missing colon %q", + "%w: Missing colon for tx/rx queues in socket line %q", + ErrFileParse, fields[4], ) } if line.TxQueue, err = strconv.ParseUint(q[0], 16, 64); err != nil { - return nil, fmt.Errorf("cannot parse tx_queue value in socket line: %w", err) + return nil, fmt.Errorf("%s: Cannot parse tx_queue value in %q: %w", ErrFileParse, line.TxQueue, err) } if line.RxQueue, err = strconv.ParseUint(q[1], 16, 64); err != nil { - return nil, fmt.Errorf("cannot parse rx_queue value in socket line: %w", err) + return nil, fmt.Errorf("%s: Cannot parse trx_queue value in %q: %w", ErrFileParse, line.RxQueue, err) } // uid if line.UID, err = strconv.ParseUint(fields[7], 0, 64); err != nil { - return nil, fmt.Errorf("cannot parse uid value in socket line: %w", err) + return nil, fmt.Errorf("%s: Cannot parse UID value in %q: %w", ErrFileParse, line.UID, err) } // inode if line.Inode, err = strconv.ParseUint(fields[9], 0, 64); err != nil { - return nil, fmt.Errorf("cannot parse inode value in socket line: %w", err) + return nil, fmt.Errorf("%s: Cannot parse inode value in %q: %w", ErrFileParse, line.Inode, err) } return line, nil diff --git a/vendor/github.com/prometheus/procfs/net_protocols.go b/vendor/github.com/prometheus/procfs/net_protocols.go index 374b6f73f82..b6c77b709fa 100644 --- a/vendor/github.com/prometheus/procfs/net_protocols.go +++ b/vendor/github.com/prometheus/procfs/net_protocols.go @@ -131,7 +131,7 @@ func (ps NetProtocolStats) parseLine(rawLine string) (*NetProtocolStatLine, erro } else if fields[6] == disabled { line.Slab = false } else { - return nil, fmt.Errorf("unable to parse capability for protocol: %s", line.Name) + return nil, fmt.Errorf("%w: capability for protocol: %s", ErrFileParse, line.Name) } line.ModuleName = fields[7] @@ -173,7 +173,7 @@ func (pc *NetProtocolCapabilities) parseCapabilities(capabilities []string) erro } else if capabilities[i] == "n" { *capabilityFields[i] = false } else { - return fmt.Errorf("unable to parse capability block for protocol: position %d", i) + return fmt.Errorf("%w: capability block for protocol: position %d", ErrFileParse, i) } } return nil diff --git a/vendor/github.com/prometheus/procfs/net_route.go b/vendor/github.com/prometheus/procfs/net_route.go new file mode 100644 index 00000000000..deb7029fe1e --- /dev/null +++ b/vendor/github.com/prometheus/procfs/net_route.go @@ -0,0 +1,143 @@ +// Copyright 2023 The Prometheus Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package procfs + +import ( + "bufio" + "bytes" + "fmt" + "io" + "strconv" + "strings" + + "github.com/prometheus/procfs/internal/util" +) + +const ( + blackholeRepresentation string = "*" + blackholeIfaceName string = "blackhole" + routeLineColumns int = 11 +) + +// A NetRouteLine represents one line from net/route. +type NetRouteLine struct { + Iface string + Destination uint32 + Gateway uint32 + Flags uint32 + RefCnt uint32 + Use uint32 + Metric uint32 + Mask uint32 + MTU uint32 + Window uint32 + IRTT uint32 +} + +func (fs FS) NetRoute() ([]NetRouteLine, error) { + return readNetRoute(fs.proc.Path("net", "route")) +} + +func readNetRoute(path string) ([]NetRouteLine, error) { + b, err := util.ReadFileNoStat(path) + if err != nil { + return nil, err + } + + routelines, err := parseNetRoute(bytes.NewReader(b)) + if err != nil { + return nil, fmt.Errorf("failed to read net route from %s: %w", path, err) + } + return routelines, nil +} + +func parseNetRoute(r io.Reader) ([]NetRouteLine, error) { + var routelines []NetRouteLine + + scanner := bufio.NewScanner(r) + scanner.Scan() + for scanner.Scan() { + fields := strings.Fields(scanner.Text()) + routeline, err := parseNetRouteLine(fields) + if err != nil { + return nil, err + } + routelines = append(routelines, *routeline) + } + return routelines, nil +} + +func parseNetRouteLine(fields []string) (*NetRouteLine, error) { + if len(fields) != routeLineColumns { + return nil, fmt.Errorf("invalid routeline, num of digits: %d", len(fields)) + } + iface := fields[0] + if iface == blackholeRepresentation { + iface = blackholeIfaceName + } + destination, err := strconv.ParseUint(fields[1], 16, 32) + if err != nil { + return nil, err + } + gateway, err := strconv.ParseUint(fields[2], 16, 32) + if err != nil { + return nil, err + } + flags, err := strconv.ParseUint(fields[3], 10, 32) + if err != nil { + return nil, err + } + refcnt, err := strconv.ParseUint(fields[4], 10, 32) + if err != nil { + return nil, err + } + use, err := strconv.ParseUint(fields[5], 10, 32) + if err != nil { + return nil, err + } + metric, err := strconv.ParseUint(fields[6], 10, 32) + if err != nil { + return nil, err + } + mask, err := strconv.ParseUint(fields[7], 16, 32) + if err != nil { + return nil, err + } + mtu, err := strconv.ParseUint(fields[8], 10, 32) + if err != nil { + return nil, err + } + window, err := strconv.ParseUint(fields[9], 10, 32) + if err != nil { + return nil, err + } + irtt, err := strconv.ParseUint(fields[10], 10, 32) + if err != nil { + return nil, err + } + routeline := &NetRouteLine{ + Iface: iface, + Destination: uint32(destination), + Gateway: uint32(gateway), + Flags: uint32(flags), + RefCnt: uint32(refcnt), + Use: uint32(use), + Metric: uint32(metric), + Mask: uint32(mask), + MTU: uint32(mtu), + Window: uint32(window), + IRTT: uint32(irtt), + } + return routeline, nil +} diff --git a/vendor/github.com/prometheus/procfs/net_sockstat.go b/vendor/github.com/prometheus/procfs/net_sockstat.go index e36f4872dd6..360e36af7df 100644 --- a/vendor/github.com/prometheus/procfs/net_sockstat.go +++ b/vendor/github.com/prometheus/procfs/net_sockstat.go @@ -16,7 +16,6 @@ package procfs import ( "bufio" "bytes" - "errors" "fmt" "io" "strings" @@ -70,7 +69,7 @@ func readSockstat(name string) (*NetSockstat, error) { stat, err := parseSockstat(bytes.NewReader(b)) if err != nil { - return nil, fmt.Errorf("failed to read sockstats from %q: %w", name, err) + return nil, fmt.Errorf("%s: sockstats from %q: %w", ErrFileRead, name, err) } return stat, nil @@ -84,13 +83,13 @@ func parseSockstat(r io.Reader) (*NetSockstat, error) { // Expect a minimum of a protocol and one key/value pair. fields := strings.Split(s.Text(), " ") if len(fields) < 3 { - return nil, fmt.Errorf("malformed sockstat line: %q", s.Text()) + return nil, fmt.Errorf("%w: Malformed sockstat line: %q", ErrFileParse, s.Text()) } // The remaining fields are key/value pairs. kvs, err := parseSockstatKVs(fields[1:]) if err != nil { - return nil, fmt.Errorf("error parsing sockstat key/value pairs from %q: %w", s.Text(), err) + return nil, fmt.Errorf("%s: sockstat key/value pairs from %q: %w", ErrFileParse, s.Text(), err) } // The first field is the protocol. We must trim its colon suffix. @@ -119,7 +118,7 @@ func parseSockstat(r io.Reader) (*NetSockstat, error) { // parseSockstatKVs parses a string slice into a map of key/value pairs. func parseSockstatKVs(kvs []string) (map[string]int, error) { if len(kvs)%2 != 0 { - return nil, errors.New("odd number of fields in key/value pairs") + return nil, fmt.Errorf("%w:: Odd number of fields in key/value pairs %q", ErrFileParse, kvs) } // Iterate two values at a time to gather key/value pairs. diff --git a/vendor/github.com/prometheus/procfs/net_softnet.go b/vendor/github.com/prometheus/procfs/net_softnet.go index 540cea52c6f..c7708529192 100644 --- a/vendor/github.com/prometheus/procfs/net_softnet.go +++ b/vendor/github.com/prometheus/procfs/net_softnet.go @@ -64,7 +64,7 @@ func (fs FS) NetSoftnetStat() ([]SoftnetStat, error) { entries, err := parseSoftnet(bytes.NewReader(b)) if err != nil { - return nil, fmt.Errorf("failed to parse /proc/net/softnet_stat: %w", err) + return nil, fmt.Errorf("%s: /proc/net/softnet_stat: %w", ErrFileParse, err) } return entries, nil @@ -83,7 +83,7 @@ func parseSoftnet(r io.Reader) ([]SoftnetStat, error) { softnetStat := SoftnetStat{} if width < minColumns { - return nil, fmt.Errorf("%d columns were detected, but at least %d were expected", width, minColumns) + return nil, fmt.Errorf("%w: detected %d columns, but expected at least %d", ErrFileParse, width, minColumns) } // Linux 2.6.23 https://elixir.bootlin.com/linux/v2.6.23/source/net/core/dev.c#L2347 diff --git a/vendor/github.com/prometheus/procfs/net_unix.go b/vendor/github.com/prometheus/procfs/net_unix.go index 98aa8e1c31c..acbbc57eaba 100644 --- a/vendor/github.com/prometheus/procfs/net_unix.go +++ b/vendor/github.com/prometheus/procfs/net_unix.go @@ -108,14 +108,14 @@ func parseNetUNIX(r io.Reader) (*NetUNIX, error) { line := s.Text() item, err := nu.parseLine(line, hasInode, minFields) if err != nil { - return nil, fmt.Errorf("failed to parse /proc/net/unix data %q: %w", line, err) + return nil, fmt.Errorf("%s: /proc/net/unix encountered data %q: %w", ErrFileParse, line, err) } nu.Rows = append(nu.Rows, item) } if err := s.Err(); err != nil { - return nil, fmt.Errorf("failed to scan /proc/net/unix data: %w", err) + return nil, fmt.Errorf("%s: /proc/net/unix encountered data: %w", ErrFileParse, err) } return &nu, nil @@ -126,7 +126,7 @@ func (u *NetUNIX) parseLine(line string, hasInode bool, min int) (*NetUNIXLine, l := len(fields) if l < min { - return nil, fmt.Errorf("expected at least %d fields but got %d", min, l) + return nil, fmt.Errorf("%w: expected at least %d fields but got %d", ErrFileParse, min, l) } // Field offsets are as follows: @@ -136,29 +136,29 @@ func (u *NetUNIX) parseLine(line string, hasInode bool, min int) (*NetUNIXLine, users, err := u.parseUsers(fields[1]) if err != nil { - return nil, fmt.Errorf("failed to parse ref count %q: %w", fields[1], err) + return nil, fmt.Errorf("%s: ref count %q: %w", ErrFileParse, fields[1], err) } flags, err := u.parseFlags(fields[3]) if err != nil { - return nil, fmt.Errorf("failed to parse flags %q: %w", fields[3], err) + return nil, fmt.Errorf("%s: Unable to parse flags %q: %w", ErrFileParse, fields[3], err) } typ, err := u.parseType(fields[4]) if err != nil { - return nil, fmt.Errorf("failed to parse type %q: %w", fields[4], err) + return nil, fmt.Errorf("%s: Failed to parse type %q: %w", ErrFileParse, fields[4], err) } state, err := u.parseState(fields[5]) if err != nil { - return nil, fmt.Errorf("failed to parse state %q: %w", fields[5], err) + return nil, fmt.Errorf("%s: Failed to parse state %q: %w", ErrFileParse, fields[5], err) } var inode uint64 if hasInode { inode, err = u.parseInode(fields[6]) if err != nil { - return nil, fmt.Errorf("failed to parse inode %q: %w", fields[6], err) + return nil, fmt.Errorf("%s failed to parse inode %q: %w", ErrFileParse, fields[6], err) } } diff --git a/vendor/github.com/prometheus/procfs/net_wireless.go b/vendor/github.com/prometheus/procfs/net_wireless.go index c80fb154247..7443edca946 100644 --- a/vendor/github.com/prometheus/procfs/net_wireless.go +++ b/vendor/github.com/prometheus/procfs/net_wireless.go @@ -68,7 +68,7 @@ func (fs FS) Wireless() ([]*Wireless, error) { m, err := parseWireless(bytes.NewReader(b)) if err != nil { - return nil, fmt.Errorf("failed to parse wireless: %w", err) + return nil, fmt.Errorf("%s: wireless: %w", ErrFileParse, err) } return m, nil @@ -97,64 +97,64 @@ func parseWireless(r io.Reader) ([]*Wireless, error) { parts := strings.Split(line, ":") if len(parts) != 2 { - return nil, fmt.Errorf("expected 2 parts after splitting line by ':', got %d for line %q", len(parts), line) + return nil, fmt.Errorf("%w: expected 2 parts after splitting line by ':', got %d for line %q", ErrFileParse, len(parts), line) } name := strings.TrimSpace(parts[0]) stats := strings.Fields(parts[1]) if len(stats) < 10 { - return nil, fmt.Errorf("invalid number of fields in line %d, expected at least 10, got %d: %q", n, len(stats), line) + return nil, fmt.Errorf("%w: invalid number of fields in line %d, expected 10+, got %d: %q", ErrFileParse, n, len(stats), line) } status, err := strconv.ParseUint(stats[0], 16, 16) if err != nil { - return nil, fmt.Errorf("invalid status in line %d: %q", n, line) + return nil, fmt.Errorf("%w: invalid status in line %d: %q", ErrFileParse, n, line) } qlink, err := strconv.Atoi(strings.TrimSuffix(stats[1], ".")) if err != nil { - return nil, fmt.Errorf("failed to parse Quality:link as integer %q: %w", qlink, err) + return nil, fmt.Errorf("%s: parse Quality:link as integer %q: %w", ErrFileParse, qlink, err) } qlevel, err := strconv.Atoi(strings.TrimSuffix(stats[2], ".")) if err != nil { - return nil, fmt.Errorf("failed to parse Quality:level as integer %q: %w", qlevel, err) + return nil, fmt.Errorf("%s: Quality:level as integer %q: %w", ErrFileParse, qlevel, err) } qnoise, err := strconv.Atoi(strings.TrimSuffix(stats[3], ".")) if err != nil { - return nil, fmt.Errorf("failed to parse Quality:noise as integer %q: %w", qnoise, err) + return nil, fmt.Errorf("%s: Quality:noise as integer %q: %w", ErrFileParse, qnoise, err) } dnwid, err := strconv.Atoi(stats[4]) if err != nil { - return nil, fmt.Errorf("failed to parse Discarded:nwid as integer %q: %w", dnwid, err) + return nil, fmt.Errorf("%s: Discarded:nwid as integer %q: %w", ErrFileParse, dnwid, err) } dcrypt, err := strconv.Atoi(stats[5]) if err != nil { - return nil, fmt.Errorf("failed to parse Discarded:crypt as integer %q: %w", dcrypt, err) + return nil, fmt.Errorf("%s: Discarded:crypt as integer %q: %w", ErrFileParse, dcrypt, err) } dfrag, err := strconv.Atoi(stats[6]) if err != nil { - return nil, fmt.Errorf("failed to parse Discarded:frag as integer %q: %w", dfrag, err) + return nil, fmt.Errorf("%s: Discarded:frag as integer %q: %w", ErrFileParse, dfrag, err) } dretry, err := strconv.Atoi(stats[7]) if err != nil { - return nil, fmt.Errorf("failed to parse Discarded:retry as integer %q: %w", dretry, err) + return nil, fmt.Errorf("%s: Discarded:retry as integer %q: %w", ErrFileParse, dretry, err) } dmisc, err := strconv.Atoi(stats[8]) if err != nil { - return nil, fmt.Errorf("failed to parse Discarded:misc as integer %q: %w", dmisc, err) + return nil, fmt.Errorf("%s: Discarded:misc as integer %q: %w", ErrFileParse, dmisc, err) } mbeacon, err := strconv.Atoi(stats[9]) if err != nil { - return nil, fmt.Errorf("failed to parse Missed:beacon as integer %q: %w", mbeacon, err) + return nil, fmt.Errorf("%s: Missed:beacon as integer %q: %w", ErrFileParse, mbeacon, err) } w := &Wireless{ @@ -175,7 +175,7 @@ func parseWireless(r io.Reader) ([]*Wireless, error) { } if err := scanner.Err(); err != nil { - return nil, fmt.Errorf("failed to scan /proc/net/wireless: %w", err) + return nil, fmt.Errorf("%s: Failed to scan /proc/net/wireless: %w", ErrFileRead, err) } return interfaces, nil diff --git a/vendor/github.com/prometheus/procfs/net_xfrm.go b/vendor/github.com/prometheus/procfs/net_xfrm.go index f9d9d243db3..932ef204684 100644 --- a/vendor/github.com/prometheus/procfs/net_xfrm.go +++ b/vendor/github.com/prometheus/procfs/net_xfrm.go @@ -115,7 +115,7 @@ func (fs FS) NewXfrmStat() (XfrmStat, error) { fields := strings.Fields(s.Text()) if len(fields) != 2 { - return XfrmStat{}, fmt.Errorf("couldn't parse %q line %q", file.Name(), s.Text()) + return XfrmStat{}, fmt.Errorf("%w: %q line %q", ErrFileParse, file.Name(), s.Text()) } name := fields[0] diff --git a/vendor/github.com/prometheus/procfs/proc.go b/vendor/github.com/prometheus/procfs/proc.go index 48f39dafd2a..d1f71caa5d7 100644 --- a/vendor/github.com/prometheus/procfs/proc.go +++ b/vendor/github.com/prometheus/procfs/proc.go @@ -15,6 +15,7 @@ package procfs import ( "bytes" + "errors" "fmt" "io" "os" @@ -35,6 +36,12 @@ type Proc struct { // Procs represents a list of Proc structs. type Procs []Proc +var ( + ErrFileParse = errors.New("Error Parsing File") + ErrFileRead = errors.New("Error Reading File") + ErrMountPoint = errors.New("Error Accessing Mount point") +) + func (p Procs) Len() int { return len(p) } func (p Procs) Swap(i, j int) { p[i], p[j] = p[j], p[i] } func (p Procs) Less(i, j int) bool { return p[i].PID < p[j].PID } @@ -42,7 +49,7 @@ func (p Procs) Less(i, j int) bool { return p[i].PID < p[j].PID } // Self returns a process for the current process read via /proc/self. func Self() (Proc, error) { fs, err := NewFS(DefaultMountPoint) - if err != nil { + if err != nil || errors.Unwrap(err) == ErrMountPoint { return Proc{}, err } return fs.Self() @@ -104,7 +111,7 @@ func (fs FS) AllProcs() (Procs, error) { names, err := d.Readdirnames(-1) if err != nil { - return Procs{}, fmt.Errorf("could not read %q: %w", d.Name(), err) + return Procs{}, fmt.Errorf("%s: Cannot read file: %v: %w", ErrFileRead, names, err) } p := Procs{} @@ -205,7 +212,7 @@ func (p Proc) FileDescriptors() ([]uintptr, error) { for i, n := range names { fd, err := strconv.ParseInt(n, 10, 32) if err != nil { - return nil, fmt.Errorf("could not parse fd %q: %w", n, err) + return nil, fmt.Errorf("%s: Cannot parse line: %v: %w", ErrFileParse, i, err) } fds[i] = uintptr(fd) } @@ -237,7 +244,7 @@ func (p Proc) FileDescriptorTargets() ([]string, error) { // a process. func (p Proc) FileDescriptorsLen() (int, error) { // Use fast path if available (Linux v6.2): https://github.com/torvalds/linux/commit/f1f1f2569901 - if p.fs.real { + if p.fs.isReal { stat, err := os.Stat(p.path("fd")) if err != nil { return 0, err @@ -290,7 +297,7 @@ func (p Proc) fileDescriptors() ([]string, error) { names, err := d.Readdirnames(-1) if err != nil { - return nil, fmt.Errorf("could not read %q: %w", d.Name(), err) + return nil, fmt.Errorf("%s: Cannot read file: %v: %w", ErrFileRead, names, err) } return names, nil diff --git a/vendor/github.com/prometheus/procfs/proc_cgroup.go b/vendor/github.com/prometheus/procfs/proc_cgroup.go index ea83a75ffc4..daeed7f571a 100644 --- a/vendor/github.com/prometheus/procfs/proc_cgroup.go +++ b/vendor/github.com/prometheus/procfs/proc_cgroup.go @@ -51,7 +51,7 @@ func parseCgroupString(cgroupStr string) (*Cgroup, error) { fields := strings.SplitN(cgroupStr, ":", 3) if len(fields) < 3 { - return nil, fmt.Errorf("at least 3 fields required, found %d fields in cgroup string: %s", len(fields), cgroupStr) + return nil, fmt.Errorf("%w: 3+ fields required, found %d fields in cgroup string: %s", ErrFileParse, len(fields), cgroupStr) } cgroup := &Cgroup{ @@ -60,7 +60,7 @@ func parseCgroupString(cgroupStr string) (*Cgroup, error) { } cgroup.HierarchyID, err = strconv.Atoi(fields[0]) if err != nil { - return nil, fmt.Errorf("failed to parse hierarchy ID") + return nil, fmt.Errorf("%w: hierarchy ID: %q", ErrFileParse, cgroup.HierarchyID) } if fields[1] != "" { ssNames := strings.Split(fields[1], ",") diff --git a/vendor/github.com/prometheus/procfs/proc_cgroups.go b/vendor/github.com/prometheus/procfs/proc_cgroups.go index 24d4dce9cfc..5dd4938999a 100644 --- a/vendor/github.com/prometheus/procfs/proc_cgroups.go +++ b/vendor/github.com/prometheus/procfs/proc_cgroups.go @@ -46,7 +46,7 @@ func parseCgroupSummaryString(CgroupSummaryStr string) (*CgroupSummary, error) { fields := strings.Fields(CgroupSummaryStr) // require at least 4 fields if len(fields) < 4 { - return nil, fmt.Errorf("at least 4 fields required, found %d fields in cgroup info string: %s", len(fields), CgroupSummaryStr) + return nil, fmt.Errorf("%w: 4+ fields required, found %d fields in cgroup info string: %s", ErrFileParse, len(fields), CgroupSummaryStr) } CgroupSummary := &CgroupSummary{ @@ -54,15 +54,15 @@ func parseCgroupSummaryString(CgroupSummaryStr string) (*CgroupSummary, error) { } CgroupSummary.Hierarchy, err = strconv.Atoi(fields[1]) if err != nil { - return nil, fmt.Errorf("failed to parse hierarchy ID") + return nil, fmt.Errorf("%w: Unable to parse hierarchy ID from %q", ErrFileParse, fields[1]) } CgroupSummary.Cgroups, err = strconv.Atoi(fields[2]) if err != nil { - return nil, fmt.Errorf("failed to parse Cgroup Num") + return nil, fmt.Errorf("%w: Unable to parse Cgroup Num from %q", ErrFileParse, fields[2]) } CgroupSummary.Enabled, err = strconv.Atoi(fields[3]) if err != nil { - return nil, fmt.Errorf("failed to parse Enabled") + return nil, fmt.Errorf("%w: Unable to parse Enabled from %q", ErrFileParse, fields[3]) } return CgroupSummary, nil } diff --git a/vendor/github.com/prometheus/procfs/proc_fdinfo.go b/vendor/github.com/prometheus/procfs/proc_fdinfo.go index 1bbdd4a8e99..4b7933e4f97 100644 --- a/vendor/github.com/prometheus/procfs/proc_fdinfo.go +++ b/vendor/github.com/prometheus/procfs/proc_fdinfo.go @@ -111,7 +111,7 @@ func parseInotifyInfo(line string) (*InotifyInfo, error) { } return i, nil } - return nil, fmt.Errorf("invalid inode entry: %q", line) + return nil, fmt.Errorf("%w: invalid inode entry: %q", ErrFileParse, line) } // ProcFDInfos represents a list of ProcFDInfo structs. diff --git a/vendor/github.com/prometheus/procfs/proc_interrupts.go b/vendor/github.com/prometheus/procfs/proc_interrupts.go index 9df79c23799..86b4b452463 100644 --- a/vendor/github.com/prometheus/procfs/proc_interrupts.go +++ b/vendor/github.com/prometheus/procfs/proc_interrupts.go @@ -66,7 +66,7 @@ func parseInterrupts(r io.Reader) (Interrupts, error) { continue } if len(parts) < 2 { - return nil, fmt.Errorf("not enough fields in interrupts (expected at least 2 fields but got %d): %s", len(parts), parts) + return nil, fmt.Errorf("%w: Not enough fields in interrupts (expected 2+ fields but got %d): %s", ErrFileParse, len(parts), parts) } intName := parts[0][:len(parts[0])-1] // remove trailing : diff --git a/vendor/github.com/prometheus/procfs/proc_limits.go b/vendor/github.com/prometheus/procfs/proc_limits.go index 7a1388185a9..c86d815d735 100644 --- a/vendor/github.com/prometheus/procfs/proc_limits.go +++ b/vendor/github.com/prometheus/procfs/proc_limits.go @@ -103,7 +103,7 @@ func (p Proc) Limits() (ProcLimits, error) { //fields := limitsMatch.Split(s.Text(), limitsFields) fields := limitsMatch.FindStringSubmatch(s.Text()) if len(fields) != limitsFields { - return ProcLimits{}, fmt.Errorf("couldn't parse %q line %q", f.Name(), s.Text()) + return ProcLimits{}, fmt.Errorf("%w: couldn't parse %q line %q", ErrFileParse, f.Name(), s.Text()) } switch fields[1] { @@ -154,7 +154,7 @@ func parseUint(s string) (uint64, error) { } i, err := strconv.ParseUint(s, 10, 64) if err != nil { - return 0, fmt.Errorf("couldn't parse value %q: %w", s, err) + return 0, fmt.Errorf("%s: couldn't parse value %q: %w", ErrFileParse, s, err) } return i, nil } diff --git a/vendor/github.com/prometheus/procfs/proc_maps.go b/vendor/github.com/prometheus/procfs/proc_maps.go index f1bcbf32bb3..727549a13f8 100644 --- a/vendor/github.com/prometheus/procfs/proc_maps.go +++ b/vendor/github.com/prometheus/procfs/proc_maps.go @@ -65,7 +65,7 @@ type ProcMap struct { func parseDevice(s string) (uint64, error) { toks := strings.Split(s, ":") if len(toks) < 2 { - return 0, fmt.Errorf("unexpected number of fields") + return 0, fmt.Errorf("%w: unexpected number of fields, expected: 2, got: %q", ErrFileParse, len(toks)) } major, err := strconv.ParseUint(toks[0], 16, 0) @@ -95,7 +95,7 @@ func parseAddress(s string) (uintptr, error) { func parseAddresses(s string) (uintptr, uintptr, error) { toks := strings.Split(s, "-") if len(toks) < 2 { - return 0, 0, fmt.Errorf("invalid address") + return 0, 0, fmt.Errorf("%w: invalid address", ErrFileParse) } saddr, err := parseAddress(toks[0]) @@ -114,7 +114,7 @@ func parseAddresses(s string) (uintptr, uintptr, error) { // parsePermissions parses a token and returns any that are set. func parsePermissions(s string) (*ProcMapPermissions, error) { if len(s) < 4 { - return nil, fmt.Errorf("invalid permissions token") + return nil, fmt.Errorf("%w: invalid permissions token", ErrFileParse) } perms := ProcMapPermissions{} @@ -141,7 +141,7 @@ func parsePermissions(s string) (*ProcMapPermissions, error) { func parseProcMap(text string) (*ProcMap, error) { fields := strings.Fields(text) if len(fields) < 5 { - return nil, fmt.Errorf("truncated procmap entry") + return nil, fmt.Errorf("%w: truncated procmap entry", ErrFileParse) } saddr, eaddr, err := parseAddresses(fields[0]) diff --git a/vendor/github.com/prometheus/procfs/proc_netstat.go b/vendor/github.com/prometheus/procfs/proc_netstat.go index 6a43bb24595..8e3ff4d794b 100644 --- a/vendor/github.com/prometheus/procfs/proc_netstat.go +++ b/vendor/github.com/prometheus/procfs/proc_netstat.go @@ -195,8 +195,8 @@ func parseProcNetstat(r io.Reader, fileName string) (ProcNetstat, error) { // Remove trailing :. protocol := strings.TrimSuffix(nameParts[0], ":") if len(nameParts) != len(valueParts) { - return procNetstat, fmt.Errorf("mismatch field count mismatch in %s: %s", - fileName, protocol) + return procNetstat, fmt.Errorf("%w: mismatch field count mismatch in %s: %s", + ErrFileParse, fileName, protocol) } for i := 1; i < len(nameParts); i++ { value, err := strconv.ParseFloat(valueParts[i], 64) diff --git a/vendor/github.com/prometheus/procfs/proc_ns.go b/vendor/github.com/prometheus/procfs/proc_ns.go index 391b4cbd11b..c22666750f2 100644 --- a/vendor/github.com/prometheus/procfs/proc_ns.go +++ b/vendor/github.com/prometheus/procfs/proc_ns.go @@ -40,7 +40,7 @@ func (p Proc) Namespaces() (Namespaces, error) { names, err := d.Readdirnames(-1) if err != nil { - return nil, fmt.Errorf("failed to read contents of ns dir: %w", err) + return nil, fmt.Errorf("%s: failed to read contents of ns dir: %w", ErrFileRead, err) } ns := make(Namespaces, len(names)) @@ -52,13 +52,13 @@ func (p Proc) Namespaces() (Namespaces, error) { fields := strings.SplitN(target, ":", 2) if len(fields) != 2 { - return nil, fmt.Errorf("failed to parse namespace type and inode from %q", target) + return nil, fmt.Errorf("%w: namespace type and inode from %q", ErrFileParse, target) } typ := fields[0] inode, err := strconv.ParseUint(strings.Trim(fields[1], "[]"), 10, 32) if err != nil { - return nil, fmt.Errorf("failed to parse inode from %q: %w", fields[1], err) + return nil, fmt.Errorf("%s: inode from %q: %w", ErrFileParse, fields[1], err) } ns[name] = Namespace{typ, uint32(inode)} diff --git a/vendor/github.com/prometheus/procfs/proc_psi.go b/vendor/github.com/prometheus/procfs/proc_psi.go index a68fe15290a..fe9dbb425f5 100644 --- a/vendor/github.com/prometheus/procfs/proc_psi.go +++ b/vendor/github.com/prometheus/procfs/proc_psi.go @@ -61,14 +61,14 @@ type PSIStats struct { func (fs FS) PSIStatsForResource(resource string) (PSIStats, error) { data, err := util.ReadFileNoStat(fs.proc.Path(fmt.Sprintf("%s/%s", "pressure", resource))) if err != nil { - return PSIStats{}, fmt.Errorf("psi_stats: unavailable for %q: %w", resource, err) + return PSIStats{}, fmt.Errorf("%s: psi_stats: unavailable for %q: %w", ErrFileRead, resource, err) } - return parsePSIStats(resource, bytes.NewReader(data)) + return parsePSIStats(bytes.NewReader(data)) } // parsePSIStats parses the specified file for pressure stall information. -func parsePSIStats(resource string, r io.Reader) (PSIStats, error) { +func parsePSIStats(r io.Reader) (PSIStats, error) { psiStats := PSIStats{} scanner := bufio.NewScanner(r) diff --git a/vendor/github.com/prometheus/procfs/proc_smaps.go b/vendor/github.com/prometheus/procfs/proc_smaps.go index 0e97d99575e..ad8785a407a 100644 --- a/vendor/github.com/prometheus/procfs/proc_smaps.go +++ b/vendor/github.com/prometheus/procfs/proc_smaps.go @@ -135,12 +135,12 @@ func (s *ProcSMapsRollup) parseLine(line string) error { } vBytes := vKBytes * 1024 - s.addValue(k, v, vKBytes, vBytes) + s.addValue(k, vBytes) return nil } -func (s *ProcSMapsRollup) addValue(k string, vString string, vUint uint64, vUintBytes uint64) { +func (s *ProcSMapsRollup) addValue(k string, vUintBytes uint64) { switch k { case "Rss": s.Rss += vUintBytes diff --git a/vendor/github.com/prometheus/procfs/proc_snmp.go b/vendor/github.com/prometheus/procfs/proc_snmp.go index 6c46b718849..b9d2cf642a7 100644 --- a/vendor/github.com/prometheus/procfs/proc_snmp.go +++ b/vendor/github.com/prometheus/procfs/proc_snmp.go @@ -159,8 +159,8 @@ func parseSnmp(r io.Reader, fileName string) (ProcSnmp, error) { // Remove trailing :. protocol := strings.TrimSuffix(nameParts[0], ":") if len(nameParts) != len(valueParts) { - return procSnmp, fmt.Errorf("mismatch field count mismatch in %s: %s", - fileName, protocol) + return procSnmp, fmt.Errorf("%w: mismatch field count mismatch in %s: %s", + ErrFileParse, fileName, protocol) } for i := 1; i < len(nameParts); i++ { value, err := strconv.ParseFloat(valueParts[i], 64) diff --git a/vendor/github.com/prometheus/procfs/proc_stat.go b/vendor/github.com/prometheus/procfs/proc_stat.go index 14b249f4fc6..923e55005ba 100644 --- a/vendor/github.com/prometheus/procfs/proc_stat.go +++ b/vendor/github.com/prometheus/procfs/proc_stat.go @@ -138,7 +138,7 @@ func (p Proc) Stat() (ProcStat, error) { ) if l < 0 || r < 0 { - return ProcStat{}, fmt.Errorf("unexpected format, couldn't extract comm %q", data) + return ProcStat{}, fmt.Errorf("%w: unexpected format, couldn't extract comm %q", ErrFileParse, data) } s.Comm = string(data[l+1 : r]) diff --git a/vendor/github.com/prometheus/procfs/proc_sys.go b/vendor/github.com/prometheus/procfs/proc_sys.go index d46533ebf41..12c5bf05b74 100644 --- a/vendor/github.com/prometheus/procfs/proc_sys.go +++ b/vendor/github.com/prometheus/procfs/proc_sys.go @@ -44,7 +44,7 @@ func (fs FS) SysctlInts(sysctl string) ([]int, error) { vp := util.NewValueParser(f) values[i] = vp.Int() if err := vp.Err(); err != nil { - return nil, fmt.Errorf("field %d in sysctl %s is not a valid int: %w", i, sysctl, err) + return nil, fmt.Errorf("%s: field %d in sysctl %s is not a valid int: %w", ErrFileParse, i, sysctl, err) } } return values, nil diff --git a/vendor/github.com/prometheus/procfs/slab.go b/vendor/github.com/prometheus/procfs/slab.go index bc9aaf5c288..8611c901770 100644 --- a/vendor/github.com/prometheus/procfs/slab.go +++ b/vendor/github.com/prometheus/procfs/slab.go @@ -68,7 +68,7 @@ func parseV21SlabEntry(line string) (*Slab, error) { l := slabSpace.ReplaceAllString(line, " ") s := strings.Split(l, " ") if len(s) != 16 { - return nil, fmt.Errorf("unable to parse: %q", line) + return nil, fmt.Errorf("%w: unable to parse: %q", ErrFileParse, line) } var err error i := &Slab{Name: s[0]} diff --git a/vendor/github.com/prometheus/procfs/softirqs.go b/vendor/github.com/prometheus/procfs/softirqs.go index 559129cbca3..b8fad677dc6 100644 --- a/vendor/github.com/prometheus/procfs/softirqs.go +++ b/vendor/github.com/prometheus/procfs/softirqs.go @@ -57,7 +57,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { ) if !scanner.Scan() { - return Softirqs{}, fmt.Errorf("softirqs empty") + return Softirqs{}, fmt.Errorf("%w: softirqs empty", ErrFileRead) } for scanner.Scan() { @@ -74,7 +74,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.Hi = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.Hi[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (HI%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (HI%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "TIMER:": @@ -82,7 +82,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.Timer = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.Timer[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (TIMER%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (TIMER%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "NET_TX:": @@ -90,7 +90,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.NetTx = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.NetTx[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (NET_TX%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (NET_TX%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "NET_RX:": @@ -98,7 +98,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.NetRx = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.NetRx[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (NET_RX%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (NET_RX%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "BLOCK:": @@ -106,7 +106,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.Block = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.Block[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (BLOCK%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (BLOCK%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "IRQ_POLL:": @@ -114,7 +114,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.IRQPoll = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.IRQPoll[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (IRQ_POLL%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (IRQ_POLL%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "TASKLET:": @@ -122,7 +122,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.Tasklet = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.Tasklet[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (TASKLET%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (TASKLET%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "SCHED:": @@ -130,7 +130,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.Sched = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.Sched[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (SCHED%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (SCHED%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "HRTIMER:": @@ -138,7 +138,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.HRTimer = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.HRTimer[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (HRTIMER%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (HRTIMER%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "RCU:": @@ -146,14 +146,14 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) { softirqs.RCU = make([]uint64, len(perCPU)) for i, count := range perCPU { if softirqs.RCU[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse %q (RCU%d): %w", count, i, err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (RCU%d): %w", ErrFileParse, count, i, err) } } } } if err := scanner.Err(); err != nil { - return Softirqs{}, fmt.Errorf("couldn't parse softirqs: %w", err) + return Softirqs{}, fmt.Errorf("%s: couldn't parse softirqs: %w", ErrFileParse, err) } return softirqs, scanner.Err() diff --git a/vendor/github.com/prometheus/procfs/stat.go b/vendor/github.com/prometheus/procfs/stat.go index 586af48af9f..34fc3ee21b6 100644 --- a/vendor/github.com/prometheus/procfs/stat.go +++ b/vendor/github.com/prometheus/procfs/stat.go @@ -93,10 +93,10 @@ func parseCPUStat(line string) (CPUStat, int64, error) { &cpuStat.Guest, &cpuStat.GuestNice) if err != nil && err != io.EOF { - return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu): %w", line, err) + return CPUStat{}, -1, fmt.Errorf("%s: couldn't parse %q (cpu): %w", ErrFileParse, line, err) } if count == 0 { - return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu): 0 elements parsed", line) + return CPUStat{}, -1, fmt.Errorf("%w: couldn't parse %q (cpu): 0 elements parsed", ErrFileParse, line) } cpuStat.User /= userHZ @@ -116,7 +116,7 @@ func parseCPUStat(line string) (CPUStat, int64, error) { cpuID, err := strconv.ParseInt(cpu[3:], 10, 64) if err != nil { - return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu/cpuid): %w", line, err) + return CPUStat{}, -1, fmt.Errorf("%s: couldn't parse %q (cpu/cpuid): %w", ErrFileParse, line, err) } return cpuStat, cpuID, nil @@ -136,7 +136,7 @@ func parseSoftIRQStat(line string) (SoftIRQStat, uint64, error) { &softIRQStat.Hrtimer, &softIRQStat.Rcu) if err != nil { - return SoftIRQStat{}, 0, fmt.Errorf("couldn't parse %q (softirq): %w", line, err) + return SoftIRQStat{}, 0, fmt.Errorf("%s: couldn't parse %q (softirq): %w", ErrFileParse, line, err) } return softIRQStat, total, nil @@ -187,6 +187,10 @@ func parseStat(r io.Reader, fileName string) (Stat, error) { err error ) + // Increase default scanner buffer to handle very long `intr` lines. + buf := make([]byte, 0, 8*1024) + scanner.Buffer(buf, 1024*1024) + for scanner.Scan() { line := scanner.Text() parts := strings.Fields(scanner.Text()) @@ -197,34 +201,34 @@ func parseStat(r io.Reader, fileName string) (Stat, error) { switch { case parts[0] == "btime": if stat.BootTime, err = strconv.ParseUint(parts[1], 10, 64); err != nil { - return Stat{}, fmt.Errorf("couldn't parse %q (btime): %w", parts[1], err) + return Stat{}, fmt.Errorf("%s: couldn't parse %q (btime): %w", ErrFileParse, parts[1], err) } case parts[0] == "intr": if stat.IRQTotal, err = strconv.ParseUint(parts[1], 10, 64); err != nil { - return Stat{}, fmt.Errorf("couldn't parse %q (intr): %w", parts[1], err) + return Stat{}, fmt.Errorf("%s: couldn't parse %q (intr): %w", ErrFileParse, parts[1], err) } numberedIRQs := parts[2:] stat.IRQ = make([]uint64, len(numberedIRQs)) for i, count := range numberedIRQs { if stat.IRQ[i], err = strconv.ParseUint(count, 10, 64); err != nil { - return Stat{}, fmt.Errorf("couldn't parse %q (intr%d): %w", count, i, err) + return Stat{}, fmt.Errorf("%s: couldn't parse %q (intr%d): %w", ErrFileParse, count, i, err) } } case parts[0] == "ctxt": if stat.ContextSwitches, err = strconv.ParseUint(parts[1], 10, 64); err != nil { - return Stat{}, fmt.Errorf("couldn't parse %q (ctxt): %w", parts[1], err) + return Stat{}, fmt.Errorf("%s: couldn't parse %q (ctxt): %w", ErrFileParse, parts[1], err) } case parts[0] == "processes": if stat.ProcessCreated, err = strconv.ParseUint(parts[1], 10, 64); err != nil { - return Stat{}, fmt.Errorf("couldn't parse %q (processes): %w", parts[1], err) + return Stat{}, fmt.Errorf("%s: couldn't parse %q (processes): %w", ErrFileParse, parts[1], err) } case parts[0] == "procs_running": if stat.ProcessesRunning, err = strconv.ParseUint(parts[1], 10, 64); err != nil { - return Stat{}, fmt.Errorf("couldn't parse %q (procs_running): %w", parts[1], err) + return Stat{}, fmt.Errorf("%s: couldn't parse %q (procs_running): %w", ErrFileParse, parts[1], err) } case parts[0] == "procs_blocked": if stat.ProcessesBlocked, err = strconv.ParseUint(parts[1], 10, 64); err != nil { - return Stat{}, fmt.Errorf("couldn't parse %q (procs_blocked): %w", parts[1], err) + return Stat{}, fmt.Errorf("%s: couldn't parse %q (procs_blocked): %w", ErrFileParse, parts[1], err) } case parts[0] == "softirq": softIRQStats, total, err := parseSoftIRQStat(line) @@ -247,7 +251,7 @@ func parseStat(r io.Reader, fileName string) (Stat, error) { } if err := scanner.Err(); err != nil { - return Stat{}, fmt.Errorf("couldn't parse %q: %w", fileName, err) + return Stat{}, fmt.Errorf("%s: couldn't parse %q: %w", ErrFileParse, fileName, err) } return stat, nil diff --git a/vendor/github.com/prometheus/procfs/swaps.go b/vendor/github.com/prometheus/procfs/swaps.go index 15edc2212b6..fa00f555db7 100644 --- a/vendor/github.com/prometheus/procfs/swaps.go +++ b/vendor/github.com/prometheus/procfs/swaps.go @@ -64,7 +64,7 @@ func parseSwapString(swapString string) (*Swap, error) { swapFields := strings.Fields(swapString) swapLength := len(swapFields) if swapLength < 5 { - return nil, fmt.Errorf("too few fields in swap string: %s", swapString) + return nil, fmt.Errorf("%w: too few fields in swap string: %s", ErrFileParse, swapString) } swap := &Swap{ @@ -74,15 +74,15 @@ func parseSwapString(swapString string) (*Swap, error) { swap.Size, err = strconv.Atoi(swapFields[2]) if err != nil { - return nil, fmt.Errorf("invalid swap size: %s", swapFields[2]) + return nil, fmt.Errorf("%s: invalid swap size: %s: %w", ErrFileParse, swapFields[2], err) } swap.Used, err = strconv.Atoi(swapFields[3]) if err != nil { - return nil, fmt.Errorf("invalid swap used: %s", swapFields[3]) + return nil, fmt.Errorf("%s: invalid swap used: %s: %w", ErrFileParse, swapFields[3], err) } swap.Priority, err = strconv.Atoi(swapFields[4]) if err != nil { - return nil, fmt.Errorf("invalid swap priority: %s", swapFields[4]) + return nil, fmt.Errorf("%s: invalid swap priority: %s: %w", ErrFileParse, swapFields[4], err) } return swap, nil diff --git a/vendor/github.com/prometheus/procfs/thread.go b/vendor/github.com/prometheus/procfs/thread.go index 490c14708d4..df2215ece00 100644 --- a/vendor/github.com/prometheus/procfs/thread.go +++ b/vendor/github.com/prometheus/procfs/thread.go @@ -45,7 +45,7 @@ func (fs FS) AllThreads(pid int) (Procs, error) { names, err := d.Readdirnames(-1) if err != nil { - return Procs{}, fmt.Errorf("could not read %q: %w", d.Name(), err) + return Procs{}, fmt.Errorf("%s: could not read %q: %w", ErrFileRead, d.Name(), err) } t := Procs{} @@ -55,7 +55,7 @@ func (fs FS) AllThreads(pid int) (Procs, error) { continue } - t = append(t, Proc{PID: int(tid), fs: FS{fsi.FS(taskPath), fs.real}}) + t = append(t, Proc{PID: int(tid), fs: FS{fsi.FS(taskPath), fs.isReal}}) } return t, nil @@ -67,12 +67,12 @@ func (fs FS) Thread(pid, tid int) (Proc, error) { if _, err := os.Stat(taskPath); err != nil { return Proc{}, err } - return Proc{PID: tid, fs: FS{fsi.FS(taskPath), fs.real}}, nil + return Proc{PID: tid, fs: FS{fsi.FS(taskPath), fs.isReal}}, nil } // Thread returns a process for a given TID of Proc. func (proc Proc) Thread(tid int) (Proc, error) { - tfs := FS{fsi.FS(proc.path("task")), proc.fs.real} + tfs := FS{fsi.FS(proc.path("task")), proc.fs.isReal} if _, err := os.Stat(tfs.proc.Path(strconv.Itoa(tid))); err != nil { return Proc{}, err } diff --git a/vendor/github.com/prometheus/procfs/vm.go b/vendor/github.com/prometheus/procfs/vm.go index cdedcae996d..51c49d89e81 100644 --- a/vendor/github.com/prometheus/procfs/vm.go +++ b/vendor/github.com/prometheus/procfs/vm.go @@ -86,7 +86,7 @@ func (fs FS) VM() (*VM, error) { return nil, err } if !file.Mode().IsDir() { - return nil, fmt.Errorf("%s is not a directory", path) + return nil, fmt.Errorf("%w: %s is not a directory", ErrFileRead, path) } files, err := os.ReadDir(path) diff --git a/vendor/github.com/prometheus/procfs/zoneinfo.go b/vendor/github.com/prometheus/procfs/zoneinfo.go index c745a4c04ff..ce5fefa5b3e 100644 --- a/vendor/github.com/prometheus/procfs/zoneinfo.go +++ b/vendor/github.com/prometheus/procfs/zoneinfo.go @@ -75,11 +75,11 @@ var nodeZoneRE = regexp.MustCompile(`(\d+), zone\s+(\w+)`) func (fs FS) Zoneinfo() ([]Zoneinfo, error) { data, err := os.ReadFile(fs.proc.Path("zoneinfo")) if err != nil { - return nil, fmt.Errorf("error reading zoneinfo %q: %w", fs.proc.Path("zoneinfo"), err) + return nil, fmt.Errorf("%s: error reading zoneinfo %q: %w", ErrFileRead, fs.proc.Path("zoneinfo"), err) } zoneinfo, err := parseZoneinfo(data) if err != nil { - return nil, fmt.Errorf("error parsing zoneinfo %q: %w", fs.proc.Path("zoneinfo"), err) + return nil, fmt.Errorf("%s: error parsing zoneinfo %q: %w", ErrFileParse, fs.proc.Path("zoneinfo"), err) } return zoneinfo, nil } diff --git a/vendor/github.com/rivo/uniseg/README.md b/vendor/github.com/rivo/uniseg/README.md index 7e3d12e79bb..25e93468748 100644 --- a/vendor/github.com/rivo/uniseg/README.md +++ b/vendor/github.com/rivo/uniseg/README.md @@ -133,6 +133,13 @@ Similarly, use - [`FirstSentence`](https://pkg.go.dev/github.com/rivo/uniseg#FirstSentence) or [`FirstSentenceInString`](https://pkg.go.dev/github.com/rivo/uniseg#FirstSentenceInString) for sentence segmentation only, and - [`FirstLineSegment`](https://pkg.go.dev/github.com/rivo/uniseg#FirstLineSegment) or [`FirstLineSegmentInString`](https://pkg.go.dev/github.com/rivo/uniseg#FirstLineSegmentInString) for line breaking / word wrapping (although using [`Step`](https://pkg.go.dev/github.com/rivo/uniseg#Step) or [`StepString`](https://pkg.go.dev/github.com/rivo/uniseg#StepString) is preferred as it will observe grapheme cluster boundaries). +Finally, if you need to reverse a string while preserving grapheme clusters, use [`ReverseString`](https://pkg.go.dev/github.com/rivo/uniseg#ReverseString): + +```go +fmt.Println(uniseg.ReverseString("🇩🇪🏳️‍🌈")) +// 🏳️‍🌈🇩🇪 +``` + ## Documentation Refer to https://pkg.go.dev/github.com/rivo/uniseg for the package's documentation. diff --git a/vendor/github.com/rivo/uniseg/doc.go b/vendor/github.com/rivo/uniseg/doc.go index 0fc2d8b43e2..11224ae22d4 100644 --- a/vendor/github.com/rivo/uniseg/doc.go +++ b/vendor/github.com/rivo/uniseg/doc.go @@ -70,10 +70,10 @@ broken. Monospace width, as referred to in this package, is the width of a string in a monospace font. This is commonly used in terminal user interfaces or text displays or editors that don't support proportional fonts. A width of 1 -corresponds to a single character cell. The C function [wcwidth()] and its +corresponds to a single character cell. The C function [wcswidth()] and its implementation in other programming languages is in widespread use for the same purpose. However, there is no standard for the calculation of such widths, and -this package differs from wcwidth() in a number of ways, presumably to generate +this package differs from wcswidth() in a number of ways, presumably to generate more visually pleasing results. To start, we assume that every code point has a width of 1, with the following @@ -103,6 +103,6 @@ Note that whether these widths appear correct depends on your application's render engine, to which extent it conforms to the Unicode Standard, and its choice of font. -[wcwidth()]: https://man7.org/linux/man-pages/man3/wcwidth.3.html +[wcswidth()]: https://man7.org/linux/man-pages/man3/wcswidth.3.html */ package uniseg diff --git a/vendor/github.com/rivo/uniseg/grapheme.go b/vendor/github.com/rivo/uniseg/grapheme.go index 997abbefd77..0086fc1b201 100644 --- a/vendor/github.com/rivo/uniseg/grapheme.go +++ b/vendor/github.com/rivo/uniseg/grapheme.go @@ -163,13 +163,32 @@ func GraphemeClusterCount(s string) (n int) { return } +// ReverseString reverses the given string while observing grapheme cluster +// boundaries. +func ReverseString(s string) string { + str := []byte(s) + reversed := make([]byte, len(str)) + state := -1 + index := len(str) + for len(str) > 0 { + var cluster []byte + cluster, str, _, state = FirstGraphemeCluster(str, state) + index -= len(cluster) + copy(reversed[index:], cluster) + if index <= len(str)/2 { + break + } + } + return string(reversed) +} + // The number of bits the grapheme property must be shifted to make place for // grapheme states. const shiftGraphemePropState = 4 // FirstGraphemeCluster returns the first grapheme cluster found in the given -// byte slice according to the rules of Unicode Standard Annex #29, Grapheme -// Cluster Boundaries. This function can be called continuously to extract all +// byte slice according to the rules of [Unicode Standard Annex #29, Grapheme +// Cluster Boundaries]. This function can be called continuously to extract all // grapheme clusters from a byte slice, as illustrated in the example below. // // If you don't know the current state, for example when calling the function @@ -190,6 +209,8 @@ const shiftGraphemePropState = 4 // While slightly less convenient than using the Graphemes class, this function // has much better performance and makes no allocations. It lends itself well to // large byte slices. +// +// [Unicode Standard Annex #29, Grapheme Cluster Boundaries]: http://unicode.org/reports/tr29/#Grapheme_Cluster_Boundaries func FirstGraphemeCluster(b []byte, state int) (cluster, rest []byte, width, newState int) { // An empty byte slice returns nothing. if len(b) == 0 { diff --git a/vendor/github.com/rivo/uniseg/graphemerules.go b/vendor/github.com/rivo/uniseg/graphemerules.go index 907b30bd0ac..9f46b575bba 100644 --- a/vendor/github.com/rivo/uniseg/graphemerules.go +++ b/vendor/github.com/rivo/uniseg/graphemerules.go @@ -48,7 +48,7 @@ var grTransitions = map[[2]int][3]int{ {grControlLF, prAny}: {grAny, grBoundary, 40}, // GB3. - {grCR, prLF}: {grAny, grNoBoundary, 30}, + {grCR, prLF}: {grControlLF, grNoBoundary, 30}, // GB6. {grAny, prL}: {grL, grBoundary, 9990}, diff --git a/vendor/github.com/rivo/uniseg/line.go b/vendor/github.com/rivo/uniseg/line.go index c0398cacf8c..87f28503f4b 100644 --- a/vendor/github.com/rivo/uniseg/line.go +++ b/vendor/github.com/rivo/uniseg/line.go @@ -4,7 +4,7 @@ import "unicode/utf8" // FirstLineSegment returns the prefix of the given byte slice after which a // decision to break the string over to the next line can or must be made, -// according to the rules of Unicode Standard Annex #14. This is used to +// according to the rules of [Unicode Standard Annex #14]. This is used to // implement line breaking. // // Line breaking, also known as word wrapping, is the process of breaking a @@ -35,7 +35,7 @@ import "unicode/utf8" // // Given an empty byte slice "b", the function returns nil values. // -// Note that in accordance with UAX #14 LB3, the final segment will end with +// Note that in accordance with [UAX #14 LB3], the final segment will end with // "mustBreak" set to true. You can choose to ignore this by checking if the // length of the "rest" slice is 0 and calling [HasTrailingLineBreak] or // [HasTrailingLineBreakInString] on the last rune. @@ -43,6 +43,9 @@ import "unicode/utf8" // Note also that this algorithm may break within grapheme clusters. This is // addressed in Section 8.2 Example 6 of UAX #14. To avoid this, you can use // the [Step] function instead. +// +// [Unicode Standard Annex #14]: https://www.unicode.org/reports/tr14/ +// [UAX #14 LB3]: https://www.unicode.org/reports/tr14/#Algorithm func FirstLineSegment(b []byte, state int) (segment, rest []byte, mustBreak bool, newState int) { // An empty byte slice returns nothing. if len(b) == 0 { diff --git a/vendor/github.com/rivo/uniseg/sentence.go b/vendor/github.com/rivo/uniseg/sentence.go index b7fc70996ea..adc2a357736 100644 --- a/vendor/github.com/rivo/uniseg/sentence.go +++ b/vendor/github.com/rivo/uniseg/sentence.go @@ -3,7 +3,7 @@ package uniseg import "unicode/utf8" // FirstSentence returns the first sentence found in the given byte slice -// according to the rules of Unicode Standard Annex #29, Sentence Boundaries. +// according to the rules of [Unicode Standard Annex #29, Sentence Boundaries]. // This function can be called continuously to extract all sentences from a byte // slice, as illustrated in the example below. // @@ -17,6 +17,8 @@ import "unicode/utf8" // slice is the sub-slice of the input slice containing the identified sentence. // // Given an empty byte slice "b", the function returns nil values. +// +// [Unicode Standard Annex #29, Sentence Boundaries]: http://unicode.org/reports/tr29/#Sentence_Boundaries func FirstSentence(b []byte, state int) (sentence, rest []byte, newState int) { // An empty byte slice returns nothing. if len(b) == 0 { diff --git a/vendor/github.com/rivo/uniseg/step.go b/vendor/github.com/rivo/uniseg/step.go index 55e7f1219e4..6eca4b5dc70 100644 --- a/vendor/github.com/rivo/uniseg/step.go +++ b/vendor/github.com/rivo/uniseg/step.go @@ -83,10 +83,12 @@ const ( // has much better performance and makes no allocations. It lends itself well to // large byte slices. // -// Note that in accordance with UAX #14 LB3, the final segment will end with +// Note that in accordance with [UAX #14 LB3], the final segment will end with // a mandatory line break (boundaries&MaskLine == LineMustBreak). You can choose // to ignore this by checking if the length of the "rest" slice is 0 and calling // [HasTrailingLineBreak] or [HasTrailingLineBreakInString] on the last rune. +// +// [UAX #14 LB3]: https://www.unicode.org/reports/tr14/#Algorithm func Step(b []byte, state int) (cluster, rest []byte, boundaries int, newState int) { // An empty byte slice returns nothing. if len(b) == 0 { diff --git a/vendor/github.com/rivo/uniseg/word.go b/vendor/github.com/rivo/uniseg/word.go index 785af1e87bb..34fba7f2918 100644 --- a/vendor/github.com/rivo/uniseg/word.go +++ b/vendor/github.com/rivo/uniseg/word.go @@ -3,7 +3,7 @@ package uniseg import "unicode/utf8" // FirstWord returns the first word found in the given byte slice according to -// the rules of Unicode Standard Annex #29, Word Boundaries. This function can +// the rules of [Unicode Standard Annex #29, Word Boundaries]. This function can // be called continuously to extract all words from a byte slice, as illustrated // in the example below. // @@ -17,6 +17,8 @@ import "unicode/utf8" // the sub-slice of the input slice containing the identified word. // // Given an empty byte slice "b", the function returns nil values. +// +// [Unicode Standard Annex #29, Word Boundaries]: http://unicode.org/reports/tr29/#Word_Boundaries func FirstWord(b []byte, state int) (word, rest []byte, newState int) { // An empty byte slice returns nothing. if len(b) == 0 { diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md index b042c896f25..d1d4a85fd75 100644 --- a/vendor/github.com/sirupsen/logrus/README.md +++ b/vendor/github.com/sirupsen/logrus/README.md @@ -9,7 +9,7 @@ the last thing you want from your Logging library (again...). This does not mean Logrus is dead. Logrus will continue to be maintained for security, (backwards compatible) bug fixes, and performance (where we are -limited by the interface). +limited by the interface). I believe Logrus' biggest contribution is to have played a part in today's widespread use of structured logging in Golang. There doesn't seem to be a @@ -43,7 +43,7 @@ plain text): With `log.SetFormatter(&log.JSONFormatter{})`, for easy parsing by logstash or Splunk: -```json +```text {"animal":"walrus","level":"info","msg":"A group of walrus emerges from the ocean","size":10,"time":"2014-03-10 19:57:38.562264131 -0400 EDT"} @@ -99,7 +99,7 @@ time="2015-03-26T01:27:38-04:00" level=fatal method=github.com/sirupsen/arcticcr ``` Note that this does add measurable overhead - the cost will depend on the version of Go, but is between 20 and 40% in recent tests with 1.6 and 1.7. You can validate this in your -environment via benchmarks: +environment via benchmarks: ``` go test -bench=.*CallerTracing ``` @@ -317,6 +317,8 @@ log.SetLevel(log.InfoLevel) It may be useful to set `log.Level = logrus.DebugLevel` in a debug or verbose environment if your application has that. +Note: If you want different log levels for global (`log.SetLevel(...)`) and syslog logging, please check the [syslog hook README](hooks/syslog/README.md#different-log-levels-for-local-and-remote-logging). + #### Entries Besides the fields added with `WithField` or `WithFields` some fields are diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go index 72e8e3a1b65..074fd4b8bd7 100644 --- a/vendor/github.com/sirupsen/logrus/writer.go +++ b/vendor/github.com/sirupsen/logrus/writer.go @@ -4,6 +4,7 @@ import ( "bufio" "io" "runtime" + "strings" ) // Writer at INFO level. See WriterLevel for details. @@ -20,15 +21,18 @@ func (logger *Logger) WriterLevel(level Level) *io.PipeWriter { return NewEntry(logger).WriterLevel(level) } +// Writer returns an io.Writer that writes to the logger at the info log level func (entry *Entry) Writer() *io.PipeWriter { return entry.WriterLevel(InfoLevel) } +// WriterLevel returns an io.Writer that writes to the logger at the given log level func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { reader, writer := io.Pipe() var printFunc func(args ...interface{}) + // Determine which log function to use based on the specified log level switch level { case TraceLevel: printFunc = entry.Trace @@ -48,23 +52,51 @@ func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { printFunc = entry.Print } + // Start a new goroutine to scan the input and write it to the logger using the specified print function. + // It splits the input into chunks of up to 64KB to avoid buffer overflows. go entry.writerScanner(reader, printFunc) + + // Set a finalizer function to close the writer when it is garbage collected runtime.SetFinalizer(writer, writerFinalizer) return writer } +// writerScanner scans the input from the reader and writes it to the logger func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...interface{})) { scanner := bufio.NewScanner(reader) + + // Set the buffer size to the maximum token size to avoid buffer overflows + scanner.Buffer(make([]byte, bufio.MaxScanTokenSize), bufio.MaxScanTokenSize) + + // Define a split function to split the input into chunks of up to 64KB + chunkSize := bufio.MaxScanTokenSize // 64KB + splitFunc := func(data []byte, atEOF bool) (int, []byte, error) { + if len(data) >= chunkSize { + return chunkSize, data[:chunkSize], nil + } + + return bufio.ScanLines(data, atEOF) + } + + // Use the custom split function to split the input + scanner.Split(splitFunc) + + // Scan the input and write it to the logger using the specified print function for scanner.Scan() { - printFunc(scanner.Text()) + printFunc(strings.TrimRight(scanner.Text(), "\r\n")) } + + // If there was an error while scanning the input, log an error if err := scanner.Err(); err != nil { entry.Errorf("Error while reading from Writer: %s", err) } + + // Close the reader when we are done reader.Close() } +// WriterFinalizer is a finalizer function that closes then given writer when it is garbage collected func writerFinalizer(writer *io.PipeWriter) { writer.Close() } diff --git a/vendor/golang.org/x/exp/slices/cmp.go b/vendor/golang.org/x/exp/slices/cmp.go new file mode 100644 index 00000000000..fbf1934a061 --- /dev/null +++ b/vendor/golang.org/x/exp/slices/cmp.go @@ -0,0 +1,44 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package slices + +import "golang.org/x/exp/constraints" + +// min is a version of the predeclared function from the Go 1.21 release. +func min[T constraints.Ordered](a, b T) T { + if a < b || isNaN(a) { + return a + } + return b +} + +// max is a version of the predeclared function from the Go 1.21 release. +func max[T constraints.Ordered](a, b T) T { + if a > b || isNaN(a) { + return a + } + return b +} + +// cmpLess is a copy of cmp.Less from the Go 1.21 release. +func cmpLess[T constraints.Ordered](x, y T) bool { + return (isNaN(x) && !isNaN(y)) || x < y +} + +// cmpCompare is a copy of cmp.Compare from the Go 1.21 release. +func cmpCompare[T constraints.Ordered](x, y T) int { + xNaN := isNaN(x) + yNaN := isNaN(y) + if xNaN && yNaN { + return 0 + } + if xNaN || x < y { + return -1 + } + if yNaN || x > y { + return +1 + } + return 0 +} diff --git a/vendor/golang.org/x/exp/slices/slices.go b/vendor/golang.org/x/exp/slices/slices.go index 8a237c5d61f..5e8158bba86 100644 --- a/vendor/golang.org/x/exp/slices/slices.go +++ b/vendor/golang.org/x/exp/slices/slices.go @@ -3,23 +3,20 @@ // license that can be found in the LICENSE file. // Package slices defines various functions useful with slices of any type. -// Unless otherwise specified, these functions all apply to the elements -// of a slice at index 0 <= i < len(s). -// -// Note that the less function in IsSortedFunc, SortFunc, SortStableFunc requires a -// strict weak ordering (https://en.wikipedia.org/wiki/Weak_ordering#Strict_weak_orderings), -// or the sorting may fail to sort correctly. A common case is when sorting slices of -// floating-point numbers containing NaN values. package slices -import "golang.org/x/exp/constraints" +import ( + "unsafe" + + "golang.org/x/exp/constraints" +) // Equal reports whether two slices are equal: the same length and all // elements equal. If the lengths are different, Equal returns false. // Otherwise, the elements are compared in increasing index order, and the // comparison stops at the first unequal pair. // Floating point NaNs are not considered equal. -func Equal[E comparable](s1, s2 []E) bool { +func Equal[S ~[]E, E comparable](s1, s2 S) bool { if len(s1) != len(s2) { return false } @@ -31,12 +28,12 @@ func Equal[E comparable](s1, s2 []E) bool { return true } -// EqualFunc reports whether two slices are equal using a comparison +// EqualFunc reports whether two slices are equal using an equality // function on each pair of elements. If the lengths are different, // EqualFunc returns false. Otherwise, the elements are compared in // increasing index order, and the comparison stops at the first index // for which eq returns false. -func EqualFunc[E1, E2 any](s1 []E1, s2 []E2, eq func(E1, E2) bool) bool { +func EqualFunc[S1 ~[]E1, S2 ~[]E2, E1, E2 any](s1 S1, s2 S2, eq func(E1, E2) bool) bool { if len(s1) != len(s2) { return false } @@ -49,45 +46,37 @@ func EqualFunc[E1, E2 any](s1 []E1, s2 []E2, eq func(E1, E2) bool) bool { return true } -// Compare compares the elements of s1 and s2. -// The elements are compared sequentially, starting at index 0, +// Compare compares the elements of s1 and s2, using [cmp.Compare] on each pair +// of elements. The elements are compared sequentially, starting at index 0, // until one element is not equal to the other. // The result of comparing the first non-matching elements is returned. // If both slices are equal until one of them ends, the shorter slice is // considered less than the longer one. // The result is 0 if s1 == s2, -1 if s1 < s2, and +1 if s1 > s2. -// Comparisons involving floating point NaNs are ignored. -func Compare[E constraints.Ordered](s1, s2 []E) int { - s2len := len(s2) +func Compare[S ~[]E, E constraints.Ordered](s1, s2 S) int { for i, v1 := range s1 { - if i >= s2len { + if i >= len(s2) { return +1 } v2 := s2[i] - switch { - case v1 < v2: - return -1 - case v1 > v2: - return +1 + if c := cmpCompare(v1, v2); c != 0 { + return c } } - if len(s1) < s2len { + if len(s1) < len(s2) { return -1 } return 0 } -// CompareFunc is like Compare but uses a comparison function -// on each pair of elements. The elements are compared in increasing -// index order, and the comparisons stop after the first time cmp -// returns non-zero. +// CompareFunc is like [Compare] but uses a custom comparison function on each +// pair of elements. // The result is the first non-zero result of cmp; if cmp always // returns 0 the result is 0 if len(s1) == len(s2), -1 if len(s1) < len(s2), // and +1 if len(s1) > len(s2). -func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int { - s2len := len(s2) +func CompareFunc[S1 ~[]E1, S2 ~[]E2, E1, E2 any](s1 S1, s2 S2, cmp func(E1, E2) int) int { for i, v1 := range s1 { - if i >= s2len { + if i >= len(s2) { return +1 } v2 := s2[i] @@ -95,7 +84,7 @@ func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int { return c } } - if len(s1) < s2len { + if len(s1) < len(s2) { return -1 } return 0 @@ -103,9 +92,9 @@ func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int { // Index returns the index of the first occurrence of v in s, // or -1 if not present. -func Index[E comparable](s []E, v E) int { - for i, vs := range s { - if v == vs { +func Index[S ~[]E, E comparable](s S, v E) int { + for i := range s { + if v == s[i] { return i } } @@ -114,9 +103,9 @@ func Index[E comparable](s []E, v E) int { // IndexFunc returns the first index i satisfying f(s[i]), // or -1 if none do. -func IndexFunc[E any](s []E, f func(E) bool) int { - for i, v := range s { - if f(v) { +func IndexFunc[S ~[]E, E any](s S, f func(E) bool) int { + for i := range s { + if f(s[i]) { return i } } @@ -124,39 +113,224 @@ func IndexFunc[E any](s []E, f func(E) bool) int { } // Contains reports whether v is present in s. -func Contains[E comparable](s []E, v E) bool { +func Contains[S ~[]E, E comparable](s S, v E) bool { return Index(s, v) >= 0 } +// ContainsFunc reports whether at least one +// element e of s satisfies f(e). +func ContainsFunc[S ~[]E, E any](s S, f func(E) bool) bool { + return IndexFunc(s, f) >= 0 +} + // Insert inserts the values v... into s at index i, // returning the modified slice. -// In the returned slice r, r[i] == v[0]. +// The elements at s[i:] are shifted up to make room. +// In the returned slice r, r[i] == v[0], +// and r[i+len(v)] == value originally at r[i]. // Insert panics if i is out of range. // This function is O(len(s) + len(v)). func Insert[S ~[]E, E any](s S, i int, v ...E) S { - tot := len(s) + len(v) - if tot <= cap(s) { - s2 := s[:tot] - copy(s2[i+len(v):], s[i:]) + m := len(v) + if m == 0 { + return s + } + n := len(s) + if i == n { + return append(s, v...) + } + if n+m > cap(s) { + // Use append rather than make so that we bump the size of + // the slice up to the next storage class. + // This is what Grow does but we don't call Grow because + // that might copy the values twice. + s2 := append(s[:i], make(S, n+m-i)...) copy(s2[i:], v) + copy(s2[i+m:], s[i:]) return s2 } - s2 := make(S, tot) - copy(s2, s[:i]) - copy(s2[i:], v) - copy(s2[i+len(v):], s[i:]) - return s2 + s = s[:n+m] + + // before: + // s: aaaaaaaabbbbccccccccdddd + // ^ ^ ^ ^ + // i i+m n n+m + // after: + // s: aaaaaaaavvvvbbbbcccccccc + // ^ ^ ^ ^ + // i i+m n n+m + // + // a are the values that don't move in s. + // v are the values copied in from v. + // b and c are the values from s that are shifted up in index. + // d are the values that get overwritten, never to be seen again. + + if !overlaps(v, s[i+m:]) { + // Easy case - v does not overlap either the c or d regions. + // (It might be in some of a or b, or elsewhere entirely.) + // The data we copy up doesn't write to v at all, so just do it. + + copy(s[i+m:], s[i:]) + + // Now we have + // s: aaaaaaaabbbbbbbbcccccccc + // ^ ^ ^ ^ + // i i+m n n+m + // Note the b values are duplicated. + + copy(s[i:], v) + + // Now we have + // s: aaaaaaaavvvvbbbbcccccccc + // ^ ^ ^ ^ + // i i+m n n+m + // That's the result we want. + return s + } + + // The hard case - v overlaps c or d. We can't just shift up + // the data because we'd move or clobber the values we're trying + // to insert. + // So instead, write v on top of d, then rotate. + copy(s[n:], v) + + // Now we have + // s: aaaaaaaabbbbccccccccvvvv + // ^ ^ ^ ^ + // i i+m n n+m + + rotateRight(s[i:], m) + + // Now we have + // s: aaaaaaaavvvvbbbbcccccccc + // ^ ^ ^ ^ + // i i+m n n+m + // That's the result we want. + return s } // Delete removes the elements s[i:j] from s, returning the modified slice. // Delete panics if s[i:j] is not a valid slice of s. -// Delete modifies the contents of the slice s; it does not create a new slice. -// Delete is O(len(s)-(j-i)), so if many items must be deleted, it is better to +// Delete is O(len(s)-j), so if many items must be deleted, it is better to // make a single call deleting them all together than to delete one at a time. +// Delete might not modify the elements s[len(s)-(j-i):len(s)]. If those +// elements contain pointers you might consider zeroing those elements so that +// objects they reference can be garbage collected. func Delete[S ~[]E, E any](s S, i, j int) S { + _ = s[i:j] // bounds check + return append(s[:i], s[j:]...) } +// DeleteFunc removes any elements from s for which del returns true, +// returning the modified slice. +// When DeleteFunc removes m elements, it might not modify the elements +// s[len(s)-m:len(s)]. If those elements contain pointers you might consider +// zeroing those elements so that objects they reference can be garbage +// collected. +func DeleteFunc[S ~[]E, E any](s S, del func(E) bool) S { + i := IndexFunc(s, del) + if i == -1 { + return s + } + // Don't start copying elements until we find one to delete. + for j := i + 1; j < len(s); j++ { + if v := s[j]; !del(v) { + s[i] = v + i++ + } + } + return s[:i] +} + +// Replace replaces the elements s[i:j] by the given v, and returns the +// modified slice. Replace panics if s[i:j] is not a valid slice of s. +func Replace[S ~[]E, E any](s S, i, j int, v ...E) S { + _ = s[i:j] // verify that i:j is a valid subslice + + if i == j { + return Insert(s, i, v...) + } + if j == len(s) { + return append(s[:i], v...) + } + + tot := len(s[:i]) + len(v) + len(s[j:]) + if tot > cap(s) { + // Too big to fit, allocate and copy over. + s2 := append(s[:i], make(S, tot-i)...) // See Insert + copy(s2[i:], v) + copy(s2[i+len(v):], s[j:]) + return s2 + } + + r := s[:tot] + + if i+len(v) <= j { + // Easy, as v fits in the deleted portion. + copy(r[i:], v) + if i+len(v) != j { + copy(r[i+len(v):], s[j:]) + } + return r + } + + // We are expanding (v is bigger than j-i). + // The situation is something like this: + // (example has i=4,j=8,len(s)=16,len(v)=6) + // s: aaaaxxxxbbbbbbbbyy + // ^ ^ ^ ^ + // i j len(s) tot + // a: prefix of s + // x: deleted range + // b: more of s + // y: area to expand into + + if !overlaps(r[i+len(v):], v) { + // Easy, as v is not clobbered by the first copy. + copy(r[i+len(v):], s[j:]) + copy(r[i:], v) + return r + } + + // This is a situation where we don't have a single place to which + // we can copy v. Parts of it need to go to two different places. + // We want to copy the prefix of v into y and the suffix into x, then + // rotate |y| spots to the right. + // + // v[2:] v[:2] + // | | + // s: aaaavvvvbbbbbbbbvv + // ^ ^ ^ ^ + // i j len(s) tot + // + // If either of those two destinations don't alias v, then we're good. + y := len(v) - (j - i) // length of y portion + + if !overlaps(r[i:j], v) { + copy(r[i:j], v[y:]) + copy(r[len(s):], v[:y]) + rotateRight(r[i:], y) + return r + } + if !overlaps(r[len(s):], v) { + copy(r[len(s):], v[:y]) + copy(r[i:j], v[y:]) + rotateRight(r[i:], y) + return r + } + + // Now we know that v overlaps both x and y. + // That means that the entirety of b is *inside* v. + // So we don't need to preserve b at all; instead we + // can copy v first, then copy the b part of v out of + // v to the right destination. + k := startIdx(v, s[j:]) + copy(r[i:], v) + copy(r[i+len(v):], r[i+k:]) + return r +} + // Clone returns a copy of the slice. // The elements are copied using assignment, so this is a shallow clone. func Clone[S ~[]E, E any](s S) S { @@ -169,35 +343,40 @@ func Clone[S ~[]E, E any](s S) S { // Compact replaces consecutive runs of equal elements with a single copy. // This is like the uniq command found on Unix. -// Compact modifies the contents of the slice s; it does not create a new slice. +// Compact modifies the contents of the slice s and returns the modified slice, +// which may have a smaller length. +// When Compact discards m elements in total, it might not modify the elements +// s[len(s)-m:len(s)]. If those elements contain pointers you might consider +// zeroing those elements so that objects they reference can be garbage collected. func Compact[S ~[]E, E comparable](s S) S { - if len(s) == 0 { + if len(s) < 2 { return s } i := 1 - last := s[0] - for _, v := range s[1:] { - if v != last { - s[i] = v + for k := 1; k < len(s); k++ { + if s[k] != s[k-1] { + if i != k { + s[i] = s[k] + } i++ - last = v } } return s[:i] } -// CompactFunc is like Compact but uses a comparison function. +// CompactFunc is like [Compact] but uses an equality function to compare elements. +// For runs of elements that compare equal, CompactFunc keeps the first one. func CompactFunc[S ~[]E, E any](s S, eq func(E, E) bool) S { - if len(s) == 0 { + if len(s) < 2 { return s } i := 1 - last := s[0] - for _, v := range s[1:] { - if !eq(v, last) { - s[i] = v + for k := 1; k < len(s); k++ { + if !eq(s[k], s[k-1]) { + if i != k { + s[i] = s[k] + } i++ - last = v } } return s[:i] @@ -205,14 +384,116 @@ func CompactFunc[S ~[]E, E any](s S, eq func(E, E) bool) S { // Grow increases the slice's capacity, if necessary, to guarantee space for // another n elements. After Grow(n), at least n elements can be appended -// to the slice without another allocation. Grow may modify elements of the -// slice between the length and the capacity. If n is negative or too large to +// to the slice without another allocation. If n is negative or too large to // allocate the memory, Grow panics. func Grow[S ~[]E, E any](s S, n int) S { - return append(s, make(S, n)...)[:len(s)] + if n < 0 { + panic("cannot be negative") + } + if n -= cap(s) - len(s); n > 0 { + // TODO(https://go.dev/issue/53888): Make using []E instead of S + // to workaround a compiler bug where the runtime.growslice optimization + // does not take effect. Revert when the compiler is fixed. + s = append([]E(s)[:cap(s)], make([]E, n)...)[:len(s)] + } + return s } // Clip removes unused capacity from the slice, returning s[:len(s):len(s)]. func Clip[S ~[]E, E any](s S) S { return s[:len(s):len(s)] } + +// Rotation algorithm explanation: +// +// rotate left by 2 +// start with +// 0123456789 +// split up like this +// 01 234567 89 +// swap first 2 and last 2 +// 89 234567 01 +// join first parts +// 89234567 01 +// recursively rotate first left part by 2 +// 23456789 01 +// join at the end +// 2345678901 +// +// rotate left by 8 +// start with +// 0123456789 +// split up like this +// 01 234567 89 +// swap first 2 and last 2 +// 89 234567 01 +// join last parts +// 89 23456701 +// recursively rotate second part left by 6 +// 89 01234567 +// join at the end +// 8901234567 + +// TODO: There are other rotate algorithms. +// This algorithm has the desirable property that it moves each element exactly twice. +// The triple-reverse algorithm is simpler and more cache friendly, but takes more writes. +// The follow-cycles algorithm can be 1-write but it is not very cache friendly. + +// rotateLeft rotates b left by n spaces. +// s_final[i] = s_orig[i+r], wrapping around. +func rotateLeft[E any](s []E, r int) { + for r != 0 && r != len(s) { + if r*2 <= len(s) { + swap(s[:r], s[len(s)-r:]) + s = s[:len(s)-r] + } else { + swap(s[:len(s)-r], s[r:]) + s, r = s[len(s)-r:], r*2-len(s) + } + } +} +func rotateRight[E any](s []E, r int) { + rotateLeft(s, len(s)-r) +} + +// swap swaps the contents of x and y. x and y must be equal length and disjoint. +func swap[E any](x, y []E) { + for i := 0; i < len(x); i++ { + x[i], y[i] = y[i], x[i] + } +} + +// overlaps reports whether the memory ranges a[0:len(a)] and b[0:len(b)] overlap. +func overlaps[E any](a, b []E) bool { + if len(a) == 0 || len(b) == 0 { + return false + } + elemSize := unsafe.Sizeof(a[0]) + if elemSize == 0 { + return false + } + // TODO: use a runtime/unsafe facility once one becomes available. See issue 12445. + // Also see crypto/internal/alias/alias.go:AnyOverlap + return uintptr(unsafe.Pointer(&a[0])) <= uintptr(unsafe.Pointer(&b[len(b)-1]))+(elemSize-1) && + uintptr(unsafe.Pointer(&b[0])) <= uintptr(unsafe.Pointer(&a[len(a)-1]))+(elemSize-1) +} + +// startIdx returns the index in haystack where the needle starts. +// prerequisite: the needle must be aliased entirely inside the haystack. +func startIdx[E any](haystack, needle []E) int { + p := &needle[0] + for i := range haystack { + if p == &haystack[i] { + return i + } + } + // TODO: what if the overlap is by a non-integral number of Es? + panic("needle not found") +} + +// Reverse reverses the elements of the slice in place. +func Reverse[S ~[]E, E any](s S) { + for i, j := 0, len(s)-1; i < j; i, j = i+1, j-1 { + s[i], s[j] = s[j], s[i] + } +} diff --git a/vendor/golang.org/x/exp/slices/sort.go b/vendor/golang.org/x/exp/slices/sort.go index c22e74bd102..b67897f76b5 100644 --- a/vendor/golang.org/x/exp/slices/sort.go +++ b/vendor/golang.org/x/exp/slices/sort.go @@ -2,6 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +//go:generate go run $GOROOT/src/sort/gen_sort_variants.go -exp + package slices import ( @@ -11,97 +13,157 @@ import ( ) // Sort sorts a slice of any ordered type in ascending order. -// Sort may fail to sort correctly when sorting slices of floating-point -// numbers containing Not-a-number (NaN) values. -// Use slices.SortFunc(x, func(a, b float64) bool {return a < b || (math.IsNaN(a) && !math.IsNaN(b))}) -// instead if the input may contain NaNs. -func Sort[E constraints.Ordered](x []E) { +// When sorting floating-point numbers, NaNs are ordered before other values. +func Sort[S ~[]E, E constraints.Ordered](x S) { n := len(x) pdqsortOrdered(x, 0, n, bits.Len(uint(n))) } -// SortFunc sorts the slice x in ascending order as determined by the less function. -// This sort is not guaranteed to be stable. +// SortFunc sorts the slice x in ascending order as determined by the cmp +// function. This sort is not guaranteed to be stable. +// cmp(a, b) should return a negative number when a < b, a positive number when +// a > b and zero when a == b. // -// SortFunc requires that less is a strict weak ordering. +// SortFunc requires that cmp is a strict weak ordering. // See https://en.wikipedia.org/wiki/Weak_ordering#Strict_weak_orderings. -func SortFunc[E any](x []E, less func(a, b E) bool) { +func SortFunc[S ~[]E, E any](x S, cmp func(a, b E) int) { n := len(x) - pdqsortLessFunc(x, 0, n, bits.Len(uint(n)), less) + pdqsortCmpFunc(x, 0, n, bits.Len(uint(n)), cmp) } -// SortStable sorts the slice x while keeping the original order of equal -// elements, using less to compare elements. -func SortStableFunc[E any](x []E, less func(a, b E) bool) { - stableLessFunc(x, len(x), less) +// SortStableFunc sorts the slice x while keeping the original order of equal +// elements, using cmp to compare elements in the same way as [SortFunc]. +func SortStableFunc[S ~[]E, E any](x S, cmp func(a, b E) int) { + stableCmpFunc(x, len(x), cmp) } // IsSorted reports whether x is sorted in ascending order. -func IsSorted[E constraints.Ordered](x []E) bool { +func IsSorted[S ~[]E, E constraints.Ordered](x S) bool { for i := len(x) - 1; i > 0; i-- { - if x[i] < x[i-1] { + if cmpLess(x[i], x[i-1]) { return false } } return true } -// IsSortedFunc reports whether x is sorted in ascending order, with less as the -// comparison function. -func IsSortedFunc[E any](x []E, less func(a, b E) bool) bool { +// IsSortedFunc reports whether x is sorted in ascending order, with cmp as the +// comparison function as defined by [SortFunc]. +func IsSortedFunc[S ~[]E, E any](x S, cmp func(a, b E) int) bool { for i := len(x) - 1; i > 0; i-- { - if less(x[i], x[i-1]) { + if cmp(x[i], x[i-1]) < 0 { return false } } return true } +// Min returns the minimal value in x. It panics if x is empty. +// For floating-point numbers, Min propagates NaNs (any NaN value in x +// forces the output to be NaN). +func Min[S ~[]E, E constraints.Ordered](x S) E { + if len(x) < 1 { + panic("slices.Min: empty list") + } + m := x[0] + for i := 1; i < len(x); i++ { + m = min(m, x[i]) + } + return m +} + +// MinFunc returns the minimal value in x, using cmp to compare elements. +// It panics if x is empty. If there is more than one minimal element +// according to the cmp function, MinFunc returns the first one. +func MinFunc[S ~[]E, E any](x S, cmp func(a, b E) int) E { + if len(x) < 1 { + panic("slices.MinFunc: empty list") + } + m := x[0] + for i := 1; i < len(x); i++ { + if cmp(x[i], m) < 0 { + m = x[i] + } + } + return m +} + +// Max returns the maximal value in x. It panics if x is empty. +// For floating-point E, Max propagates NaNs (any NaN value in x +// forces the output to be NaN). +func Max[S ~[]E, E constraints.Ordered](x S) E { + if len(x) < 1 { + panic("slices.Max: empty list") + } + m := x[0] + for i := 1; i < len(x); i++ { + m = max(m, x[i]) + } + return m +} + +// MaxFunc returns the maximal value in x, using cmp to compare elements. +// It panics if x is empty. If there is more than one maximal element +// according to the cmp function, MaxFunc returns the first one. +func MaxFunc[S ~[]E, E any](x S, cmp func(a, b E) int) E { + if len(x) < 1 { + panic("slices.MaxFunc: empty list") + } + m := x[0] + for i := 1; i < len(x); i++ { + if cmp(x[i], m) > 0 { + m = x[i] + } + } + return m +} + // BinarySearch searches for target in a sorted slice and returns the position // where target is found, or the position where target would appear in the // sort order; it also returns a bool saying whether the target is really found // in the slice. The slice must be sorted in increasing order. -func BinarySearch[E constraints.Ordered](x []E, target E) (int, bool) { - // search returns the leftmost position where f returns true, or len(x) if f - // returns false for all x. This is the insertion position for target in x, - // and could point to an element that's either == target or not. - pos := search(len(x), func(i int) bool { return x[i] >= target }) - if pos >= len(x) || x[pos] != target { - return pos, false - } else { - return pos, true - } -} - -// BinarySearchFunc works like BinarySearch, but uses a custom comparison -// function. The slice must be sorted in increasing order, where "increasing" is -// defined by cmp. cmp(a, b) is expected to return an integer comparing the two -// parameters: 0 if a == b, a negative number if a < b and a positive number if -// a > b. -func BinarySearchFunc[E any](x []E, target E, cmp func(E, E) int) (int, bool) { - pos := search(len(x), func(i int) bool { return cmp(x[i], target) >= 0 }) - if pos >= len(x) || cmp(x[pos], target) != 0 { - return pos, false - } else { - return pos, true +func BinarySearch[S ~[]E, E constraints.Ordered](x S, target E) (int, bool) { + // Inlining is faster than calling BinarySearchFunc with a lambda. + n := len(x) + // Define x[-1] < target and x[n] >= target. + // Invariant: x[i-1] < target, x[j] >= target. + i, j := 0, n + for i < j { + h := int(uint(i+j) >> 1) // avoid overflow when computing h + // i ≤ h < j + if cmpLess(x[h], target) { + i = h + 1 // preserves x[i-1] < target + } else { + j = h // preserves x[j] >= target + } } + // i == j, x[i-1] < target, and x[j] (= x[i]) >= target => answer is i. + return i, i < n && (x[i] == target || (isNaN(x[i]) && isNaN(target))) } -func search(n int, f func(int) bool) int { - // Define f(-1) == false and f(n) == true. - // Invariant: f(i-1) == false, f(j) == true. +// BinarySearchFunc works like [BinarySearch], but uses a custom comparison +// function. The slice must be sorted in increasing order, where "increasing" +// is defined by cmp. cmp should return 0 if the slice element matches +// the target, a negative number if the slice element precedes the target, +// or a positive number if the slice element follows the target. +// cmp must implement the same ordering as the slice, such that if +// cmp(a, t) < 0 and cmp(b, t) >= 0, then a must precede b in the slice. +func BinarySearchFunc[S ~[]E, E, T any](x S, target T, cmp func(E, T) int) (int, bool) { + n := len(x) + // Define cmp(x[-1], target) < 0 and cmp(x[n], target) >= 0 . + // Invariant: cmp(x[i - 1], target) < 0, cmp(x[j], target) >= 0. i, j := 0, n for i < j { h := int(uint(i+j) >> 1) // avoid overflow when computing h // i ≤ h < j - if !f(h) { - i = h + 1 // preserves f(i-1) == false + if cmp(x[h], target) < 0 { + i = h + 1 // preserves cmp(x[i - 1], target) < 0 } else { - j = h // preserves f(j) == true + j = h // preserves cmp(x[j], target) >= 0 } } - // i == j, f(i-1) == false, and f(j) (= f(i)) == true => answer is i. - return i + // i == j, cmp(x[i-1], target) < 0, and cmp(x[j], target) (= cmp(x[i], target)) >= 0 => answer is i. + return i, i < n && cmp(x[i], target) == 0 } type sortedHint int // hint for pdqsort when choosing the pivot @@ -125,3 +187,9 @@ func (r *xorshift) Next() uint64 { func nextPowerOfTwo(length int) uint { return 1 << bits.Len(uint(length)) } + +// isNaN reports whether x is a NaN without requiring the math package. +// This will always return false if T is not floating-point. +func isNaN[T constraints.Ordered](x T) bool { + return x != x +} diff --git a/vendor/golang.org/x/exp/slices/zsortfunc.go b/vendor/golang.org/x/exp/slices/zsortanyfunc.go similarity index 64% rename from vendor/golang.org/x/exp/slices/zsortfunc.go rename to vendor/golang.org/x/exp/slices/zsortanyfunc.go index 2a632476c50..06f2c7a2481 100644 --- a/vendor/golang.org/x/exp/slices/zsortfunc.go +++ b/vendor/golang.org/x/exp/slices/zsortanyfunc.go @@ -6,28 +6,28 @@ package slices -// insertionSortLessFunc sorts data[a:b] using insertion sort. -func insertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { +// insertionSortCmpFunc sorts data[a:b] using insertion sort. +func insertionSortCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) { for i := a + 1; i < b; i++ { - for j := i; j > a && less(data[j], data[j-1]); j-- { + for j := i; j > a && (cmp(data[j], data[j-1]) < 0); j-- { data[j], data[j-1] = data[j-1], data[j] } } } -// siftDownLessFunc implements the heap property on data[lo:hi]. +// siftDownCmpFunc implements the heap property on data[lo:hi]. // first is an offset into the array where the root of the heap lies. -func siftDownLessFunc[E any](data []E, lo, hi, first int, less func(a, b E) bool) { +func siftDownCmpFunc[E any](data []E, lo, hi, first int, cmp func(a, b E) int) { root := lo for { child := 2*root + 1 if child >= hi { break } - if child+1 < hi && less(data[first+child], data[first+child+1]) { + if child+1 < hi && (cmp(data[first+child], data[first+child+1]) < 0) { child++ } - if !less(data[first+root], data[first+child]) { + if !(cmp(data[first+root], data[first+child]) < 0) { return } data[first+root], data[first+child] = data[first+child], data[first+root] @@ -35,30 +35,30 @@ func siftDownLessFunc[E any](data []E, lo, hi, first int, less func(a, b E) bool } } -func heapSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { +func heapSortCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) { first := a lo := 0 hi := b - a // Build heap with greatest element at top. for i := (hi - 1) / 2; i >= 0; i-- { - siftDownLessFunc(data, i, hi, first, less) + siftDownCmpFunc(data, i, hi, first, cmp) } // Pop elements, largest first, into end of data. for i := hi - 1; i >= 0; i-- { data[first], data[first+i] = data[first+i], data[first] - siftDownLessFunc(data, lo, i, first, less) + siftDownCmpFunc(data, lo, i, first, cmp) } } -// pdqsortLessFunc sorts data[a:b]. +// pdqsortCmpFunc sorts data[a:b]. // The algorithm based on pattern-defeating quicksort(pdqsort), but without the optimizations from BlockQuicksort. // pdqsort paper: https://arxiv.org/pdf/2106.05123.pdf // C++ implementation: https://github.com/orlp/pdqsort // Rust implementation: https://docs.rs/pdqsort/latest/pdqsort/ // limit is the number of allowed bad (very unbalanced) pivots before falling back to heapsort. -func pdqsortLessFunc[E any](data []E, a, b, limit int, less func(a, b E) bool) { +func pdqsortCmpFunc[E any](data []E, a, b, limit int, cmp func(a, b E) int) { const maxInsertion = 12 var ( @@ -70,25 +70,25 @@ func pdqsortLessFunc[E any](data []E, a, b, limit int, less func(a, b E) bool) { length := b - a if length <= maxInsertion { - insertionSortLessFunc(data, a, b, less) + insertionSortCmpFunc(data, a, b, cmp) return } // Fall back to heapsort if too many bad choices were made. if limit == 0 { - heapSortLessFunc(data, a, b, less) + heapSortCmpFunc(data, a, b, cmp) return } // If the last partitioning was imbalanced, we need to breaking patterns. if !wasBalanced { - breakPatternsLessFunc(data, a, b, less) + breakPatternsCmpFunc(data, a, b, cmp) limit-- } - pivot, hint := choosePivotLessFunc(data, a, b, less) + pivot, hint := choosePivotCmpFunc(data, a, b, cmp) if hint == decreasingHint { - reverseRangeLessFunc(data, a, b, less) + reverseRangeCmpFunc(data, a, b, cmp) // The chosen pivot was pivot-a elements after the start of the array. // After reversing it is pivot-a elements before the end of the array. // The idea came from Rust's implementation. @@ -98,48 +98,48 @@ func pdqsortLessFunc[E any](data []E, a, b, limit int, less func(a, b E) bool) { // The slice is likely already sorted. if wasBalanced && wasPartitioned && hint == increasingHint { - if partialInsertionSortLessFunc(data, a, b, less) { + if partialInsertionSortCmpFunc(data, a, b, cmp) { return } } // Probably the slice contains many duplicate elements, partition the slice into // elements equal to and elements greater than the pivot. - if a > 0 && !less(data[a-1], data[pivot]) { - mid := partitionEqualLessFunc(data, a, b, pivot, less) + if a > 0 && !(cmp(data[a-1], data[pivot]) < 0) { + mid := partitionEqualCmpFunc(data, a, b, pivot, cmp) a = mid continue } - mid, alreadyPartitioned := partitionLessFunc(data, a, b, pivot, less) + mid, alreadyPartitioned := partitionCmpFunc(data, a, b, pivot, cmp) wasPartitioned = alreadyPartitioned leftLen, rightLen := mid-a, b-mid balanceThreshold := length / 8 if leftLen < rightLen { wasBalanced = leftLen >= balanceThreshold - pdqsortLessFunc(data, a, mid, limit, less) + pdqsortCmpFunc(data, a, mid, limit, cmp) a = mid + 1 } else { wasBalanced = rightLen >= balanceThreshold - pdqsortLessFunc(data, mid+1, b, limit, less) + pdqsortCmpFunc(data, mid+1, b, limit, cmp) b = mid } } } -// partitionLessFunc does one quicksort partition. +// partitionCmpFunc does one quicksort partition. // Let p = data[pivot] // Moves elements in data[a:b] around, so that data[i]

=p for inewpivot. // On return, data[newpivot] = p -func partitionLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) (newpivot int, alreadyPartitioned bool) { +func partitionCmpFunc[E any](data []E, a, b, pivot int, cmp func(a, b E) int) (newpivot int, alreadyPartitioned bool) { data[a], data[pivot] = data[pivot], data[a] i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned - for i <= j && less(data[i], data[a]) { + for i <= j && (cmp(data[i], data[a]) < 0) { i++ } - for i <= j && !less(data[j], data[a]) { + for i <= j && !(cmp(data[j], data[a]) < 0) { j-- } if i > j { @@ -151,10 +151,10 @@ func partitionLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) j-- for { - for i <= j && less(data[i], data[a]) { + for i <= j && (cmp(data[i], data[a]) < 0) { i++ } - for i <= j && !less(data[j], data[a]) { + for i <= j && !(cmp(data[j], data[a]) < 0) { j-- } if i > j { @@ -168,17 +168,17 @@ func partitionLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) return j, false } -// partitionEqualLessFunc partitions data[a:b] into elements equal to data[pivot] followed by elements greater than data[pivot]. +// partitionEqualCmpFunc partitions data[a:b] into elements equal to data[pivot] followed by elements greater than data[pivot]. // It assumed that data[a:b] does not contain elements smaller than the data[pivot]. -func partitionEqualLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) (newpivot int) { +func partitionEqualCmpFunc[E any](data []E, a, b, pivot int, cmp func(a, b E) int) (newpivot int) { data[a], data[pivot] = data[pivot], data[a] i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned for { - for i <= j && !less(data[a], data[i]) { + for i <= j && !(cmp(data[a], data[i]) < 0) { i++ } - for i <= j && less(data[a], data[j]) { + for i <= j && (cmp(data[a], data[j]) < 0) { j-- } if i > j { @@ -191,15 +191,15 @@ func partitionEqualLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) return i } -// partialInsertionSortLessFunc partially sorts a slice, returns true if the slice is sorted at the end. -func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) bool { +// partialInsertionSortCmpFunc partially sorts a slice, returns true if the slice is sorted at the end. +func partialInsertionSortCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) bool { const ( maxSteps = 5 // maximum number of adjacent out-of-order pairs that will get shifted shortestShifting = 50 // don't shift any elements on short arrays ) i := a + 1 for j := 0; j < maxSteps; j++ { - for i < b && !less(data[i], data[i-1]) { + for i < b && !(cmp(data[i], data[i-1]) < 0) { i++ } @@ -216,7 +216,7 @@ func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) b // Shift the smaller one to the left. if i-a >= 2 { for j := i - 1; j >= 1; j-- { - if !less(data[j], data[j-1]) { + if !(cmp(data[j], data[j-1]) < 0) { break } data[j], data[j-1] = data[j-1], data[j] @@ -225,7 +225,7 @@ func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) b // Shift the greater one to the right. if b-i >= 2 { for j := i + 1; j < b; j++ { - if !less(data[j], data[j-1]) { + if !(cmp(data[j], data[j-1]) < 0) { break } data[j], data[j-1] = data[j-1], data[j] @@ -235,9 +235,9 @@ func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) b return false } -// breakPatternsLessFunc scatters some elements around in an attempt to break some patterns +// breakPatternsCmpFunc scatters some elements around in an attempt to break some patterns // that might cause imbalanced partitions in quicksort. -func breakPatternsLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { +func breakPatternsCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) { length := b - a if length >= 8 { random := xorshift(length) @@ -253,12 +253,12 @@ func breakPatternsLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { } } -// choosePivotLessFunc chooses a pivot in data[a:b]. +// choosePivotCmpFunc chooses a pivot in data[a:b]. // // [0,8): chooses a static pivot. // [8,shortestNinther): uses the simple median-of-three method. // [shortestNinther,∞): uses the Tukey ninther method. -func choosePivotLessFunc[E any](data []E, a, b int, less func(a, b E) bool) (pivot int, hint sortedHint) { +func choosePivotCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) (pivot int, hint sortedHint) { const ( shortestNinther = 50 maxSwaps = 4 * 3 @@ -276,12 +276,12 @@ func choosePivotLessFunc[E any](data []E, a, b int, less func(a, b E) bool) (piv if l >= 8 { if l >= shortestNinther { // Tukey ninther method, the idea came from Rust's implementation. - i = medianAdjacentLessFunc(data, i, &swaps, less) - j = medianAdjacentLessFunc(data, j, &swaps, less) - k = medianAdjacentLessFunc(data, k, &swaps, less) + i = medianAdjacentCmpFunc(data, i, &swaps, cmp) + j = medianAdjacentCmpFunc(data, j, &swaps, cmp) + k = medianAdjacentCmpFunc(data, k, &swaps, cmp) } // Find the median among i, j, k and stores it into j. - j = medianLessFunc(data, i, j, k, &swaps, less) + j = medianCmpFunc(data, i, j, k, &swaps, cmp) } switch swaps { @@ -294,29 +294,29 @@ func choosePivotLessFunc[E any](data []E, a, b int, less func(a, b E) bool) (piv } } -// order2LessFunc returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a. -func order2LessFunc[E any](data []E, a, b int, swaps *int, less func(a, b E) bool) (int, int) { - if less(data[b], data[a]) { +// order2CmpFunc returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a. +func order2CmpFunc[E any](data []E, a, b int, swaps *int, cmp func(a, b E) int) (int, int) { + if cmp(data[b], data[a]) < 0 { *swaps++ return b, a } return a, b } -// medianLessFunc returns x where data[x] is the median of data[a],data[b],data[c], where x is a, b, or c. -func medianLessFunc[E any](data []E, a, b, c int, swaps *int, less func(a, b E) bool) int { - a, b = order2LessFunc(data, a, b, swaps, less) - b, c = order2LessFunc(data, b, c, swaps, less) - a, b = order2LessFunc(data, a, b, swaps, less) +// medianCmpFunc returns x where data[x] is the median of data[a],data[b],data[c], where x is a, b, or c. +func medianCmpFunc[E any](data []E, a, b, c int, swaps *int, cmp func(a, b E) int) int { + a, b = order2CmpFunc(data, a, b, swaps, cmp) + b, c = order2CmpFunc(data, b, c, swaps, cmp) + a, b = order2CmpFunc(data, a, b, swaps, cmp) return b } -// medianAdjacentLessFunc finds the median of data[a - 1], data[a], data[a + 1] and stores the index into a. -func medianAdjacentLessFunc[E any](data []E, a int, swaps *int, less func(a, b E) bool) int { - return medianLessFunc(data, a-1, a, a+1, swaps, less) +// medianAdjacentCmpFunc finds the median of data[a - 1], data[a], data[a + 1] and stores the index into a. +func medianAdjacentCmpFunc[E any](data []E, a int, swaps *int, cmp func(a, b E) int) int { + return medianCmpFunc(data, a-1, a, a+1, swaps, cmp) } -func reverseRangeLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { +func reverseRangeCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) { i := a j := b - 1 for i < j { @@ -326,37 +326,37 @@ func reverseRangeLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { } } -func swapRangeLessFunc[E any](data []E, a, b, n int, less func(a, b E) bool) { +func swapRangeCmpFunc[E any](data []E, a, b, n int, cmp func(a, b E) int) { for i := 0; i < n; i++ { data[a+i], data[b+i] = data[b+i], data[a+i] } } -func stableLessFunc[E any](data []E, n int, less func(a, b E) bool) { +func stableCmpFunc[E any](data []E, n int, cmp func(a, b E) int) { blockSize := 20 // must be > 0 a, b := 0, blockSize for b <= n { - insertionSortLessFunc(data, a, b, less) + insertionSortCmpFunc(data, a, b, cmp) a = b b += blockSize } - insertionSortLessFunc(data, a, n, less) + insertionSortCmpFunc(data, a, n, cmp) for blockSize < n { a, b = 0, 2*blockSize for b <= n { - symMergeLessFunc(data, a, a+blockSize, b, less) + symMergeCmpFunc(data, a, a+blockSize, b, cmp) a = b b += 2 * blockSize } if m := a + blockSize; m < n { - symMergeLessFunc(data, a, m, n, less) + symMergeCmpFunc(data, a, m, n, cmp) } blockSize *= 2 } } -// symMergeLessFunc merges the two sorted subsequences data[a:m] and data[m:b] using +// symMergeCmpFunc merges the two sorted subsequences data[a:m] and data[m:b] using // the SymMerge algorithm from Pok-Son Kim and Arne Kutzner, "Stable Minimum // Storage Merging by Symmetric Comparisons", in Susanne Albers and Tomasz // Radzik, editors, Algorithms - ESA 2004, volume 3221 of Lecture Notes in @@ -375,7 +375,7 @@ func stableLessFunc[E any](data []E, n int, less func(a, b E) bool) { // symMerge assumes non-degenerate arguments: a < m && m < b. // Having the caller check this condition eliminates many leaf recursion calls, // which improves performance. -func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { +func symMergeCmpFunc[E any](data []E, a, m, b int, cmp func(a, b E) int) { // Avoid unnecessary recursions of symMerge // by direct insertion of data[a] into data[m:b] // if data[a:m] only contains one element. @@ -387,7 +387,7 @@ func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { j := b for i < j { h := int(uint(i+j) >> 1) - if less(data[h], data[a]) { + if cmp(data[h], data[a]) < 0 { i = h + 1 } else { j = h @@ -411,7 +411,7 @@ func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { j := m for i < j { h := int(uint(i+j) >> 1) - if !less(data[m], data[h]) { + if !(cmp(data[m], data[h]) < 0) { i = h + 1 } else { j = h @@ -438,7 +438,7 @@ func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { for start < r { c := int(uint(start+r) >> 1) - if !less(data[p-c], data[c]) { + if !(cmp(data[p-c], data[c]) < 0) { start = c + 1 } else { r = c @@ -447,33 +447,33 @@ func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { end := n - start if start < m && m < end { - rotateLessFunc(data, start, m, end, less) + rotateCmpFunc(data, start, m, end, cmp) } if a < start && start < mid { - symMergeLessFunc(data, a, start, mid, less) + symMergeCmpFunc(data, a, start, mid, cmp) } if mid < end && end < b { - symMergeLessFunc(data, mid, end, b, less) + symMergeCmpFunc(data, mid, end, b, cmp) } } -// rotateLessFunc rotates two consecutive blocks u = data[a:m] and v = data[m:b] in data: +// rotateCmpFunc rotates two consecutive blocks u = data[a:m] and v = data[m:b] in data: // Data of the form 'x u v y' is changed to 'x v u y'. // rotate performs at most b-a many calls to data.Swap, // and it assumes non-degenerate arguments: a < m && m < b. -func rotateLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { +func rotateCmpFunc[E any](data []E, a, m, b int, cmp func(a, b E) int) { i := m - a j := b - m for i != j { if i > j { - swapRangeLessFunc(data, m-i, m, j, less) + swapRangeCmpFunc(data, m-i, m, j, cmp) i -= j } else { - swapRangeLessFunc(data, m-i, m+j-i, i, less) + swapRangeCmpFunc(data, m-i, m+j-i, i, cmp) j -= i } } // i == j - swapRangeLessFunc(data, m-i, m, i, less) + swapRangeCmpFunc(data, m-i, m, i, cmp) } diff --git a/vendor/golang.org/x/exp/slices/zsortordered.go b/vendor/golang.org/x/exp/slices/zsortordered.go index efaa1c8b714..99b47c3986a 100644 --- a/vendor/golang.org/x/exp/slices/zsortordered.go +++ b/vendor/golang.org/x/exp/slices/zsortordered.go @@ -11,7 +11,7 @@ import "golang.org/x/exp/constraints" // insertionSortOrdered sorts data[a:b] using insertion sort. func insertionSortOrdered[E constraints.Ordered](data []E, a, b int) { for i := a + 1; i < b; i++ { - for j := i; j > a && (data[j] < data[j-1]); j-- { + for j := i; j > a && cmpLess(data[j], data[j-1]); j-- { data[j], data[j-1] = data[j-1], data[j] } } @@ -26,10 +26,10 @@ func siftDownOrdered[E constraints.Ordered](data []E, lo, hi, first int) { if child >= hi { break } - if child+1 < hi && (data[first+child] < data[first+child+1]) { + if child+1 < hi && cmpLess(data[first+child], data[first+child+1]) { child++ } - if !(data[first+root] < data[first+child]) { + if !cmpLess(data[first+root], data[first+child]) { return } data[first+root], data[first+child] = data[first+child], data[first+root] @@ -107,7 +107,7 @@ func pdqsortOrdered[E constraints.Ordered](data []E, a, b, limit int) { // Probably the slice contains many duplicate elements, partition the slice into // elements equal to and elements greater than the pivot. - if a > 0 && !(data[a-1] < data[pivot]) { + if a > 0 && !cmpLess(data[a-1], data[pivot]) { mid := partitionEqualOrdered(data, a, b, pivot) a = mid continue @@ -138,10 +138,10 @@ func partitionOrdered[E constraints.Ordered](data []E, a, b, pivot int) (newpivo data[a], data[pivot] = data[pivot], data[a] i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned - for i <= j && (data[i] < data[a]) { + for i <= j && cmpLess(data[i], data[a]) { i++ } - for i <= j && !(data[j] < data[a]) { + for i <= j && !cmpLess(data[j], data[a]) { j-- } if i > j { @@ -153,10 +153,10 @@ func partitionOrdered[E constraints.Ordered](data []E, a, b, pivot int) (newpivo j-- for { - for i <= j && (data[i] < data[a]) { + for i <= j && cmpLess(data[i], data[a]) { i++ } - for i <= j && !(data[j] < data[a]) { + for i <= j && !cmpLess(data[j], data[a]) { j-- } if i > j { @@ -177,10 +177,10 @@ func partitionEqualOrdered[E constraints.Ordered](data []E, a, b, pivot int) (ne i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned for { - for i <= j && !(data[a] < data[i]) { + for i <= j && !cmpLess(data[a], data[i]) { i++ } - for i <= j && (data[a] < data[j]) { + for i <= j && cmpLess(data[a], data[j]) { j-- } if i > j { @@ -201,7 +201,7 @@ func partialInsertionSortOrdered[E constraints.Ordered](data []E, a, b int) bool ) i := a + 1 for j := 0; j < maxSteps; j++ { - for i < b && !(data[i] < data[i-1]) { + for i < b && !cmpLess(data[i], data[i-1]) { i++ } @@ -218,7 +218,7 @@ func partialInsertionSortOrdered[E constraints.Ordered](data []E, a, b int) bool // Shift the smaller one to the left. if i-a >= 2 { for j := i - 1; j >= 1; j-- { - if !(data[j] < data[j-1]) { + if !cmpLess(data[j], data[j-1]) { break } data[j], data[j-1] = data[j-1], data[j] @@ -227,7 +227,7 @@ func partialInsertionSortOrdered[E constraints.Ordered](data []E, a, b int) bool // Shift the greater one to the right. if b-i >= 2 { for j := i + 1; j < b; j++ { - if !(data[j] < data[j-1]) { + if !cmpLess(data[j], data[j-1]) { break } data[j], data[j-1] = data[j-1], data[j] @@ -298,7 +298,7 @@ func choosePivotOrdered[E constraints.Ordered](data []E, a, b int) (pivot int, h // order2Ordered returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a. func order2Ordered[E constraints.Ordered](data []E, a, b int, swaps *int) (int, int) { - if data[b] < data[a] { + if cmpLess(data[b], data[a]) { *swaps++ return b, a } @@ -389,7 +389,7 @@ func symMergeOrdered[E constraints.Ordered](data []E, a, m, b int) { j := b for i < j { h := int(uint(i+j) >> 1) - if data[h] < data[a] { + if cmpLess(data[h], data[a]) { i = h + 1 } else { j = h @@ -413,7 +413,7 @@ func symMergeOrdered[E constraints.Ordered](data []E, a, m, b int) { j := m for i < j { h := int(uint(i+j) >> 1) - if !(data[m] < data[h]) { + if !cmpLess(data[m], data[h]) { i = h + 1 } else { j = h @@ -440,7 +440,7 @@ func symMergeOrdered[E constraints.Ordered](data []E, a, m, b int) { for start < r { c := int(uint(start+r) >> 1) - if !(data[p-c] < data[c]) { + if !cmpLess(data[p-c], data[c]) { start = c + 1 } else { r = c diff --git a/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go b/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go index 2681af35af1..150f887e7a4 100644 --- a/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go +++ b/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go @@ -13,7 +13,7 @@ import ( "sync" ) -// Regexp is a wrapper around regexp.Regexp, where the underlying regexp will be +// Regexp is a wrapper around [regexp.Regexp], where the underlying regexp will be // compiled the first time it is needed. type Regexp struct { str string diff --git a/vendor/golang.org/x/mod/modfile/print.go b/vendor/golang.org/x/mod/modfile/print.go index 524f93022ac..2a0123d4b91 100644 --- a/vendor/golang.org/x/mod/modfile/print.go +++ b/vendor/golang.org/x/mod/modfile/print.go @@ -16,7 +16,13 @@ import ( func Format(f *FileSyntax) []byte { pr := &printer{} pr.file(f) - return pr.Bytes() + + // remove trailing blank lines + b := pr.Bytes() + for len(b) > 0 && b[len(b)-1] == '\n' && (len(b) == 1 || b[len(b)-2] == '\n') { + b = b[:len(b)-1] + } + return b } // A printer collects the state during printing of a file or expression. @@ -59,7 +65,11 @@ func (p *printer) newline() { } p.trim() - p.printf("\n") + if b := p.Bytes(); len(b) == 0 || (len(b) >= 2 && b[len(b)-1] == '\n' && b[len(b)-2] == '\n') { + // skip the blank line at top of file or after a blank line + } else { + p.printf("\n") + } for i := 0; i < p.margin; i++ { p.printf("\t") } diff --git a/vendor/golang.org/x/mod/modfile/read.go b/vendor/golang.org/x/mod/modfile/read.go index a503bc2105d..5b5bb5e115b 100644 --- a/vendor/golang.org/x/mod/modfile/read.go +++ b/vendor/golang.org/x/mod/modfile/read.go @@ -65,7 +65,7 @@ type Comments struct { } // Comment returns the receiver. This isn't useful by itself, but -// a Comments struct is embedded into all the expression +// a [Comments] struct is embedded into all the expression // implementation types, and this gives each of those a Comment // method to satisfy the Expr interface. func (c *Comments) Comment() *Comments { diff --git a/vendor/golang.org/x/mod/modfile/rule.go b/vendor/golang.org/x/mod/modfile/rule.go index 6bcde8fabe3..e0869fa3868 100644 --- a/vendor/golang.org/x/mod/modfile/rule.go +++ b/vendor/golang.org/x/mod/modfile/rule.go @@ -5,17 +5,17 @@ // Package modfile implements a parser and formatter for go.mod files. // // The go.mod syntax is described in -// https://golang.org/cmd/go/#hdr-The_go_mod_file. +// https://pkg.go.dev/cmd/go/#hdr-The_go_mod_file. // -// The Parse and ParseLax functions both parse a go.mod file and return an +// The [Parse] and [ParseLax] functions both parse a go.mod file and return an // abstract syntax tree. ParseLax ignores unknown statements and may be used to // parse go.mod files that may have been developed with newer versions of Go. // -// The File struct returned by Parse and ParseLax represent an abstract -// go.mod file. File has several methods like AddNewRequire and DropReplace -// that can be used to programmatically edit a file. +// The [File] struct returned by Parse and ParseLax represent an abstract +// go.mod file. File has several methods like [File.AddNewRequire] and +// [File.DropReplace] that can be used to programmatically edit a file. // -// The Format function formats a File back to a byte slice which can be +// The [Format] function formats a File back to a byte slice which can be // written to a file. package modfile @@ -35,12 +35,13 @@ import ( // A File is the parsed, interpreted form of a go.mod file. type File struct { - Module *Module - Go *Go - Require []*Require - Exclude []*Exclude - Replace []*Replace - Retract []*Retract + Module *Module + Go *Go + Toolchain *Toolchain + Require []*Require + Exclude []*Exclude + Replace []*Replace + Retract []*Retract Syntax *FileSyntax } @@ -58,6 +59,12 @@ type Go struct { Syntax *Line } +// A Toolchain is the toolchain statement. +type Toolchain struct { + Name string // "go1.21rc1" + Syntax *Line +} + // An Exclude is a single exclude statement. type Exclude struct { Mod module.Version @@ -219,7 +226,7 @@ var dontFixRetract VersionFixer = func(_, vers string) (string, error) { // data is the content of the file. // // fix is an optional function that canonicalizes module versions. -// If fix is nil, all module versions must be canonical (module.CanonicalVersion +// If fix is nil, all module versions must be canonical ([module.CanonicalVersion] // must return the same string). func Parse(file string, data []byte, fix VersionFixer) (*File, error) { return parseToFile(file, data, fix, true) @@ -296,9 +303,13 @@ func parseToFile(file string, data []byte, fix VersionFixer, strict bool) (parse return f, nil } -var GoVersionRE = lazyregexp.New(`^([1-9][0-9]*)\.(0|[1-9][0-9]*)$`) +var GoVersionRE = lazyregexp.New(`^([1-9][0-9]*)\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))?([a-z]+[0-9]+)?$`) var laxGoVersionRE = lazyregexp.New(`^v?(([1-9][0-9]*)\.(0|[1-9][0-9]*))([^0-9].*)$`) +// Toolchains must be named beginning with `go1`, +// like "go1.20.3" or "go1.20.3-gccgo". As a special case, "default" is also permitted. +var ToolchainRE = lazyregexp.New(`^default$|^go1($|\.)`) + func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, args []string, fix VersionFixer, strict bool) { // If strict is false, this module is a dependency. // We ignore all unknown directives as well as main-module-only @@ -356,7 +367,7 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a } } if !fixed { - errorf("invalid go version '%s': must match format 1.23", args[0]) + errorf("invalid go version '%s': must match format 1.23.0", args[0]) return } } @@ -364,6 +375,21 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a f.Go = &Go{Syntax: line} f.Go.Version = args[0] + case "toolchain": + if f.Toolchain != nil { + errorf("repeated toolchain statement") + return + } + if len(args) != 1 { + errorf("toolchain directive expects exactly one argument") + return + } else if strict && !ToolchainRE.MatchString(args[0]) { + errorf("invalid toolchain version '%s': must match format go1.23.0 or local", args[0]) + return + } + f.Toolchain = &Toolchain{Syntax: line} + f.Toolchain.Name = args[0] + case "module": if f.Module != nil { errorf("repeated module statement") @@ -612,6 +638,22 @@ func (f *WorkFile) add(errs *ErrorList, line *Line, verb string, args []string, f.Go = &Go{Syntax: line} f.Go.Version = args[0] + case "toolchain": + if f.Toolchain != nil { + errorf("repeated toolchain statement") + return + } + if len(args) != 1 { + errorf("toolchain directive expects exactly one argument") + return + } else if !ToolchainRE.MatchString(args[0]) { + errorf("invalid toolchain version '%s': must match format go1.23 or local", args[0]) + return + } + + f.Toolchain = &Toolchain{Syntax: line} + f.Toolchain.Name = args[0] + case "use": if len(args) != 1 { errorf("usage: %s local/dir", verb) @@ -881,7 +923,7 @@ func (f *File) Format() ([]byte, error) { } // Cleanup cleans up the file f after any edit operations. -// To avoid quadratic behavior, modifications like DropRequire +// To avoid quadratic behavior, modifications like [File.DropRequire] // clear the entry but do not remove it from the slice. // Cleanup cleans out all the cleared entries. func (f *File) Cleanup() { @@ -926,7 +968,7 @@ func (f *File) Cleanup() { func (f *File) AddGoStmt(version string) error { if !GoVersionRE.MatchString(version) { - return fmt.Errorf("invalid language version string %q", version) + return fmt.Errorf("invalid language version %q", version) } if f.Go == nil { var hint Expr @@ -944,6 +986,44 @@ func (f *File) AddGoStmt(version string) error { return nil } +// DropGoStmt deletes the go statement from the file. +func (f *File) DropGoStmt() { + if f.Go != nil { + f.Go.Syntax.markRemoved() + f.Go = nil + } +} + +// DropToolchainStmt deletes the toolchain statement from the file. +func (f *File) DropToolchainStmt() { + if f.Toolchain != nil { + f.Toolchain.Syntax.markRemoved() + f.Toolchain = nil + } +} + +func (f *File) AddToolchainStmt(name string) error { + if !ToolchainRE.MatchString(name) { + return fmt.Errorf("invalid toolchain name %q", name) + } + if f.Toolchain == nil { + var hint Expr + if f.Go != nil && f.Go.Syntax != nil { + hint = f.Go.Syntax + } else if f.Module != nil && f.Module.Syntax != nil { + hint = f.Module.Syntax + } + f.Toolchain = &Toolchain{ + Name: name, + Syntax: f.Syntax.addLine(hint, "toolchain", name), + } + } else { + f.Toolchain.Name = name + f.Syntax.updateLine(f.Toolchain.Syntax, "toolchain", name) + } + return nil +} + // AddRequire sets the first require line for path to version vers, // preserving any existing comments for that line and removing all // other lines for path. @@ -995,8 +1075,8 @@ func (f *File) AddNewRequire(path, vers string, indirect bool) { // The requirements in req must specify at most one distinct version for each // module path. // -// If any existing requirements may be removed, the caller should call Cleanup -// after all edits are complete. +// If any existing requirements may be removed, the caller should call +// [File.Cleanup] after all edits are complete. func (f *File) SetRequire(req []*Require) { type elem struct { version string @@ -1387,13 +1467,21 @@ func (f *File) DropRetract(vi VersionInterval) error { func (f *File) SortBlocks() { f.removeDups() // otherwise sorting is unsafe + // semanticSortForExcludeVersionV is the Go version (plus leading "v") at which + // lines in exclude blocks start to use semantic sort instead of lexicographic sort. + // See go.dev/issue/60028. + const semanticSortForExcludeVersionV = "v1.21" + useSemanticSortForExclude := f.Go != nil && semver.Compare("v"+f.Go.Version, semanticSortForExcludeVersionV) >= 0 + for _, stmt := range f.Syntax.Stmt { block, ok := stmt.(*LineBlock) if !ok { continue } less := lineLess - if block.Token[0] == "retract" { + if block.Token[0] == "exclude" && useSemanticSortForExclude { + less = lineExcludeLess + } else if block.Token[0] == "retract" { less = lineRetractLess } sort.SliceStable(block.Line, func(i, j int) bool { @@ -1496,6 +1584,22 @@ func lineLess(li, lj *Line) bool { return len(li.Token) < len(lj.Token) } +// lineExcludeLess reports whether li should be sorted before lj for lines in +// an "exclude" block. +func lineExcludeLess(li, lj *Line) bool { + if len(li.Token) != 2 || len(lj.Token) != 2 { + // Not a known exclude specification. + // Fall back to sorting lexicographically. + return lineLess(li, lj) + } + // An exclude specification has two tokens: ModulePath and Version. + // Compare module path by string order and version by semver rules. + if pi, pj := li.Token[0], lj.Token[0]; pi != pj { + return pi < pj + } + return semver.Compare(li.Token[1], lj.Token[1]) < 0 +} + // lineRetractLess returns whether li should be sorted before lj for lines in // a "retract" block. It treats each line as a version interval. Single versions // are compared as if they were intervals with the same low and high version. diff --git a/vendor/golang.org/x/mod/modfile/work.go b/vendor/golang.org/x/mod/modfile/work.go index 0c0e521525a..d7b99376ebe 100644 --- a/vendor/golang.org/x/mod/modfile/work.go +++ b/vendor/golang.org/x/mod/modfile/work.go @@ -12,9 +12,10 @@ import ( // A WorkFile is the parsed, interpreted form of a go.work file. type WorkFile struct { - Go *Go - Use []*Use - Replace []*Replace + Go *Go + Toolchain *Toolchain + Use []*Use + Replace []*Replace Syntax *FileSyntax } @@ -33,7 +34,7 @@ type Use struct { // data is the content of the file. // // fix is an optional function that canonicalizes module versions. -// If fix is nil, all module versions must be canonical (module.CanonicalVersion +// If fix is nil, all module versions must be canonical ([module.CanonicalVersion] // must return the same string). func ParseWork(file string, data []byte, fix VersionFixer) (*WorkFile, error) { fs, err := parse(file, data) @@ -82,7 +83,7 @@ func ParseWork(file string, data []byte, fix VersionFixer) (*WorkFile, error) { } // Cleanup cleans up the file f after any edit operations. -// To avoid quadratic behavior, modifications like DropRequire +// To avoid quadratic behavior, modifications like [WorkFile.DropRequire] // clear the entry but do not remove it from the slice. // Cleanup cleans out all the cleared entries. func (f *WorkFile) Cleanup() { @@ -109,7 +110,7 @@ func (f *WorkFile) Cleanup() { func (f *WorkFile) AddGoStmt(version string) error { if !GoVersionRE.MatchString(version) { - return fmt.Errorf("invalid language version string %q", version) + return fmt.Errorf("invalid language version %q", version) } if f.Go == nil { stmt := &Line{Token: []string{"go", version}} @@ -117,7 +118,7 @@ func (f *WorkFile) AddGoStmt(version string) error { Version: version, Syntax: stmt, } - // Find the first non-comment-only block that's and add + // Find the first non-comment-only block and add // the go statement before it. That will keep file comments at the top. i := 0 for i = 0; i < len(f.Syntax.Stmt); i++ { @@ -133,6 +134,56 @@ func (f *WorkFile) AddGoStmt(version string) error { return nil } +func (f *WorkFile) AddToolchainStmt(name string) error { + if !ToolchainRE.MatchString(name) { + return fmt.Errorf("invalid toolchain name %q", name) + } + if f.Toolchain == nil { + stmt := &Line{Token: []string{"toolchain", name}} + f.Toolchain = &Toolchain{ + Name: name, + Syntax: stmt, + } + // Find the go line and add the toolchain line after it. + // Or else find the first non-comment-only block and add + // the toolchain line before it. That will keep file comments at the top. + i := 0 + for i = 0; i < len(f.Syntax.Stmt); i++ { + if line, ok := f.Syntax.Stmt[i].(*Line); ok && len(line.Token) > 0 && line.Token[0] == "go" { + i++ + goto Found + } + } + for i = 0; i < len(f.Syntax.Stmt); i++ { + if _, ok := f.Syntax.Stmt[i].(*CommentBlock); !ok { + break + } + } + Found: + f.Syntax.Stmt = append(append(f.Syntax.Stmt[:i:i], stmt), f.Syntax.Stmt[i:]...) + } else { + f.Toolchain.Name = name + f.Syntax.updateLine(f.Toolchain.Syntax, "toolchain", name) + } + return nil +} + +// DropGoStmt deletes the go statement from the file. +func (f *WorkFile) DropGoStmt() { + if f.Go != nil { + f.Go.Syntax.markRemoved() + f.Go = nil + } +} + +// DropToolchainStmt deletes the toolchain statement from the file. +func (f *WorkFile) DropToolchainStmt() { + if f.Toolchain != nil { + f.Toolchain.Syntax.markRemoved() + f.Toolchain = nil + } +} + func (f *WorkFile) AddUse(diskPath, modulePath string) error { need := true for _, d := range f.Use { diff --git a/vendor/golang.org/x/mod/module/module.go b/vendor/golang.org/x/mod/module/module.go index e9dec6e6148..2a364b229b9 100644 --- a/vendor/golang.org/x/mod/module/module.go +++ b/vendor/golang.org/x/mod/module/module.go @@ -4,7 +4,7 @@ // Package module defines the module.Version type along with support code. // -// The module.Version type is a simple Path, Version pair: +// The [module.Version] type is a simple Path, Version pair: // // type Version struct { // Path string @@ -12,7 +12,7 @@ // } // // There are no restrictions imposed directly by use of this structure, -// but additional checking functions, most notably Check, verify that +// but additional checking functions, most notably [Check], verify that // a particular path, version pair is valid. // // # Escaped Paths @@ -140,7 +140,7 @@ type ModuleError struct { Err error } -// VersionError returns a ModuleError derived from a Version and error, +// VersionError returns a [ModuleError] derived from a [Version] and error, // or err itself if it is already such an error. func VersionError(v Version, err error) error { var mErr *ModuleError @@ -169,7 +169,7 @@ func (e *ModuleError) Unwrap() error { return e.Err } // An InvalidVersionError indicates an error specific to a version, with the // module path unknown or specified externally. // -// A ModuleError may wrap an InvalidVersionError, but an InvalidVersionError +// A [ModuleError] may wrap an InvalidVersionError, but an InvalidVersionError // must not wrap a ModuleError. type InvalidVersionError struct { Version string @@ -193,8 +193,8 @@ func (e *InvalidVersionError) Error() string { func (e *InvalidVersionError) Unwrap() error { return e.Err } // An InvalidPathError indicates a module, import, or file path doesn't -// satisfy all naming constraints. See CheckPath, CheckImportPath, -// and CheckFilePath for specific restrictions. +// satisfy all naming constraints. See [CheckPath], [CheckImportPath], +// and [CheckFilePath] for specific restrictions. type InvalidPathError struct { Kind string // "module", "import", or "file" Path string @@ -294,7 +294,7 @@ func fileNameOK(r rune) bool { } // CheckPath checks that a module path is valid. -// A valid module path is a valid import path, as checked by CheckImportPath, +// A valid module path is a valid import path, as checked by [CheckImportPath], // with three additional constraints. // First, the leading path element (up to the first slash, if any), // by convention a domain name, must contain only lower-case ASCII letters, @@ -380,7 +380,7 @@ const ( // checkPath returns an error describing why the path is not valid. // Because these checks apply to module, import, and file paths, // and because other checks may be applied, the caller is expected to wrap -// this error with InvalidPathError. +// this error with [InvalidPathError]. func checkPath(path string, kind pathKind) error { if !utf8.ValidString(path) { return fmt.Errorf("invalid UTF-8") @@ -532,7 +532,7 @@ var badWindowsNames = []string{ // they require ".vN" instead of "/vN", and for all N, not just N >= 2. // SplitPathVersion returns with ok = false when presented with // a path whose last path element does not satisfy the constraints -// applied by CheckPath, such as "example.com/pkg/v1" or "example.com/pkg/v1.2". +// applied by [CheckPath], such as "example.com/pkg/v1" or "example.com/pkg/v1.2". func SplitPathVersion(path string) (prefix, pathMajor string, ok bool) { if strings.HasPrefix(path, "gopkg.in/") { return splitGopkgIn(path) @@ -582,7 +582,7 @@ func splitGopkgIn(path string) (prefix, pathMajor string, ok bool) { // MatchPathMajor reports whether the semantic version v // matches the path major version pathMajor. // -// MatchPathMajor returns true if and only if CheckPathMajor returns nil. +// MatchPathMajor returns true if and only if [CheckPathMajor] returns nil. func MatchPathMajor(v, pathMajor string) bool { return CheckPathMajor(v, pathMajor) == nil } @@ -622,7 +622,7 @@ func CheckPathMajor(v, pathMajor string) error { // PathMajorPrefix returns the major-version tag prefix implied by pathMajor. // An empty PathMajorPrefix allows either v0 or v1. // -// Note that MatchPathMajor may accept some versions that do not actually begin +// Note that [MatchPathMajor] may accept some versions that do not actually begin // with this prefix: namely, it accepts a 'v0.0.0-' prefix for a '.v1' // pathMajor, even though that pathMajor implies 'v1' tagging. func PathMajorPrefix(pathMajor string) string { @@ -643,7 +643,7 @@ func PathMajorPrefix(pathMajor string) string { } // CanonicalVersion returns the canonical form of the version string v. -// It is the same as semver.Canonical(v) except that it preserves the special build suffix "+incompatible". +// It is the same as [semver.Canonical] except that it preserves the special build suffix "+incompatible". func CanonicalVersion(v string) string { cv := semver.Canonical(v) if semver.Build(v) == "+incompatible" { @@ -652,8 +652,8 @@ func CanonicalVersion(v string) string { return cv } -// Sort sorts the list by Path, breaking ties by comparing Version fields. -// The Version fields are interpreted as semantic versions (using semver.Compare) +// Sort sorts the list by Path, breaking ties by comparing [Version] fields. +// The Version fields are interpreted as semantic versions (using [semver.Compare]) // optionally followed by a tie-breaking suffix introduced by a slash character, // like in "v0.0.1/go.mod". func Sort(list []Version) { @@ -793,7 +793,7 @@ func unescapeString(escaped string) (string, bool) { } // MatchPrefixPatterns reports whether any path prefix of target matches one of -// the glob patterns (as defined by path.Match) in the comma-separated globs +// the glob patterns (as defined by [path.Match]) in the comma-separated globs // list. This implements the algorithm used when matching a module path to the // GOPRIVATE environment variable, as described by 'go help module-private'. // diff --git a/vendor/golang.org/x/mod/module/pseudo.go b/vendor/golang.org/x/mod/module/pseudo.go index f04ad378869..9cf19d3254e 100644 --- a/vendor/golang.org/x/mod/module/pseudo.go +++ b/vendor/golang.org/x/mod/module/pseudo.go @@ -125,7 +125,7 @@ func IsPseudoVersion(v string) bool { } // IsZeroPseudoVersion returns whether v is a pseudo-version with a zero base, -// timestamp, and revision, as returned by ZeroPseudoVersion. +// timestamp, and revision, as returned by [ZeroPseudoVersion]. func IsZeroPseudoVersion(v string) bool { return v == ZeroPseudoVersion(semver.Major(v)) } diff --git a/vendor/golang.org/x/mod/semver/semver.go b/vendor/golang.org/x/mod/semver/semver.go index a30a22bf20f..9a2dfd33a77 100644 --- a/vendor/golang.org/x/mod/semver/semver.go +++ b/vendor/golang.org/x/mod/semver/semver.go @@ -140,7 +140,7 @@ func Compare(v, w string) int { // Max canonicalizes its arguments and then returns the version string // that compares greater. // -// Deprecated: use Compare instead. In most cases, returning a canonicalized +// Deprecated: use [Compare] instead. In most cases, returning a canonicalized // version is not expected or desired. func Max(v, w string) string { v = Canonical(v) @@ -151,7 +151,7 @@ func Max(v, w string) string { return w } -// ByVersion implements sort.Interface for sorting semantic version strings. +// ByVersion implements [sort.Interface] for sorting semantic version strings. type ByVersion []string func (vs ByVersion) Len() int { return len(vs) } @@ -164,7 +164,7 @@ func (vs ByVersion) Less(i, j int) bool { return vs[i] < vs[j] } -// Sort sorts a list of semantic version strings using ByVersion. +// Sort sorts a list of semantic version strings using [ByVersion]. func Sort(list []string) { sort.Sort(ByVersion(list)) } diff --git a/vendor/golang.org/x/oauth2/deviceauth.go b/vendor/golang.org/x/oauth2/deviceauth.go new file mode 100644 index 00000000000..e99c92f39c7 --- /dev/null +++ b/vendor/golang.org/x/oauth2/deviceauth.go @@ -0,0 +1,198 @@ +package oauth2 + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "net/url" + "strings" + "time" + + "golang.org/x/oauth2/internal" +) + +// https://datatracker.ietf.org/doc/html/rfc8628#section-3.5 +const ( + errAuthorizationPending = "authorization_pending" + errSlowDown = "slow_down" + errAccessDenied = "access_denied" + errExpiredToken = "expired_token" +) + +// DeviceAuthResponse describes a successful RFC 8628 Device Authorization Response +// https://datatracker.ietf.org/doc/html/rfc8628#section-3.2 +type DeviceAuthResponse struct { + // DeviceCode + DeviceCode string `json:"device_code"` + // UserCode is the code the user should enter at the verification uri + UserCode string `json:"user_code"` + // VerificationURI is where user should enter the user code + VerificationURI string `json:"verification_uri"` + // VerificationURIComplete (if populated) includes the user code in the verification URI. This is typically shown to the user in non-textual form, such as a QR code. + VerificationURIComplete string `json:"verification_uri_complete,omitempty"` + // Expiry is when the device code and user code expire + Expiry time.Time `json:"expires_in,omitempty"` + // Interval is the duration in seconds that Poll should wait between requests + Interval int64 `json:"interval,omitempty"` +} + +func (d DeviceAuthResponse) MarshalJSON() ([]byte, error) { + type Alias DeviceAuthResponse + var expiresIn int64 + if !d.Expiry.IsZero() { + expiresIn = int64(time.Until(d.Expiry).Seconds()) + } + return json.Marshal(&struct { + ExpiresIn int64 `json:"expires_in,omitempty"` + *Alias + }{ + ExpiresIn: expiresIn, + Alias: (*Alias)(&d), + }) + +} + +func (c *DeviceAuthResponse) UnmarshalJSON(data []byte) error { + type Alias DeviceAuthResponse + aux := &struct { + ExpiresIn int64 `json:"expires_in"` + // workaround misspelling of verification_uri + VerificationURL string `json:"verification_url"` + *Alias + }{ + Alias: (*Alias)(c), + } + if err := json.Unmarshal(data, &aux); err != nil { + return err + } + if aux.ExpiresIn != 0 { + c.Expiry = time.Now().UTC().Add(time.Second * time.Duration(aux.ExpiresIn)) + } + if c.VerificationURI == "" { + c.VerificationURI = aux.VerificationURL + } + return nil +} + +// DeviceAuth returns a device auth struct which contains a device code +// and authorization information provided for users to enter on another device. +func (c *Config) DeviceAuth(ctx context.Context, opts ...AuthCodeOption) (*DeviceAuthResponse, error) { + // https://datatracker.ietf.org/doc/html/rfc8628#section-3.1 + v := url.Values{ + "client_id": {c.ClientID}, + } + if len(c.Scopes) > 0 { + v.Set("scope", strings.Join(c.Scopes, " ")) + } + for _, opt := range opts { + opt.setValue(v) + } + return retrieveDeviceAuth(ctx, c, v) +} + +func retrieveDeviceAuth(ctx context.Context, c *Config, v url.Values) (*DeviceAuthResponse, error) { + if c.Endpoint.DeviceAuthURL == "" { + return nil, errors.New("endpoint missing DeviceAuthURL") + } + + req, err := http.NewRequest("POST", c.Endpoint.DeviceAuthURL, strings.NewReader(v.Encode())) + if err != nil { + return nil, err + } + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") + req.Header.Set("Accept", "application/json") + + t := time.Now() + r, err := internal.ContextClient(ctx).Do(req) + if err != nil { + return nil, err + } + + body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20)) + if err != nil { + return nil, fmt.Errorf("oauth2: cannot auth device: %v", err) + } + if code := r.StatusCode; code < 200 || code > 299 { + return nil, &RetrieveError{ + Response: r, + Body: body, + } + } + + da := &DeviceAuthResponse{} + err = json.Unmarshal(body, &da) + if err != nil { + return nil, fmt.Errorf("unmarshal %s", err) + } + + if !da.Expiry.IsZero() { + // Make a small adjustment to account for time taken by the request + da.Expiry = da.Expiry.Add(-time.Since(t)) + } + + return da, nil +} + +// DeviceAccessToken polls the server to exchange a device code for a token. +func (c *Config) DeviceAccessToken(ctx context.Context, da *DeviceAuthResponse, opts ...AuthCodeOption) (*Token, error) { + if !da.Expiry.IsZero() { + var cancel context.CancelFunc + ctx, cancel = context.WithDeadline(ctx, da.Expiry) + defer cancel() + } + + // https://datatracker.ietf.org/doc/html/rfc8628#section-3.4 + v := url.Values{ + "client_id": {c.ClientID}, + "grant_type": {"urn:ietf:params:oauth:grant-type:device_code"}, + "device_code": {da.DeviceCode}, + } + if len(c.Scopes) > 0 { + v.Set("scope", strings.Join(c.Scopes, " ")) + } + for _, opt := range opts { + opt.setValue(v) + } + + // "If no value is provided, clients MUST use 5 as the default." + // https://datatracker.ietf.org/doc/html/rfc8628#section-3.2 + interval := da.Interval + if interval == 0 { + interval = 5 + } + + ticker := time.NewTicker(time.Duration(interval) * time.Second) + defer ticker.Stop() + for { + select { + case <-ctx.Done(): + return nil, ctx.Err() + case <-ticker.C: + tok, err := retrieveToken(ctx, c, v) + if err == nil { + return tok, nil + } + + e, ok := err.(*RetrieveError) + if !ok { + return nil, err + } + switch e.ErrorCode { + case errSlowDown: + // https://datatracker.ietf.org/doc/html/rfc8628#section-3.5 + // "the interval MUST be increased by 5 seconds for this and all subsequent requests" + interval += 5 + ticker.Reset(time.Duration(interval) * time.Second) + case errAuthorizationPending: + // Do nothing. + case errAccessDenied, errExpiredToken: + fallthrough + default: + return tok, err + } + } + } +} diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go index 2cf71f0f93f..12b12a30c55 100644 --- a/vendor/golang.org/x/oauth2/google/default.go +++ b/vendor/golang.org/x/oauth2/google/default.go @@ -19,7 +19,10 @@ import ( "golang.org/x/oauth2/authhandler" ) -const adcSetupURL = "https://cloud.google.com/docs/authentication/external/set-up-adc" +const ( + adcSetupURL = "https://cloud.google.com/docs/authentication/external/set-up-adc" + universeDomainDefault = "googleapis.com" +) // Credentials holds Google credentials, including "Application Default Credentials". // For more details, see: @@ -37,6 +40,18 @@ type Credentials struct { // environment and not with a credentials file, e.g. when code is // running on Google Cloud Platform. JSON []byte + + // universeDomain is the default service domain for a given Cloud universe. + universeDomain string +} + +// UniverseDomain returns the default service domain for a given Cloud universe. +// The default value is "googleapis.com". +func (c *Credentials) UniverseDomain() string { + if c.universeDomain == "" { + return universeDomainDefault + } + return c.universeDomain } // DefaultCredentials is the old name of Credentials. @@ -200,15 +215,23 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params if err := json.Unmarshal(jsonData, &f); err != nil { return nil, err } + + universeDomain := f.UniverseDomain + // Authorized user credentials are only supported in the googleapis.com universe. + if f.Type == userCredentialsKey { + universeDomain = universeDomainDefault + } + ts, err := f.tokenSource(ctx, params) if err != nil { return nil, err } ts = newErrWrappingTokenSource(ts) return &Credentials{ - ProjectID: f.ProjectID, - TokenSource: ts, - JSON: jsonData, + ProjectID: f.ProjectID, + TokenSource: ts, + JSON: jsonData, + universeDomain: universeDomain, }, nil } diff --git a/vendor/golang.org/x/oauth2/google/doc.go b/vendor/golang.org/x/oauth2/google/doc.go index ca717634a3f..03c42c6f879 100644 --- a/vendor/golang.org/x/oauth2/google/doc.go +++ b/vendor/golang.org/x/oauth2/google/doc.go @@ -101,6 +101,8 @@ // executable-sourced credentials), please check out: // https://cloud.google.com/iam/docs/workforce-obtaining-short-lived-credentials#generate_a_configuration_file_for_non-interactive_sign-in // +// # Security considerations +// // Note that this library does not perform any validation on the token_url, token_info_url, // or service_account_impersonation_url fields of the credential configuration. // It is not recommended to use a credential configuration that you did not generate with diff --git a/vendor/golang.org/x/oauth2/google/google.go b/vendor/golang.org/x/oauth2/google/google.go index cc1223889e2..c66c53527db 100644 --- a/vendor/golang.org/x/oauth2/google/google.go +++ b/vendor/golang.org/x/oauth2/google/google.go @@ -16,14 +16,16 @@ import ( "cloud.google.com/go/compute/metadata" "golang.org/x/oauth2" "golang.org/x/oauth2/google/internal/externalaccount" + "golang.org/x/oauth2/google/internal/externalaccountauthorizeduser" "golang.org/x/oauth2/jwt" ) // Endpoint is Google's OAuth 2.0 default endpoint. var Endpoint = oauth2.Endpoint{ - AuthURL: "https://accounts.google.com/o/oauth2/auth", - TokenURL: "https://oauth2.googleapis.com/token", - AuthStyle: oauth2.AuthStyleInParams, + AuthURL: "https://accounts.google.com/o/oauth2/auth", + TokenURL: "https://oauth2.googleapis.com/token", + DeviceAuthURL: "https://oauth2.googleapis.com/device/code", + AuthStyle: oauth2.AuthStyleInParams, } // MTLSTokenURL is Google's OAuth 2.0 default mTLS endpoint. @@ -95,10 +97,11 @@ func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*jwt.Config, error) { // JSON key file types. const ( - serviceAccountKey = "service_account" - userCredentialsKey = "authorized_user" - externalAccountKey = "external_account" - impersonatedServiceAccount = "impersonated_service_account" + serviceAccountKey = "service_account" + userCredentialsKey = "authorized_user" + externalAccountKey = "external_account" + externalAccountAuthorizedUserKey = "external_account_authorized_user" + impersonatedServiceAccount = "impersonated_service_account" ) // credentialsFile is the unmarshalled representation of a credentials file. @@ -106,12 +109,13 @@ type credentialsFile struct { Type string `json:"type"` // Service Account fields - ClientEmail string `json:"client_email"` - PrivateKeyID string `json:"private_key_id"` - PrivateKey string `json:"private_key"` - AuthURL string `json:"auth_uri"` - TokenURL string `json:"token_uri"` - ProjectID string `json:"project_id"` + ClientEmail string `json:"client_email"` + PrivateKeyID string `json:"private_key_id"` + PrivateKey string `json:"private_key"` + AuthURL string `json:"auth_uri"` + TokenURL string `json:"token_uri"` + ProjectID string `json:"project_id"` + UniverseDomain string `json:"universe_domain"` // User Credential fields // (These typically come from gcloud auth.) @@ -131,6 +135,9 @@ type credentialsFile struct { QuotaProjectID string `json:"quota_project_id"` WorkforcePoolUserProject string `json:"workforce_pool_user_project"` + // External Account Authorized User fields + RevokeURL string `json:"revoke_url"` + // Service account impersonation SourceCredentials *credentialsFile `json:"source_credentials"` } @@ -199,6 +206,19 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar WorkforcePoolUserProject: f.WorkforcePoolUserProject, } return cfg.TokenSource(ctx) + case externalAccountAuthorizedUserKey: + cfg := &externalaccountauthorizeduser.Config{ + Audience: f.Audience, + RefreshToken: f.RefreshToken, + TokenURL: f.TokenURLExternal, + TokenInfoURL: f.TokenInfoURL, + ClientID: f.ClientID, + ClientSecret: f.ClientSecret, + RevokeURL: f.RevokeURL, + QuotaProjectID: f.QuotaProjectID, + Scopes: params.Scopes, + } + return cfg.TokenSource(ctx) case impersonatedServiceAccount: if f.ServiceAccountImpersonationURL == "" || f.SourceCredentials == nil { return nil, errors.New("missing 'source_credentials' field or 'service_account_impersonation_url' in credentials") diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go index 2bf3202b290..bd4efd19baa 100644 --- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go +++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go @@ -274,49 +274,6 @@ type awsRequest struct { Headers []awsRequestHeader `json:"headers"` } -func (cs awsCredentialSource) validateMetadataServers() error { - if err := cs.validateMetadataServer(cs.RegionURL, "region_url"); err != nil { - return err - } - if err := cs.validateMetadataServer(cs.CredVerificationURL, "url"); err != nil { - return err - } - return cs.validateMetadataServer(cs.IMDSv2SessionTokenURL, "imdsv2_session_token_url") -} - -var validHostnames []string = []string{"169.254.169.254", "fd00:ec2::254"} - -func (cs awsCredentialSource) isValidMetadataServer(metadataUrl string) bool { - if metadataUrl == "" { - // Zero value means use default, which is valid. - return true - } - - u, err := url.Parse(metadataUrl) - if err != nil { - // Unparseable URL means invalid - return false - } - - for _, validHostname := range validHostnames { - if u.Hostname() == validHostname { - // If it's one of the valid hostnames, everything is good - return true - } - } - - // hostname not found in our allowlist, so not valid - return false -} - -func (cs awsCredentialSource) validateMetadataServer(metadataUrl, urlName string) error { - if !cs.isValidMetadataServer(metadataUrl) { - return fmt.Errorf("oauth2/google: invalid hostname %s for %s", metadataUrl, urlName) - } - - return nil -} - func (cs awsCredentialSource) doRequest(req *http.Request) (*http.Response, error) { if cs.client == nil { cs.client = oauth2.NewClient(cs.ctx, nil) @@ -339,6 +296,10 @@ func shouldUseMetadataServer() bool { return !canRetrieveRegionFromEnvironment() || !canRetrieveSecurityCredentialFromEnvironment() } +func (cs awsCredentialSource) credentialSourceType() string { + return "aws" +} + func (cs awsCredentialSource) subjectToken() (string, error) { if cs.requestSigner == nil { headers := make(map[string]string) diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go index dcd252a61cc..33288d36773 100644 --- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go +++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go @@ -8,13 +8,12 @@ import ( "context" "fmt" "net/http" - "net/url" "regexp" "strconv" - "strings" "time" "golang.org/x/oauth2" + "golang.org/x/oauth2/google/internal/stsexchange" ) // now aliases time.Now for testing @@ -63,31 +62,10 @@ type Config struct { WorkforcePoolUserProject string } -// Each element consists of a list of patterns. validateURLs checks for matches -// that include all elements in a given list, in that order. - var ( validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`) ) -func validateURL(input string, patterns []*regexp.Regexp, scheme string) bool { - parsed, err := url.Parse(input) - if err != nil { - return false - } - if !strings.EqualFold(parsed.Scheme, scheme) { - return false - } - toTest := parsed.Host - - for _, pattern := range patterns { - if pattern.MatchString(toTest) { - return true - } - } - return false -} - func validateWorkforceAudience(input string) bool { return validWorkforceAudiencePattern.MatchString(input) } @@ -185,10 +163,6 @@ func (c *Config) parse(ctx context.Context) (baseCredentialSource, error) { awsCredSource.IMDSv2SessionTokenURL = c.CredentialSource.IMDSv2SessionTokenURL } - if err := awsCredSource.validateMetadataServers(); err != nil { - return nil, err - } - return awsCredSource, nil } } else if c.CredentialSource.File != "" { @@ -202,6 +176,7 @@ func (c *Config) parse(ctx context.Context) (baseCredentialSource, error) { } type baseCredentialSource interface { + credentialSourceType() string subjectToken() (string, error) } @@ -211,6 +186,15 @@ type tokenSource struct { conf *Config } +func getMetricsHeaderValue(conf *Config, credSource baseCredentialSource) string { + return fmt.Sprintf("gl-go/%s auth/%s google-byoid-sdk source/%s sa-impersonation/%t config-lifetime/%t", + goVersion(), + "unknown", + credSource.credentialSourceType(), + conf.ServiceAccountImpersonationURL != "", + conf.ServiceAccountImpersonationLifetimeSeconds != 0) +} + // Token allows tokenSource to conform to the oauth2.TokenSource interface. func (ts tokenSource) Token() (*oauth2.Token, error) { conf := ts.conf @@ -224,7 +208,7 @@ func (ts tokenSource) Token() (*oauth2.Token, error) { if err != nil { return nil, err } - stsRequest := stsTokenExchangeRequest{ + stsRequest := stsexchange.TokenExchangeRequest{ GrantType: "urn:ietf:params:oauth:grant-type:token-exchange", Audience: conf.Audience, Scope: conf.Scopes, @@ -234,7 +218,8 @@ func (ts tokenSource) Token() (*oauth2.Token, error) { } header := make(http.Header) header.Add("Content-Type", "application/x-www-form-urlencoded") - clientAuth := clientAuthentication{ + header.Add("x-goog-api-client", getMetricsHeaderValue(conf, credSource)) + clientAuth := stsexchange.ClientAuthentication{ AuthStyle: oauth2.AuthStyleInHeader, ClientID: conf.ClientID, ClientSecret: conf.ClientSecret, @@ -247,7 +232,7 @@ func (ts tokenSource) Token() (*oauth2.Token, error) { "userProject": conf.WorkforcePoolUserProject, } } - stsResp, err := exchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, options) + stsResp, err := stsexchange.ExchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, options) if err != nil { return nil, err } diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go index 579bcce5f28..6497dc022ef 100644 --- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go +++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go @@ -233,6 +233,10 @@ func (cs executableCredentialSource) parseSubjectTokenFromSource(response []byte return "", tokenTypeError(source) } +func (cs executableCredentialSource) credentialSourceType() string { + return "executable" +} + func (cs executableCredentialSource) subjectToken() (string, error) { if token, err := cs.getTokenFromOutputFile(); token != "" || err != nil { return token, err diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go index e953ddb473a..f35f73c5cb2 100644 --- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go +++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go @@ -19,6 +19,10 @@ type fileCredentialSource struct { Format format } +func (cs fileCredentialSource) credentialSourceType() string { + return "file" +} + func (cs fileCredentialSource) subjectToken() (string, error) { tokenFile, err := os.Open(cs.File) if err != nil { diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go new file mode 100644 index 00000000000..1d5aad2e2d9 --- /dev/null +++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go @@ -0,0 +1,64 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package externalaccount + +import ( + "runtime" + "strings" + "unicode" +) + +var ( + // version is a package internal global variable for testing purposes. + version = runtime.Version +) + +// versionUnknown is only used when the runtime version cannot be determined. +const versionUnknown = "UNKNOWN" + +// goVersion returns a Go runtime version derived from the runtime environment +// that is modified to be suitable for reporting in a header, meaning it has no +// whitespace. If it is unable to determine the Go runtime version, it returns +// versionUnknown. +func goVersion() string { + const develPrefix = "devel +" + + s := version() + if strings.HasPrefix(s, develPrefix) { + s = s[len(develPrefix):] + if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 { + s = s[:p] + } + return s + } else if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 { + s = s[:p] + } + + notSemverRune := func(r rune) bool { + return !strings.ContainsRune("0123456789.", r) + } + + if strings.HasPrefix(s, "go1") { + s = s[2:] + var prerelease string + if p := strings.IndexFunc(s, notSemverRune); p >= 0 { + s, prerelease = s[:p], s[p:] + } + if strings.HasSuffix(s, ".") { + s += "0" + } else if strings.Count(s, ".") < 2 { + s += ".0" + } + if prerelease != "" { + // Some release candidates already have a dash in them. + if !strings.HasPrefix(prerelease, "-") { + prerelease = "-" + prerelease + } + s += prerelease + } + return s + } + return "UNKNOWN" +} diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go index 16dca6541d9..606bb4e8001 100644 --- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go +++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go @@ -23,6 +23,10 @@ type urlCredentialSource struct { ctx context.Context } +func (cs urlCredentialSource) credentialSourceType() string { + return "url" +} + func (cs urlCredentialSource) subjectToken() (string, error) { client := oauth2.NewClient(cs.ctx, nil) req, err := http.NewRequest("GET", cs.URL, nil) diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go b/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go new file mode 100644 index 00000000000..cb582070746 --- /dev/null +++ b/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go @@ -0,0 +1,114 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package externalaccountauthorizeduser + +import ( + "context" + "errors" + "time" + + "golang.org/x/oauth2" + "golang.org/x/oauth2/google/internal/stsexchange" +) + +// now aliases time.Now for testing. +var now = func() time.Time { + return time.Now().UTC() +} + +var tokenValid = func(token oauth2.Token) bool { + return token.Valid() +} + +type Config struct { + // Audience is the Secure Token Service (STS) audience which contains the resource name for the workforce pool and + // the provider identifier in that pool. + Audience string + // RefreshToken is the optional OAuth 2.0 refresh token. If specified, credentials can be refreshed. + RefreshToken string + // TokenURL is the optional STS token exchange endpoint for refresh. Must be specified for refresh, can be left as + // None if the token can not be refreshed. + TokenURL string + // TokenInfoURL is the optional STS endpoint URL for token introspection. + TokenInfoURL string + // ClientID is only required in conjunction with ClientSecret, as described above. + ClientID string + // ClientSecret is currently only required if token_info endpoint also needs to be called with the generated GCP + // access token. When provided, STS will be called with additional basic authentication using client_id as username + // and client_secret as password. + ClientSecret string + // Token is the OAuth2.0 access token. Can be nil if refresh information is provided. + Token string + // Expiry is the optional expiration datetime of the OAuth 2.0 access token. + Expiry time.Time + // RevokeURL is the optional STS endpoint URL for revoking tokens. + RevokeURL string + // QuotaProjectID is the optional project ID used for quota and billing. This project may be different from the + // project used to create the credentials. + QuotaProjectID string + Scopes []string +} + +func (c *Config) canRefresh() bool { + return c.ClientID != "" && c.ClientSecret != "" && c.RefreshToken != "" && c.TokenURL != "" +} + +func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) { + var token oauth2.Token + if c.Token != "" && !c.Expiry.IsZero() { + token = oauth2.Token{ + AccessToken: c.Token, + Expiry: c.Expiry, + TokenType: "Bearer", + } + } + if !tokenValid(token) && !c.canRefresh() { + return nil, errors.New("oauth2/google: Token should be created with fields to make it valid (`token` and `expiry`), or fields to allow it to refresh (`refresh_token`, `token_url`, `client_id`, `client_secret`).") + } + + ts := tokenSource{ + ctx: ctx, + conf: c, + } + + return oauth2.ReuseTokenSource(&token, ts), nil +} + +type tokenSource struct { + ctx context.Context + conf *Config +} + +func (ts tokenSource) Token() (*oauth2.Token, error) { + conf := ts.conf + if !conf.canRefresh() { + return nil, errors.New("oauth2/google: The credentials do not contain the necessary fields need to refresh the access token. You must specify refresh_token, token_url, client_id, and client_secret.") + } + + clientAuth := stsexchange.ClientAuthentication{ + AuthStyle: oauth2.AuthStyleInHeader, + ClientID: conf.ClientID, + ClientSecret: conf.ClientSecret, + } + + stsResponse, err := stsexchange.RefreshAccessToken(ts.ctx, conf.TokenURL, conf.RefreshToken, clientAuth, nil) + if err != nil { + return nil, err + } + if stsResponse.ExpiresIn < 0 { + return nil, errors.New("oauth2/google: got invalid expiry from security token service") + } + + if stsResponse.RefreshToken != "" { + conf.RefreshToken = stsResponse.RefreshToken + } + + token := &oauth2.Token{ + AccessToken: stsResponse.AccessToken, + Expiry: now().Add(time.Duration(stsResponse.ExpiresIn) * time.Second), + TokenType: "Bearer", + } + return token, nil +} diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go b/vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go similarity index 88% rename from vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go rename to vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go index 99987ce2945..ebd520eace5 100644 --- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go +++ b/vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package externalaccount +package stsexchange import ( "encoding/base64" @@ -12,8 +12,8 @@ import ( "golang.org/x/oauth2" ) -// clientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1. -type clientAuthentication struct { +// ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1. +type ClientAuthentication struct { // AuthStyle can be either basic or request-body AuthStyle oauth2.AuthStyle ClientID string @@ -23,7 +23,7 @@ type clientAuthentication struct { // InjectAuthentication is used to add authentication to a Secure Token Service exchange // request. It modifies either the passed url.Values or http.Header depending on the desired // authentication format. -func (c *clientAuthentication) InjectAuthentication(values url.Values, headers http.Header) { +func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header) { if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil { return } diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go b/vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go similarity index 68% rename from vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go rename to vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go index e6fcae5fcbf..1a0bebd1595 100644 --- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go +++ b/vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package externalaccount +package stsexchange import ( "context" @@ -18,14 +18,17 @@ import ( "golang.org/x/oauth2" ) -// exchangeToken performs an oauth2 token exchange with the provided endpoint. +func defaultHeader() http.Header { + header := make(http.Header) + header.Add("Content-Type", "application/x-www-form-urlencoded") + return header +} + +// ExchangeToken performs an oauth2 token exchange with the provided endpoint. // The first 4 fields are all mandatory. headers can be used to pass additional // headers beyond the bare minimum required by the token exchange. options can // be used to pass additional JSON-structured options to the remote server. -func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchangeRequest, authentication clientAuthentication, headers http.Header, options map[string]interface{}) (*stsTokenExchangeResponse, error) { - - client := oauth2.NewClient(ctx, nil) - +func ExchangeToken(ctx context.Context, endpoint string, request *TokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*Response, error) { data := url.Values{} data.Set("audience", request.Audience) data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange") @@ -41,13 +44,28 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan data.Set("options", string(opts)) } + return makeRequest(ctx, endpoint, data, authentication, headers) +} + +func RefreshAccessToken(ctx context.Context, endpoint string, refreshToken string, authentication ClientAuthentication, headers http.Header) (*Response, error) { + data := url.Values{} + data.Set("grant_type", "refresh_token") + data.Set("refresh_token", refreshToken) + + return makeRequest(ctx, endpoint, data, authentication, headers) +} + +func makeRequest(ctx context.Context, endpoint string, data url.Values, authentication ClientAuthentication, headers http.Header) (*Response, error) { + if headers == nil { + headers = defaultHeader() + } + client := oauth2.NewClient(ctx, nil) authentication.InjectAuthentication(data, headers) encodedData := data.Encode() req, err := http.NewRequest("POST", endpoint, strings.NewReader(encodedData)) if err != nil { return nil, fmt.Errorf("oauth2/google: failed to properly build http request: %v", err) - } req = req.WithContext(ctx) for key, list := range headers { @@ -71,7 +89,7 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan if c := resp.StatusCode; c < 200 || c > 299 { return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body) } - var stsResp stsTokenExchangeResponse + var stsResp Response err = json.Unmarshal(body, &stsResp) if err != nil { return nil, fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err) @@ -81,8 +99,8 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan return &stsResp, nil } -// stsTokenExchangeRequest contains fields necessary to make an oauth2 token exchange. -type stsTokenExchangeRequest struct { +// TokenExchangeRequest contains fields necessary to make an oauth2 token exchange. +type TokenExchangeRequest struct { ActingParty struct { ActorToken string ActorTokenType string @@ -96,8 +114,8 @@ type stsTokenExchangeRequest struct { SubjectTokenType string } -// stsTokenExchangeResponse is used to decode the remote server response during an oauth2 token exchange. -type stsTokenExchangeResponse struct { +// Response is used to decode the remote server response during an oauth2 token exchange. +type Response struct { AccessToken string `json:"access_token"` IssuedTokenType string `json:"issued_token_type"` TokenType string `json:"token_type"` diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go index 58901bda53e..e83ddeef0fc 100644 --- a/vendor/golang.org/x/oauth2/internal/token.go +++ b/vendor/golang.org/x/oauth2/internal/token.go @@ -18,6 +18,7 @@ import ( "strconv" "strings" "sync" + "sync/atomic" "time" ) @@ -115,41 +116,60 @@ const ( AuthStyleInHeader AuthStyle = 2 ) -// authStyleCache is the set of tokenURLs we've successfully used via +// LazyAuthStyleCache is a backwards compatibility compromise to let Configs +// have a lazily-initialized AuthStyleCache. +// +// The two users of this, oauth2.Config and oauth2/clientcredentials.Config, +// both would ideally just embed an unexported AuthStyleCache but because both +// were historically allowed to be copied by value we can't retroactively add an +// uncopyable Mutex to them. +// +// We could use an atomic.Pointer, but that was added recently enough (in Go +// 1.18) that we'd break Go 1.17 users where the tests as of 2023-08-03 +// still pass. By using an atomic.Value, it supports both Go 1.17 and +// copying by value, even if that's not ideal. +type LazyAuthStyleCache struct { + v atomic.Value // of *AuthStyleCache +} + +func (lc *LazyAuthStyleCache) Get() *AuthStyleCache { + if c, ok := lc.v.Load().(*AuthStyleCache); ok { + return c + } + c := new(AuthStyleCache) + if !lc.v.CompareAndSwap(nil, c) { + c = lc.v.Load().(*AuthStyleCache) + } + return c +} + +// AuthStyleCache is the set of tokenURLs we've successfully used via // RetrieveToken and which style auth we ended up using. // It's called a cache, but it doesn't (yet?) shrink. It's expected that // the set of OAuth2 servers a program contacts over time is fixed and // small. -var authStyleCache struct { - sync.Mutex - m map[string]AuthStyle // keyed by tokenURL -} - -// ResetAuthCache resets the global authentication style cache used -// for AuthStyleUnknown token requests. -func ResetAuthCache() { - authStyleCache.Lock() - defer authStyleCache.Unlock() - authStyleCache.m = nil +type AuthStyleCache struct { + mu sync.Mutex + m map[string]AuthStyle // keyed by tokenURL } // lookupAuthStyle reports which auth style we last used with tokenURL // when calling RetrieveToken and whether we have ever done so. -func lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) { - authStyleCache.Lock() - defer authStyleCache.Unlock() - style, ok = authStyleCache.m[tokenURL] +func (c *AuthStyleCache) lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) { + c.mu.Lock() + defer c.mu.Unlock() + style, ok = c.m[tokenURL] return } // setAuthStyle adds an entry to authStyleCache, documented above. -func setAuthStyle(tokenURL string, v AuthStyle) { - authStyleCache.Lock() - defer authStyleCache.Unlock() - if authStyleCache.m == nil { - authStyleCache.m = make(map[string]AuthStyle) +func (c *AuthStyleCache) setAuthStyle(tokenURL string, v AuthStyle) { + c.mu.Lock() + defer c.mu.Unlock() + if c.m == nil { + c.m = make(map[string]AuthStyle) } - authStyleCache.m[tokenURL] = v + c.m[tokenURL] = v } // newTokenRequest returns a new *http.Request to retrieve a new token @@ -189,10 +209,10 @@ func cloneURLValues(v url.Values) url.Values { return v2 } -func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle) (*Token, error) { +func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle, styleCache *AuthStyleCache) (*Token, error) { needsAuthStyleProbe := authStyle == 0 if needsAuthStyleProbe { - if style, ok := lookupAuthStyle(tokenURL); ok { + if style, ok := styleCache.lookupAuthStyle(tokenURL); ok { authStyle = style needsAuthStyleProbe = false } else { @@ -222,7 +242,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, token, err = doTokenRoundTrip(ctx, req) } if needsAuthStyleProbe && err == nil { - setAuthStyle(tokenURL, authStyle) + styleCache.setAuthStyle(tokenURL, authStyle) } // Don't overwrite `RefreshToken` with an empty value // if this was a token refreshing request. diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go index 9085fabe34e..90a2c3d6dcb 100644 --- a/vendor/golang.org/x/oauth2/oauth2.go +++ b/vendor/golang.org/x/oauth2/oauth2.go @@ -58,6 +58,10 @@ type Config struct { // Scope specifies optional requested permissions. Scopes []string + + // authStyleCache caches which auth style to use when Endpoint.AuthStyle is + // the zero value (AuthStyleAutoDetect). + authStyleCache internal.LazyAuthStyleCache } // A TokenSource is anything that can return a token. @@ -71,8 +75,9 @@ type TokenSource interface { // Endpoint represents an OAuth 2.0 provider's authorization and token // endpoint URLs. type Endpoint struct { - AuthURL string - TokenURL string + AuthURL string + DeviceAuthURL string + TokenURL string // AuthStyle optionally specifies how the endpoint wants the // client ID & client secret sent. The zero value means to @@ -139,15 +144,19 @@ func SetAuthURLParam(key, value string) AuthCodeOption { // AuthCodeURL returns a URL to OAuth 2.0 provider's consent page // that asks for permissions for the required scopes explicitly. // -// State is a token to protect the user from CSRF attacks. You must -// always provide a non-empty string and validate that it matches the -// state query parameter on your redirect callback. -// See http://tools.ietf.org/html/rfc6749#section-10.12 for more info. +// State is an opaque value used by the client to maintain state between the +// request and callback. The authorization server includes this value when +// redirecting the user agent back to the client. // // Opts may include AccessTypeOnline or AccessTypeOffline, as well // as ApprovalForce. -// It can also be used to pass the PKCE challenge. -// See https://www.oauth.com/oauth2-servers/pkce/ for more info. +// +// To protect against CSRF attacks, opts should include a PKCE challenge +// (S256ChallengeOption). Not all servers support PKCE. An alternative is to +// generate a random state parameter and verify it after exchange. +// See https://datatracker.ietf.org/doc/html/rfc6749#section-10.12 (predating +// PKCE), https://www.oauth.com/oauth2-servers/pkce/ and +// https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-09.html#name-cross-site-request-forgery (describing both approaches) func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string { var buf bytes.Buffer buf.WriteString(c.Endpoint.AuthURL) @@ -162,7 +171,6 @@ func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string { v.Set("scope", strings.Join(c.Scopes, " ")) } if state != "" { - // TODO(light): Docs say never to omit state; don't allow empty. v.Set("state", state) } for _, opt := range opts { @@ -207,10 +215,11 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor // The provided context optionally controls which HTTP client is used. See the HTTPClient variable. // // The code will be in the *http.Request.FormValue("code"). Before -// calling Exchange, be sure to validate FormValue("state"). +// calling Exchange, be sure to validate FormValue("state") if you are +// using it to protect against CSRF attacks. // -// Opts may include the PKCE verifier code if previously used in AuthCodeURL. -// See https://www.oauth.com/oauth2-servers/pkce/ for more info. +// If using PKCE to protect against CSRF attacks, opts should include a +// VerifierOption. func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOption) (*Token, error) { v := url.Values{ "grant_type": {"authorization_code"}, diff --git a/vendor/golang.org/x/oauth2/pkce.go b/vendor/golang.org/x/oauth2/pkce.go new file mode 100644 index 00000000000..50593b6dfec --- /dev/null +++ b/vendor/golang.org/x/oauth2/pkce.go @@ -0,0 +1,68 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. +package oauth2 + +import ( + "crypto/rand" + "crypto/sha256" + "encoding/base64" + "net/url" +) + +const ( + codeChallengeKey = "code_challenge" + codeChallengeMethodKey = "code_challenge_method" + codeVerifierKey = "code_verifier" +) + +// GenerateVerifier generates a PKCE code verifier with 32 octets of randomness. +// This follows recommendations in RFC 7636. +// +// A fresh verifier should be generated for each authorization. +// S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL +// (or Config.DeviceAccess) and VerifierOption(verifier) to Config.Exchange +// (or Config.DeviceAccessToken). +func GenerateVerifier() string { + // "RECOMMENDED that the output of a suitable random number generator be + // used to create a 32-octet sequence. The octet sequence is then + // base64url-encoded to produce a 43-octet URL-safe string to use as the + // code verifier." + // https://datatracker.ietf.org/doc/html/rfc7636#section-4.1 + data := make([]byte, 32) + if _, err := rand.Read(data); err != nil { + panic(err) + } + return base64.RawURLEncoding.EncodeToString(data) +} + +// VerifierOption returns a PKCE code verifier AuthCodeOption. It should be +// passed to Config.Exchange or Config.DeviceAccessToken only. +func VerifierOption(verifier string) AuthCodeOption { + return setParam{k: codeVerifierKey, v: verifier} +} + +// S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256. +// +// Prefer to use S256ChallengeOption where possible. +func S256ChallengeFromVerifier(verifier string) string { + sha := sha256.Sum256([]byte(verifier)) + return base64.RawURLEncoding.EncodeToString(sha[:]) +} + +// S256ChallengeOption derives a PKCE code challenge derived from verifier with +// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAccess +// only. +func S256ChallengeOption(verifier string) AuthCodeOption { + return challengeOption{ + challenge_method: "S256", + challenge: S256ChallengeFromVerifier(verifier), + } +} + +type challengeOption struct{ challenge_method, challenge string } + +func (p challengeOption) setValue(m url.Values) { + m.Set(codeChallengeMethodKey, p.challenge_method) + m.Set(codeChallengeKey, p.challenge) +} diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go index 5ffce9764be..5bbb3321748 100644 --- a/vendor/golang.org/x/oauth2/token.go +++ b/vendor/golang.org/x/oauth2/token.go @@ -164,7 +164,7 @@ func tokenFromInternal(t *internal.Token) *Token { // This token is then mapped from *internal.Token into an *oauth2.Token which is returned along // with an error.. func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error) { - tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle)) + tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle), c.authStyleCache.Get()) if err != nil { if rErr, ok := err.(*internal.RetrieveError); ok { return nil, (*RetrieveError)(rErr) diff --git a/vendor/golang.org/x/sync/errgroup/go120.go b/vendor/golang.org/x/sync/errgroup/go120.go index 7d419d3760c..f93c740b638 100644 --- a/vendor/golang.org/x/sync/errgroup/go120.go +++ b/vendor/golang.org/x/sync/errgroup/go120.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build go1.20 -// +build go1.20 package errgroup diff --git a/vendor/golang.org/x/sync/errgroup/pre_go120.go b/vendor/golang.org/x/sync/errgroup/pre_go120.go index 1795c18ace0..88ce33434e2 100644 --- a/vendor/golang.org/x/sync/errgroup/pre_go120.go +++ b/vendor/golang.org/x/sync/errgroup/pre_go120.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build !go1.20 -// +build !go1.20 package errgroup diff --git a/vendor/golang.org/x/sync/singleflight/singleflight.go b/vendor/golang.org/x/sync/singleflight/singleflight.go index 8473fb7922c..4051830982a 100644 --- a/vendor/golang.org/x/sync/singleflight/singleflight.go +++ b/vendor/golang.org/x/sync/singleflight/singleflight.go @@ -31,6 +31,15 @@ func (p *panicError) Error() string { return fmt.Sprintf("%v\n\n%s", p.value, p.stack) } +func (p *panicError) Unwrap() error { + err, ok := p.value.(error) + if !ok { + return nil + } + + return err +} + func newPanicError(v interface{}) error { stack := debug.Stack() diff --git a/vendor/golang.org/x/tools/go/analysis/analysis.go b/vendor/golang.org/x/tools/go/analysis/analysis.go index e51e58b3d2b..5da33c7e6e1 100644 --- a/vendor/golang.org/x/tools/go/analysis/analysis.go +++ b/vendor/golang.org/x/tools/go/analysis/analysis.go @@ -139,28 +139,24 @@ type Pass struct { // See comments for ExportObjectFact. ExportPackageFact func(fact Fact) - // AllPackageFacts returns a new slice containing all package facts of the analysis's FactTypes - // in unspecified order. - // WARNING: This is an experimental API and may change in the future. + // AllPackageFacts returns a new slice containing all package + // facts of the analysis's FactTypes in unspecified order. AllPackageFacts func() []PackageFact - // AllObjectFacts returns a new slice containing all object facts of the analysis's FactTypes - // in unspecified order. - // WARNING: This is an experimental API and may change in the future. + // AllObjectFacts returns a new slice containing all object + // facts of the analysis's FactTypes in unspecified order. AllObjectFacts func() []ObjectFact /* Further fields may be added in future. */ } // PackageFact is a package together with an associated fact. -// WARNING: This is an experimental API and may change in the future. type PackageFact struct { Package *types.Package Fact Fact } // ObjectFact is an object together with an associated fact. -// WARNING: This is an experimental API and may change in the future. type ObjectFact struct { Object types.Object Fact Fact diff --git a/vendor/golang.org/x/tools/go/analysis/diagnostic.go b/vendor/golang.org/x/tools/go/analysis/diagnostic.go index 7646ad0d49c..f67c97294b5 100644 --- a/vendor/golang.org/x/tools/go/analysis/diagnostic.go +++ b/vendor/golang.org/x/tools/go/analysis/diagnostic.go @@ -31,14 +31,13 @@ type Diagnostic struct { // see https://pkg.go.dev/net/url#URL.ResolveReference. URL string - // SuggestedFixes contains suggested fixes for a diagnostic which can be used to perform - // edits to a file that address the diagnostic. - // TODO(matloob): Should multiple SuggestedFixes be allowed for a diagnostic? + // SuggestedFixes contains suggested fixes for a diagnostic + // which can be used to perform edits to a file that address + // the diagnostic. + // // Diagnostics should not contain SuggestedFixes that overlap. - // Experimental: This API is experimental and may change in the future. SuggestedFixes []SuggestedFix // optional - // Experimental: This API is experimental and may change in the future. Related []RelatedInformation // optional } @@ -52,12 +51,12 @@ type RelatedInformation struct { Message string } -// A SuggestedFix is a code change associated with a Diagnostic that a user can choose -// to apply to their code. Usually the SuggestedFix is meant to fix the issue flagged -// by the diagnostic. -// TextEdits for a SuggestedFix should not overlap. TextEdits for a SuggestedFix -// should not contain edits for other packages. -// Experimental: This API is experimental and may change in the future. +// A SuggestedFix is a code change associated with a Diagnostic that a +// user can choose to apply to their code. Usually the SuggestedFix is +// meant to fix the issue flagged by the diagnostic. +// +// TextEdits for a SuggestedFix should not overlap, +// nor contain edits for other packages. type SuggestedFix struct { // A description for this suggested fix to be shown to a user deciding // whether to accept it. @@ -67,7 +66,6 @@ type SuggestedFix struct { // A TextEdit represents the replacement of the code between Pos and End with the new text. // Each TextEdit should apply to a single file. End should not be earlier in the file than Pos. -// Experimental: This API is experimental and may change in the future. type TextEdit struct { // For a pure insertion, End can either be set to Pos or token.NoPos. Pos token.Pos diff --git a/vendor/golang.org/x/tools/go/analysis/doc.go b/vendor/golang.org/x/tools/go/analysis/doc.go index c5429c9e239..44867d599e4 100644 --- a/vendor/golang.org/x/tools/go/analysis/doc.go +++ b/vendor/golang.org/x/tools/go/analysis/doc.go @@ -191,7 +191,7 @@ and buildtag, inspect the raw text of Go source files or even non-Go files such as assembly. To report a diagnostic against a line of a raw text file, use the following sequence: - content, err := ioutil.ReadFile(filename) + content, err := os.ReadFile(filename) if err != nil { ... } tf := fset.AddFile(filename, -1, len(content)) tf.SetLinesForContent(content) diff --git a/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go b/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go index fc2ce3052d8..01683e45a2b 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go @@ -75,8 +75,8 @@ func run(pass *analysis.Pass) (interface{}, error) { func check64BitAlignment(pass *analysis.Pass, funcName string, arg ast.Expr) { // Checks the argument is made of the address operator (&) applied to - // to a struct field (as opposed to a variable as the first word of - // uint64 and int64 variables can be relied upon to be 64-bit aligned. + // a struct field (as opposed to a variable as the first word of + // uint64 and int64 variables can be relied upon to be 64-bit aligned). unary, ok := arg.(*ast.UnaryExpr) if !ok || unary.Op != token.AND { return diff --git a/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go b/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go index ad42f39a8a0..881b8fd67d7 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go @@ -6,8 +6,6 @@ // representation of an error-free package and returns the set of all // functions within it. It does not report any diagnostics itself but // may be used as an input to other analyzers. -// -// THIS INTERFACE IS EXPERIMENTAL AND MAY BE SUBJECT TO INCOMPATIBLE CHANGE. package buildssa import ( diff --git a/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go b/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go index a2a4a89b3ac..55bdad78b76 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go @@ -40,7 +40,7 @@ func runBuildTag(pass *analysis.Pass) (interface{}, error) { } for _, name := range pass.IgnoredFiles { if strings.HasSuffix(name, ".go") { - f, err := parser.ParseFile(pass.Fset, name, nil, parser.ParseComments) + f, err := parser.ParseFile(pass.Fset, name, nil, parser.ParseComments|parser.SkipObjectResolution) if err != nil { // Not valid Go source code - not our job to diagnose, so ignore. return nil, nil diff --git a/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go index afff0d82d84..98d9a777a79 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go @@ -180,7 +180,7 @@ func typeCheckCgoSourceFiles(fset *token.FileSet, pkg *types.Package, files []*a // If f is a cgo-generated file, Position reports // the original file, honoring //line directives. filename := fset.Position(raw.Pos()).Filename - f, err := parser.ParseFile(fset, filename, nil, parser.Mode(0)) + f, err := parser.ParseFile(fset, filename, nil, parser.SkipObjectResolution) if err != nil { return nil, nil, fmt.Errorf("can't parse raw cgo file: %v", err) } @@ -271,6 +271,7 @@ func typeCheckCgoSourceFiles(fset *token.FileSet, pkg *types.Package, files []*a Sizes: sizes, Error: func(error) {}, // ignore errors (e.g. unused import) } + setGoVersion(tc, pkg) // It's tempting to record the new types in the // existing pass.TypesInfo, but we don't own it. diff --git a/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall_go120.go b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall_go120.go new file mode 100644 index 00000000000..06b54946d7b --- /dev/null +++ b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall_go120.go @@ -0,0 +1,13 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !go1.21 + +package cgocall + +import "go/types" + +func setGoVersion(tc *types.Config, pkg *types.Package) { + // no types.Package.GoVersion until Go 1.21 +} diff --git a/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall_go121.go b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall_go121.go new file mode 100644 index 00000000000..2a3e1fad228 --- /dev/null +++ b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall_go121.go @@ -0,0 +1,13 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.21 + +package cgocall + +import "go/types" + +func setGoVersion(tc *types.Config, pkg *types.Package) { + tc.GoVersion = pkg.GoVersion() +} diff --git a/vendor/golang.org/x/tools/go/analysis/passes/composite/composite.go b/vendor/golang.org/x/tools/go/analysis/passes/composite/composite.go index 20fb70806a4..c7a49776fe5 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/composite/composite.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/composite/composite.go @@ -37,7 +37,7 @@ should be replaced by: var Analyzer = &analysis.Analyzer{ Name: "composites", Doc: Doc, - URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/composites", + URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/composite", Requires: []*analysis.Analyzer{inspect.Analyzer}, RunDespiteErrors: true, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go b/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go index b3ca8ada40a..ec7727de769 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go @@ -223,6 +223,8 @@ func (path typePath) String() string { } func lockPathRhs(pass *analysis.Pass, x ast.Expr) typePath { + x = analysisutil.Unparen(x) // ignore parens on rhs + if _, ok := x.(*ast.CompositeLit); ok { return nil } @@ -231,7 +233,7 @@ func lockPathRhs(pass *analysis.Pass, x ast.Expr) typePath { return nil } if star, ok := x.(*ast.StarExpr); ok { - if _, ok := star.X.(*ast.CallExpr); ok { + if _, ok := analysisutil.Unparen(star.X).(*ast.CallExpr); ok { // A call may return a pointer to a zero value. return nil } @@ -242,29 +244,23 @@ func lockPathRhs(pass *analysis.Pass, x ast.Expr) typePath { // lockPath returns a typePath describing the location of a lock value // contained in typ. If there is no contained lock, it returns nil. // -// The seenTParams map is used to short-circuit infinite recursion via type -// parameters. -func lockPath(tpkg *types.Package, typ types.Type, seenTParams map[*typeparams.TypeParam]bool) typePath { - if typ == nil { +// The seen map is used to short-circuit infinite recursion due to type cycles. +func lockPath(tpkg *types.Package, typ types.Type, seen map[types.Type]bool) typePath { + if typ == nil || seen[typ] { return nil } + if seen == nil { + seen = make(map[types.Type]bool) + } + seen[typ] = true if tpar, ok := typ.(*typeparams.TypeParam); ok { - if seenTParams == nil { - // Lazily allocate seenTParams, since the common case will not involve - // any type parameters. - seenTParams = make(map[*typeparams.TypeParam]bool) - } - if seenTParams[tpar] { - return nil - } - seenTParams[tpar] = true terms, err := typeparams.StructuralTerms(tpar) if err != nil { return nil // invalid type } for _, term := range terms { - subpath := lockPath(tpkg, term.Type(), seenTParams) + subpath := lockPath(tpkg, term.Type(), seen) if len(subpath) > 0 { if term.Tilde() { // Prepend a tilde to our lock path entry to clarify the resulting @@ -298,7 +294,7 @@ func lockPath(tpkg *types.Package, typ types.Type, seenTParams map[*typeparams.T ttyp, ok := typ.Underlying().(*types.Tuple) if ok { for i := 0; i < ttyp.Len(); i++ { - subpath := lockPath(tpkg, ttyp.At(i).Type(), seenTParams) + subpath := lockPath(tpkg, ttyp.At(i).Type(), seen) if subpath != nil { return append(subpath, typ.String()) } @@ -332,7 +328,7 @@ func lockPath(tpkg *types.Package, typ types.Type, seenTParams map[*typeparams.T nfields := styp.NumFields() for i := 0; i < nfields; i++ { ftyp := styp.Field(i).Type() - subpath := lockPath(tpkg, ftyp, seenTParams) + subpath := lockPath(tpkg, ftyp, seen) if subpath != nil { return append(subpath, typ.String()) } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go b/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go index 6d8039fe2b6..a8d84034df1 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go @@ -12,7 +12,7 @@ import ( "go/printer" "go/token" "go/types" - "io/ioutil" + "os" ) // Format returns a string representation of the expression. @@ -69,7 +69,7 @@ func Unparen(e ast.Expr) ast.Expr { // ReadFile reads a file and adds it to the FileSet // so that we can report errors against it using lineStart. func ReadFile(fset *token.FileSet, filename string) ([]byte, *token.File, error) { - content, err := ioutil.ReadFile(filename) + content, err := os.ReadFile(filename) if err != nil { return nil, nil, err } @@ -118,12 +118,3 @@ func Imports(pkg *types.Package, path string) bool { } return false } - -// IsNamed reports whether t is exactly a named type in a package with a given path. -func IsNamed(t types.Type, path, name string) bool { - if n, ok := t.(*types.Named); ok { - obj := n.Obj() - return obj.Pkg().Path() == path && obj.Name() == name - } - return false -} diff --git a/vendor/golang.org/x/tools/go/ast/inspector/inspector.go b/vendor/golang.org/x/tools/go/ast/inspector/inspector.go index 3fbfebf3693..1fc1de0bd10 100644 --- a/vendor/golang.org/x/tools/go/ast/inspector/inspector.go +++ b/vendor/golang.org/x/tools/go/ast/inspector/inspector.go @@ -64,8 +64,9 @@ type event struct { // depth-first order. It calls f(n) for each node n before it visits // n's children. // +// The complete traversal sequence is determined by ast.Inspect. // The types argument, if non-empty, enables type-based filtering of -// events. The function f if is called only for nodes whose type +// events. The function f is called only for nodes whose type // matches an element of the types slice. func (in *Inspector) Preorder(types []ast.Node, f func(ast.Node)) { // Because it avoids postorder calls to f, and the pruning @@ -97,6 +98,7 @@ func (in *Inspector) Preorder(types []ast.Node, f func(ast.Node)) { // of the non-nil children of the node, followed by a call of // f(n, false). // +// The complete traversal sequence is determined by ast.Inspect. // The types argument, if non-empty, enables type-based filtering of // events. The function f if is called only for nodes whose type // matches an element of the types slice. diff --git a/vendor/golang.org/x/tools/go/buildutil/fakecontext.go b/vendor/golang.org/x/tools/go/buildutil/fakecontext.go index 15025f645f9..763d18809b4 100644 --- a/vendor/golang.org/x/tools/go/buildutil/fakecontext.go +++ b/vendor/golang.org/x/tools/go/buildutil/fakecontext.go @@ -8,7 +8,6 @@ import ( "fmt" "go/build" "io" - "io/ioutil" "os" "path" "path/filepath" @@ -76,7 +75,7 @@ func FakeContext(pkgs map[string]map[string]string) *build.Context { if !ok { return nil, fmt.Errorf("file not found: %s", filename) } - return ioutil.NopCloser(strings.NewReader(content)), nil + return io.NopCloser(strings.NewReader(content)), nil } ctxt.IsAbsPath = func(path string) bool { path = filepath.ToSlash(path) diff --git a/vendor/golang.org/x/tools/go/buildutil/overlay.go b/vendor/golang.org/x/tools/go/buildutil/overlay.go index bdbfd931478..7e371658d9e 100644 --- a/vendor/golang.org/x/tools/go/buildutil/overlay.go +++ b/vendor/golang.org/x/tools/go/buildutil/overlay.go @@ -10,7 +10,6 @@ import ( "fmt" "go/build" "io" - "io/ioutil" "path/filepath" "strconv" "strings" @@ -33,7 +32,7 @@ func OverlayContext(orig *build.Context, overlay map[string][]byte) *build.Conte // TODO(dominikh): Implement IsDir, HasSubdir and ReadDir rc := func(data []byte) (io.ReadCloser, error) { - return ioutil.NopCloser(bytes.NewBuffer(data)), nil + return io.NopCloser(bytes.NewBuffer(data)), nil } copy := *orig // make a copy diff --git a/vendor/golang.org/x/tools/go/internal/cgo/cgo.go b/vendor/golang.org/x/tools/go/internal/cgo/cgo.go index 3fce4800342..38d5c6c7cd3 100644 --- a/vendor/golang.org/x/tools/go/internal/cgo/cgo.go +++ b/vendor/golang.org/x/tools/go/internal/cgo/cgo.go @@ -57,7 +57,6 @@ import ( "go/build" "go/parser" "go/token" - "io/ioutil" "log" "os" "path/filepath" @@ -70,7 +69,7 @@ import ( // ProcessFiles invokes the cgo preprocessor on bp.CgoFiles, parses // the output and returns the resulting ASTs. func ProcessFiles(bp *build.Package, fset *token.FileSet, DisplayPath func(path string) string, mode parser.Mode) ([]*ast.File, error) { - tmpdir, err := ioutil.TempDir("", strings.Replace(bp.ImportPath, "/", "_", -1)+"_C") + tmpdir, err := os.MkdirTemp("", strings.Replace(bp.ImportPath, "/", "_", -1)+"_C") if err != nil { return nil, err } diff --git a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go index 18a002f82a1..0454cdd78e5 100644 --- a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go +++ b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go @@ -8,7 +8,6 @@ package packagesdriver import ( "context" "fmt" - "go/types" "strings" "golang.org/x/tools/internal/gocommand" @@ -16,7 +15,7 @@ import ( var debug = false -func GetSizesGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner *gocommand.Runner) (types.Sizes, error) { +func GetSizesForArgsGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner *gocommand.Runner) (string, string, error) { inv.Verb = "list" inv.Args = []string{"-f", "{{context.GOARCH}} {{context.Compiler}}", "--", "unsafe"} stdout, stderr, friendlyErr, rawErr := gocmdRunner.RunRaw(ctx, inv) @@ -29,21 +28,21 @@ func GetSizesGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner * inv.Args = []string{"GOARCH"} envout, enverr := gocmdRunner.Run(ctx, inv) if enverr != nil { - return nil, enverr + return "", "", enverr } goarch = strings.TrimSpace(envout.String()) compiler = "gc" } else { - return nil, friendlyErr + return "", "", friendlyErr } } else { fields := strings.Fields(stdout.String()) if len(fields) < 2 { - return nil, fmt.Errorf("could not parse GOARCH and Go compiler in format \" \":\nstdout: <<%s>>\nstderr: <<%s>>", + return "", "", fmt.Errorf("could not parse GOARCH and Go compiler in format \" \":\nstdout: <<%s>>\nstderr: <<%s>>", stdout.String(), stderr.String()) } goarch = fields[0] compiler = fields[1] } - return types.SizesFor(compiler, goarch), nil + return compiler, goarch, nil } diff --git a/vendor/golang.org/x/tools/go/packages/doc.go b/vendor/golang.org/x/tools/go/packages/doc.go index da4ab89fe63..a7a8f73e3d1 100644 --- a/vendor/golang.org/x/tools/go/packages/doc.go +++ b/vendor/golang.org/x/tools/go/packages/doc.go @@ -35,7 +35,7 @@ The Package struct provides basic information about the package, including - Imports, a map from source import strings to the Packages they name; - Types, the type information for the package's exported symbols; - Syntax, the parsed syntax trees for the package's source code; and - - TypeInfo, the result of a complete type-check of the package syntax trees. + - TypesInfo, the result of a complete type-check of the package syntax trees. (See the documentation for type Package for the complete list of fields and more detailed descriptions.) diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go index e84f19dfa98..1f1eade0ac8 100644 --- a/vendor/golang.org/x/tools/go/packages/golist.go +++ b/vendor/golang.org/x/tools/go/packages/golist.go @@ -9,8 +9,6 @@ import ( "context" "encoding/json" "fmt" - "go/types" - "io/ioutil" "log" "os" "path" @@ -153,10 +151,10 @@ func goListDriver(cfg *Config, patterns ...string) (*driverResponse, error) { if cfg.Mode&NeedTypesSizes != 0 || cfg.Mode&NeedTypes != 0 { sizeswg.Add(1) go func() { - var sizes types.Sizes - sizes, sizeserr = packagesdriver.GetSizesGolist(ctx, state.cfgInvocation(), cfg.gocmdRunner) - // types.SizesFor always returns nil or a *types.StdSizes. - response.dr.Sizes, _ = sizes.(*types.StdSizes) + compiler, arch, err := packagesdriver.GetSizesForArgsGolist(ctx, state.cfgInvocation(), cfg.gocmdRunner) + sizeserr = err + response.dr.Compiler = compiler + response.dr.Arch = arch sizeswg.Done() }() } @@ -671,6 +669,9 @@ func (state *golistState) createDriverResponse(words ...string) (*driverResponse // Temporary work-around for golang/go#39986. Parse filenames out of // error messages. This happens if there are unrecoverable syntax // errors in the source, so we can't match on a specific error message. + // + // TODO(rfindley): remove this heuristic, in favor of considering + // InvalidGoFiles from the list driver. if err := p.Error; err != nil && state.shouldAddFilenameFromError(p) { addFilenameFromPos := func(pos string) bool { split := strings.Split(pos, ":") @@ -1107,7 +1108,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err if len(state.cfg.Overlay) == 0 { return "", func() {}, nil } - dir, err := ioutil.TempDir("", "gopackages-*") + dir, err := os.MkdirTemp("", "gopackages-*") if err != nil { return "", nil, err } @@ -1126,7 +1127,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err // Create a unique filename for the overlaid files, to avoid // creating nested directories. noSeparator := strings.Join(strings.Split(filepath.ToSlash(k), "/"), "") - f, err := ioutil.TempFile(dir, fmt.Sprintf("*-%s", noSeparator)) + f, err := os.CreateTemp(dir, fmt.Sprintf("*-%s", noSeparator)) if err != nil { return "", func() {}, err } @@ -1144,7 +1145,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err } // Write out the overlay file that contains the filepath mappings. filename = filepath.Join(dir, "overlay.json") - if err := ioutil.WriteFile(filename, b, 0665); err != nil { + if err := os.WriteFile(filename, b, 0665); err != nil { return "", func() {}, err } return filename, cleanup, nil diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go index 632be722a2b..ece0e7c603e 100644 --- a/vendor/golang.org/x/tools/go/packages/packages.go +++ b/vendor/golang.org/x/tools/go/packages/packages.go @@ -16,7 +16,6 @@ import ( "go/token" "go/types" "io" - "io/ioutil" "log" "os" "path/filepath" @@ -220,8 +219,10 @@ type driverResponse struct { // lists of multiple drivers, go/packages will fall back to the next driver. NotHandled bool - // Sizes, if not nil, is the types.Sizes to use when type checking. - Sizes *types.StdSizes + // Compiler and Arch are the arguments pass of types.SizesFor + // to get a types.Sizes to use when type checking. + Compiler string + Arch string // Roots is the set of package IDs that make up the root packages. // We have to encode this separately because when we encode a single package @@ -262,7 +263,7 @@ func Load(cfg *Config, patterns ...string) ([]*Package, error) { if err != nil { return nil, err } - l.sizes = response.Sizes + l.sizes = types.SizesFor(response.Compiler, response.Arch) return l.refine(response) } @@ -630,7 +631,7 @@ func newLoader(cfg *Config) *loader { return ld } -// refine connects the supplied packages into a graph and then adds type and +// refine connects the supplied packages into a graph and then adds type // and syntax information as requested by the LoadMode. func (ld *loader) refine(response *driverResponse) ([]*Package, error) { roots := response.Roots @@ -1043,6 +1044,9 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { Error: appendError, Sizes: ld.sizes, } + if lpkg.Module != nil && lpkg.Module.GoVersion != "" { + typesinternal.SetGoVersion(tc, "go"+lpkg.Module.GoVersion) + } if (ld.Mode & typecheckCgo) != 0 { if !typesinternal.SetUsesCgo(tc) { appendError(Error{ @@ -1122,7 +1126,7 @@ func (ld *loader) parseFile(filename string) (*ast.File, error) { var err error if src == nil { ioLimit <- true // wait - src, err = ioutil.ReadFile(filename) + src, err = os.ReadFile(filename) <-ioLimit // signal } if err != nil { diff --git a/vendor/golang.org/x/tools/go/ssa/builder.go b/vendor/golang.org/x/tools/go/ssa/builder.go index 8931fb46fc7..0e49537d00a 100644 --- a/vendor/golang.org/x/tools/go/ssa/builder.go +++ b/vendor/golang.org/x/tools/go/ssa/builder.go @@ -829,7 +829,7 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value { // The result is a "bound". obj := sel.obj.(*types.Func) rt := fn.typ(recvType(obj)) - _, wantAddr := deptr(rt) + _, wantAddr := deref(rt) escaping := true v := b.receiver(fn, e.X, wantAddr, escaping, sel) @@ -950,15 +950,14 @@ func (b *builder) stmtList(fn *Function, list []ast.Stmt) { // returns the effective receiver after applying the implicit field // selections of sel. // -// wantAddr requests that the result is an an address. If +// wantAddr requests that the result is an address. If // !sel.indirect, this may require that e be built in addr() mode; it // must thus be addressable. // // escaping is defined as per builder.addr(). func (b *builder) receiver(fn *Function, e ast.Expr, wantAddr, escaping bool, sel *selection) Value { - var v Value - if _, eptr := deptr(fn.typeOf(e)); wantAddr && !sel.indirect && !eptr { + if _, eptr := deref(fn.typeOf(e)); wantAddr && !sel.indirect && !eptr { v = b.addr(fn, e, escaping).address(fn) } else { v = b.expr(fn, e) @@ -967,7 +966,7 @@ func (b *builder) receiver(fn *Function, e ast.Expr, wantAddr, escaping bool, se last := len(sel.index) - 1 // The position of implicit selection is the position of the inducing receiver expression. v = emitImplicitSelections(fn, v, sel.index[:last], e.Pos()) - if _, vptr := deptr(v.Type()); !wantAddr && vptr { + if _, vptr := deref(v.Type()); !wantAddr && vptr { v = emitLoad(fn, v) } return v @@ -986,7 +985,7 @@ func (b *builder) setCallFunc(fn *Function, e *ast.CallExpr, c *CallCommon) { obj := sel.obj.(*types.Func) recv := recvType(obj) - _, wantAddr := deptr(recv) + _, wantAddr := deref(recv) escaping := true v := b.receiver(fn, selector.X, wantAddr, escaping, sel) if types.IsInterface(recv) { diff --git a/vendor/golang.org/x/tools/go/ssa/create.go b/vendor/golang.org/x/tools/go/ssa/create.go index ccb20e79683..1bf88c83e76 100644 --- a/vendor/golang.org/x/tools/go/ssa/create.go +++ b/vendor/golang.org/x/tools/go/ssa/create.go @@ -294,6 +294,10 @@ func (prog *Program) AllPackages() []*Package { // false---yet this function remains very convenient. // Clients should use (*Program).Package instead where possible. // SSA doesn't really need a string-keyed map of packages. +// +// Furthermore, the graph of packages may contain multiple variants +// (e.g. "p" vs "p as compiled for q.test"), and each has a different +// view of its dependencies. func (prog *Program) ImportedPackage(path string) *Package { return prog.imported[path] } diff --git a/vendor/golang.org/x/tools/go/ssa/emit.go b/vendor/golang.org/x/tools/go/ssa/emit.go index fe2f6f0f6d6..abb617e6d40 100644 --- a/vendor/golang.org/x/tools/go/ssa/emit.go +++ b/vendor/golang.org/x/tools/go/ssa/emit.go @@ -101,7 +101,7 @@ func emitArith(f *Function, op token.Token, x, y Value, t types.Type, pos token. } // emitCompare emits to f code compute the boolean result of -// comparison comparison 'x op y'. +// comparison 'x op y'. func emitCompare(f *Function, op token.Token, x, y Value, pos token.Pos) Value { xt := x.Type().Underlying() yt := y.Type().Underlying() diff --git a/vendor/golang.org/x/tools/go/ssa/func.go b/vendor/golang.org/x/tools/go/ssa/func.go index 60cf53f6003..38c3e31baff 100644 --- a/vendor/golang.org/x/tools/go/ssa/func.go +++ b/vendor/golang.org/x/tools/go/ssa/func.go @@ -516,15 +516,15 @@ func (f *Function) relMethod(from *types.Package, recv types.Type) string { } // writeSignature writes to buf the signature sig in declaration syntax. -func writeSignature(buf *bytes.Buffer, from *types.Package, name string, sig *types.Signature, params []*Parameter) { +func writeSignature(buf *bytes.Buffer, from *types.Package, name string, sig *types.Signature) { buf.WriteString("func ") if recv := sig.Recv(); recv != nil { buf.WriteString("(") - if n := params[0].Name(); n != "" { - buf.WriteString(n) + if name := recv.Name(); name != "" { + buf.WriteString(name) buf.WriteString(" ") } - types.WriteType(buf, params[0].Type(), types.RelativeTo(from)) + types.WriteType(buf, recv.Type(), types.RelativeTo(from)) buf.WriteString(") ") } buf.WriteString(name) @@ -599,7 +599,7 @@ func WriteFunction(buf *bytes.Buffer, f *Function) { fmt.Fprintf(buf, "# % 3d:\t%s %s\n", i, l.Name(), relType(mustDeref(l.Type()), from)) } } - writeSignature(buf, from, f.Name(), f.Signature, f.Params) + writeSignature(buf, from, f.Name(), f.Signature) buf.WriteString(":\n") if f.Blocks == nil { diff --git a/vendor/golang.org/x/tools/go/ssa/sanity.go b/vendor/golang.org/x/tools/go/ssa/sanity.go index 88ad374ded0..886be053251 100644 --- a/vendor/golang.org/x/tools/go/ssa/sanity.go +++ b/vendor/golang.org/x/tools/go/ssa/sanity.go @@ -8,6 +8,7 @@ package ssa // Currently it checks CFG invariants but little at the instruction level. import ( + "bytes" "fmt" "go/types" "io" @@ -412,8 +413,10 @@ func (s *sanity) checkFunction(fn *Function) bool { s.errorf("nil Prog") } + var buf bytes.Buffer _ = fn.String() // must not crash _ = fn.RelString(fn.relPkg()) // must not crash + WriteFunction(&buf, fn) // must not crash // All functions have a package, except delegates (which are // shared across packages, or duplicated as weak symbols in a diff --git a/vendor/golang.org/x/tools/go/ssa/ssa.go b/vendor/golang.org/x/tools/go/ssa/ssa.go index 313146d3351..bd42f2e0a90 100644 --- a/vendor/golang.org/x/tools/go/ssa/ssa.go +++ b/vendor/golang.org/x/tools/go/ssa/ssa.go @@ -258,8 +258,8 @@ type Node interface { // or method. // // If Blocks is nil, this indicates an external function for which no -// Go source code is available. In this case, FreeVars and Locals -// are nil too. Clients performing whole-program analysis must +// Go source code is available. In this case, FreeVars, Locals, and +// Params are nil too. Clients performing whole-program analysis must // handle external functions specially. // // Blocks contains the function's control-flow graph (CFG). diff --git a/vendor/golang.org/x/tools/go/ssa/subst.go b/vendor/golang.org/x/tools/go/ssa/subst.go index 89c41a8d4c1..23d19ae7383 100644 --- a/vendor/golang.org/x/tools/go/ssa/subst.go +++ b/vendor/golang.org/x/tools/go/ssa/subst.go @@ -388,7 +388,7 @@ func (subst *subster) signature(t *types.Signature) types.Type { // no type params to substitute // (2)generic method and recv needs to be substituted. - // Recievers can be either: + // Receivers can be either: // named // pointer to named // interface diff --git a/vendor/golang.org/x/tools/go/ssa/util.go b/vendor/golang.org/x/tools/go/ssa/util.go index 7735dd8e98d..68cc971b3ee 100644 --- a/vendor/golang.org/x/tools/go/ssa/util.go +++ b/vendor/golang.org/x/tools/go/ssa/util.go @@ -304,7 +304,7 @@ func (c *canonizer) Type(T types.Type) types.Type { return T } -// A type for representating an canonized list of types. +// A type for representing a canonized list of types. type typeList []types.Type func (l *typeList) identical(ts []types.Type) bool { diff --git a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go index aa7dfaccf56..fa5834baf72 100644 --- a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go +++ b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go @@ -29,10 +29,10 @@ import ( "sort" "strconv" "strings" + _ "unsafe" "golang.org/x/tools/internal/typeparams" - - _ "unsafe" // for go:linkname + "golang.org/x/tools/internal/typesinternal" ) // A Path is an opaque name that identifies a types.Object @@ -123,8 +123,20 @@ func For(obj types.Object) (Path, error) { // An Encoder amortizes the cost of encoding the paths of multiple objects. // The zero value of an Encoder is ready to use. type Encoder struct { - scopeNamesMemo map[*types.Scope][]string // memoization of Scope.Names() - namedMethodsMemo map[*types.Named][]*types.Func // memoization of namedMethods() + scopeMemo map[*types.Scope][]types.Object // memoization of scopeObjects + namedMethodsMemo map[*types.Named][]*types.Func // memoization of namedMethods() + skipMethodSorting bool +} + +// Expose back doors so that gopls can avoid method sorting, which can dominate +// analysis on certain repositories. +// +// TODO(golang/go#61443): remove this. +func init() { + typesinternal.SkipEncoderMethodSorting = func(enc interface{}) { + enc.(*Encoder).skipMethodSorting = true + } + typesinternal.ObjectpathObject = object } // For returns the path to an object relative to its package, @@ -139,6 +151,17 @@ type Encoder struct { // These objects are sufficient to define the API of their package. // The objects described by a package's export data are drawn from this set. // +// The set of objects accessible from a package's Scope depends on +// whether the package was produced by type-checking syntax, or +// reading export data; the latter may have a smaller Scope since +// export data trims objects that are not reachable from an exported +// declaration. For example, the For function will return a path for +// an exported method of an unexported type that is not reachable +// from any public declaration; this path will cause the Object +// function to fail if called on a package loaded from export data. +// TODO(adonovan): is this a bug or feature? Should this package +// compute accessibility in the same way? +// // For does not return a path for predeclared names, imported package // names, local names, and unexported package-level names (except // types). @@ -257,15 +280,14 @@ func (enc *Encoder) For(obj types.Object) (Path, error) { // the best paths because non-types may // refer to types, but not the reverse. empty := make([]byte, 0, 48) // initial space - names := enc.scopeNames(scope) - for _, name := range names { - o := scope.Lookup(name) + objs := enc.scopeObjects(scope) + for _, o := range objs { tname, ok := o.(*types.TypeName) if !ok { continue // handle non-types in second pass } - path := append(empty, name...) + path := append(empty, o.Name()...) path = append(path, opType) T := o.Type() @@ -291,9 +313,8 @@ func (enc *Encoder) For(obj types.Object) (Path, error) { // Then inspect everything else: // non-types, and declared methods of defined types. - for _, name := range names { - o := scope.Lookup(name) - path := append(empty, name...) + for _, o := range objs { + path := append(empty, o.Name()...) if _, ok := o.(*types.TypeName); !ok { if o.Exported() { // exported non-type (const, var, func) @@ -307,16 +328,31 @@ func (enc *Encoder) For(obj types.Object) (Path, error) { // Inspect declared methods of defined types. if T, ok := o.Type().(*types.Named); ok { path = append(path, opType) - // Note that method index here is always with respect - // to canonical ordering of methods, regardless of how - // they appear in the underlying type. - for i, m := range enc.namedMethods(T) { - path2 := appendOpArg(path, opMethod, i) - if m == obj { - return Path(path2), nil // found declared method + if !enc.skipMethodSorting { + // Note that method index here is always with respect + // to canonical ordering of methods, regardless of how + // they appear in the underlying type. + for i, m := range enc.namedMethods(T) { + path2 := appendOpArg(path, opMethod, i) + if m == obj { + return Path(path2), nil // found declared method + } + if r := find(obj, m.Type(), append(path2, opType), nil); r != nil { + return Path(r), nil + } } - if r := find(obj, m.Type(), append(path2, opType), nil); r != nil { - return Path(r), nil + } else { + // This branch must match the logic in the branch above, using go/types + // APIs without sorting. + for i := 0; i < T.NumMethods(); i++ { + m := T.Method(i) + path2 := appendOpArg(path, opMethod, i) + if m == obj { + return Path(path2), nil // found declared method + } + if r := find(obj, m.Type(), append(path2, opType), nil); r != nil { + return Path(r), nil + } } } } @@ -411,10 +447,23 @@ func (enc *Encoder) concreteMethod(meth *types.Func) (Path, bool) { path := make([]byte, 0, len(name)+8) path = append(path, name...) path = append(path, opType) - for i, m := range enc.namedMethods(named) { - if m == meth { - path = appendOpArg(path, opMethod, i) - return Path(path), true + + if !enc.skipMethodSorting { + for i, m := range enc.namedMethods(named) { + if m == meth { + path = appendOpArg(path, opMethod, i) + return Path(path), true + } + } + } else { + // This branch must match the logic of the branch above, using go/types + // APIs without sorting. + for i := 0; i < named.NumMethods(); i++ { + m := named.Method(i) + if m == meth { + path = appendOpArg(path, opMethod, i) + return Path(path), true + } } } @@ -527,11 +576,16 @@ func findTypeParam(obj types.Object, list *typeparams.TypeParamList, path []byte // Object returns the object denoted by path p within the package pkg. func Object(pkg *types.Package, p Path) (types.Object, error) { - if p == "" { + return object(pkg, string(p), false) +} + +// Note: the skipMethodSorting parameter must match the value of +// Encoder.skipMethodSorting used during encoding. +func object(pkg *types.Package, pathstr string, skipMethodSorting bool) (types.Object, error) { + if pathstr == "" { return nil, fmt.Errorf("empty path") } - pathstr := string(p) var pkgobj, suffix string if dot := strings.IndexByte(pathstr, opType); dot < 0 { pkgobj = pathstr @@ -690,11 +744,15 @@ func Object(pkg *types.Package, p Path) (types.Object, error) { obj = t.Method(index) // Id-ordered case *types.Named: - methods := namedMethods(t) // (unmemoized) - if index >= len(methods) { - return nil, fmt.Errorf("method index %d out of range [0-%d)", index, len(methods)) + if index >= t.NumMethods() { + return nil, fmt.Errorf("method index %d out of range [0-%d)", index, t.NumMethods()) + } + if skipMethodSorting { + obj = t.Method(index) + } else { + methods := namedMethods(t) // (unmemoized) + obj = methods[index] // Id-ordered } - obj = methods[index] // Id-ordered default: return nil, fmt.Errorf("cannot apply %q to %s (got %T, want interface or named)", code, t, t) @@ -748,17 +806,22 @@ func (enc *Encoder) namedMethods(named *types.Named) []*types.Func { return methods } -// scopeNames is a memoization of scope.Names. Callers must not modify the result. -func (enc *Encoder) scopeNames(scope *types.Scope) []string { - m := enc.scopeNamesMemo +// scopeObjects is a memoization of scope objects. +// Callers must not modify the result. +func (enc *Encoder) scopeObjects(scope *types.Scope) []types.Object { + m := enc.scopeMemo if m == nil { - m = make(map[*types.Scope][]string) - enc.scopeNamesMemo = m + m = make(map[*types.Scope][]types.Object) + enc.scopeMemo = m } - names, ok := m[scope] + objs, ok := m[scope] if !ok { - names = scope.Names() // allocates and sorts - m[scope] = names + names := scope.Names() // allocates and sorts + objs = make([]types.Object, len(names)) + for i, name := range names { + objs[i] = scope.Lookup(name) + } + m[scope] = objs } - return names + return objs } diff --git a/vendor/golang.org/x/tools/imports/forward.go b/vendor/golang.org/x/tools/imports/forward.go index d2547c74338..cb6db8893f9 100644 --- a/vendor/golang.org/x/tools/imports/forward.go +++ b/vendor/golang.org/x/tools/imports/forward.go @@ -7,8 +7,8 @@ package imports // import "golang.org/x/tools/imports" import ( - "io/ioutil" "log" + "os" "golang.org/x/tools/internal/gocommand" intimp "golang.org/x/tools/internal/imports" @@ -44,7 +44,7 @@ var LocalPrefix string func Process(filename string, src []byte, opt *Options) ([]byte, error) { var err error if src == nil { - src, err = ioutil.ReadFile(filename) + src, err = os.ReadFile(filename) if err != nil { return nil, err } diff --git a/vendor/golang.org/x/tools/internal/event/tag/tag.go b/vendor/golang.org/x/tools/internal/event/tag/tag.go index ff2f2ecd38d..581b26c2041 100644 --- a/vendor/golang.org/x/tools/internal/event/tag/tag.go +++ b/vendor/golang.org/x/tools/internal/event/tag/tag.go @@ -19,7 +19,7 @@ var ( File = keys.NewString("file", "") Directory = keys.New("directory", "") URI = keys.New("URI", "") - Package = keys.NewString("package", "") // Package ID + Package = keys.NewString("package", "") // sorted comma-separated list of Package IDs PackagePath = keys.NewString("package_path", "") Query = keys.New("query", "") Snapshot = keys.NewUInt64("snapshot", "") diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go index 798fe599be4..c40c7e93106 100644 --- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go +++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package fastwalk provides a faster version of filepath.Walk for file system +// Package fastwalk provides a faster version of [filepath.Walk] for file system // scanning tools. package fastwalk @@ -23,31 +23,31 @@ var ErrTraverseLink = errors.New("fastwalk: traverse symlink, assuming target is // Child directories will still be traversed. var ErrSkipFiles = errors.New("fastwalk: skip remaining files in directory") -// Walk is a faster implementation of filepath.Walk. +// Walk is a faster implementation of [filepath.Walk]. // -// filepath.Walk's design necessarily calls os.Lstat on each file, +// [filepath.Walk]'s design necessarily calls [os.Lstat] on each file, // even if the caller needs less info. // Many tools need only the type of each file. // On some platforms, this information is provided directly by the readdir // system call, avoiding the need to stat each file individually. // fastwalk_unix.go contains a fork of the syscall routines. // -// See golang.org/issue/16399 +// See golang.org/issue/16399. // // Walk walks the file tree rooted at root, calling walkFn for // each file or directory in the tree, including root. // -// If fastWalk returns filepath.SkipDir, the directory is skipped. +// If Walk returns [filepath.SkipDir], the directory is skipped. // -// Unlike filepath.Walk: +// Unlike [filepath.Walk]: // - file stat calls must be done by the user. // The only provided metadata is the file type, which does not include // any permission bits. // - multiple goroutines stat the filesystem concurrently. The provided // walkFn must be safe for concurrent use. -// - fastWalk can follow symlinks if walkFn returns the TraverseLink +// - Walk can follow symlinks if walkFn returns the TraverseLink // sentinel error. It is the walkFn's responsibility to prevent -// fastWalk from going into symlink cycles. +// Walk from going into symlink cycles. func Walk(root string, walkFn func(path string, typ os.FileMode) error) error { // TODO(bradfitz): make numWorkers configurable? We used a // minimum of 4 to give the kernel more info about multiple diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go index 085d311600b..27e860243e1 100644 --- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go +++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go @@ -8,7 +8,6 @@ package fastwalk import ( - "io/ioutil" "os" ) @@ -17,16 +16,20 @@ import ( // If fn returns a non-nil error, readDir returns with that error // immediately. func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error { - fis, err := ioutil.ReadDir(dirName) + fis, err := os.ReadDir(dirName) if err != nil { return err } skipFiles := false for _, fi := range fis { - if fi.Mode().IsRegular() && skipFiles { + info, err := fi.Info() + if err != nil { + return err + } + if info.Mode().IsRegular() && skipFiles { continue } - if err := fn(dirName, fi.Name(), fi.Mode()&os.ModeType); err != nil { + if err := fn(dirName, fi.Name(), info.Mode()&os.ModeType); err != nil { if err == ErrSkipFiles { skipFiles = true continue diff --git a/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go index b1223713b94..2d078ccb19c 100644 --- a/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go +++ b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go @@ -29,7 +29,6 @@ import ( "go/token" "go/types" "io" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -221,7 +220,7 @@ func Import(packages map[string]*types.Package, path, srcDir string, lookup func switch hdr { case "$$B\n": var data []byte - data, err = ioutil.ReadAll(buf) + data, err = io.ReadAll(buf) if err != nil { break } diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go index 9930d8c36a7..6103dd7102b 100644 --- a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go +++ b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go @@ -22,17 +22,23 @@ import ( "strconv" "strings" + "golang.org/x/tools/go/types/objectpath" "golang.org/x/tools/internal/tokeninternal" "golang.org/x/tools/internal/typeparams" ) // IExportShallow encodes "shallow" export data for the specified package. // -// No promises are made about the encoding other than that it can be -// decoded by the same version of IIExportShallow. If you plan to save -// export data in the file system, be sure to include a cryptographic -// digest of the executable in the key to avoid version skew. -func IExportShallow(fset *token.FileSet, pkg *types.Package) ([]byte, error) { +// No promises are made about the encoding other than that it can be decoded by +// the same version of IIExportShallow. If you plan to save export data in the +// file system, be sure to include a cryptographic digest of the executable in +// the key to avoid version skew. +// +// If the provided reportf func is non-nil, it will be used for reporting bugs +// encountered during export. +// TODO(rfindley): remove reportf when we are confident enough in the new +// objectpath encoding. +func IExportShallow(fset *token.FileSet, pkg *types.Package, reportf ReportFunc) ([]byte, error) { // In principle this operation can only fail if out.Write fails, // but that's impossible for bytes.Buffer---and as a matter of // fact iexportCommon doesn't even check for I/O errors. @@ -47,19 +53,27 @@ func IExportShallow(fset *token.FileSet, pkg *types.Package) ([]byte, error) { // IImportShallow decodes "shallow" types.Package data encoded by // IExportShallow in the same executable. This function cannot import data from // cmd/compile or gcexportdata.Write. -func IImportShallow(fset *token.FileSet, getPackage GetPackageFunc, data []byte, path string, insert InsertType) (*types.Package, error) { +// +// The importer calls getPackages to obtain package symbols for all +// packages mentioned in the export data, including the one being +// decoded. +// +// If the provided reportf func is non-nil, it will be used for reporting bugs +// encountered during import. +// TODO(rfindley): remove reportf when we are confident enough in the new +// objectpath encoding. +func IImportShallow(fset *token.FileSet, getPackages GetPackagesFunc, data []byte, path string, reportf ReportFunc) (*types.Package, error) { const bundle = false - pkgs, err := iimportCommon(fset, getPackage, data, bundle, path, insert) + const shallow = true + pkgs, err := iimportCommon(fset, getPackages, data, bundle, path, shallow, reportf) if err != nil { return nil, err } return pkgs[0], nil } -// InsertType is the type of a function that creates a types.TypeName -// object for a named type and inserts it into the scope of the -// specified Package. -type InsertType = func(pkg *types.Package, name string) +// ReportFunc is the type of a function used to report formatted bugs. +type ReportFunc = func(string, ...interface{}) // Current bundled export format version. Increase with each format change. // 0: initial implementation @@ -313,8 +327,9 @@ type iexporter struct { out *bytes.Buffer version int - shallow bool // don't put types from other packages in the index - localpkg *types.Package // (nil in bundle mode) + shallow bool // don't put types from other packages in the index + objEncoder *objectpath.Encoder // encodes objects from other packages in shallow mode; lazily allocated + localpkg *types.Package // (nil in bundle mode) // allPkgs tracks all packages that have been referenced by // the export data, so we can ensure to include them in the @@ -354,6 +369,17 @@ func (p *iexporter) trace(format string, args ...interface{}) { fmt.Printf(strings.Repeat("..", p.indent)+format+"\n", args...) } +// objectpathEncoder returns the lazily allocated objectpath.Encoder to use +// when encoding objects in other packages during shallow export. +// +// Using a shared Encoder amortizes some of cost of objectpath search. +func (p *iexporter) objectpathEncoder() *objectpath.Encoder { + if p.objEncoder == nil { + p.objEncoder = new(objectpath.Encoder) + } + return p.objEncoder +} + // stringOff returns the offset of s within the string section. // If not already present, it's added to the end. func (p *iexporter) stringOff(s string) uint64 { @@ -413,7 +439,6 @@ type exportWriter struct { p *iexporter data intWriter - currPkg *types.Package prevFile string prevLine int64 prevColumn int64 @@ -436,7 +461,6 @@ func (p *iexporter) doDecl(obj types.Object) { }() } w := p.newWriter() - w.setPkg(obj.Pkg(), false) switch obj := obj.(type) { case *types.Var: @@ -673,6 +697,9 @@ func (w *exportWriter) qualifiedType(obj *types.TypeName) { w.pkg(obj.Pkg()) } +// TODO(rfindley): what does 'pkg' even mean here? It would be better to pass +// it in explicitly into signatures and structs that may use it for +// constructing fields. func (w *exportWriter) typ(t types.Type, pkg *types.Package) { w.data.uint64(w.p.typOff(t, pkg)) } @@ -764,30 +791,53 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { case *types.Signature: w.startType(signatureType) - w.setPkg(pkg, true) + w.pkg(pkg) w.signature(t) case *types.Struct: w.startType(structType) n := t.NumFields() + // Even for struct{} we must emit some qualifying package, because that's + // what the compiler does, and thus that's what the importer expects. + fieldPkg := pkg if n > 0 { - w.setPkg(t.Field(0).Pkg(), true) // qualifying package for field objects - } else { - w.setPkg(pkg, true) + fieldPkg = t.Field(0).Pkg() } + if fieldPkg == nil { + // TODO(rfindley): improve this very hacky logic. + // + // The importer expects a package to be set for all struct types, even + // those with no fields. A better encoding might be to set NumFields + // before pkg. setPkg panics with a nil package, which may be possible + // to reach with invalid packages (and perhaps valid packages, too?), so + // (arbitrarily) set the localpkg if available. + // + // Alternatively, we may be able to simply guarantee that pkg != nil, by + // reconsidering the encoding of constant values. + if w.p.shallow { + fieldPkg = w.p.localpkg + } else { + panic(internalErrorf("no package to set for empty struct")) + } + } + w.pkg(fieldPkg) w.uint64(uint64(n)) + for i := 0; i < n; i++ { f := t.Field(i) + if w.p.shallow { + w.objectPath(f) + } w.pos(f.Pos()) w.string(f.Name()) // unexported fields implicitly qualified by prior setPkg - w.typ(f.Type(), pkg) + w.typ(f.Type(), fieldPkg) w.bool(f.Anonymous()) w.string(t.Tag(i)) // note (or tag) } case *types.Interface: w.startType(interfaceType) - w.setPkg(pkg, true) + w.pkg(pkg) n := t.NumEmbeddeds() w.uint64(uint64(n)) @@ -802,10 +852,16 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { w.typ(ft, tPkg) } + // See comment for struct fields. In shallow mode we change the encoding + // for interface methods that are promoted from other packages. + n = t.NumExplicitMethods() w.uint64(uint64(n)) for i := 0; i < n; i++ { m := t.ExplicitMethod(i) + if w.p.shallow { + w.objectPath(m) + } w.pos(m.Pos()) w.string(m.Name()) sig, _ := m.Type().(*types.Signature) @@ -827,12 +883,61 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { } } -func (w *exportWriter) setPkg(pkg *types.Package, write bool) { - if write { - w.pkg(pkg) +// objectPath writes the package and objectPath to use to look up obj in a +// different package, when encoding in "shallow" mode. +// +// When doing a shallow import, the importer creates only the local package, +// and requests package symbols for dependencies from the client. +// However, certain types defined in the local package may hold objects defined +// (perhaps deeply) within another package. +// +// For example, consider the following: +// +// package a +// func F() chan * map[string] struct { X int } +// +// package b +// import "a" +// var B = a.F() +// +// In this example, the type of b.B holds fields defined in package a. +// In order to have the correct canonical objects for the field defined in the +// type of B, they are encoded as objectPaths and later looked up in the +// importer. The same problem applies to interface methods. +func (w *exportWriter) objectPath(obj types.Object) { + if obj.Pkg() == nil || obj.Pkg() == w.p.localpkg { + // obj.Pkg() may be nil for the builtin error.Error. + // In this case, or if obj is declared in the local package, no need to + // encode. + w.string("") + return } - - w.currPkg = pkg + objectPath, err := w.p.objectpathEncoder().For(obj) + if err != nil { + // Fall back to the empty string, which will cause the importer to create a + // new object, which matches earlier behavior. Creating a new object is + // sufficient for many purposes (such as type checking), but causes certain + // references algorithms to fail (golang/go#60819). However, we didn't + // notice this problem during months of gopls@v0.12.0 testing. + // + // TODO(golang/go#61674): this workaround is insufficient, as in the case + // where the field forwarded from an instantiated type that may not appear + // in the export data of the original package: + // + // // package a + // type A[P any] struct{ F P } + // + // // package b + // type B a.A[int] + // + // We need to update references algorithms not to depend on this + // de-duplication, at which point we may want to simply remove the + // workaround here. + w.string("") + return + } + w.string(string(objectPath)) + w.pkg(obj.Pkg()) } func (w *exportWriter) signature(sig *types.Signature) { @@ -913,6 +1018,17 @@ func (w *exportWriter) value(typ types.Type, v constant.Value) { w.int64(int64(v.Kind())) } + if v.Kind() == constant.Unknown { + // golang/go#60605: treat unknown constant values as if they have invalid type + // + // This loses some fidelity over the package type-checked from source, but that + // is acceptable. + // + // TODO(rfindley): we should switch on the recorded constant kind rather + // than the constant type + return + } + switch b := typ.Underlying().(*types.Basic); b.Info() & types.IsConstType { case types.IsBoolean: w.bool(constant.BoolVal(v)) @@ -1194,6 +1310,13 @@ type internalError string func (e internalError) Error() string { return "gcimporter: " + string(e) } +// TODO(adonovan): make this call panic, so that it's symmetric with errorf. +// Otherwise it's easy to forget to do anything with the error. +// +// TODO(adonovan): also, consider switching the names "errorf" and +// "internalErrorf" as the former is used for bugs, whose cause is +// internal inconsistency, whereas the latter is used for ordinary +// situations like bad input, whose cause is external. func internalErrorf(format string, args ...interface{}) error { return internalError(fmt.Sprintf(format, args...)) } diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go index 94a5eba333f..8e64cf644fc 100644 --- a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go +++ b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go @@ -21,6 +21,7 @@ import ( "sort" "strings" + "golang.org/x/tools/go/types/objectpath" "golang.org/x/tools/internal/typeparams" ) @@ -85,7 +86,7 @@ const ( // If the export data version is not recognized or the format is otherwise // compromised, an error is returned. func IImportData(fset *token.FileSet, imports map[string]*types.Package, data []byte, path string) (int, *types.Package, error) { - pkgs, err := iimportCommon(fset, GetPackageFromMap(imports), data, false, path, nil) + pkgs, err := iimportCommon(fset, GetPackagesFromMap(imports), data, false, path, false, nil) if err != nil { return 0, nil, err } @@ -94,33 +95,49 @@ func IImportData(fset *token.FileSet, imports map[string]*types.Package, data [] // IImportBundle imports a set of packages from the serialized package bundle. func IImportBundle(fset *token.FileSet, imports map[string]*types.Package, data []byte) ([]*types.Package, error) { - return iimportCommon(fset, GetPackageFromMap(imports), data, true, "", nil) + return iimportCommon(fset, GetPackagesFromMap(imports), data, true, "", false, nil) } -// A GetPackageFunc is a function that gets the package with the given path -// from the importer state, creating it (with the specified name) if necessary. -// It is an abstraction of the map historically used to memoize package creation. +// A GetPackagesFunc function obtains the non-nil symbols for a set of +// packages, creating and recursively importing them as needed. An +// implementation should store each package symbol is in the Pkg +// field of the items array. // -// Two calls with the same path must return the same package. -// -// If the given getPackage func returns nil, the import will fail. -type GetPackageFunc = func(path, name string) *types.Package +// Any error causes importing to fail. This can be used to quickly read +// the import manifest of an export data file without fully decoding it. +type GetPackagesFunc = func(items []GetPackagesItem) error + +// A GetPackagesItem is a request from the importer for the package +// symbol of the specified name and path. +type GetPackagesItem struct { + Name, Path string + Pkg *types.Package // to be filled in by GetPackagesFunc call + + // private importer state + pathOffset uint64 + nameIndex map[string]uint64 +} -// GetPackageFromMap returns a GetPackageFunc that retrieves packages from the -// given map of package path -> package. +// GetPackagesFromMap returns a GetPackagesFunc that retrieves +// packages from the given map of package path to package. // -// The resulting func may mutate m: if a requested package is not found, a new -// package will be inserted into m. -func GetPackageFromMap(m map[string]*types.Package) GetPackageFunc { - return func(path, name string) *types.Package { - if _, ok := m[path]; !ok { - m[path] = types.NewPackage(path, name) +// The returned function may mutate m: each requested package that is not +// found is created with types.NewPackage and inserted into m. +func GetPackagesFromMap(m map[string]*types.Package) GetPackagesFunc { + return func(items []GetPackagesItem) error { + for i, item := range items { + pkg, ok := m[item.Path] + if !ok { + pkg = types.NewPackage(item.Path, item.Name) + m[item.Path] = pkg + } + items[i].Pkg = pkg } - return m[path] + return nil } } -func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte, bundle bool, path string, insert InsertType) (pkgs []*types.Package, err error) { +func iimportCommon(fset *token.FileSet, getPackages GetPackagesFunc, data []byte, bundle bool, path string, shallow bool, reportf ReportFunc) (pkgs []*types.Package, err error) { const currentVersion = iexportVersionCurrent version := int64(-1) if !debug { @@ -159,7 +176,7 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte, sLen := int64(r.uint64()) var fLen int64 var fileOffset []uint64 - if insert != nil { + if shallow { // Shallow mode uses a different position encoding. fLen = int64(r.uint64()) fileOffset = make([]uint64, r.uint64()) @@ -178,7 +195,8 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte, p := iimporter{ version: int(version), ipath: path, - insert: insert, + shallow: shallow, + reportf: reportf, stringData: stringData, stringCache: make(map[uint64]string), @@ -205,8 +223,9 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte, p.typCache[uint64(i)] = pt } - pkgList := make([]*types.Package, r.uint64()) - for i := range pkgList { + // Gather the relevant packages from the manifest. + items := make([]GetPackagesItem, r.uint64()) + for i := range items { pkgPathOff := r.uint64() pkgPath := p.stringAt(pkgPathOff) pkgName := p.stringAt(r.uint64()) @@ -215,29 +234,42 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte, if pkgPath == "" { pkgPath = path } - pkg := getPackage(pkgPath, pkgName) - if pkg == nil { - errorf("internal error: getPackage returned nil package for %s", pkgPath) - } else if pkg.Name() != pkgName { - errorf("conflicting names %s and %s for package %q", pkg.Name(), pkgName, path) - } - if i == 0 && !bundle { - p.localpkg = pkg - } - - p.pkgCache[pkgPathOff] = pkg + items[i].Name = pkgName + items[i].Path = pkgPath + items[i].pathOffset = pkgPathOff // Read index for package. nameIndex := make(map[string]uint64) nSyms := r.uint64() - // In shallow mode we don't expect an index for other packages. - assert(nSyms == 0 || p.localpkg == pkg || p.insert == nil) + // In shallow mode, only the current package (i=0) has an index. + assert(!(shallow && i > 0 && nSyms != 0)) for ; nSyms > 0; nSyms-- { name := p.stringAt(r.uint64()) nameIndex[name] = r.uint64() } - p.pkgIndex[pkg] = nameIndex + items[i].nameIndex = nameIndex + } + + // Request packages all at once from the client, + // enabling a parallel implementation. + if err := getPackages(items); err != nil { + return nil, err // don't wrap this error + } + + // Check the results and complete the index. + pkgList := make([]*types.Package, len(items)) + for i, item := range items { + pkg := item.Pkg + if pkg == nil { + errorf("internal error: getPackages returned nil package for %q", item.Path) + } else if pkg.Path() != item.Path { + errorf("internal error: getPackages returned wrong path %q, want %q", pkg.Path(), item.Path) + } else if pkg.Name() != item.Name { + errorf("internal error: getPackages returned wrong name %s for package %q, want %s", pkg.Name(), item.Path, item.Name) + } + p.pkgCache[item.pathOffset] = pkg + p.pkgIndex[pkg] = item.nameIndex pkgList[i] = pkg } @@ -296,6 +328,13 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte, typ.Complete() } + // Workaround for golang/go#61561. See the doc for instanceList for details. + for _, typ := range p.instanceList { + if iface, _ := typ.Underlying().(*types.Interface); iface != nil { + iface.Complete() + } + } + return pkgs, nil } @@ -308,8 +347,8 @@ type iimporter struct { version int ipath string - localpkg *types.Package - insert func(pkg *types.Package, name string) // "shallow" mode only + shallow bool + reportf ReportFunc // if non-nil, used to report bugs stringData []byte stringCache map[uint64]string @@ -326,6 +365,12 @@ type iimporter struct { fake fakeFileSet interfaceList []*types.Interface + // Workaround for the go/types bug golang/go#61561: instances produced during + // instantiation may contain incomplete interfaces. Here we only complete the + // underlying type of the instance, which is the most common case but doesn't + // handle parameterized interface literals defined deeper in the type. + instanceList []types.Type // instances for later completion (see golang/go#61561) + // Arguments for calls to SetConstraint that are deferred due to recursive types later []setConstraintArgs @@ -357,13 +402,9 @@ func (p *iimporter) doDecl(pkg *types.Package, name string) { off, ok := p.pkgIndex[pkg][name] if !ok { - // In "shallow" mode, call back to the application to - // find the object and insert it into the package scope. - if p.insert != nil { - assert(pkg != p.localpkg) - p.insert(pkg, name) // "can't fail" - return - } + // In deep mode, the index should be complete. In shallow + // mode, we should have already recursively loaded necessary + // dependencies so the above Lookup succeeds. errorf("%v.%v not in index", pkg, name) } @@ -730,7 +771,8 @@ func (r *importReader) qualifiedIdent() (*types.Package, string) { } func (r *importReader) pos() token.Pos { - if r.p.insert != nil { // shallow mode + if r.p.shallow { + // precise offsets are encoded only in shallow mode return r.posv2() } if r.p.version >= iexportVersionPosCol { @@ -831,13 +873,28 @@ func (r *importReader) doType(base *types.Named) (res types.Type) { fields := make([]*types.Var, r.uint64()) tags := make([]string, len(fields)) for i := range fields { + var field *types.Var + if r.p.shallow { + field, _ = r.objectPathObject().(*types.Var) + } + fpos := r.pos() fname := r.ident() ftyp := r.typ() emb := r.bool() tag := r.string() - fields[i] = types.NewField(fpos, r.currPkg, fname, ftyp, emb) + // Either this is not a shallow import, the field is local, or the + // encoded objectPath failed to produce an object (a bug). + // + // Even in this last, buggy case, fall back on creating a new field. As + // discussed in iexport.go, this is not correct, but mostly works and is + // preferable to failing (for now at least). + if field == nil { + field = types.NewField(fpos, r.currPkg, fname, ftyp, emb) + } + + fields[i] = field tags[i] = tag } return types.NewStruct(fields, tags) @@ -853,6 +910,11 @@ func (r *importReader) doType(base *types.Named) (res types.Type) { methods := make([]*types.Func, r.uint64()) for i := range methods { + var method *types.Func + if r.p.shallow { + method, _ = r.objectPathObject().(*types.Func) + } + mpos := r.pos() mname := r.ident() @@ -862,9 +924,12 @@ func (r *importReader) doType(base *types.Named) (res types.Type) { if base != nil { recv = types.NewVar(token.NoPos, r.currPkg, "", base) } - msig := r.signature(recv, nil, nil) - methods[i] = types.NewFunc(mpos, r.currPkg, mname, msig) + + if method == nil { + method = types.NewFunc(mpos, r.currPkg, mname, msig) + } + methods[i] = method } typ := newInterface(methods, embeddeds) @@ -902,6 +967,9 @@ func (r *importReader) doType(base *types.Named) (res types.Type) { // we must always use the methods of the base (orig) type. // TODO provide a non-nil *Environment t, _ := typeparams.Instantiate(nil, baseType, targs, false) + + // Workaround for golang/go#61561. See the doc for instanceList for details. + r.p.instanceList = append(r.p.instanceList, t) return t case unionType: @@ -920,6 +988,26 @@ func (r *importReader) kind() itag { return itag(r.uint64()) } +// objectPathObject is the inverse of exportWriter.objectPath. +// +// In shallow mode, certain fields and methods may need to be looked up in an +// imported package. See the doc for exportWriter.objectPath for a full +// explanation. +func (r *importReader) objectPathObject() types.Object { + objPath := objectpath.Path(r.string()) + if objPath == "" { + return nil + } + pkg := r.pkg() + obj, err := objectpath.Object(pkg, objPath) + if err != nil { + if r.p.reportf != nil { + r.p.reportf("failed to find object for objectPath %q: %v", objPath, err) + } + } + return obj +} + func (r *importReader) signature(recv *types.Var, rparams []*typeparams.TypeParam, tparams []*typeparams.TypeParam) *types.Signature { params := r.paramList() results := r.paramList() diff --git a/vendor/golang.org/x/tools/internal/gocommand/invoke.go b/vendor/golang.org/x/tools/internal/gocommand/invoke.go index 8d9fc98d8f5..53cf66da019 100644 --- a/vendor/golang.org/x/tools/internal/gocommand/invoke.go +++ b/vendor/golang.org/x/tools/internal/gocommand/invoke.go @@ -319,7 +319,7 @@ func runCmdContext(ctx context.Context, cmd *exec.Cmd) (err error) { // Per https://pkg.go.dev/os#File.Close, the call to stdoutR.Close // should cause the Read call in io.Copy to unblock and return // immediately, but we still need to receive from stdoutErr to confirm - // that that has happened. + // that it has happened. <-stdoutErr err2 = ctx.Err() } @@ -333,7 +333,7 @@ func runCmdContext(ctx context.Context, cmd *exec.Cmd) (err error) { // one goroutine at a time will call Write.” // // Since we're starting a goroutine that writes to cmd.Stdout, we must - // also update cmd.Stderr so that that still holds. + // also update cmd.Stderr so that it still holds. func() { defer func() { recover() }() if cmd.Stderr == prevStdout { diff --git a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go index 16840532268..452e342c559 100644 --- a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go +++ b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go @@ -9,8 +9,6 @@ package gopathwalk import ( "bufio" "bytes" - "fmt" - "io/ioutil" "log" "os" "path/filepath" @@ -78,7 +76,7 @@ func walkDir(root Root, add func(Root, string), skip func(root Root, dir string) } start := time.Now() if opts.Logf != nil { - opts.Logf("gopathwalk: scanning %s", root.Path) + opts.Logf("scanning %s", root.Path) } w := &walker{ root: root, @@ -88,11 +86,15 @@ func walkDir(root Root, add func(Root, string), skip func(root Root, dir string) } w.init() if err := fastwalk.Walk(root.Path, w.walk); err != nil { - log.Printf("gopathwalk: scanning directory %v: %v", root.Path, err) + logf := opts.Logf + if logf == nil { + logf = log.Printf + } + logf("scanning directory %v: %v", root.Path, err) } if opts.Logf != nil { - opts.Logf("gopathwalk: scanned %s in %v", root.Path, time.Since(start)) + opts.Logf("scanned %s in %v", root.Path, time.Since(start)) } } @@ -135,7 +137,7 @@ func (w *walker) init() { // The provided path is one of the $GOPATH entries with "src" appended. func (w *walker) getIgnoredDirs(path string) []string { file := filepath.Join(path, ".goimportsignore") - slurp, err := ioutil.ReadFile(file) + slurp, err := os.ReadFile(file) if w.opts.Logf != nil { if err != nil { w.opts.Logf("%v", err) @@ -222,7 +224,11 @@ func (w *walker) walk(path string, typ os.FileMode) error { func (w *walker) shouldTraverse(path string) bool { ts, err := os.Stat(path) if err != nil { - fmt.Fprintln(os.Stderr, err) + logf := w.opts.Logf + if logf == nil { + logf = log.Printf + } + logf("%v", err) return false } if !ts.IsDir() { diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go index d4f1b4e8a0f..01e8ba5fa2d 100644 --- a/vendor/golang.org/x/tools/internal/imports/fix.go +++ b/vendor/golang.org/x/tools/internal/imports/fix.go @@ -13,6 +13,7 @@ import ( "go/build" "go/parser" "go/token" + "io/fs" "io/ioutil" "os" "path" @@ -107,7 +108,7 @@ func parseOtherFiles(fset *token.FileSet, srcDir, filename string) []*ast.File { considerTests := strings.HasSuffix(filename, "_test.go") fileBase := filepath.Base(filename) - packageFileInfos, err := ioutil.ReadDir(srcDir) + packageFileInfos, err := os.ReadDir(srcDir) if err != nil { return nil } @@ -1469,11 +1470,11 @@ func VendorlessPath(ipath string) string { func loadExportsFromFiles(ctx context.Context, env *ProcessEnv, dir string, includeTest bool) (string, []string, error) { // Look for non-test, buildable .go files which could provide exports. - all, err := ioutil.ReadDir(dir) + all, err := os.ReadDir(dir) if err != nil { return "", nil, err } - var files []os.FileInfo + var files []fs.DirEntry for _, fi := range all { name := fi.Name() if !strings.HasSuffix(name, ".go") || (!includeTest && strings.HasSuffix(name, "_test.go")) { diff --git a/vendor/golang.org/x/tools/internal/imports/mod.go b/vendor/golang.org/x/tools/internal/imports/mod.go index 1389d38b213..5f4d435d3cc 100644 --- a/vendor/golang.org/x/tools/internal/imports/mod.go +++ b/vendor/golang.org/x/tools/internal/imports/mod.go @@ -9,7 +9,6 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" "os" "path" "path/filepath" @@ -38,7 +37,7 @@ type ModuleResolver struct { mains []*gocommand.ModuleJSON mainByDir map[string]*gocommand.ModuleJSON modsByModPath []*gocommand.ModuleJSON // All modules, ordered by # of path components in module Path... - modsByDir []*gocommand.ModuleJSON // ...or Dir. + modsByDir []*gocommand.ModuleJSON // ...or number of path components in their Dir. // moduleCacheCache stores information about the module cache. moduleCacheCache *dirInfoCache @@ -124,7 +123,7 @@ func (r *ModuleResolver) init() error { }) sort.Slice(r.modsByDir, func(i, j int) bool { count := func(x int) int { - return strings.Count(r.modsByDir[x].Dir, "/") + return strings.Count(r.modsByDir[x].Dir, string(filepath.Separator)) } return count(j) < count(i) // descending order }) @@ -265,7 +264,7 @@ func (r *ModuleResolver) findPackage(importPath string) (*gocommand.ModuleJSON, } // Not cached. Read the filesystem. - pkgFiles, err := ioutil.ReadDir(pkgDir) + pkgFiles, err := os.ReadDir(pkgDir) if err != nil { continue } @@ -328,6 +327,10 @@ func (r *ModuleResolver) findModuleByDir(dir string) *gocommand.ModuleJSON { // - in /vendor/ in -mod=vendor mode. // - nested module? Dunno. // Rumor has it that replace targets cannot contain other replace targets. + // + // Note that it is critical here that modsByDir is sorted to have deeper dirs + // first. This ensures that findModuleByDir finds the innermost module. + // See also golang/go#56291. for _, m := range r.modsByDir { if !strings.HasPrefix(dir, m.Dir) { continue @@ -366,7 +369,7 @@ func (r *ModuleResolver) dirIsNestedModule(dir string, mod *gocommand.ModuleJSON func (r *ModuleResolver) modInfo(dir string) (modDir string, modName string) { readModName := func(modFile string) string { - modBytes, err := ioutil.ReadFile(modFile) + modBytes, err := os.ReadFile(modFile) if err != nil { return "" } diff --git a/vendor/golang.org/x/tools/internal/imports/mod_cache.go b/vendor/golang.org/x/tools/internal/imports/mod_cache.go index 18dada495ca..45690abbb4f 100644 --- a/vendor/golang.org/x/tools/internal/imports/mod_cache.go +++ b/vendor/golang.org/x/tools/internal/imports/mod_cache.go @@ -12,7 +12,7 @@ import ( "golang.org/x/tools/internal/gopathwalk" ) -// To find packages to import, the resolver needs to know about all of the +// To find packages to import, the resolver needs to know about all of // the packages that could be imported. This includes packages that are // already in modules that are in (1) the current module, (2) replace targets, // and (3) packages in the module cache. Packages in (1) and (2) may change over diff --git a/vendor/golang.org/x/tools/internal/imports/zstdlib.go b/vendor/golang.org/x/tools/internal/imports/zstdlib.go index 31a75949cdc..9f992c2bec8 100644 --- a/vendor/golang.org/x/tools/internal/imports/zstdlib.go +++ b/vendor/golang.org/x/tools/internal/imports/zstdlib.go @@ -93,6 +93,7 @@ var stdlib = map[string][]string{ "Compare", "Contains", "ContainsAny", + "ContainsFunc", "ContainsRune", "Count", "Cut", @@ -147,6 +148,11 @@ var stdlib = map[string][]string{ "TrimSpace", "TrimSuffix", }, + "cmp": { + "Compare", + "Less", + "Ordered", + }, "compress/bzip2": { "NewReader", "StructuralError", @@ -228,6 +234,7 @@ var stdlib = map[string][]string{ "Ring", }, "context": { + "AfterFunc", "Background", "CancelCauseFunc", "CancelFunc", @@ -239,8 +246,11 @@ var stdlib = map[string][]string{ "WithCancel", "WithCancelCause", "WithDeadline", + "WithDeadlineCause", "WithTimeout", + "WithTimeoutCause", "WithValue", + "WithoutCancel", }, "crypto": { "BLAKE2b_256", @@ -445,6 +455,7 @@ var stdlib = map[string][]string{ "XORBytes", }, "crypto/tls": { + "AlertError", "Certificate", "CertificateRequestInfo", "CertificateVerificationError", @@ -476,6 +487,7 @@ var stdlib = map[string][]string{ "LoadX509KeyPair", "NewLRUClientSessionCache", "NewListener", + "NewResumptionState", "NoClientCert", "PKCS1WithSHA1", "PKCS1WithSHA256", @@ -484,6 +496,27 @@ var stdlib = map[string][]string{ "PSSWithSHA256", "PSSWithSHA384", "PSSWithSHA512", + "ParseSessionState", + "QUICClient", + "QUICConfig", + "QUICConn", + "QUICEncryptionLevel", + "QUICEncryptionLevelApplication", + "QUICEncryptionLevelEarly", + "QUICEncryptionLevelHandshake", + "QUICEncryptionLevelInitial", + "QUICEvent", + "QUICEventKind", + "QUICHandshakeDone", + "QUICNoEvent", + "QUICRejectedEarlyData", + "QUICServer", + "QUICSessionTicketOptions", + "QUICSetReadSecret", + "QUICSetWriteSecret", + "QUICTransportParameters", + "QUICTransportParametersRequired", + "QUICWriteData", "RecordHeaderError", "RenegotiateFreelyAsClient", "RenegotiateNever", @@ -493,6 +526,7 @@ var stdlib = map[string][]string{ "RequireAndVerifyClientCert", "RequireAnyClientCert", "Server", + "SessionState", "SignatureScheme", "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", @@ -523,6 +557,7 @@ var stdlib = map[string][]string{ "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_RC4_128_SHA", "VerifyClientCertIfGiven", + "VersionName", "VersionSSL30", "VersionTLS10", "VersionTLS11", @@ -618,6 +653,7 @@ var stdlib = map[string][]string{ "PureEd25519", "RSA", "RevocationList", + "RevocationListEntry", "SHA1WithRSA", "SHA256WithRSA", "SHA256WithRSAPSS", @@ -1002,10 +1038,42 @@ var stdlib = map[string][]string{ "COMPRESS_LOOS", "COMPRESS_LOPROC", "COMPRESS_ZLIB", + "COMPRESS_ZSTD", "Chdr32", "Chdr64", "Class", "CompressionType", + "DF_1_CONFALT", + "DF_1_DIRECT", + "DF_1_DISPRELDNE", + "DF_1_DISPRELPND", + "DF_1_EDITED", + "DF_1_ENDFILTEE", + "DF_1_GLOBAL", + "DF_1_GLOBAUDIT", + "DF_1_GROUP", + "DF_1_IGNMULDEF", + "DF_1_INITFIRST", + "DF_1_INTERPOSE", + "DF_1_KMOD", + "DF_1_LOADFLTR", + "DF_1_NOCOMMON", + "DF_1_NODEFLIB", + "DF_1_NODELETE", + "DF_1_NODIRECT", + "DF_1_NODUMP", + "DF_1_NOHDR", + "DF_1_NOKSYMS", + "DF_1_NOOPEN", + "DF_1_NORELOC", + "DF_1_NOW", + "DF_1_ORIGIN", + "DF_1_PIE", + "DF_1_SINGLETON", + "DF_1_STUB", + "DF_1_SYMINTPOSE", + "DF_1_TRANS", + "DF_1_WEAKFILTER", "DF_BIND_NOW", "DF_ORIGIN", "DF_STATIC_TLS", @@ -1144,6 +1212,7 @@ var stdlib = map[string][]string{ "Dyn32", "Dyn64", "DynFlag", + "DynFlag1", "DynTag", "EI_ABIVERSION", "EI_CLASS", @@ -2111,6 +2180,7 @@ var stdlib = map[string][]string{ "R_PPC64_REL16_LO", "R_PPC64_REL24", "R_PPC64_REL24_NOTOC", + "R_PPC64_REL24_P9NOTOC", "R_PPC64_REL30", "R_PPC64_REL32", "R_PPC64_REL64", @@ -2848,6 +2918,7 @@ var stdlib = map[string][]string{ "MaxVarintLen16", "MaxVarintLen32", "MaxVarintLen64", + "NativeEndian", "PutUvarint", "PutVarint", "Read", @@ -2963,6 +3034,7 @@ var stdlib = map[string][]string{ }, "errors": { "As", + "ErrUnsupported", "Is", "Join", "New", @@ -2989,6 +3061,7 @@ var stdlib = map[string][]string{ "Arg", "Args", "Bool", + "BoolFunc", "BoolVar", "CommandLine", "ContinueOnError", @@ -3119,6 +3192,7 @@ var stdlib = map[string][]string{ "Inspect", "InterfaceType", "IsExported", + "IsGenerated", "KeyValueExpr", "LabeledStmt", "Lbl", @@ -3169,6 +3243,7 @@ var stdlib = map[string][]string{ "ArchChar", "Context", "Default", + "Directive", "FindOnly", "IgnoreVendor", "Import", @@ -3184,6 +3259,7 @@ var stdlib = map[string][]string{ "go/build/constraint": { "AndExpr", "Expr", + "GoVersion", "IsGoBuild", "IsPlusBuild", "NotExpr", @@ -3626,6 +3702,7 @@ var stdlib = map[string][]string{ "ErrBadHTML", "ErrBranchEnd", "ErrEndContext", + "ErrJSTemplate", "ErrNoSuchTemplate", "ErrOutputContext", "ErrPartialCharset", @@ -3870,6 +3947,8 @@ var stdlib = map[string][]string{ "FileInfo", "FileInfoToDirEntry", "FileMode", + "FormatDirEntry", + "FormatFileInfo", "Glob", "GlobFS", "ModeAppend", @@ -3942,6 +4021,78 @@ var stdlib = map[string][]string{ "SetPrefix", "Writer", }, + "log/slog": { + "Any", + "AnyValue", + "Attr", + "Bool", + "BoolValue", + "Debug", + "DebugContext", + "Default", + "Duration", + "DurationValue", + "Error", + "ErrorContext", + "Float64", + "Float64Value", + "Group", + "GroupValue", + "Handler", + "HandlerOptions", + "Info", + "InfoContext", + "Int", + "Int64", + "Int64Value", + "IntValue", + "JSONHandler", + "Kind", + "KindAny", + "KindBool", + "KindDuration", + "KindFloat64", + "KindGroup", + "KindInt64", + "KindLogValuer", + "KindString", + "KindTime", + "KindUint64", + "Level", + "LevelDebug", + "LevelError", + "LevelInfo", + "LevelKey", + "LevelVar", + "LevelWarn", + "Leveler", + "Log", + "LogAttrs", + "LogValuer", + "Logger", + "MessageKey", + "New", + "NewJSONHandler", + "NewLogLogger", + "NewRecord", + "NewTextHandler", + "Record", + "SetDefault", + "Source", + "SourceKey", + "String", + "StringValue", + "TextHandler", + "Time", + "TimeKey", + "TimeValue", + "Uint64", + "Uint64Value", + "Value", + "Warn", + "WarnContext", + "With", + }, "log/syslog": { "Dial", "LOG_ALERT", @@ -3977,6 +4128,13 @@ var stdlib = map[string][]string{ "Priority", "Writer", }, + "maps": { + "Clone", + "Copy", + "DeleteFunc", + "Equal", + "EqualFunc", + }, "math": { "Abs", "Acos", @@ -4371,6 +4529,7 @@ var stdlib = map[string][]string{ "ErrNoLocation", "ErrNotMultipart", "ErrNotSupported", + "ErrSchemeMismatch", "ErrServerClosed", "ErrShortBody", "ErrSkipAltProtocol", @@ -5084,6 +5243,8 @@ var stdlib = map[string][]string{ "NumCPU", "NumCgoCall", "NumGoroutine", + "PanicNilError", + "Pinner", "ReadMemStats", "ReadTrace", "SetBlockProfileRate", @@ -5172,6 +5333,37 @@ var stdlib = map[string][]string{ "Task", "WithRegion", }, + "slices": { + "BinarySearch", + "BinarySearchFunc", + "Clip", + "Clone", + "Compact", + "CompactFunc", + "Compare", + "CompareFunc", + "Contains", + "ContainsFunc", + "Delete", + "DeleteFunc", + "Equal", + "EqualFunc", + "Grow", + "Index", + "IndexFunc", + "Insert", + "IsSorted", + "IsSortedFunc", + "Max", + "MaxFunc", + "Min", + "MinFunc", + "Replace", + "Reverse", + "Sort", + "SortFunc", + "SortStableFunc", + }, "sort": { "Find", "Float64Slice", @@ -5242,6 +5434,7 @@ var stdlib = map[string][]string{ "Compare", "Contains", "ContainsAny", + "ContainsFunc", "ContainsRune", "Count", "Cut", @@ -5299,6 +5492,9 @@ var stdlib = map[string][]string{ "Mutex", "NewCond", "Once", + "OnceFunc", + "OnceValue", + "OnceValues", "Pool", "RWMutex", "WaitGroup", @@ -9135,10 +9331,12 @@ var stdlib = map[string][]string{ "SYS_AIO_CANCEL", "SYS_AIO_ERROR", "SYS_AIO_FSYNC", + "SYS_AIO_MLOCK", "SYS_AIO_READ", "SYS_AIO_RETURN", "SYS_AIO_SUSPEND", "SYS_AIO_SUSPEND_NOCANCEL", + "SYS_AIO_WAITCOMPLETE", "SYS_AIO_WRITE", "SYS_ALARM", "SYS_ARCH_PRCTL", @@ -9368,6 +9566,7 @@ var stdlib = map[string][]string{ "SYS_GET_MEMPOLICY", "SYS_GET_ROBUST_LIST", "SYS_GET_THREAD_AREA", + "SYS_GSSD_SYSCALL", "SYS_GTTY", "SYS_IDENTITYSVC", "SYS_IDLE", @@ -9411,8 +9610,24 @@ var stdlib = map[string][]string{ "SYS_KLDSYM", "SYS_KLDUNLOAD", "SYS_KLDUNLOADF", + "SYS_KMQ_NOTIFY", + "SYS_KMQ_OPEN", + "SYS_KMQ_SETATTR", + "SYS_KMQ_TIMEDRECEIVE", + "SYS_KMQ_TIMEDSEND", + "SYS_KMQ_UNLINK", "SYS_KQUEUE", "SYS_KQUEUE1", + "SYS_KSEM_CLOSE", + "SYS_KSEM_DESTROY", + "SYS_KSEM_GETVALUE", + "SYS_KSEM_INIT", + "SYS_KSEM_OPEN", + "SYS_KSEM_POST", + "SYS_KSEM_TIMEDWAIT", + "SYS_KSEM_TRYWAIT", + "SYS_KSEM_UNLINK", + "SYS_KSEM_WAIT", "SYS_KTIMER_CREATE", "SYS_KTIMER_DELETE", "SYS_KTIMER_GETOVERRUN", @@ -9504,11 +9719,14 @@ var stdlib = map[string][]string{ "SYS_NFSSVC", "SYS_NFSTAT", "SYS_NICE", + "SYS_NLM_SYSCALL", "SYS_NLSTAT", "SYS_NMOUNT", "SYS_NSTAT", "SYS_NTP_ADJTIME", "SYS_NTP_GETTIME", + "SYS_NUMA_GETAFFINITY", + "SYS_NUMA_SETAFFINITY", "SYS_OABI_SYSCALL_BASE", "SYS_OBREAK", "SYS_OLDFSTAT", @@ -9891,6 +10109,7 @@ var stdlib = map[string][]string{ "SYS___ACL_SET_FD", "SYS___ACL_SET_FILE", "SYS___ACL_SET_LINK", + "SYS___CAP_RIGHTS_GET", "SYS___CLONE", "SYS___DISABLE_THREADSIGNAL", "SYS___GETCWD", @@ -10574,6 +10793,7 @@ var stdlib = map[string][]string{ "Short", "T", "TB", + "Testing", "Verbose", }, "testing/fstest": { @@ -10603,6 +10823,9 @@ var stdlib = map[string][]string{ "SetupError", "Value", }, + "testing/slogtest": { + "TestHandler", + }, "text/scanner": { "Char", "Comment", @@ -10826,6 +11049,7 @@ var stdlib = map[string][]string{ "Cs", "Cuneiform", "Cypriot", + "Cypro_Minoan", "Cyrillic", "Dash", "Deprecated", @@ -10889,6 +11113,7 @@ var stdlib = map[string][]string{ "Kaithi", "Kannada", "Katakana", + "Kawi", "Kayah_Li", "Kharoshthi", "Khitan_Small_Script", @@ -10943,6 +11168,7 @@ var stdlib = map[string][]string{ "Myanmar", "N", "Nabataean", + "Nag_Mundari", "Nandinagari", "Nd", "New_Tai_Lue", @@ -10964,6 +11190,7 @@ var stdlib = map[string][]string{ "Old_Sogdian", "Old_South_Arabian", "Old_Turkic", + "Old_Uyghur", "Oriya", "Osage", "Osmanya", @@ -11038,6 +11265,7 @@ var stdlib = map[string][]string{ "Tai_Viet", "Takri", "Tamil", + "Tangsa", "Tangut", "Telugu", "Terminal_Punctuation", @@ -11052,6 +11280,7 @@ var stdlib = map[string][]string{ "ToLower", "ToTitle", "ToUpper", + "Toto", "TurkishCase", "Ugaritic", "Unified_Ideograph", @@ -11061,6 +11290,7 @@ var stdlib = map[string][]string{ "Vai", "Variation_Selector", "Version", + "Vithkuqi", "Wancho", "Warang_Citi", "White_Space", diff --git a/vendor/golang.org/x/tools/internal/typeparams/common.go b/vendor/golang.org/x/tools/internal/typeparams/common.go index cfba8189f15..d0d0649fe2a 100644 --- a/vendor/golang.org/x/tools/internal/typeparams/common.go +++ b/vendor/golang.org/x/tools/internal/typeparams/common.go @@ -23,6 +23,7 @@ package typeparams import ( + "fmt" "go/ast" "go/token" "go/types" @@ -105,6 +106,31 @@ func OriginMethod(fn *types.Func) *types.Func { } orig := NamedTypeOrigin(named) gfn, _, _ := types.LookupFieldOrMethod(orig, true, fn.Pkg(), fn.Name()) + + // This is a fix for a gopls crash (#60628) due to a go/types bug (#60634). In: + // package p + // type T *int + // func (*T) f() {} + // LookupFieldOrMethod(T, true, p, f)=nil, but NewMethodSet(*T)={(*T).f}. + // Here we make them consistent by force. + // (The go/types bug is general, but this workaround is reached only + // for generic T thanks to the early return above.) + if gfn == nil { + mset := types.NewMethodSet(types.NewPointer(orig)) + for i := 0; i < mset.Len(); i++ { + m := mset.At(i) + if m.Obj().Id() == fn.Id() { + gfn = m.Obj() + break + } + } + } + + // In golang/go#61196, we observe another crash, this time inexplicable. + if gfn == nil { + panic(fmt.Sprintf("missing origin method for %s.%s; named == origin: %t, named.NumMethods(): %d, origin.NumMethods(): %d", named, fn, named == orig, named.NumMethods(), orig.NumMethods())) + } + return gfn.(*types.Func) } diff --git a/vendor/golang.org/x/tools/internal/typeparams/coretype.go b/vendor/golang.org/x/tools/internal/typeparams/coretype.go index 993135ec90e..71248209ee5 100644 --- a/vendor/golang.org/x/tools/internal/typeparams/coretype.go +++ b/vendor/golang.org/x/tools/internal/typeparams/coretype.go @@ -81,13 +81,13 @@ func CoreType(T types.Type) types.Type { // restrictions may be arbitrarily complex. For example, consider the // following: // -// type A interface{ ~string|~[]byte } +// type A interface{ ~string|~[]byte } // -// type B interface{ int|string } +// type B interface{ int|string } // -// type C interface { ~string|~int } +// type C interface { ~string|~int } // -// type T[P interface{ A|B; C }] int +// type T[P interface{ A|B; C }] int // // In this example, the structural type restriction of P is ~string|int: A|B // expands to ~string|~[]byte|int|string, which reduces to ~string|~[]byte|int, diff --git a/vendor/golang.org/x/tools/internal/typeparams/termlist.go b/vendor/golang.org/x/tools/internal/typeparams/termlist.go index 933106a23dd..cbd12f80131 100644 --- a/vendor/golang.org/x/tools/internal/typeparams/termlist.go +++ b/vendor/golang.org/x/tools/internal/typeparams/termlist.go @@ -30,7 +30,7 @@ func (xl termlist) String() string { var buf bytes.Buffer for i, x := range xl { if i > 0 { - buf.WriteString(" ∪ ") + buf.WriteString(" | ") } buf.WriteString(x.String()) } diff --git a/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go b/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go index b4788978ff4..7ed86e1711b 100644 --- a/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go +++ b/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go @@ -129,7 +129,7 @@ func NamedTypeArgs(*types.Named) *TypeList { } // NamedTypeOrigin is the identity method at this Go version. -func NamedTypeOrigin(named *types.Named) types.Type { +func NamedTypeOrigin(named *types.Named) *types.Named { return named } diff --git a/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go b/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go index 114a36b866b..cf301af1dbe 100644 --- a/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go +++ b/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go @@ -103,7 +103,7 @@ func NamedTypeArgs(named *types.Named) *TypeList { } // NamedTypeOrigin returns named.Orig(). -func NamedTypeOrigin(named *types.Named) types.Type { +func NamedTypeOrigin(named *types.Named) *types.Named { return named.Origin() } diff --git a/vendor/golang.org/x/tools/internal/typeparams/typeterm.go b/vendor/golang.org/x/tools/internal/typeparams/typeterm.go index 7ddee28d987..7350bb702a1 100644 --- a/vendor/golang.org/x/tools/internal/typeparams/typeterm.go +++ b/vendor/golang.org/x/tools/internal/typeparams/typeterm.go @@ -10,11 +10,10 @@ import "go/types" // A term describes elementary type sets: // -// ∅: (*term)(nil) == ∅ // set of no types (empty set) -// 𝓤: &term{} == 𝓤 // set of all types (𝓤niverse) -// T: &term{false, T} == {T} // set of type T -// ~t: &term{true, t} == {t' | under(t') == t} // set of types with underlying type t -// +// ∅: (*term)(nil) == ∅ // set of no types (empty set) +// 𝓤: &term{} == 𝓤 // set of all types (𝓤niverse) +// T: &term{false, T} == {T} // set of type T +// ~t: &term{true, t} == {t' | under(t') == t} // set of types with underlying type t type term struct { tilde bool // valid if typ != nil typ types.Type diff --git a/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go b/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go new file mode 100644 index 00000000000..5e96e895573 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go @@ -0,0 +1,24 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package typesinternal + +import "go/types" + +// This file contains back doors that allow gopls to avoid method sorting when +// using the objectpath package. +// +// This is performance-critical in certain repositories, but changing the +// behavior of the objectpath package is still being discussed in +// golang/go#61443. If we decide to remove the sorting in objectpath we can +// simply delete these back doors. Otherwise, we should add a new API to +// objectpath that allows controlling the sorting. + +// SkipEncoderMethodSorting marks enc (which must be an *objectpath.Encoder) as +// not requiring sorted methods. +var SkipEncoderMethodSorting func(enc interface{}) + +// ObjectpathObject is like objectpath.Object, but allows suppressing method +// sorting. +var ObjectpathObject func(pkg *types.Package, p string, skipMethodSorting bool) (types.Object, error) diff --git a/vendor/google.golang.org/appengine/.travis.yml b/vendor/google.golang.org/appengine/.travis.yml deleted file mode 100644 index 6d03f4d36e8..00000000000 --- a/vendor/google.golang.org/appengine/.travis.yml +++ /dev/null @@ -1,18 +0,0 @@ -language: go - -go_import_path: google.golang.org/appengine - -install: - - ./travis_install.sh - -script: - - ./travis_test.sh - -matrix: - include: - - go: 1.9.x - env: GOAPP=true - - go: 1.10.x - env: GOAPP=false - - go: 1.11.x - env: GO111MODULE=on diff --git a/vendor/google.golang.org/appengine/CONTRIBUTING.md b/vendor/google.golang.org/appengine/CONTRIBUTING.md index ffc29852085..289693613cc 100644 --- a/vendor/google.golang.org/appengine/CONTRIBUTING.md +++ b/vendor/google.golang.org/appengine/CONTRIBUTING.md @@ -19,14 +19,12 @@ ## Running system tests -Download and install the [Go App Engine SDK](https://cloud.google.com/appengine/docs/go/download). Make sure the `go_appengine` dir is in your `PATH`. - Set the `APPENGINE_DEV_APPSERVER` environment variable to `/path/to/go_appengine/dev_appserver.py`. -Run tests with `goapp test`: +Run tests with `go test`: ``` -goapp test -v google.golang.org/appengine/... +go test -v google.golang.org/appengine/... ``` ## Contributor License Agreements diff --git a/vendor/google.golang.org/appengine/README.md b/vendor/google.golang.org/appengine/README.md index 9fdbacd3c60..5ccddd9990d 100644 --- a/vendor/google.golang.org/appengine/README.md +++ b/vendor/google.golang.org/appengine/README.md @@ -1,6 +1,6 @@ # Go App Engine packages -[![Build Status](https://travis-ci.org/golang/appengine.svg)](https://travis-ci.org/golang/appengine) +[![CI Status](https://github.com/golang/appengine/actions/workflows/ci.yml/badge.svg)](https://github.com/golang/appengine/actions/workflows/ci.yml) This repository supports the Go runtime on *App Engine standard*. It provides APIs for interacting with App Engine services. @@ -51,7 +51,7 @@ code importing `appengine/datastore` will now need to import `google.golang.org/ Most App Engine services are available with exactly the same API. A few APIs were cleaned up, and there are some differences: -* `appengine.Context` has been replaced with the `Context` type from `golang.org/x/net/context`. +* `appengine.Context` has been replaced with the `Context` type from `context`. * Logging methods that were on `appengine.Context` are now functions in `google.golang.org/appengine/log`. * `appengine.Timeout` has been removed. Use `context.WithTimeout` instead. * `appengine.Datacenter` now takes a `context.Context` argument. @@ -72,7 +72,7 @@ A few APIs were cleaned up, and there are some differences: * `appengine/socket` is not required on App Engine flexible environment / Managed VMs. Use the standard `net` package instead. -## Key Encode/Decode compatibiltiy to help with datastore library migrations +## Key Encode/Decode compatibility to help with datastore library migrations Key compatibility updates have been added to help customers transition from google.golang.org/appengine/datastore to cloud.google.com/go/datastore. The `EnableKeyConversion` enables automatic conversion from a key encoded with cloud.google.com/go/datastore to google.golang.org/appengine/datastore key type. diff --git a/vendor/google.golang.org/appengine/appengine.go b/vendor/google.golang.org/appengine/appengine.go index 8c9697674f2..35ba9c89676 100644 --- a/vendor/google.golang.org/appengine/appengine.go +++ b/vendor/google.golang.org/appengine/appengine.go @@ -9,10 +9,10 @@ package appengine // import "google.golang.org/appengine" import ( + "context" "net/http" "github.com/golang/protobuf/proto" - "golang.org/x/net/context" "google.golang.org/appengine/internal" ) @@ -35,18 +35,18 @@ import ( // // Main is designed so that the app's main package looks like this: // -// package main +// package main // -// import ( -// "google.golang.org/appengine" +// import ( +// "google.golang.org/appengine" // -// _ "myapp/package0" -// _ "myapp/package1" -// ) +// _ "myapp/package0" +// _ "myapp/package1" +// ) // -// func main() { -// appengine.Main() -// } +// func main() { +// appengine.Main() +// } // // The "myapp/packageX" packages are expected to register HTTP handlers // in their init functions. @@ -54,6 +54,9 @@ func Main() { internal.Main() } +// Middleware wraps an http handler so that it can make GAE API calls +var Middleware func(http.Handler) http.Handler = internal.Middleware + // IsDevAppServer reports whether the App Engine app is running in the // development App Server. func IsDevAppServer() bool { diff --git a/vendor/google.golang.org/appengine/appengine_vm.go b/vendor/google.golang.org/appengine/appengine_vm.go index f4b645aad3b..6e1d041cd95 100644 --- a/vendor/google.golang.org/appengine/appengine_vm.go +++ b/vendor/google.golang.org/appengine/appengine_vm.go @@ -2,19 +2,19 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build !appengine // +build !appengine package appengine import ( - "golang.org/x/net/context" - - "google.golang.org/appengine/internal" + "context" ) // BackgroundContext returns a context not associated with a request. -// This should only be used when not servicing a request. -// This only works in App Engine "flexible environment". +// +// Deprecated: App Engine no longer has a special background context. +// Just use context.Background(). func BackgroundContext() context.Context { - return internal.BackgroundContext() + return context.Background() } diff --git a/vendor/google.golang.org/appengine/identity.go b/vendor/google.golang.org/appengine/identity.go index b8dcf8f3619..1202fc1a531 100644 --- a/vendor/google.golang.org/appengine/identity.go +++ b/vendor/google.golang.org/appengine/identity.go @@ -5,10 +5,9 @@ package appengine import ( + "context" "time" - "golang.org/x/net/context" - "google.golang.org/appengine/internal" pb "google.golang.org/appengine/internal/app_identity" modpb "google.golang.org/appengine/internal/modules" diff --git a/vendor/google.golang.org/appengine/internal/api.go b/vendor/google.golang.org/appengine/internal/api.go index 721053c20a1..0569f5dd43e 100644 --- a/vendor/google.golang.org/appengine/internal/api.go +++ b/vendor/google.golang.org/appengine/internal/api.go @@ -2,12 +2,14 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build !appengine // +build !appengine package internal import ( "bytes" + "context" "errors" "fmt" "io/ioutil" @@ -24,7 +26,6 @@ import ( "time" "github.com/golang/protobuf/proto" - netcontext "golang.org/x/net/context" basepb "google.golang.org/appengine/internal/base" logpb "google.golang.org/appengine/internal/log" @@ -32,8 +33,7 @@ import ( ) const ( - apiPath = "/rpc_http" - defaultTicketSuffix = "/default.20150612t184001.0" + apiPath = "/rpc_http" ) var ( @@ -65,21 +65,22 @@ var ( IdleConnTimeout: 90 * time.Second, }, } - - defaultTicketOnce sync.Once - defaultTicket string - backgroundContextOnce sync.Once - backgroundContext netcontext.Context ) -func apiURL() *url.URL { +func apiURL(ctx context.Context) *url.URL { host, port := "appengine.googleapis.internal", "10001" if h := os.Getenv("API_HOST"); h != "" { host = h } + if hostOverride := ctx.Value(apiHostOverrideKey); hostOverride != nil { + host = hostOverride.(string) + } if p := os.Getenv("API_PORT"); p != "" { port = p } + if portOverride := ctx.Value(apiPortOverrideKey); portOverride != nil { + port = portOverride.(string) + } return &url.URL{ Scheme: "http", Host: host + ":" + port, @@ -87,82 +88,97 @@ func apiURL() *url.URL { } } -func handleHTTP(w http.ResponseWriter, r *http.Request) { - c := &context{ - req: r, - outHeader: w.Header(), - apiURL: apiURL(), - } - r = r.WithContext(withContext(r.Context(), c)) - c.req = r - - stopFlushing := make(chan int) +// Middleware wraps an http handler so that it can make GAE API calls +func Middleware(next http.Handler) http.Handler { + return handleHTTPMiddleware(executeRequestSafelyMiddleware(next)) +} - // Patch up RemoteAddr so it looks reasonable. - if addr := r.Header.Get(userIPHeader); addr != "" { - r.RemoteAddr = addr - } else if addr = r.Header.Get(remoteAddrHeader); addr != "" { - r.RemoteAddr = addr - } else { - // Should not normally reach here, but pick a sensible default anyway. - r.RemoteAddr = "127.0.0.1" - } - // The address in the headers will most likely be of these forms: - // 123.123.123.123 - // 2001:db8::1 - // net/http.Request.RemoteAddr is specified to be in "IP:port" form. - if _, _, err := net.SplitHostPort(r.RemoteAddr); err != nil { - // Assume the remote address is only a host; add a default port. - r.RemoteAddr = net.JoinHostPort(r.RemoteAddr, "80") - } +func handleHTTPMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + c := &aeContext{ + req: r, + outHeader: w.Header(), + } + r = r.WithContext(withContext(r.Context(), c)) + c.req = r + + stopFlushing := make(chan int) + + // Patch up RemoteAddr so it looks reasonable. + if addr := r.Header.Get(userIPHeader); addr != "" { + r.RemoteAddr = addr + } else if addr = r.Header.Get(remoteAddrHeader); addr != "" { + r.RemoteAddr = addr + } else { + // Should not normally reach here, but pick a sensible default anyway. + r.RemoteAddr = "127.0.0.1" + } + // The address in the headers will most likely be of these forms: + // 123.123.123.123 + // 2001:db8::1 + // net/http.Request.RemoteAddr is specified to be in "IP:port" form. + if _, _, err := net.SplitHostPort(r.RemoteAddr); err != nil { + // Assume the remote address is only a host; add a default port. + r.RemoteAddr = net.JoinHostPort(r.RemoteAddr, "80") + } - // Start goroutine responsible for flushing app logs. - // This is done after adding c to ctx.m (and stopped before removing it) - // because flushing logs requires making an API call. - go c.logFlusher(stopFlushing) + if logToLogservice() { + // Start goroutine responsible for flushing app logs. + // This is done after adding c to ctx.m (and stopped before removing it) + // because flushing logs requires making an API call. + go c.logFlusher(stopFlushing) + } - executeRequestSafely(c, r) - c.outHeader = nil // make sure header changes aren't respected any more + next.ServeHTTP(c, r) + c.outHeader = nil // make sure header changes aren't respected any more - stopFlushing <- 1 // any logging beyond this point will be dropped + flushed := make(chan struct{}) + if logToLogservice() { + stopFlushing <- 1 // any logging beyond this point will be dropped - // Flush any pending logs asynchronously. - c.pendingLogs.Lock() - flushes := c.pendingLogs.flushes - if len(c.pendingLogs.lines) > 0 { - flushes++ - } - c.pendingLogs.Unlock() - flushed := make(chan struct{}) - go func() { - defer close(flushed) - // Force a log flush, because with very short requests we - // may not ever flush logs. - c.flushLog(true) - }() - w.Header().Set(logFlushHeader, strconv.Itoa(flushes)) + // Flush any pending logs asynchronously. + c.pendingLogs.Lock() + flushes := c.pendingLogs.flushes + if len(c.pendingLogs.lines) > 0 { + flushes++ + } + c.pendingLogs.Unlock() + go func() { + defer close(flushed) + // Force a log flush, because with very short requests we + // may not ever flush logs. + c.flushLog(true) + }() + w.Header().Set(logFlushHeader, strconv.Itoa(flushes)) + } - // Avoid nil Write call if c.Write is never called. - if c.outCode != 0 { - w.WriteHeader(c.outCode) - } - if c.outBody != nil { - w.Write(c.outBody) - } - // Wait for the last flush to complete before returning, - // otherwise the security ticket will not be valid. - <-flushed + // Avoid nil Write call if c.Write is never called. + if c.outCode != 0 { + w.WriteHeader(c.outCode) + } + if c.outBody != nil { + w.Write(c.outBody) + } + if logToLogservice() { + // Wait for the last flush to complete before returning, + // otherwise the security ticket will not be valid. + <-flushed + } + }) } -func executeRequestSafely(c *context, r *http.Request) { - defer func() { - if x := recover(); x != nil { - logf(c, 4, "%s", renderPanic(x)) // 4 == critical - c.outCode = 500 - } - }() +func executeRequestSafelyMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + defer func() { + if x := recover(); x != nil { + c := w.(*aeContext) + logf(c, 4, "%s", renderPanic(x)) // 4 == critical + c.outCode = 500 + } + }() - http.DefaultServeMux.ServeHTTP(c, r) + next.ServeHTTP(w, r) + }) } func renderPanic(x interface{}) string { @@ -204,9 +220,9 @@ func renderPanic(x interface{}) string { return string(buf) } -// context represents the context of an in-flight HTTP request. +// aeContext represents the aeContext of an in-flight HTTP request. // It implements the appengine.Context and http.ResponseWriter interfaces. -type context struct { +type aeContext struct { req *http.Request outCode int @@ -218,8 +234,6 @@ type context struct { lines []*logpb.UserAppLogLine flushes int } - - apiURL *url.URL } var contextKey = "holds a *context" @@ -227,8 +241,8 @@ var contextKey = "holds a *context" // jointContext joins two contexts in a superficial way. // It takes values and timeouts from a base context, and only values from another context. type jointContext struct { - base netcontext.Context - valuesOnly netcontext.Context + base context.Context + valuesOnly context.Context } func (c jointContext) Deadline() (time.Time, bool) { @@ -252,94 +266,54 @@ func (c jointContext) Value(key interface{}) interface{} { // fromContext returns the App Engine context or nil if ctx is not // derived from an App Engine context. -func fromContext(ctx netcontext.Context) *context { - c, _ := ctx.Value(&contextKey).(*context) +func fromContext(ctx context.Context) *aeContext { + c, _ := ctx.Value(&contextKey).(*aeContext) return c } -func withContext(parent netcontext.Context, c *context) netcontext.Context { - ctx := netcontext.WithValue(parent, &contextKey, c) +func withContext(parent context.Context, c *aeContext) context.Context { + ctx := context.WithValue(parent, &contextKey, c) if ns := c.req.Header.Get(curNamespaceHeader); ns != "" { ctx = withNamespace(ctx, ns) } return ctx } -func toContext(c *context) netcontext.Context { - return withContext(netcontext.Background(), c) +func toContext(c *aeContext) context.Context { + return withContext(context.Background(), c) } -func IncomingHeaders(ctx netcontext.Context) http.Header { +func IncomingHeaders(ctx context.Context) http.Header { if c := fromContext(ctx); c != nil { return c.req.Header } return nil } -func ReqContext(req *http.Request) netcontext.Context { +func ReqContext(req *http.Request) context.Context { return req.Context() } -func WithContext(parent netcontext.Context, req *http.Request) netcontext.Context { +func WithContext(parent context.Context, req *http.Request) context.Context { return jointContext{ base: parent, valuesOnly: req.Context(), } } -// DefaultTicket returns a ticket used for background context or dev_appserver. -func DefaultTicket() string { - defaultTicketOnce.Do(func() { - if IsDevAppServer() { - defaultTicket = "testapp" + defaultTicketSuffix - return - } - appID := partitionlessAppID() - escAppID := strings.Replace(strings.Replace(appID, ":", "_", -1), ".", "_", -1) - majVersion := VersionID(nil) - if i := strings.Index(majVersion, "."); i > 0 { - majVersion = majVersion[:i] - } - defaultTicket = fmt.Sprintf("%s/%s.%s.%s", escAppID, ModuleName(nil), majVersion, InstanceID()) - }) - return defaultTicket -} - -func BackgroundContext() netcontext.Context { - backgroundContextOnce.Do(func() { - // Compute background security ticket. - ticket := DefaultTicket() - - c := &context{ - req: &http.Request{ - Header: http.Header{ - ticketHeader: []string{ticket}, - }, - }, - apiURL: apiURL(), - } - backgroundContext = toContext(c) - - // TODO(dsymonds): Wire up the shutdown handler to do a final flush. - go c.logFlusher(make(chan int)) - }) - - return backgroundContext -} - // RegisterTestRequest registers the HTTP request req for testing, such that -// any API calls are sent to the provided URL. It returns a closure to delete -// the registration. +// any API calls are sent to the provided URL. // It should only be used by aetest package. -func RegisterTestRequest(req *http.Request, apiURL *url.URL, decorate func(netcontext.Context) netcontext.Context) (*http.Request, func()) { - c := &context{ - req: req, - apiURL: apiURL, - } - ctx := withContext(decorate(req.Context()), c) - req = req.WithContext(ctx) - c.req = req - return req, func() {} +func RegisterTestRequest(req *http.Request, apiURL *url.URL, appID string) *http.Request { + ctx := req.Context() + ctx = withAPIHostOverride(ctx, apiURL.Hostname()) + ctx = withAPIPortOverride(ctx, apiURL.Port()) + ctx = WithAppIDOverride(ctx, appID) + + // use the unregistered request as a placeholder so that withContext can read the headers + c := &aeContext{req: req} + c.req = req.WithContext(withContext(ctx, c)) + return c.req } var errTimeout = &CallError{ @@ -348,7 +322,7 @@ var errTimeout = &CallError{ Timeout: true, } -func (c *context) Header() http.Header { return c.outHeader } +func (c *aeContext) Header() http.Header { return c.outHeader } // Copied from $GOROOT/src/pkg/net/http/transfer.go. Some response status // codes do not permit a response body (nor response entity headers such as @@ -365,7 +339,7 @@ func bodyAllowedForStatus(status int) bool { return true } -func (c *context) Write(b []byte) (int, error) { +func (c *aeContext) Write(b []byte) (int, error) { if c.outCode == 0 { c.WriteHeader(http.StatusOK) } @@ -376,7 +350,7 @@ func (c *context) Write(b []byte) (int, error) { return len(b), nil } -func (c *context) WriteHeader(code int) { +func (c *aeContext) WriteHeader(code int) { if c.outCode != 0 { logf(c, 3, "WriteHeader called multiple times on request.") // error level return @@ -384,10 +358,11 @@ func (c *context) WriteHeader(code int) { c.outCode = code } -func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error) { +func post(ctx context.Context, body []byte, timeout time.Duration) (b []byte, err error) { + apiURL := apiURL(ctx) hreq := &http.Request{ Method: "POST", - URL: c.apiURL, + URL: apiURL, Header: http.Header{ apiEndpointHeader: apiEndpointHeaderValue, apiMethodHeader: apiMethodHeaderValue, @@ -396,13 +371,16 @@ func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error) }, Body: ioutil.NopCloser(bytes.NewReader(body)), ContentLength: int64(len(body)), - Host: c.apiURL.Host, - } - if info := c.req.Header.Get(dapperHeader); info != "" { - hreq.Header.Set(dapperHeader, info) + Host: apiURL.Host, } - if info := c.req.Header.Get(traceHeader); info != "" { - hreq.Header.Set(traceHeader, info) + c := fromContext(ctx) + if c != nil { + if info := c.req.Header.Get(dapperHeader); info != "" { + hreq.Header.Set(dapperHeader, info) + } + if info := c.req.Header.Get(traceHeader); info != "" { + hreq.Header.Set(traceHeader, info) + } } tr := apiHTTPClient.Transport.(*http.Transport) @@ -444,7 +422,7 @@ func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error) return hrespBody, nil } -func Call(ctx netcontext.Context, service, method string, in, out proto.Message) error { +func Call(ctx context.Context, service, method string, in, out proto.Message) error { if ns := NamespaceFromContext(ctx); ns != "" { if fn, ok := NamespaceMods[service]; ok { fn(in, ns) @@ -463,15 +441,11 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message) } c := fromContext(ctx) - if c == nil { - // Give a good error message rather than a panic lower down. - return errNotAppEngineContext - } // Apply transaction modifications if we're in a transaction. if t := transactionFromContext(ctx); t != nil { if t.finished { - return errors.New("transaction context has expired") + return errors.New("transaction aeContext has expired") } applyTransaction(in, &t.transaction) } @@ -487,20 +461,13 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message) return err } - ticket := c.req.Header.Get(ticketHeader) - // Use a test ticket under test environment. - if ticket == "" { - if appid := ctx.Value(&appIDOverrideKey); appid != nil { - ticket = appid.(string) + defaultTicketSuffix + ticket := "" + if c != nil { + ticket = c.req.Header.Get(ticketHeader) + if dri := c.req.Header.Get(devRequestIdHeader); IsDevAppServer() && dri != "" { + ticket = dri } } - // Fall back to use background ticket when the request ticket is not available in Flex or dev_appserver. - if ticket == "" { - ticket = DefaultTicket() - } - if dri := c.req.Header.Get(devRequestIdHeader); IsDevAppServer() && dri != "" { - ticket = dri - } req := &remotepb.Request{ ServiceName: &service, Method: &method, @@ -512,7 +479,7 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message) return err } - hrespBody, err := c.post(hreqBody, timeout) + hrespBody, err := post(ctx, hreqBody, timeout) if err != nil { return err } @@ -549,11 +516,11 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message) return proto.Unmarshal(res.Response, out) } -func (c *context) Request() *http.Request { +func (c *aeContext) Request() *http.Request { return c.req } -func (c *context) addLogLine(ll *logpb.UserAppLogLine) { +func (c *aeContext) addLogLine(ll *logpb.UserAppLogLine) { // Truncate long log lines. // TODO(dsymonds): Check if this is still necessary. const lim = 8 << 10 @@ -575,18 +542,20 @@ var logLevelName = map[int64]string{ 4: "CRITICAL", } -func logf(c *context, level int64, format string, args ...interface{}) { +func logf(c *aeContext, level int64, format string, args ...interface{}) { if c == nil { - panic("not an App Engine context") + panic("not an App Engine aeContext") } s := fmt.Sprintf(format, args...) s = strings.TrimRight(s, "\n") // Remove any trailing newline characters. - c.addLogLine(&logpb.UserAppLogLine{ - TimestampUsec: proto.Int64(time.Now().UnixNano() / 1e3), - Level: &level, - Message: &s, - }) - // Only duplicate log to stderr if not running on App Engine second generation + if logToLogservice() { + c.addLogLine(&logpb.UserAppLogLine{ + TimestampUsec: proto.Int64(time.Now().UnixNano() / 1e3), + Level: &level, + Message: &s, + }) + } + // Log to stdout if not deployed if !IsSecondGen() { log.Print(logLevelName[level] + ": " + s) } @@ -594,7 +563,7 @@ func logf(c *context, level int64, format string, args ...interface{}) { // flushLog attempts to flush any pending logs to the appserver. // It should not be called concurrently. -func (c *context) flushLog(force bool) (flushed bool) { +func (c *aeContext) flushLog(force bool) (flushed bool) { c.pendingLogs.Lock() // Grab up to 30 MB. We can get away with up to 32 MB, but let's be cautious. n, rem := 0, 30<<20 @@ -655,7 +624,7 @@ const ( forceFlushInterval = 60 * time.Second ) -func (c *context) logFlusher(stop <-chan int) { +func (c *aeContext) logFlusher(stop <-chan int) { lastFlush := time.Now() tick := time.NewTicker(flushInterval) for { @@ -673,6 +642,12 @@ func (c *context) logFlusher(stop <-chan int) { } } -func ContextForTesting(req *http.Request) netcontext.Context { - return toContext(&context{req: req}) +func ContextForTesting(req *http.Request) context.Context { + return toContext(&aeContext{req: req}) +} + +func logToLogservice() bool { + // TODO: replace logservice with json structured logs to $LOG_DIR/app.log.json + // where $LOG_DIR is /var/log in prod and some tmpdir in dev + return os.Getenv("LOG_TO_LOGSERVICE") != "0" } diff --git a/vendor/google.golang.org/appengine/internal/api_classic.go b/vendor/google.golang.org/appengine/internal/api_classic.go index f0f40b2e35c..87c33c798e8 100644 --- a/vendor/google.golang.org/appengine/internal/api_classic.go +++ b/vendor/google.golang.org/appengine/internal/api_classic.go @@ -2,11 +2,13 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build appengine // +build appengine package internal import ( + "context" "errors" "fmt" "net/http" @@ -17,20 +19,19 @@ import ( basepb "appengine_internal/base" "github.com/golang/protobuf/proto" - netcontext "golang.org/x/net/context" ) var contextKey = "holds an appengine.Context" // fromContext returns the App Engine context or nil if ctx is not // derived from an App Engine context. -func fromContext(ctx netcontext.Context) appengine.Context { +func fromContext(ctx context.Context) appengine.Context { c, _ := ctx.Value(&contextKey).(appengine.Context) return c } // This is only for classic App Engine adapters. -func ClassicContextFromContext(ctx netcontext.Context) (appengine.Context, error) { +func ClassicContextFromContext(ctx context.Context) (appengine.Context, error) { c := fromContext(ctx) if c == nil { return nil, errNotAppEngineContext @@ -38,8 +39,8 @@ func ClassicContextFromContext(ctx netcontext.Context) (appengine.Context, error return c, nil } -func withContext(parent netcontext.Context, c appengine.Context) netcontext.Context { - ctx := netcontext.WithValue(parent, &contextKey, c) +func withContext(parent context.Context, c appengine.Context) context.Context { + ctx := context.WithValue(parent, &contextKey, c) s := &basepb.StringProto{} c.Call("__go__", "GetNamespace", &basepb.VoidProto{}, s, nil) @@ -50,7 +51,7 @@ func withContext(parent netcontext.Context, c appengine.Context) netcontext.Cont return ctx } -func IncomingHeaders(ctx netcontext.Context) http.Header { +func IncomingHeaders(ctx context.Context) http.Header { if c := fromContext(ctx); c != nil { if req, ok := c.Request().(*http.Request); ok { return req.Header @@ -59,11 +60,11 @@ func IncomingHeaders(ctx netcontext.Context) http.Header { return nil } -func ReqContext(req *http.Request) netcontext.Context { - return WithContext(netcontext.Background(), req) +func ReqContext(req *http.Request) context.Context { + return WithContext(context.Background(), req) } -func WithContext(parent netcontext.Context, req *http.Request) netcontext.Context { +func WithContext(parent context.Context, req *http.Request) context.Context { c := appengine.NewContext(req) return withContext(parent, c) } @@ -83,11 +84,11 @@ func (t *testingContext) Call(service, method string, _, _ appengine_internal.Pr } func (t *testingContext) Request() interface{} { return t.req } -func ContextForTesting(req *http.Request) netcontext.Context { - return withContext(netcontext.Background(), &testingContext{req: req}) +func ContextForTesting(req *http.Request) context.Context { + return withContext(context.Background(), &testingContext{req: req}) } -func Call(ctx netcontext.Context, service, method string, in, out proto.Message) error { +func Call(ctx context.Context, service, method string, in, out proto.Message) error { if ns := NamespaceFromContext(ctx); ns != "" { if fn, ok := NamespaceMods[service]; ok { fn(in, ns) @@ -144,8 +145,8 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message) return err } -func handleHTTP(w http.ResponseWriter, r *http.Request) { - panic("handleHTTP called; this should be impossible") +func Middleware(next http.Handler) http.Handler { + panic("Middleware called; this should be impossible") } func logf(c appengine.Context, level int64, format string, args ...interface{}) { diff --git a/vendor/google.golang.org/appengine/internal/api_common.go b/vendor/google.golang.org/appengine/internal/api_common.go index e0c0b214b72..5b95c13d926 100644 --- a/vendor/google.golang.org/appengine/internal/api_common.go +++ b/vendor/google.golang.org/appengine/internal/api_common.go @@ -5,20 +5,26 @@ package internal import ( + "context" "errors" "os" "github.com/golang/protobuf/proto" - netcontext "golang.org/x/net/context" ) +type ctxKey string + +func (c ctxKey) String() string { + return "appengine context key: " + string(c) +} + var errNotAppEngineContext = errors.New("not an App Engine context") -type CallOverrideFunc func(ctx netcontext.Context, service, method string, in, out proto.Message) error +type CallOverrideFunc func(ctx context.Context, service, method string, in, out proto.Message) error var callOverrideKey = "holds []CallOverrideFunc" -func WithCallOverride(ctx netcontext.Context, f CallOverrideFunc) netcontext.Context { +func WithCallOverride(ctx context.Context, f CallOverrideFunc) context.Context { // We avoid appending to any existing call override // so we don't risk overwriting a popped stack below. var cofs []CallOverrideFunc @@ -26,10 +32,10 @@ func WithCallOverride(ctx netcontext.Context, f CallOverrideFunc) netcontext.Con cofs = append(cofs, uf...) } cofs = append(cofs, f) - return netcontext.WithValue(ctx, &callOverrideKey, cofs) + return context.WithValue(ctx, &callOverrideKey, cofs) } -func callOverrideFromContext(ctx netcontext.Context) (CallOverrideFunc, netcontext.Context, bool) { +func callOverrideFromContext(ctx context.Context) (CallOverrideFunc, context.Context, bool) { cofs, _ := ctx.Value(&callOverrideKey).([]CallOverrideFunc) if len(cofs) == 0 { return nil, nil, false @@ -37,7 +43,7 @@ func callOverrideFromContext(ctx netcontext.Context) (CallOverrideFunc, netconte // We found a list of overrides; grab the last, and reconstitute a // context that will hide it. f := cofs[len(cofs)-1] - ctx = netcontext.WithValue(ctx, &callOverrideKey, cofs[:len(cofs)-1]) + ctx = context.WithValue(ctx, &callOverrideKey, cofs[:len(cofs)-1]) return f, ctx, true } @@ -45,23 +51,35 @@ type logOverrideFunc func(level int64, format string, args ...interface{}) var logOverrideKey = "holds a logOverrideFunc" -func WithLogOverride(ctx netcontext.Context, f logOverrideFunc) netcontext.Context { - return netcontext.WithValue(ctx, &logOverrideKey, f) +func WithLogOverride(ctx context.Context, f logOverrideFunc) context.Context { + return context.WithValue(ctx, &logOverrideKey, f) } var appIDOverrideKey = "holds a string, being the full app ID" -func WithAppIDOverride(ctx netcontext.Context, appID string) netcontext.Context { - return netcontext.WithValue(ctx, &appIDOverrideKey, appID) +func WithAppIDOverride(ctx context.Context, appID string) context.Context { + return context.WithValue(ctx, &appIDOverrideKey, appID) +} + +var apiHostOverrideKey = ctxKey("holds a string, being the alternate API_HOST") + +func withAPIHostOverride(ctx context.Context, apiHost string) context.Context { + return context.WithValue(ctx, apiHostOverrideKey, apiHost) +} + +var apiPortOverrideKey = ctxKey("holds a string, being the alternate API_PORT") + +func withAPIPortOverride(ctx context.Context, apiPort string) context.Context { + return context.WithValue(ctx, apiPortOverrideKey, apiPort) } var namespaceKey = "holds the namespace string" -func withNamespace(ctx netcontext.Context, ns string) netcontext.Context { - return netcontext.WithValue(ctx, &namespaceKey, ns) +func withNamespace(ctx context.Context, ns string) context.Context { + return context.WithValue(ctx, &namespaceKey, ns) } -func NamespaceFromContext(ctx netcontext.Context) string { +func NamespaceFromContext(ctx context.Context) string { // If there's no namespace, return the empty string. ns, _ := ctx.Value(&namespaceKey).(string) return ns @@ -70,14 +88,14 @@ func NamespaceFromContext(ctx netcontext.Context) string { // FullyQualifiedAppID returns the fully-qualified application ID. // This may contain a partition prefix (e.g. "s~" for High Replication apps), // or a domain prefix (e.g. "example.com:"). -func FullyQualifiedAppID(ctx netcontext.Context) string { +func FullyQualifiedAppID(ctx context.Context) string { if id, ok := ctx.Value(&appIDOverrideKey).(string); ok { return id } return fullyQualifiedAppID(ctx) } -func Logf(ctx netcontext.Context, level int64, format string, args ...interface{}) { +func Logf(ctx context.Context, level int64, format string, args ...interface{}) { if f, ok := ctx.Value(&logOverrideKey).(logOverrideFunc); ok { f(level, format, args...) return @@ -90,7 +108,7 @@ func Logf(ctx netcontext.Context, level int64, format string, args ...interface{ } // NamespacedContext wraps a Context to support namespaces. -func NamespacedContext(ctx netcontext.Context, namespace string) netcontext.Context { +func NamespacedContext(ctx context.Context, namespace string) context.Context { return withNamespace(ctx, namespace) } diff --git a/vendor/google.golang.org/appengine/internal/identity.go b/vendor/google.golang.org/appengine/internal/identity.go index 9b4134e4257..0f95aa91d5b 100644 --- a/vendor/google.golang.org/appengine/internal/identity.go +++ b/vendor/google.golang.org/appengine/internal/identity.go @@ -5,9 +5,8 @@ package internal import ( + "context" "os" - - netcontext "golang.org/x/net/context" ) var ( @@ -23,7 +22,7 @@ var ( // AppID is the implementation of the wrapper function of the same name in // ../identity.go. See that file for commentary. -func AppID(c netcontext.Context) string { +func AppID(c context.Context) string { return appID(FullyQualifiedAppID(c)) } @@ -35,7 +34,7 @@ func IsStandard() bool { return appengineStandard || IsSecondGen() } -// IsStandard is the implementation of the wrapper function of the same name in +// IsSecondGen is the implementation of the wrapper function of the same name in // ../appengine.go. See that file for commentary. func IsSecondGen() bool { // Second-gen runtimes set $GAE_ENV so we use that to check if we're on a second-gen runtime. diff --git a/vendor/google.golang.org/appengine/internal/identity_classic.go b/vendor/google.golang.org/appengine/internal/identity_classic.go index 4e979f45e34..5ad3548bf74 100644 --- a/vendor/google.golang.org/appengine/internal/identity_classic.go +++ b/vendor/google.golang.org/appengine/internal/identity_classic.go @@ -2,21 +2,22 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build appengine // +build appengine package internal import ( - "appengine" + "context" - netcontext "golang.org/x/net/context" + "appengine" ) func init() { appengineStandard = true } -func DefaultVersionHostname(ctx netcontext.Context) string { +func DefaultVersionHostname(ctx context.Context) string { c := fromContext(ctx) if c == nil { panic(errNotAppEngineContext) @@ -24,12 +25,12 @@ func DefaultVersionHostname(ctx netcontext.Context) string { return appengine.DefaultVersionHostname(c) } -func Datacenter(_ netcontext.Context) string { return appengine.Datacenter() } -func ServerSoftware() string { return appengine.ServerSoftware() } -func InstanceID() string { return appengine.InstanceID() } -func IsDevAppServer() bool { return appengine.IsDevAppServer() } +func Datacenter(_ context.Context) string { return appengine.Datacenter() } +func ServerSoftware() string { return appengine.ServerSoftware() } +func InstanceID() string { return appengine.InstanceID() } +func IsDevAppServer() bool { return appengine.IsDevAppServer() } -func RequestID(ctx netcontext.Context) string { +func RequestID(ctx context.Context) string { c := fromContext(ctx) if c == nil { panic(errNotAppEngineContext) @@ -37,14 +38,14 @@ func RequestID(ctx netcontext.Context) string { return appengine.RequestID(c) } -func ModuleName(ctx netcontext.Context) string { +func ModuleName(ctx context.Context) string { c := fromContext(ctx) if c == nil { panic(errNotAppEngineContext) } return appengine.ModuleName(c) } -func VersionID(ctx netcontext.Context) string { +func VersionID(ctx context.Context) string { c := fromContext(ctx) if c == nil { panic(errNotAppEngineContext) @@ -52,7 +53,7 @@ func VersionID(ctx netcontext.Context) string { return appengine.VersionID(c) } -func fullyQualifiedAppID(ctx netcontext.Context) string { +func fullyQualifiedAppID(ctx context.Context) string { c := fromContext(ctx) if c == nil { panic(errNotAppEngineContext) diff --git a/vendor/google.golang.org/appengine/internal/identity_flex.go b/vendor/google.golang.org/appengine/internal/identity_flex.go index d5e2e7b5e3f..4201b6b585a 100644 --- a/vendor/google.golang.org/appengine/internal/identity_flex.go +++ b/vendor/google.golang.org/appengine/internal/identity_flex.go @@ -2,6 +2,7 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build appenginevm // +build appenginevm package internal diff --git a/vendor/google.golang.org/appengine/internal/identity_vm.go b/vendor/google.golang.org/appengine/internal/identity_vm.go index 5d806726355..18ddda3a423 100644 --- a/vendor/google.golang.org/appengine/internal/identity_vm.go +++ b/vendor/google.golang.org/appengine/internal/identity_vm.go @@ -2,17 +2,17 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build !appengine // +build !appengine package internal import ( + "context" "log" "net/http" "os" "strings" - - netcontext "golang.org/x/net/context" ) // These functions are implementations of the wrapper functions @@ -24,7 +24,7 @@ const ( hDatacenter = "X-AppEngine-Datacenter" ) -func ctxHeaders(ctx netcontext.Context) http.Header { +func ctxHeaders(ctx context.Context) http.Header { c := fromContext(ctx) if c == nil { return nil @@ -32,15 +32,15 @@ func ctxHeaders(ctx netcontext.Context) http.Header { return c.Request().Header } -func DefaultVersionHostname(ctx netcontext.Context) string { +func DefaultVersionHostname(ctx context.Context) string { return ctxHeaders(ctx).Get(hDefaultVersionHostname) } -func RequestID(ctx netcontext.Context) string { +func RequestID(ctx context.Context) string { return ctxHeaders(ctx).Get(hRequestLogId) } -func Datacenter(ctx netcontext.Context) string { +func Datacenter(ctx context.Context) string { if dc := ctxHeaders(ctx).Get(hDatacenter); dc != "" { return dc } @@ -71,7 +71,7 @@ func ServerSoftware() string { // TODO(dsymonds): Remove the metadata fetches. -func ModuleName(_ netcontext.Context) string { +func ModuleName(_ context.Context) string { if s := os.Getenv("GAE_MODULE_NAME"); s != "" { return s } @@ -81,7 +81,7 @@ func ModuleName(_ netcontext.Context) string { return string(mustGetMetadata("instance/attributes/gae_backend_name")) } -func VersionID(_ netcontext.Context) string { +func VersionID(_ context.Context) string { if s1, s2 := os.Getenv("GAE_MODULE_VERSION"), os.Getenv("GAE_MINOR_VERSION"); s1 != "" && s2 != "" { return s1 + "." + s2 } @@ -112,7 +112,7 @@ func partitionlessAppID() string { return string(mustGetMetadata("instance/attributes/gae_project")) } -func fullyQualifiedAppID(_ netcontext.Context) string { +func fullyQualifiedAppID(_ context.Context) string { if s := os.Getenv("GAE_APPLICATION"); s != "" { return s } @@ -130,5 +130,5 @@ func fullyQualifiedAppID(_ netcontext.Context) string { } func IsDevAppServer() bool { - return os.Getenv("RUN_WITH_DEVAPPSERVER") != "" + return os.Getenv("RUN_WITH_DEVAPPSERVER") != "" || os.Getenv("GAE_ENV") == "localdev" } diff --git a/vendor/google.golang.org/appengine/internal/main.go b/vendor/google.golang.org/appengine/internal/main.go index 1e765312fd1..afd0ae84fdf 100644 --- a/vendor/google.golang.org/appengine/internal/main.go +++ b/vendor/google.golang.org/appengine/internal/main.go @@ -2,6 +2,7 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build appengine // +build appengine package internal diff --git a/vendor/google.golang.org/appengine/internal/main_vm.go b/vendor/google.golang.org/appengine/internal/main_vm.go index ddb79a33387..86a8caf06f3 100644 --- a/vendor/google.golang.org/appengine/internal/main_vm.go +++ b/vendor/google.golang.org/appengine/internal/main_vm.go @@ -2,6 +2,7 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build !appengine // +build !appengine package internal @@ -29,7 +30,7 @@ func Main() { if IsDevAppServer() { host = "127.0.0.1" } - if err := http.ListenAndServe(host+":"+port, http.HandlerFunc(handleHTTP)); err != nil { + if err := http.ListenAndServe(host+":"+port, Middleware(http.DefaultServeMux)); err != nil { log.Fatalf("http.ListenAndServe: %v", err) } } diff --git a/vendor/google.golang.org/appengine/internal/transaction.go b/vendor/google.golang.org/appengine/internal/transaction.go index 9006ae65380..2ae8ab9fa42 100644 --- a/vendor/google.golang.org/appengine/internal/transaction.go +++ b/vendor/google.golang.org/appengine/internal/transaction.go @@ -7,11 +7,11 @@ package internal // This file implements hooks for applying datastore transactions. import ( + "context" "errors" "reflect" "github.com/golang/protobuf/proto" - netcontext "golang.org/x/net/context" basepb "google.golang.org/appengine/internal/base" pb "google.golang.org/appengine/internal/datastore" @@ -38,13 +38,13 @@ func applyTransaction(pb proto.Message, t *pb.Transaction) { var transactionKey = "used for *Transaction" -func transactionFromContext(ctx netcontext.Context) *transaction { +func transactionFromContext(ctx context.Context) *transaction { t, _ := ctx.Value(&transactionKey).(*transaction) return t } -func withTransaction(ctx netcontext.Context, t *transaction) netcontext.Context { - return netcontext.WithValue(ctx, &transactionKey, t) +func withTransaction(ctx context.Context, t *transaction) context.Context { + return context.WithValue(ctx, &transactionKey, t) } type transaction struct { @@ -54,7 +54,7 @@ type transaction struct { var ErrConcurrentTransaction = errors.New("internal: concurrent transaction") -func RunTransactionOnce(c netcontext.Context, f func(netcontext.Context) error, xg bool, readOnly bool, previousTransaction *pb.Transaction) (*pb.Transaction, error) { +func RunTransactionOnce(c context.Context, f func(context.Context) error, xg bool, readOnly bool, previousTransaction *pb.Transaction) (*pb.Transaction, error) { if transactionFromContext(c) != nil { return nil, errors.New("nested transactions are not supported") } diff --git a/vendor/google.golang.org/appengine/namespace.go b/vendor/google.golang.org/appengine/namespace.go index 21860ca0822..6f169be487d 100644 --- a/vendor/google.golang.org/appengine/namespace.go +++ b/vendor/google.golang.org/appengine/namespace.go @@ -5,11 +5,10 @@ package appengine import ( + "context" "fmt" "regexp" - "golang.org/x/net/context" - "google.golang.org/appengine/internal" ) diff --git a/vendor/google.golang.org/appengine/socket/socket_classic.go b/vendor/google.golang.org/appengine/socket/socket_classic.go index 0ad50e2d36d..20e5940527e 100644 --- a/vendor/google.golang.org/appengine/socket/socket_classic.go +++ b/vendor/google.golang.org/appengine/socket/socket_classic.go @@ -2,11 +2,13 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build appengine // +build appengine package socket import ( + "context" "fmt" "io" "net" @@ -14,7 +16,6 @@ import ( "time" "github.com/golang/protobuf/proto" - "golang.org/x/net/context" "google.golang.org/appengine/internal" pb "google.golang.org/appengine/internal/socket" diff --git a/vendor/google.golang.org/appengine/socket/socket_vm.go b/vendor/google.golang.org/appengine/socket/socket_vm.go index c804169a1c0..fa0ec83861b 100644 --- a/vendor/google.golang.org/appengine/socket/socket_vm.go +++ b/vendor/google.golang.org/appengine/socket/socket_vm.go @@ -2,15 +2,15 @@ // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. +//go:build !appengine // +build !appengine package socket import ( + "context" "net" "time" - - "golang.org/x/net/context" ) // Dial connects to the address addr on the network protocol. diff --git a/vendor/google.golang.org/appengine/timeout.go b/vendor/google.golang.org/appengine/timeout.go index 05642a992a3..fcf3ad0a58f 100644 --- a/vendor/google.golang.org/appengine/timeout.go +++ b/vendor/google.golang.org/appengine/timeout.go @@ -4,7 +4,7 @@ package appengine -import "golang.org/x/net/context" +import "context" // IsTimeoutError reports whether err is a timeout error. func IsTimeoutError(err error) bool { diff --git a/vendor/google.golang.org/appengine/travis_install.sh b/vendor/google.golang.org/appengine/travis_install.sh deleted file mode 100644 index 785b62f46e8..00000000000 --- a/vendor/google.golang.org/appengine/travis_install.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -e - -if [[ $GO111MODULE == "on" ]]; then - go get . -else - go get -u -v $(go list -f '{{join .Imports "\n"}}{{"\n"}}{{join .TestImports "\n"}}' ./... | sort | uniq | grep -v appengine) -fi - -if [[ $GOAPP == "true" ]]; then - mkdir /tmp/sdk - curl -o /tmp/sdk.zip "https://storage.googleapis.com/appengine-sdks/featured/go_appengine_sdk_linux_amd64-1.9.68.zip" - unzip -q /tmp/sdk.zip -d /tmp/sdk - # NOTE: Set the following env vars in the test script: - # export PATH="$PATH:/tmp/sdk/go_appengine" - # export APPENGINE_DEV_APPSERVER=/tmp/sdk/go_appengine/dev_appserver.py -fi - diff --git a/vendor/google.golang.org/appengine/travis_test.sh b/vendor/google.golang.org/appengine/travis_test.sh deleted file mode 100644 index d4390f045b6..00000000000 --- a/vendor/google.golang.org/appengine/travis_test.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -e - -go version -go test -v google.golang.org/appengine/... -go test -v -race google.golang.org/appengine/... -if [[ $GOAPP == "true" ]]; then - export PATH="$PATH:/tmp/sdk/go_appengine" - export APPENGINE_DEV_APPSERVER=/tmp/sdk/go_appengine/dev_appserver.py - goapp version - goapp test -v google.golang.org/appengine/... -fi diff --git a/vendor/google.golang.org/appengine/urlfetch/urlfetch.go b/vendor/google.golang.org/appengine/urlfetch/urlfetch.go index 6ffe1e6d901..6c0d72418d8 100644 --- a/vendor/google.golang.org/appengine/urlfetch/urlfetch.go +++ b/vendor/google.golang.org/appengine/urlfetch/urlfetch.go @@ -7,6 +7,7 @@ package urlfetch // import "google.golang.org/appengine/urlfetch" import ( + "context" "errors" "fmt" "io" @@ -18,7 +19,6 @@ import ( "time" "github.com/golang/protobuf/proto" - "golang.org/x/net/context" "google.golang.org/appengine/internal" pb "google.golang.org/appengine/internal/urlfetch" @@ -44,11 +44,10 @@ type Transport struct { var _ http.RoundTripper = (*Transport)(nil) // Client returns an *http.Client using a default urlfetch Transport. This -// client will have the default deadline of 5 seconds, and will check the -// validity of SSL certificates. +// client will check the validity of SSL certificates. // -// Any deadline of the provided context will be used for requests through this client; -// if the client does not have a deadline then a 5 second default is used. +// Any deadline of the provided context will be used for requests through this client. +// If the client does not have a deadline, then an App Engine default of 60 second is used. func Client(ctx context.Context) *http.Client { return &http.Client{ Transport: &Transport{ diff --git a/vendor/modules.txt b/vendor/modules.txt index 79005a759fd..17f418d09a1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -130,7 +130,7 @@ github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/o github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/shared github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version github.com/AzureAD/microsoft-authentication-library-for-go/apps/public -# github.com/BurntSushi/toml v1.2.1 +# github.com/BurntSushi/toml v1.3.2 ## explicit; go 1.16 github.com/BurntSushi/toml github.com/BurntSushi/toml/internal @@ -143,8 +143,8 @@ github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer # github.com/IBM-Cloud/bluemix-go v0.0.0-20211102075456-ffc4e11dfb16 ## explicit; go 1.13 github.com/IBM-Cloud/bluemix-go/crn -# github.com/IBM/go-sdk-core/v5 v5.13.2 -## explicit; go 1.18 +# github.com/IBM/go-sdk-core/v5 v5.14.1 +## explicit; go 1.19 github.com/IBM/go-sdk-core/v5/core # github.com/IBM/networking-go-sdk v0.42.2 ## explicit; go 1.19 @@ -226,10 +226,11 @@ github.com/ashanbrown/forbidigo/forbidigo # github.com/ashanbrown/makezero v1.1.1 ## explicit; go 1.12 github.com/ashanbrown/makezero/makezero -# github.com/aws/aws-sdk-go v1.44.215 -## explicit; go 1.11 +# github.com/aws/aws-sdk-go v1.49.7 +## explicit; go 1.19 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn +github.com/aws/aws-sdk-go/aws/auth/bearer github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/aws/awsutil github.com/aws/aws-sdk-go/aws/client @@ -291,6 +292,7 @@ github.com/aws/aws-sdk-go/service/s3/s3iface github.com/aws/aws-sdk-go/service/s3/s3manager github.com/aws/aws-sdk-go/service/sso github.com/aws/aws-sdk-go/service/sso/ssoiface +github.com/aws/aws-sdk-go/service/ssooidc github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts/stsiface # github.com/beorn7/perks v1.0.1 @@ -340,9 +342,12 @@ github.com/chavacava/garif # github.com/cjlapao/common-go v0.0.29 ## explicit; go 1.18 github.com/cjlapao/common-go/duration -# github.com/containers/image v3.0.2+incompatible -## explicit -github.com/containers/image/docker/reference +# github.com/containers/image/v5 v5.29.3 +## explicit; go 1.19 +github.com/containers/image/v5/docker/reference +# github.com/containers/storage v1.51.0 +## explicit; go 1.19 +github.com/containers/storage/pkg/regexp # github.com/coreos/go-semver v0.3.1 ## explicit; go 1.8 github.com/coreos/go-semver/semver @@ -452,7 +457,7 @@ github.com/go-logr/stdr # github.com/go-logr/zapr v1.2.4 ## explicit; go 1.16 github.com/go-logr/zapr -# github.com/go-openapi/errors v0.20.3 +# github.com/go-openapi/errors v0.20.4 ## explicit; go 1.14 github.com/go-openapi/errors # github.com/go-openapi/jsonpointer v0.19.6 @@ -462,10 +467,10 @@ github.com/go-openapi/jsonpointer ## explicit; go 1.13 github.com/go-openapi/jsonreference github.com/go-openapi/jsonreference/internal -# github.com/go-openapi/strfmt v0.21.5 -## explicit; go 1.13 +# github.com/go-openapi/strfmt v0.21.7 +## explicit; go 1.19 github.com/go-openapi/strfmt -# github.com/go-openapi/swag v0.22.3 +# github.com/go-openapi/swag v0.22.4 ## explicit; go 1.18 github.com/go-openapi/swag # github.com/go-playground/locales v0.14.1 @@ -505,7 +510,7 @@ github.com/go-toolsmith/typep # github.com/go-xmlfmt/xmlfmt v1.1.2 ## explicit github.com/go-xmlfmt/xmlfmt -# github.com/gobuffalo/flect v0.3.0 +# github.com/gobuffalo/flect v1.0.2 ## explicit; go 1.16 github.com/gobuffalo/flect # github.com/gobwas/glob v0.2.3 @@ -924,7 +929,7 @@ github.com/mattn/go-colorable # github.com/mattn/go-isatty v0.0.20 ## explicit; go 1.15 github.com/mattn/go-isatty -# github.com/mattn/go-runewidth v0.0.14 +# github.com/mattn/go-runewidth v0.0.15 ## explicit; go 1.9 github.com/mattn/go-runewidth # github.com/matttproud/golang_protobuf_extensions v1.0.4 @@ -8915,7 +8920,7 @@ github.com/mitchellh/mapstructure ## explicit; go 1.13 github.com/moby/spdystream github.com/moby/spdystream/spdy -# github.com/moby/term v0.0.0-20221205130635-1aeaba878587 +# github.com/moby/term v0.5.0 ## explicit; go 1.18 github.com/moby/term github.com/moby/term/windows @@ -9018,7 +9023,7 @@ github.com/onsi/gomega/types # github.com/opencontainers/go-digest v1.0.0 ## explicit; go 1.13 github.com/opencontainers/go-digest -# github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c +# github.com/openshift/api v0.0.0-20240805151103-d9c2a1dd30d2 ## explicit; go 1.20 github.com/openshift/api github.com/openshift/api/apiserver @@ -9098,7 +9103,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb +# github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb ## explicit; go 1.20 github.com/openshift/client-go/config/applyconfigurations/config/v1 github.com/openshift/client-go/config/applyconfigurations/internal @@ -9130,7 +9135,7 @@ github.com/openshift/cluster-api-provider-ovirt/pkg/apis/ovirtprovider/v1beta1 ## explicit; go 1.16 github.com/openshift/cluster-autoscaler-operator/pkg/apis/autoscaling/v1 github.com/openshift/cluster-autoscaler-operator/pkg/apis/autoscaling/v1beta1 -# github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20231107105652-3110ed81e74c +# github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20240806171930-bcb227e2c577 ## explicit; go 1.18 github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/failuredomain github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig @@ -9164,7 +9169,7 @@ github.com/openshift/hive/apis/hive/v1/vsphere github.com/openshift/hive/apis/hivecontracts/v1alpha1 github.com/openshift/hive/apis/hiveinternal/v1alpha1 github.com/openshift/hive/apis/scheme -# github.com/openshift/installer v0.9.0-master.0.20230721132804-2c449439afd9 +# github.com/openshift/installer v0.9.0-master.0.20240828080122-811a267a59b1 ## explicit; go 1.20 github.com/openshift/installer/data github.com/openshift/installer/pkg/asset/installconfig/alibabacloud @@ -9193,6 +9198,7 @@ github.com/openshift/installer/pkg/destroy/openstack github.com/openshift/installer/pkg/destroy/ovirt github.com/openshift/installer/pkg/destroy/providers github.com/openshift/installer/pkg/destroy/vsphere +github.com/openshift/installer/pkg/hostcrypt github.com/openshift/installer/pkg/ipnet github.com/openshift/installer/pkg/quota github.com/openshift/installer/pkg/rhcos @@ -9240,7 +9246,7 @@ github.com/openshift/installer/pkg/types/vsphere/defaults github.com/openshift/installer/pkg/types/vsphere/validation github.com/openshift/installer/pkg/validate github.com/openshift/installer/pkg/version -# github.com/openshift/library-go v0.0.0-20230508110756-9b7abe2c9cbf +# github.com/openshift/library-go v0.0.0-20230523150659-ab179469ba38 ## explicit; go 1.20 github.com/openshift/library-go/pkg/config/clusterstatus github.com/openshift/library-go/pkg/config/leaderelection @@ -9302,23 +9308,23 @@ github.com/polyfloyd/go-errorlint/errorlint ## explicit; go 1.14 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1 -# github.com/prometheus/client_golang v1.16.0 -## explicit; go 1.17 +# github.com/prometheus/client_golang v1.17.0 +## explicit; go 1.19 github.com/prometheus/client_golang/prometheus github.com/prometheus/client_golang/prometheus/collectors github.com/prometheus/client_golang/prometheus/internal github.com/prometheus/client_golang/prometheus/promhttp github.com/prometheus/client_golang/prometheus/testutil github.com/prometheus/client_golang/prometheus/testutil/promlint -# github.com/prometheus/client_model v0.4.0 -## explicit; go 1.18 +# github.com/prometheus/client_model v0.5.0 +## explicit; go 1.19 github.com/prometheus/client_model/go # github.com/prometheus/common v0.44.0 ## explicit; go 1.18 github.com/prometheus/common/expfmt github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg github.com/prometheus/common/model -# github.com/prometheus/procfs v0.10.1 +# github.com/prometheus/procfs v0.11.1 ## explicit; go 1.19 github.com/prometheus/procfs github.com/prometheus/procfs/internal/fs @@ -9351,7 +9357,7 @@ github.com/quasilyte/regex/syntax # github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 ## explicit; go 1.17 github.com/quasilyte/stdinfo -# github.com/rivo/uniseg v0.4.2 +# github.com/rivo/uniseg v0.4.4 ## explicit; go 1.18 github.com/rivo/uniseg # github.com/russross/blackfriday/v2 v2.1.0 @@ -9389,7 +9395,7 @@ github.com/shurcooL/httpfs/vfsutil # github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd ## explicit github.com/shurcooL/vfsgen -# github.com/sirupsen/logrus v1.9.0 +# github.com/sirupsen/logrus v1.9.3 ## explicit; go 1.13 github.com/sirupsen/logrus # github.com/sivchari/containedctx v1.0.2 @@ -9709,8 +9715,8 @@ golang.org/x/crypto/salsa20/salsa golang.org/x/crypto/sha3 golang.org/x/crypto/ssh golang.org/x/crypto/ssh/internal/bcrypt_pbkdf -# golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e -## explicit; go 1.18 +# golang.org/x/exp v0.0.0-20231006140011-7918f672742d +## explicit; go 1.20 golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices @@ -9721,8 +9727,8 @@ golang.org/x/exp/typeparams ## explicit; go 1.11 golang.org/x/lint golang.org/x/lint/golint -# golang.org/x/mod v0.10.0 -## explicit; go 1.17 +# golang.org/x/mod v0.13.0 +## explicit; go 1.18 golang.org/x/mod/internal/lazyregexp golang.org/x/mod/modfile golang.org/x/mod/module @@ -9747,17 +9753,19 @@ golang.org/x/net/ipv6 golang.org/x/net/proxy golang.org/x/net/trace golang.org/x/net/websocket -# golang.org/x/oauth2 v0.11.0 +# golang.org/x/oauth2 v0.14.0 ## explicit; go 1.18 golang.org/x/oauth2 golang.org/x/oauth2/authhandler golang.org/x/oauth2/google golang.org/x/oauth2/google/internal/externalaccount +golang.org/x/oauth2/google/internal/externalaccountauthorizeduser +golang.org/x/oauth2/google/internal/stsexchange golang.org/x/oauth2/internal golang.org/x/oauth2/jws golang.org/x/oauth2/jwt -# golang.org/x/sync v0.3.0 -## explicit; go 1.17 +# golang.org/x/sync v0.5.0 +## explicit; go 1.18 golang.org/x/sync/errgroup golang.org/x/sync/semaphore golang.org/x/sync/singleflight @@ -9806,7 +9814,7 @@ golang.org/x/text/width # golang.org/x/time v0.3.0 ## explicit golang.org/x/time/rate -# golang.org/x/tools v0.9.3 +# golang.org/x/tools v0.14.0 ## explicit; go 1.18 golang.org/x/tools/go/analysis golang.org/x/tools/go/analysis/passes/asmdecl @@ -9902,7 +9910,7 @@ google.golang.org/api/serviceusage/v1 google.golang.org/api/storage/v1 google.golang.org/api/transport/http google.golang.org/api/transport/http/internal/propagation -# google.golang.org/appengine v1.6.7 +# google.golang.org/appengine v1.6.8 ## explicit; go 1.11 google.golang.org/appengine google.golang.org/appengine/internal @@ -9916,7 +9924,7 @@ google.golang.org/appengine/internal/socket google.golang.org/appengine/internal/urlfetch google.golang.org/appengine/socket google.golang.org/appengine/urlfetch -# google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d +# google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb ## explicit; go 1.19 google.golang.org/genproto/internal # google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d @@ -9925,7 +9933,7 @@ google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/api/annotations google.golang.org/genproto/googleapis/api/expr/v1alpha1 google.golang.org/genproto/googleapis/api/httpbody -# google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d +# google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 ## explicit; go 1.19 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails @@ -10929,8 +10937,8 @@ sigs.k8s.io/controller-runtime/pkg/source sigs.k8s.io/controller-runtime/pkg/webhook sigs.k8s.io/controller-runtime/pkg/webhook/admission sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics -# sigs.k8s.io/controller-tools v0.11.3 -## explicit; go 1.19 +# sigs.k8s.io/controller-tools v0.12.0 +## explicit; go 1.20 sigs.k8s.io/controller-tools/cmd/controller-gen sigs.k8s.io/controller-tools/pkg/crd sigs.k8s.io/controller-tools/pkg/crd/markers diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/crd/gen.go b/vendor/sigs.k8s.io/controller-tools/pkg/crd/gen.go index c6c5f88b8d3..546ba9a6d72 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/crd/gen.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/crd/gen.go @@ -21,6 +21,7 @@ import ( "go/ast" "go/types" "sort" + "strings" apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -78,6 +79,12 @@ type Generator struct { // GenerateEmbeddedObjectMeta specifies if any embedded ObjectMeta in the CRD should be generated GenerateEmbeddedObjectMeta *bool `marker:",optional"` + + // HeaderFile specifies the header text (e.g. license) to prepend to generated files. + HeaderFile string `marker:",optional"` + + // Year specifies the year to substitute for " YEAR" in the header file. + Year string `marker:",optional"` } func (Generator) CheckFilter() loader.NodeFilter { @@ -128,6 +135,17 @@ func (g Generator) Generate(ctx *genall.GenerationContext) error { crdVersions = []string{defaultVersion} } + var headerText string + + if g.HeaderFile != "" { + headerBytes, err := ctx.ReadFile(g.HeaderFile) + if err != nil { + return err + } + headerText = string(headerBytes) + } + headerText = strings.ReplaceAll(headerText, " YEAR", " "+g.Year) + for _, groupKind := range kubeKinds { parser.NeedCRDFor(groupKind, g.MaxDescLen) crdRaw := parser.CustomResourceDefinitions[groupKind] @@ -153,7 +171,7 @@ func (g Generator) Generate(ctx *genall.GenerationContext) error { } else { fileName = fmt.Sprintf("%s_%s.%s.yaml", crdRaw.Spec.Group, crdRaw.Spec.Names.Plural, crdVersions[i]) } - if err := ctx.WriteYAML(fileName, []interface{}{crd}, genall.WithTransform(transformRemoveCRDStatus)); err != nil { + if err := ctx.WriteYAML(fileName, headerText, []interface{}{crd}, genall.WithTransform(transformRemoveCRDStatus), genall.WithTransform(genall.TransformRemoveCreationTimestamp)); err != nil { return err } } diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/crd.go b/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/crd.go index 0c637c773c9..1b1cf5ede18 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/crd.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/crd.go @@ -283,7 +283,7 @@ type Resource struct { Scope string `marker:",optional"` } -func (s Resource) ApplyToCRD(crd *apiext.CustomResourceDefinitionSpec, version string) error { +func (s Resource) ApplyToCRD(crd *apiext.CustomResourceDefinitionSpec, _ string) error { if s.Path != "" { crd.Names.Plural = s.Path } @@ -362,13 +362,16 @@ type Metadata struct { Labels []string `marker:",optional"` } -func (s Metadata) ApplyToCRD(crd *apiext.CustomResourceDefinition, version string) error { +func (s Metadata) ApplyToCRD(crd *apiext.CustomResourceDefinition, _ string) error { if len(s.Annotations) > 0 { if crd.Annotations == nil { crd.Annotations = map[string]string{} } for _, str := range s.Annotations { kv := strings.SplitN(str, "=", 2) + if len(kv) < 2 { + return fmt.Errorf("annotation %s is not in 'xxx=xxx' format", str) + } crd.Annotations[kv[0]] = kv[1] } } diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/validation.go b/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/validation.go index 67522c9d756..80344dd3a9d 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/validation.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/validation.go @@ -173,7 +173,7 @@ type Pattern string type MaxItems int // +controllertools:marker:generateHelp:category="CRD validation" -// MinItems specifies the minimun length for this list. +// MinItems specifies the minimum length for this list. type MinItems int // +controllertools:marker:generateHelp:category="CRD validation" diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/zz_generated.markerhelp.go b/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/zz_generated.markerhelp.go index 1884bc35ff6..fbd681aa679 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/zz_generated.markerhelp.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/crd/markers/zz_generated.markerhelp.go @@ -218,7 +218,7 @@ func (MinItems) Help() *markers.DefinitionHelp { return &markers.DefinitionHelp{ Category: "CRD validation", DetailedHelp: markers.DetailedHelp{ - Summary: "specifies the minimun length for this list.", + Summary: "specifies the minimum length for this list.", Details: "", }, FieldHelp: map[string]markers.DetailedHelp{}, diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/deepcopy/traverse.go b/vendor/sigs.k8s.io/controller-tools/pkg/deepcopy/traverse.go index 3a751757d5d..9658e105242 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/deepcopy/traverse.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/deepcopy/traverse.go @@ -735,11 +735,14 @@ func hasAnyDeepCopyMethod(pkg *loader.Package, typeInfo types.Type) bool { // eventualUnderlyingType gets the "final" type in a sequence of named aliases. // It's effectively a shortcut for calling Underlying in a loop. func eventualUnderlyingType(typeInfo types.Type) types.Type { - last := typeInfo - for underlying := typeInfo.Underlying(); underlying != last; last, underlying = underlying, underlying.Underlying() { - // get the actual underlying type + for { + underlying := typeInfo.Underlying() + if underlying == typeInfo { + break + } + typeInfo = underlying } - return last + return typeInfo } // fineToShallowCopy checks if a shallow-copying a type is equivalent to deepcopy-ing it. diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/genall/genall.go b/vendor/sigs.k8s.io/controller-tools/pkg/genall/genall.go index 63afbac07c8..bed7ec60392 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/genall/genall.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/genall/genall.go @@ -133,16 +133,28 @@ func WithTransform(transform func(obj map[string]interface{}) error) *WriteYAMLO } } +// TransformRemoveCreationTimestamp ensures we do not write the metadata.creationTimestamp field. +func TransformRemoveCreationTimestamp(obj map[string]interface{}) error { + metadata := obj["metadata"].(map[interface{}]interface{}) + delete(metadata, "creationTimestamp") + return nil +} + // WriteYAML writes the given objects out, serialized as YAML, using the // context's OutputRule. Objects are written as separate documents, separated // from each other by `---` (as per the YAML spec). -func (g GenerationContext) WriteYAML(itemPath string, objs []interface{}, options ...*WriteYAMLOptions) error { +func (g GenerationContext) WriteYAML(itemPath, headerText string, objs []interface{}, options ...*WriteYAMLOptions) error { out, err := g.Open(nil, itemPath) if err != nil { return err } defer out.Close() + _, err = out.Write([]byte(headerText)) + if err != nil { + return err + } + for _, obj := range objs { yamlContent, err := yamlMarshal(obj, options...) if err != nil { diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/genall/output.go b/vendor/sigs.k8s.io/controller-tools/pkg/genall/output.go index 5dc3fe19cde..4cd29f49605 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/genall/output.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/genall/output.go @@ -122,7 +122,7 @@ var OutputToStdout = outputToStdout{} // Generally useful for single-artifact outputs. type outputToStdout struct{} -func (o outputToStdout) Open(_ *loader.Package, itemPath string) (io.WriteCloser, error) { +func (o outputToStdout) Open(_ *loader.Package, _ string) (io.WriteCloser, error) { return nopCloser{os.Stdout}, nil } diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/markers/parse.go b/vendor/sigs.k8s.io/controller-tools/pkg/markers/parse.go index 3e1d75a8336..d84b70eb746 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/markers/parse.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/markers/parse.go @@ -268,7 +268,11 @@ func guessType(scanner *sc.Scanner, raw string, allowSlice bool) *Argument { subScanner := parserScanner(subRaw, scanner.Error) var tok rune - for tok = subScanner.Scan(); tok != ',' && tok != sc.EOF && tok != ';'; tok = subScanner.Scan() { + for { + tok = subScanner.Scan() + if tok == ',' || tok == sc.EOF || tok == ';' { + break + } // wait till we get something interesting } @@ -369,6 +373,14 @@ func guessType(scanner *sc.Scanner, raw string, allowSlice bool) *Argument { // parseString parses either of the two accepted string forms (quoted, or bare tokens). func (a *Argument) parseString(scanner *sc.Scanner, raw string, out reflect.Value) { + // we need to temporarily disable the scanner's int/float parsing, since we want to + // prevent number parsing errors. + oldMode := scanner.Mode + scanner.Mode = oldMode &^ sc.ScanInts &^ sc.ScanFloats + defer func() { + scanner.Mode = oldMode + }() + // strings are a bit weird -- the "easy" case is quoted strings (tokenized as strings), // the "hard" case (present for backwards compat) is a bare sequence of tokens that aren't // a comma. @@ -495,7 +507,12 @@ func (a *Argument) parse(scanner *sc.Scanner, raw string, out reflect.Value, inS // raw consumes everything else castAndSet(out, reflect.ValueOf(raw[scanner.Pos().Offset:])) // consume everything else - for tok := scanner.Scan(); tok != sc.EOF; tok = scanner.Scan() { + var tok rune + for { + tok = scanner.Scan() + if tok == sc.EOF { + break + } } case NumberType: nextChar := scanner.Peek() diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/rbac/parser.go b/vendor/sigs.k8s.io/controller-tools/pkg/rbac/parser.go index c2a24f47103..c8bbe9d5463 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/rbac/parser.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/rbac/parser.go @@ -149,6 +149,12 @@ func (r *Rule) ToRule() rbacv1.PolicyRule { type Generator struct { // RoleName sets the name of the generated ClusterRole. RoleName string + + // HeaderFile specifies the header text (e.g. license) to prepend to generated files. + HeaderFile string `marker:",optional"` + + // Year specifies the year to substitute for " YEAR" in the header file. + Year string `marker:",optional"` } func (Generator) RegisterMarkers(into *markers.Registry) error { @@ -263,5 +269,15 @@ func (g Generator) Generate(ctx *genall.GenerationContext) error { return nil } - return ctx.WriteYAML("role.yaml", objs) + var headerText string + if g.HeaderFile != "" { + headerBytes, err := ctx.ReadFile(g.HeaderFile) + if err != nil { + return err + } + headerText = string(headerBytes) + } + headerText = strings.ReplaceAll(headerText, " YEAR", " "+g.Year) + + return ctx.WriteYAML("role.yaml", headerText, objs, genall.WithTransform(genall.TransformRemoveCreationTimestamp)) } diff --git a/vendor/sigs.k8s.io/controller-tools/pkg/webhook/parser.go b/vendor/sigs.k8s.io/controller-tools/pkg/webhook/parser.go index a76dcdcbb4c..1075f842504 100644 --- a/vendor/sigs.k8s.io/controller-tools/pkg/webhook/parser.go +++ b/vendor/sigs.k8s.io/controller-tools/pkg/webhook/parser.go @@ -24,6 +24,7 @@ package webhook import ( "fmt" + "sort" "strings" admissionregv1 "k8s.io/api/admissionregistration/v1" @@ -304,7 +305,13 @@ func (c Config) webhookVersions() ([]string, error) { // +controllertools:marker:generateHelp // Generator generates (partial) {Mutating,Validating}WebhookConfiguration objects. -type Generator struct{} +type Generator struct { + // HeaderFile specifies the header text (e.g. license) to prepend to generated files. + HeaderFile string `marker:",optional"` + + // Year specifies the year to substitute for " YEAR" in the header file. + Year string `marker:",optional"` +} func (Generator) RegisterMarkers(into *markers.Registry) error { if err := into.Register(ConfigDefinition); err != nil { @@ -314,7 +321,7 @@ func (Generator) RegisterMarkers(into *markers.Registry) error { return nil } -func (Generator) Generate(ctx *genall.GenerationContext) error { +func (g Generator) Generate(ctx *genall.GenerationContext) error { supportedWebhookVersions := supportedWebhookVersions() mutatingCfgs := make(map[string][]admissionregv1.MutatingWebhook, len(supportedWebhookVersions)) validatingCfgs := make(map[string][]admissionregv1.ValidatingWebhook, len(supportedWebhookVersions)) @@ -324,7 +331,12 @@ func (Generator) Generate(ctx *genall.GenerationContext) error { root.AddError(err) } - for _, cfg := range markerSet[ConfigDefinition.Name] { + cfgs := markerSet[ConfigDefinition.Name] + sort.SliceStable(cfgs, func(i, j int) bool { + return cfgs[i].(Config).Name < cfgs[j].(Config).Name + }) + + for _, cfg := range cfgs { cfg := cfg.(Config) webhookVersions, err := cfg.webhookVersions() if err != nil { @@ -405,6 +417,16 @@ func (Generator) Generate(ctx *genall.GenerationContext) error { } } + var headerText string + if g.HeaderFile != "" { + headerBytes, err := ctx.ReadFile(g.HeaderFile) + if err != nil { + return err + } + headerText = string(headerBytes) + } + headerText = strings.ReplaceAll(headerText, " YEAR", " "+g.Year) + for k, v := range versionedWebhooks { var fileName string if k == defaultWebhookVersion { @@ -412,7 +434,7 @@ func (Generator) Generate(ctx *genall.GenerationContext) error { } else { fileName = fmt.Sprintf("manifests.%s.yaml", k) } - if err := ctx.WriteYAML(fileName, v); err != nil { + if err := ctx.WriteYAML(fileName, headerText, v, genall.WithTransform(genall.TransformRemoveCreationTimestamp)); err != nil { return err } }