From 3b35ac15d1b23cd2f50a9eb1674991452c521fa9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 01:31:13 +0000 Subject: [PATCH] build(deps): bump the aws group with 2 updates Bumps the aws group with 2 updates: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2). Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.43 to 1.28.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.43...v1.28.0) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.65.3 to 1.66.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.65.3...service/s3/v1.66.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 8 +- .../aws/aws-sdk-go-v2/config/CHANGELOG.md | 4 + .../config/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/config/load_options.go | 33 ++++++++ .../aws/aws-sdk-go-v2/service/s3/CHANGELOG.md | 8 +- .../service/s3/api_op_CopyObject.go | 22 +++-- .../s3/api_op_CreateMultipartUpload.go | 14 ++-- .../service/s3/api_op_CreateSession.go | 4 +- .../service/s3/api_op_DeleteObject.go | 83 ++++++------------- .../service/s3/api_op_ListBuckets.go | 23 +++++ .../service/s3/api_op_PutBucketEncryption.go | 2 +- .../service/s3/api_op_PutObject.go | 27 ++++-- .../service/s3/api_op_RestoreObject.go | 5 -- .../service/s3/api_op_SelectObjectContent.go | 15 +--- .../aws-sdk-go-v2/service/s3/deserializers.go | 26 ++++++ .../service/s3/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/service/s3/serializers.go | 8 ++ .../aws-sdk-go-v2/service/s3/types/types.go | 35 ++------ vendor/modules.txt | 4 +- 20 files changed, 190 insertions(+), 139 deletions(-) diff --git a/go.mod b/go.mod index 839579d61fe..9857081c351 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,8 @@ go 1.22.0 require ( github.com/aws/aws-sdk-go-v2 v1.32.2 - github.com/aws/aws-sdk-go-v2/config v1.27.43 - github.com/aws/aws-sdk-go-v2/service/s3 v1.65.3 + github.com/aws/aws-sdk-go-v2/config v1.28.0 + github.com/aws/aws-sdk-go-v2/service/s3 v1.66.0 github.com/aws/smithy-go v1.22.0 github.com/eggsampler/acme/v3 v3.6.1 github.com/go-jose/go-jose/v4 v4.0.1 diff --git a/go.sum b/go.sum index 114cda1b6c7..9f2b82abfcb 100644 --- a/go.sum +++ b/go.sum @@ -11,8 +11,8 @@ github.com/aws/aws-sdk-go-v2 v1.32.2 h1:AkNLZEyYMLnx/Q/mSKkcMqwNFXMAvFto9bNsHqcT github.com/aws/aws-sdk-go-v2 v1.32.2/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 h1:pT3hpW0cOHRJx8Y0DfJUEQuqPild8jRGmSFmBgvydr0= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6/go.mod h1:j/I2++U0xX+cr44QjHay4Cvxj6FUbnxrgmqN3H1jTZA= -github.com/aws/aws-sdk-go-v2/config v1.27.43 h1:p33fDDihFC390dhhuv8nOmX419wjOSDQRb+USt20RrU= -github.com/aws/aws-sdk-go-v2/config v1.27.43/go.mod h1:pYhbtvg1siOOg8h5an77rXle9tVG8T+BWLWAo7cOukc= +github.com/aws/aws-sdk-go-v2/config v1.28.0 h1:FosVYWcqEtWNxHn8gB/Vs6jOlNwSoyOCA/g/sxyySOQ= +github.com/aws/aws-sdk-go-v2/config v1.28.0/go.mod h1:pYhbtvg1siOOg8h5an77rXle9tVG8T+BWLWAo7cOukc= github.com/aws/aws-sdk-go-v2/credentials v1.17.41 h1:7gXo+Axmp+R4Z+AK8YFQO0ZV3L0gizGINCOWxSLY9W8= github.com/aws/aws-sdk-go-v2/credentials v1.17.41/go.mod h1:u4Eb8d3394YLubphT4jLEwN1rLNq2wFOlT6OuxFwPzU= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 h1:TMH3f/SCAWdNtXXVPPu5D6wrr4G5hI1rAxbcocKfC7Q= @@ -33,8 +33,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 h1:s7NA1SOw8 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2/go.mod h1:fnjjWyAW/Pj5HYOxl9LJqWtEwS7W2qgcRLWP+uWbss0= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2 h1:t7iUP9+4wdc5lt3E41huP+GvQZJD38WLsgVp4iOtAjg= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2/go.mod h1:/niFCtmuQNxqx9v8WAPq5qh7EH25U4BF6tjoyq9bObM= -github.com/aws/aws-sdk-go-v2/service/s3 v1.65.3 h1:xxHGZ+wUgZNACQmxtdvP5tgzfsxGS3vPpTP5Hy3iToE= -github.com/aws/aws-sdk-go-v2/service/s3 v1.65.3/go.mod h1:cB6oAuus7YXRZhWCc1wIwPywwZ1XwweNp2TVAEGYeB8= +github.com/aws/aws-sdk-go-v2/service/s3 v1.66.0 h1:xA6XhTF7PE89BCNHJbQi8VvPzcgMtmGC5dr8S8N7lHk= +github.com/aws/aws-sdk-go-v2/service/s3 v1.66.0/go.mod h1:cB6oAuus7YXRZhWCc1wIwPywwZ1XwweNp2TVAEGYeB8= github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 h1:bSYXVyUzoTHoKalBmwaZxs97HU9DWWI3ehHSAMa7xOk= github.com/aws/aws-sdk-go-v2/service/sso v1.24.2/go.mod h1:skMqY7JElusiOUjMJMOv1jJsP7YUg7DrhgqZZWuzu1U= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 h1:AhmO1fHINP9vFYUE0LHzCWg/LfUWUF+zFPEcY9QXb7o= diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md index 51f3b93ac1c..f65bc860b1c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.28.0 (2024-10-16) + +* **Feature**: Adds the LoadOptions hook `WithBaseEndpoint` for setting global endpoint override in-code. + # v1.27.43 (2024-10-08) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go index 33eedc7e8ff..85d6a9fe9ed 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go @@ -3,4 +3,4 @@ package config // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.27.43" +const goModuleVersion = "1.28.0" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go index 5f643977b00..dc6c7d29a83 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go @@ -217,6 +217,10 @@ type LoadOptions struct { S3DisableExpressAuth *bool AccountIDEndpointMode aws.AccountIDEndpointMode + + // Service endpoint override. This value is not necessarily final and is + // passed to the service's EndpointResolverV2 for further delegation. + BaseEndpoint string } func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) { @@ -284,6 +288,19 @@ func (o LoadOptions) getAccountIDEndpointMode(ctx context.Context) (aws.AccountI return o.AccountIDEndpointMode, len(o.AccountIDEndpointMode) > 0, nil } +func (o LoadOptions) getBaseEndpoint(context.Context) (string, bool, error) { + return o.BaseEndpoint, o.BaseEndpoint != "", nil +} + +// GetServiceBaseEndpoint satisfies (internal/configsources).ServiceBaseEndpointProvider. +// +// The sdkID value is unused because LoadOptions only supports setting a GLOBAL +// endpoint override. In-code, per-service endpoint overrides are performed via +// functional options in service client space. +func (o LoadOptions) GetServiceBaseEndpoint(context.Context, string) (string, bool, error) { + return o.BaseEndpoint, o.BaseEndpoint != "", nil +} + // WithRegion is a helper function to construct functional options // that sets Region on config's LoadOptions. Setting the region to // an empty string, will result in the region value being ignored. @@ -1139,3 +1156,19 @@ func WithS3DisableExpressAuth(v bool) LoadOptionsFunc { return nil } } + +// WithBaseEndpoint is a helper function to construct functional options that +// sets BaseEndpoint on config's LoadOptions. Empty values have no effect, and +// subsequent calls to this API override previous ones. +// +// This is an in-code setting, therefore, any value set using this hook takes +// precedence over and will override ALL environment and shared config +// directives that set endpoint URLs. Functional options on service clients +// have higher specificity, and functional options that modify the value of +// BaseEndpoint on a client will take precedence over this setting. +func WithBaseEndpoint(v string) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.BaseEndpoint = v + return nil + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md index 138a78f9229..ee2c4271cdc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md @@ -1,6 +1,10 @@ +# v1.66.0 (2024-10-16) + +* **Feature**: Add support for the new optional bucket-region and prefix query parameters in the ListBuckets API. For ListBuckets requests that express pagination, Amazon S3 will now return both the bucket names and associated AWS regions in the response. + # v1.65.3 (2024-10-11) -* **Bug Fix**: S3 ReplicationRuleFilter and LifecycleRuleFilter shapes are being changed from union to structure types +* **Bug Fix**: **BREAKING CHANGE**: S3 ReplicationRuleFilter and LifecycleRuleFilter shapes are being changed from union to structure types # v1.65.2 (2024-10-08) @@ -8,7 +12,7 @@ # v1.65.1 (2024-10-07) -* **Bug Fix**: Allow serialization of headers with empty string for prefix headers +* **Bug Fix**: **CHANGE IN BEHAVIOR**: Allow serialization of headers with empty string for prefix headers. We are deploying this fix because the behavior is actively preventing users from transmitting keys with empty values to the service. If you were setting metadata keys with empty values before this change, they will now actually be sent to the service. * **Dependency Update**: Updated to the latest SDK module versions # v1.65.0 (2024-10-04) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go index 81f3a5260d3..c5db2dad768 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go @@ -588,12 +588,16 @@ type CopyObjectInput struct { // CLI, see [Specifying the Signature Version in Request Authentication]in the Amazon S3 User Guide. // // Directory buckets - If you specify x-amz-server-side-encryption with aws:kms , - // you must specify the x-amz-server-side-encryption-aws-kms-key-id header with - // the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key - // to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID - // or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS + // the x-amz-server-side-encryption-aws-kms-key-id header is implicitly assigned + // the ID of the KMS symmetric encryption customer managed key that's configured + // for your directory bucket's default encryption setting. If you want to specify + // the x-amz-server-side-encryption-aws-kms-key-id header explicitly, you can only + // specify it with the ID (Key ID or Key ARN) of the KMS customer managed key + // that's configured for your directory bucket's default encryption setting. + // Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key + // ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS // configuration can only support 1 [customer managed key]per directory bucket for the lifetime of the - // bucket. [Amazon Web Services managed key]( aws/s3 ) isn't supported. + // bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't supported. // // [customer managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk // [Specifying the Signature Version in Request Authentication]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version @@ -647,10 +651,10 @@ type CopyObjectInput struct { // // - To encrypt new object copies to a directory bucket with SSE-KMS, we // recommend you specify SSE-KMS as the directory bucket's default encryption - // configuration with a KMS key (specifically, a [customer managed key]). [Amazon Web Services managed key]( aws/s3 ) isn't supported. - // Your SSE-KMS configuration can only support 1 [customer managed key]per directory bucket for the - // lifetime of the bucket. After you specify a customer managed key for SSE-KMS, - // you can't override the customer managed key for the bucket's SSE-KMS + // configuration with a KMS key (specifically, a [customer managed key]). The [Amazon Web Services managed key]( aws/s3 ) isn't + // supported. Your SSE-KMS configuration can only support 1 [customer managed key]per directory bucket + // for the lifetime of the bucket. After you specify a customer managed key for + // SSE-KMS, you can't override the customer managed key for the bucket's SSE-KMS // configuration. Then, when you perform a CopyObject operation and want to // specify server-side encryption settings for new object copies with SSE-KMS in // the encryption-related request headers, you must ensure the encryption key is diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go index de4e367b163..7a9fe783ef3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go @@ -650,12 +650,16 @@ type CreateMultipartUploadInput struct { // Services managed key ( aws/s3 ) to protect the data. // // Directory buckets - If you specify x-amz-server-side-encryption with aws:kms , - // you must specify the x-amz-server-side-encryption-aws-kms-key-id header with - // the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key - // to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID - // or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS + // the x-amz-server-side-encryption-aws-kms-key-id header is implicitly assigned + // the ID of the KMS symmetric encryption customer managed key that's configured + // for your directory bucket's default encryption setting. If you want to specify + // the x-amz-server-side-encryption-aws-kms-key-id header explicitly, you can only + // specify it with the ID (Key ID or Key ARN) of the KMS customer managed key + // that's configured for your directory bucket's default encryption setting. + // Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key + // ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS // configuration can only support 1 [customer managed key]per directory bucket for the lifetime of the - // bucket. [Amazon Web Services managed key]( aws/s3 ) isn't supported. + // bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't supported. // // [customer managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk // [Amazon Web Services managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go index 557d759e4bd..e8bf98e1391 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go @@ -94,7 +94,7 @@ import ( // endpoint API operations, new objects are automatically encrypted and decrypted // with SSE-KMS and S3 Bucket Keys during the session. // -// Only 1 [customer managed key] is supported per directory bucket for the lifetime of the bucket. [Amazon Web Services managed key] ( +// Only 1 [customer managed key] is supported per directory bucket for the lifetime of the bucket. The [Amazon Web Services managed key] ( // aws/s3 ) isn't supported. After you specify SSE-KMS as your bucket's default // encryption configuration with a customer managed key, you can't change the // customer managed key for the bucket's SSE-KMS configuration. @@ -201,7 +201,7 @@ type CreateSessionInput struct { // not the Key ID. // // Your SSE-KMS configuration can only support 1 [customer managed key] per directory bucket for the - // lifetime of the bucket. [Amazon Web Services managed key]( aws/s3 ) isn't supported. + // lifetime of the bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't supported. // // [customer managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk // [Amazon Web Services managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go index b5873fb76f0..7d6e7446f9c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go @@ -14,55 +14,29 @@ import ( ) // Removes an object from a bucket. The behavior depends on the bucket's -// versioning state: -// -// - If bucket versioning is not enabled, the operation permanently deletes the -// object. -// -// - If bucket versioning is enabled, the operation inserts a delete marker, -// which becomes the current version of the object. To permanently delete an object -// in a versioned bucket, you must include the object’s versionId in the request. -// For more information about versioning-enabled buckets, see [Deleting object versions from a versioning-enabled bucket]. -// -// - If bucket versioning is suspended, the operation removes the object that -// has a null versionId , if there is one, and inserts a delete marker that -// becomes the current version of the object. If there isn't an object with a null -// versionId , and all versions of the object have a versionId , Amazon S3 does -// not remove the object and only inserts a delete marker. To permanently delete an -// object that has a versionId , you must include the object’s versionId in the -// request. For more information about versioning-suspended buckets, see [Deleting objects from versioning-suspended buckets]. -// -// - Directory buckets - S3 Versioning isn't enabled and supported for directory -// buckets. For this API operation, only the null value of the version ID is -// supported by directory buckets. You can only specify null to the versionId -// query parameter in the request. -// -// - Directory buckets - For directory buckets, you must make requests for this -// API operation to the Zonal endpoint. These endpoints support -// virtual-hosted-style requests in the format -// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . -// Path-style requests are not supported. For more information, see [Regional and Zonal endpoints]in the -// Amazon S3 User Guide. +// versioning state. For more information, see [Best practices to consider before deleting an object]. // // To remove a specific version, you must use the versionId query parameter. Using // this query parameter permanently deletes the version. If the object deleted is a // delete marker, Amazon S3 sets the response header x-amz-delete-marker to true. -// // If the object you want to delete is in a bucket where the bucket versioning -// configuration is MFA Delete enabled, you must include the x-amz-mfa request +// configuration is MFA delete enabled, you must include the x-amz-mfa request // header in the DELETE versionId request. Requests that include x-amz-mfa must -// use HTTPS. For more information about MFA Delete, see [Using MFA Delete]in the Amazon S3 User -// Guide. To see sample requests that use versioning, see [Sample Request]. +// use HTTPS. For more information about MFA delete and to see example requests, +// see [Using MFA delete]and [Sample request] in the Amazon S3 User Guide. // -// Directory buckets - MFA delete is not supported by directory buckets. +// - S3 Versioning isn't enabled and supported for directory buckets. For this +// API operation, only the null value of the version ID is supported by directory +// buckets. You can only specify null to the versionId query parameter in the +// request. // -// You can delete objects by explicitly calling DELETE Object or calling ([PutBucketLifecycle] ) to -// enable Amazon S3 to remove them for you. If you want to block users or accounts -// from removing or deleting objects from your bucket, you must deny them the -// s3:DeleteObject , s3:DeleteObjectVersion , and s3:PutLifeCycleConfiguration -// actions. +// - For directory buckets, you must make requests for this API operation to the +// Zonal endpoint. These endpoints support virtual-hosted-style requests in the +// format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . +// Path-style requests are not supported. For more information, see [Regional and Zonal endpoints]in the +// Amazon S3 User Guide. // -// Directory buckets - S3 Lifecycle is not supported by directory buckets. +// - MFA delete is not supported by directory buckets. // // Permissions // @@ -72,20 +46,18 @@ import ( // - s3:DeleteObject - To delete an object from a bucket, you must always have // the s3:DeleteObject permission. // +// You can also use PutBucketLifecycleto delete objects in Amazon S3. +// // - s3:DeleteObjectVersion - To delete a specific version of an object from a // versioning-enabled bucket, you must have the s3:DeleteObjectVersion permission. // -// - Directory bucket permissions - To grant access to this API operation on a -// directory bucket, we recommend that you use the [CreateSession]CreateSession API operation -// for session-based authorization. Specifically, you grant the -// s3express:CreateSession permission to the directory bucket in a bucket policy -// or an IAM identity-based policy. Then, you make the CreateSession API call on -// the bucket to obtain a session token. With the session token in your request -// header, you can make API requests to this operation. After the session token -// expires, you make another CreateSession API call to generate a new session -// token for use. Amazon Web Services CLI or SDKs create session and refresh the -// session token automatically to avoid service interruptions when a session -// expires. For more information about authorization, see [CreateSession]CreateSession . +// - If you want to block users or accounts from removing or deleting objects +// from your bucket, you must deny them the s3:DeleteObject , +// s3:DeleteObjectVersion , and s3:PutLifeCycleConfiguration permissions. +// +// - Directory buckets permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSessionAPI operation for +// session-based authorization. // // HTTP Host header syntax Directory buckets - The HTTP Host header syntax is // Bucket_name.s3express-az_id.region.amazonaws.com . @@ -94,14 +66,11 @@ import ( // // [PutObject] // -// [Sample Request]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete +// [Best practices to consider before deleting an object]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeletingObjects.html#DeletingObjects-best-practices +// [Using MFA delete]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html +// [Sample request]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete // [Regional and Zonal endpoints]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html -// [Deleting objects from versioning-suspended buckets]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeletingObjectsfromVersioningSuspendedBuckets.html // [PutObject]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html -// [PutBucketLifecycle]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html -// [CreateSession]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html -// [Deleting object versions from a versioning-enabled bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeletingObjectVersions.html -// [Using MFA Delete]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html func (c *Client) DeleteObject(ctx context.Context, params *DeleteObjectInput, optFns ...func(*Options)) (*DeleteObjectOutput, error) { if params == nil { params = &DeleteObjectInput{} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go index a5e103ac62d..22ea9f0c2bf 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go @@ -38,6 +38,20 @@ func (c *Client) ListBuckets(ctx context.Context, params *ListBucketsInput, optF type ListBucketsInput struct { + // Limits the response to buckets that are located in the specified Amazon Web + // Services Region. The Amazon Web Services Region must be expressed according to + // the Amazon Web Services Region code, such as us-west-2 for the US West (Oregon) + // Region. For a list of the valid values for all of the Amazon Web Services + // Regions, see [Regions and Endpoints]. + // + // Requests made to a Regional endpoint that is different from the bucket-region + // parameter are not supported. For example, if you want to limit the response to + // your buckets in Region us-west-2 , the request must be made to an endpoint in + // Region us-west-2 . + // + // [Regions and Endpoints]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region + BucketRegion *string + // ContinuationToken indicates to Amazon S3 that the list is being continued on // this bucket with a token. ContinuationToken is obfuscated and is not a real // key. You can use this ContinuationToken for pagination of the list results. @@ -52,6 +66,10 @@ type ListBucketsInput struct { // return all the buckets in response. MaxBuckets *int32 + // Limits the response to bucket names that begin with the specified bucket name + // prefix. + Prefix *string + noSmithyDocumentSerde } @@ -69,6 +87,11 @@ type ListBucketsOutput struct { // The owner of the buckets listed. Owner *types.Owner + // If Prefix was sent with the request, it is included in the response. + // + // All bucket names in the response begin with the specified bucket name prefix. + Prefix *string + // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go index e68b84c364b..d994a02e186 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go @@ -52,7 +52,7 @@ import ( // . // // - Your SSE-KMS configuration can only support 1 [customer managed key]per directory bucket for the -// lifetime of the bucket. [Amazon Web Services managed key]( aws/s3 ) isn't supported. +// lifetime of the bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't supported. // // - S3 Bucket Keys are always enabled for GET and PUT operations in a directory // bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go index 9dc442f7d82..60e0e419b63 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go @@ -256,10 +256,15 @@ type PutObjectInput struct { // parameter and uses the checksum algorithm that matches the provided value in // x-amz-checksum-algorithm . // + // The Content-MD5 or x-amz-sdk-checksum-algorithm header is required for any + // request to upload an object with a retention period configured using Amazon S3 + // Object Lock. For more information, see [Uploading objects to an Object Lock enabled bucket]in the Amazon S3 User Guide. + // // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the // default checksum algorithm that's used for performance. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + // [Uploading objects to an Object Lock enabled bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object ChecksumAlgorithm types.ChecksumAlgorithm // This header can be used as a data integrity check to verify that the data @@ -321,14 +326,14 @@ type PutObjectInput struct { // optional, we recommend using the Content-MD5 mechanism as an end-to-end // integrity check. For more information about REST request authentication, see [REST Authentication]. // - // The Content-MD5 header is required for any request to upload an object with a - // retention period configured using Amazon S3 Object Lock. For more information - // about Amazon S3 Object Lock, see [Amazon S3 Object Lock Overview]in the Amazon S3 User Guide. + // The Content-MD5 or x-amz-sdk-checksum-algorithm header is required for any + // request to upload an object with a retention period configured using Amazon S3 + // Object Lock. For more information, see [Uploading objects to an Object Lock enabled bucket]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // // [REST Authentication]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html - // [Amazon S3 Object Lock Overview]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html + // [Uploading objects to an Object Lock enabled bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object ContentMD5 *string // A standard MIME type describing the format of the contents. For more @@ -478,12 +483,16 @@ type PutObjectInput struct { // Services managed key ( aws/s3 ) to protect the data. // // Directory buckets - If you specify x-amz-server-side-encryption with aws:kms , - // you must specify the x-amz-server-side-encryption-aws-kms-key-id header with - // the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key - // to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID - // or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS + // the x-amz-server-side-encryption-aws-kms-key-id header is implicitly assigned + // the ID of the KMS symmetric encryption customer managed key that's configured + // for your directory bucket's default encryption setting. If you want to specify + // the x-amz-server-side-encryption-aws-kms-key-id header explicitly, you can only + // specify it with the ID (Key ID or Key ARN) of the KMS customer managed key + // that's configured for your directory bucket's default encryption setting. + // Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key + // ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS // configuration can only support 1 [customer managed key]per directory bucket for the lifetime of the - // bucket. [Amazon Web Services managed key]( aws/s3 ) isn't supported. + // bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't supported. // // [customer managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk // [Amazon Web Services managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go index d0ed1312a41..cadb89ac2a1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go @@ -16,10 +16,6 @@ import ( // This operation is not supported by directory buckets. // -// The SELECT job type for the RestoreObject operation is no longer available to -// new customers. Existing customers of Amazon S3 Select can continue to use the -// feature as usual. [Learn more] -// // # Restores an archived copy of an object back into Amazon S3 // // This functionality is not supported for Amazon S3 on Outposts. @@ -154,7 +150,6 @@ import ( // // [GetBucketNotificationConfiguration] // -// [Learn more]: http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/ // [PutBucketLifecycleConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html // [Object Lifecycle Management]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html // [Permissions Related to Bucket Subresource Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go index 27c0577c2a0..8497b4685a8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go @@ -16,10 +16,6 @@ import ( // This operation is not supported by directory buckets. // -// The SelectObjectContent operation is no longer available to new customers. -// Existing customers of Amazon S3 Select can continue to use the operation as -// usual. [Learn more] -// // This action filters the contents of an Amazon S3 object based on a simple // structured query language (SQL) statement. In the request, along with the SQL // expression, you must also specify a data serialization format (JSON, CSV, or @@ -93,17 +89,16 @@ import ( // // [PutBucketLifecycleConfiguration] // -// [Learn more]: http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/ +// [Appendix: SelectObjectContent Response]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html // [Selecting Content from Objects]: https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html // [PutBucketLifecycleConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html +// [SelectObjectContentRequest - ScanRange]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange // [List of SELECT Object Content Error Codes]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList // [GetBucketLifecycleConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html // [Using Amazon S3 storage classes]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html // [SELECT Command]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html -// [Specifying Permissions in a Policy]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html -// [Appendix: SelectObjectContent Response]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html -// [SelectObjectContentRequest - ScanRange]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange // [GetObject]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html +// [Specifying Permissions in a Policy]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html // // [Server-Side Encryption (Using Customer-Provided Encryption Keys)]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html // [Protecting Data Using Server-Side Encryption]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html @@ -122,9 +117,6 @@ func (c *Client) SelectObjectContent(ctx context.Context, params *SelectObjectCo return out, nil } -// Learn Amazon S3 Select is no longer available to new customers. Existing -// customers of Amazon S3 Select can continue to use the feature as usual. [Learn more] -// // Request to filter the contents of an Amazon S3 object based on a simple // Structured Query Language (SQL) statement. In the request, along with the SQL // expression, you must specify a data serialization format (JSON or CSV) of the @@ -132,7 +124,6 @@ func (c *Client) SelectObjectContent(ctx context.Context, params *SelectObjectCo // records that match the specified SQL expression. You must also specify the data // serialization format for the response. For more information, see [S3Select API Documentation]. // -// [Learn more]: http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/ // [S3Select API Documentation]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html type SelectObjectContentInput struct { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go index 7b6980a2335..47db0f339cc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go @@ -8481,6 +8481,19 @@ func awsRestxml_deserializeOpDocumentListBucketsOutput(v **ListBucketsOutput, de return err } + case strings.EqualFold("Prefix", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.Prefix = ptr.String(xtv) + } + default: // Do nothing and ignore the unexpected tag element err = decoder.Decoder.Skip() @@ -14250,6 +14263,19 @@ func awsRestxml_deserializeDocumentBucket(v **types.Bucket, decoder smithyxml.No originalDecoder := decoder decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) switch { + case strings.EqualFold("BucketRegion", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.BucketRegion = ptr.String(xtv) + } + case strings.EqualFold("CreationDate", t.Name.Local): val, err := decoder.Value() if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go index fb11d636f4c..3a1881aca92 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go @@ -3,4 +3,4 @@ package s3 // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.65.3" +const goModuleVersion = "1.66.0" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go index 40a15e26495..a55233c5bac 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go @@ -4941,6 +4941,10 @@ func awsRestxml_serializeOpHttpBindingsListBucketsInput(v *ListBucketsInput, enc return fmt.Errorf("unsupported serialization of nil %T", v) } + if v.BucketRegion != nil { + encoder.SetQuery("bucket-region").String(*v.BucketRegion) + } + if v.ContinuationToken != nil { encoder.SetQuery("continuation-token").String(*v.ContinuationToken) } @@ -4949,6 +4953,10 @@ func awsRestxml_serializeOpHttpBindingsListBucketsInput(v *ListBucketsInput, enc encoder.SetQuery("max-buckets").Integer(*v.MaxBuckets) } + if v.Prefix != nil { + encoder.SetQuery("prefix").String(*v.Prefix) + } + return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go index 4842093d9a0..dec61a6f520 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go @@ -179,6 +179,11 @@ type AnalyticsS3BucketDestination struct { // In terms of implementation, a Bucket is a resource. type Bucket struct { + // BucketRegion indicates the Amazon Web Services region where the bucket is + // located. If the request contains at least one valid parameter, it is included in + // the response. + BucketRegion *string + // Date the bucket was created. This date can change when making changes to your // bucket, such as editing its bucket policy. CreationDate *time.Time @@ -3085,7 +3090,7 @@ type PublicAccessBlockConfiguration struct { // Specifies whether Amazon S3 should restrict public bucket policies for this // bucket. Setting this element to TRUE restricts access to this bucket to only - // Amazon Web Servicesservice principals and authorized users within this account + // Amazon Web Services service principals and authorized users within this account // if the bucket has a public policy. // // Enabling this setting doesn't affect previously stored bucket policies, except @@ -3448,23 +3453,13 @@ type RestoreRequest struct { // Describes the location where the restore job's output is stored. OutputLocation *OutputLocation - // Amazon S3 Select is no longer available to new customers. Existing customers of - // Amazon S3 Select can continue to use the feature as usual. [Learn more] - // // Describes the parameters for Select job types. - // - // [Learn more]: http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/ SelectParameters *SelectParameters // Retrieval tier at which the restore will be processed. Tier Tier - // Amazon S3 Select is no longer available to new customers. Existing customers of - // Amazon S3 Select can continue to use the feature as usual. [Learn more] - // // Type of restore request. - // - // [Learn more]: http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/ Type RestoreRequestType noSmithyDocumentSerde @@ -3651,26 +3646,11 @@ type SelectObjectContentEventStreamMemberStats struct { func (*SelectObjectContentEventStreamMemberStats) isSelectObjectContentEventStream() {} -// Amazon S3 Select is no longer available to new customers. Existing customers of -// Amazon S3 Select can continue to use the feature as usual. [Learn more] -// // Describes the parameters for Select job types. -// -// Learn [How to optimize querying your data in Amazon S3] using [Amazon Athena], [S3 Object Lambda], or client-side filtering. -// -// [Learn more]: http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/ -// [How to optimize querying your data in Amazon S3]: http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/ -// [Amazon Athena]: https://docs.aws.amazon.com/athena/latest/ug/what-is.html -// [S3 Object Lambda]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html type SelectParameters struct { - // Amazon S3 Select is no longer available to new customers. Existing customers of - // Amazon S3 Select can continue to use the feature as usual. [Learn more] - // // The expression that is used to query the object. // - // [Learn more]: http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/ - // // This member is required. Expression *string @@ -3703,7 +3683,8 @@ type SelectParameters struct { // key for SSE-KMS. // // - Directory buckets - Your SSE-KMS configuration can only support 1 [customer managed key]per -// directory bucket for the lifetime of the bucket. [Amazon Web Services managed key]( aws/s3 ) isn't supported. +// directory bucket for the lifetime of the bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't +// supported. // // - Directory buckets - For directory buckets, there are only two supported // options for server-side encryption: SSE-S3 and SSE-KMS. diff --git a/vendor/modules.txt b/vendor/modules.txt index 190235174bd..a7d56f4e9d6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -29,7 +29,7 @@ github.com/aws/aws-sdk-go-v2/internal/timeconv ## explicit; go 1.21 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/eventstreamapi -# github.com/aws/aws-sdk-go-v2/config v1.27.43 +# github.com/aws/aws-sdk-go-v2/config v1.28.0 ## explicit; go 1.21 github.com/aws/aws-sdk-go-v2/config # github.com/aws/aws-sdk-go-v2/credentials v1.17.41 @@ -73,7 +73,7 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url github.com/aws/aws-sdk-go-v2/service/internal/s3shared github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config -# github.com/aws/aws-sdk-go-v2/service/s3 v1.65.3 +# github.com/aws/aws-sdk-go-v2/service/s3 v1.66.0 ## explicit; go 1.21 github.com/aws/aws-sdk-go-v2/service/s3 github.com/aws/aws-sdk-go-v2/service/s3/internal/arn