From caa0357d6904a32de6d115534549be67c90e3a8c Mon Sep 17 00:00:00 2001 From: cpu1 Date: Fri, 1 Dec 2023 13:47:13 +0530 Subject: [PATCH] Fix STS interface --- go.sum | 48 ---- pkg/awsapi/generate/generate.go | 1 - pkg/awsapi/sts.go | 428 +------------------------------- 3 files changed, 3 insertions(+), 474 deletions(-) diff --git a/go.sum b/go.sum index 71f82c8173..69d835263f 100644 --- a/go.sum +++ b/go.sum @@ -254,8 +254,6 @@ github.com/aws/amazon-ec2-instance-selector/v2 v2.4.2-0.20230601180523-74e721cb8 github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.47.13 h1:pJgCtldg5azDAFoEcE0fz6n+FnCc1/FY4krtUa5uvZQ= -github.com/aws/aws-sdk-go v1.47.13/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go v1.48.6 h1:hnL/TE3eRigirDLrdRE9AWE1ALZSVLAsC4wK8TGsMqk= github.com/aws/aws-sdk-go v1.48.6/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.16.2/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU= @@ -265,18 +263,12 @@ github.com/aws/aws-sdk-go-v2 v1.23.1/go.mod h1:i1XDttT4rnf6vxc9AuskLc6s7XBee8rlL github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1 h1:SdK4Ppk5IzLs64ZMvr6MrSficMtjY2oS0WOORXTlxwU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1/go.mod h1:n8Bs1ElDD2wJ9kCRTczA83gYbBmjSwZp3umc6zF4EeM= github.com/aws/aws-sdk-go-v2/config v1.15.3/go.mod h1:9YL3v07Xc/ohTsxFXzan9ZpFpdTOFl4X65BAKYaz8jg= -github.com/aws/aws-sdk-go-v2/config v1.25.2 h1:+Gy7Xe372Tw/PiUw3We94Le9IwU1tmJqCD6cvI4oBJM= -github.com/aws/aws-sdk-go-v2/config v1.25.2/go.mod h1:6hFlwWQiVOUG0Ej2ql0tG4zPlpDH++HD0WT1MA6l5Q4= github.com/aws/aws-sdk-go-v2/config v1.25.6 h1:p7b0sR6lHVNNOK/dE4xZgq2R+NNFRjtAXy8WNE6jbpo= github.com/aws/aws-sdk-go-v2/config v1.25.6/go.mod h1:E/nt0ERX9ZX2RCcJWBax94jFn738UERvjSn4R3msEeQ= github.com/aws/aws-sdk-go-v2/credentials v1.11.2/go.mod h1:j8YsY9TXTm31k4eFhspiQicfXPLZ0gYXA50i4gxPE8g= -github.com/aws/aws-sdk-go-v2/credentials v1.16.1 h1:WessyrdgyFN5TB+eLQdrFSlN/3oMnqukIFhDxK6z8h0= -github.com/aws/aws-sdk-go-v2/credentials v1.16.1/go.mod h1:RQJyPxKcr+m4ArlIG1LUhMOrjposVfzbX6H8oR6oCgE= github.com/aws/aws-sdk-go-v2/credentials v1.16.5 h1:oJz7X2VzKl8Y9pX7Fa5sIy4+3OnknF+Ne0KYu7DCoQQ= github.com/aws/aws-sdk-go-v2/credentials v1.16.5/go.mod h1:2HvVzcP9ih6XR66omXIsgWjtolkL0MlQVqPcK3nXK+E= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.3/go.mod h1:uk1vhHHERfSVCUnqSqz8O48LBYDSC+k6brng09jcMOk= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 h1:9wKDWEjwSnXZre0/O3+ZwbBl1SmlgWYBbrTV10X/H1s= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4/go.mod h1:t4i+yGHMCcUNIX1x7YVYa6bH/Do7civ5I6cG/6PMfyA= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 h1:KehRNiVzIfAcj6gw98zotVbb/K67taJE0fkfgM6vzqU= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5/go.mod h1:VhnExhw6uXy9QzetvpXDolo1/hjhx4u9qukBGkuUwjs= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.3 h1:ir7iEq78s4txFGgwcLqD6q9IIPzTQNRJXulJd9h/zQo= @@ -292,44 +284,24 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.4/go.mod h1:dYvTNAggxDZy github.com/aws/aws-sdk-go-v2/internal/ini v1.3.10/go.mod h1:8DcYQcz0+ZJaSxANlHIsbbi6S+zMwjwdDqwW3r9AzaE= github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw= github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.1 h1:2awLldJ8gWgB2lW/ywilHLgGzs06vYb69OjelFQVi2w= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.1/go.mod h1:6NGYQhD5ky3wERvkhdhnFk7RKCg3nidKqE6DOEZgGgg= github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.3 h1:mDon+QEVnzmoNwf2AxLjfAVT1NoS3irdjof5PgOvDPo= github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.3/go.mod h1:lqA7X+35oZ+zRUnjeYqoYsHECFFSbCBbACVaVmMVz/w= -github.com/aws/aws-sdk-go-v2/service/cloudformation v1.39.1 h1:xV9/GIV2eE1BblYbl6cFUN7tGANcMlXQLEs32v5EDTk= -github.com/aws/aws-sdk-go-v2/service/cloudformation v1.39.1/go.mod h1:NtPc2z+l8sxXmxz0eJebaBY1k1wwZCkXX/UurRbHqV8= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.40.2 h1:QjzO8xDhUbc0psx1DV6lSwvrNnav+F0zkk2dhnKi4yQ= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.40.2/go.mod h1:swqr+Ayq2Mv+l32CXjtrYrdNqMu5d0aSKeM63ud7G8M= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.33.0 h1:X6XBuklzVI3VFiTuChGv+NNMUMKQIaBSUmkU6O1FrcM= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.33.0/go.mod h1:yLuXsilN12lh4QXg3fr/tGGOzO52PxmLPeBY/ekiI7g= github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.34.1 h1:jSktoWX1fKhlXlGJxTG+EZYQAQ4vlqlLVpG95O3MGHM= github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.34.1/go.mod h1:fdOGahYloDvaLq9YhUpefHsAfJrkjsHk3c0YhAvvWwI= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.27.1 h1:TNRPtVMfBVk24DL3on3aCSVaEbkLJkVewen+ag01Y5E= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.27.1/go.mod h1:f+2AxSfO44KOyp+hsuDsjJyZmaOQxkcmGKRFExyHZdU= github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.28.1 h1:i7bxghSeDvt+nxMKN+vB9pUdlenMWbKqdndm3ErLOGE= github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.28.1/go.mod h1:NRP65i31tm0UhGwc9j6TGwk7dMs1ZDprZPIHfr+gHCU= -github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.30.2 h1:kqgHKdkdF6K+xz4rWz9Sx50qm6+CBCGpEmX+7tkpwMg= -github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.30.2/go.mod h1:7O7U2Y1MsjX2IaSRjrQWZbDccO+MqWBWwvDTuuqsgaQ= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.30.4 h1:ewLNh1BfQMtrUGFcOIIdDzd3qkrQw1+C9312xEtog5o= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.30.4/go.mod h1:sxxp0zjx+yebgiDGl47XSPWCz+sg2gzghM+K8MwLGJU= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.135.0 h1:gX7PiK9aGDmDE/LcF+RCJYN1jlPkL21ZuBJFlVAkNtM= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.135.0/go.mod h1:xYJZQIo/YZxEbeBxUYRQJTCJ924EuKtDfrhVx76yzOE= github.com/aws/aws-sdk-go-v2/service/ec2 v1.137.2 h1:9bqRsa2YG+3fZXcCOh7UygOTBlp/EMjOn9QWkFSXNAY= github.com/aws/aws-sdk-go-v2/service/ec2 v1.137.2/go.mod h1:hrBzQzlQQRmiaeYRQPr0SdSx6fdqP+5YcGhb97LCt8M= -github.com/aws/aws-sdk-go-v2/service/eks v1.34.0 h1:g3m365rWn0MLZagA77BSuQAzTqG8VB+azzCVtpmgnpg= -github.com/aws/aws-sdk-go-v2/service/eks v1.34.0/go.mod h1:DInudKNZjEy7SJ0KfRh4VxaqY04B52Lq2+QRuvObfNQ= github.com/aws/aws-sdk-go-v2/service/eks v1.34.1 h1:lcpAUbLg8uZHGuZxOwm3TqSMt2LV/XTevPkGCu78PRk= github.com/aws/aws-sdk-go-v2/service/eks v1.34.1/go.mod h1:DInudKNZjEy7SJ0KfRh4VxaqY04B52Lq2+QRuvObfNQ= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.20.2 h1:TIwCp2MbQ+6uxLK4bjA0eAtfOP307sEK3AJCqsXgofQ= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.20.2/go.mod h1:4UKZnR0ESP4o2BEcfkVb/7uHMg/a8oOqD2W+Pp/oK1c= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.20.4 h1:iNNttXS8/FD0h1XnrZj9X9e/F9Dx5bfQszHgowrWpVU= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.20.4/go.mod h1:7skbCmhG0kau6mIihttFdNRmXAM2tORs1Flm9oAnPl4= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.24.2 h1:4pOJ+1slB9s36rDsHvnbUd93SZZ4+Z/FdX5f1TKOiQk= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.24.2/go.mod h1:NatT0jYQo0MfgZnIX8ReNWnbsl4rbQjuS+uci1KNkck= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.25.1 h1:Vxm9ZgTHgiKMhWxQYPE3UPEtkqrSUE3MNaf1c4YK3OU= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.25.1/go.mod h1:LA5Wi7UcSEu2/AAYRE7hgb2dcLhc10kziPXB78w7mpg= -github.com/aws/aws-sdk-go-v2/service/iam v1.27.2 h1:Z3a5I5kKGsuVW4kbrtHVnLGUHpEpo19zFyo6dzP2WCM= -github.com/aws/aws-sdk-go-v2/service/iam v1.27.2/go.mod h1:CYRyr95Q57xVvrcKJu3vw4jVVCZhmY1SyugM+EWXlzI= github.com/aws/aws-sdk-go-v2/service/iam v1.27.4 h1:W7aZ6WYk/R3kGhBbD6tAVwzYav8k0JQCGhEE+kXKl+k= github.com/aws/aws-sdk-go-v2/service/iam v1.27.4/go.mod h1:LklzfZoa7bL/NdhOzoaRtqSLGhu5j+GqE/9WoOQGFKY= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.1/go.mod h1:GeUru+8VzrTXV/83XyMJ80KpH8xO89VPoUileyNQ+tc= @@ -338,19 +310,13 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1/go.mod h1: github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.3 h1:I0dcwWitE752hVSMrsLCxqNQ+UdEp3nACx2bYNMQq+k= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.3/go.mod h1:Seb8KNmD6kVTjwRjVEgOT5hPin6sq+v4C2ycJQDwuH8= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.3/go.mod h1:wlY6SVjuwvh3TVRpTqdy4I1JpBFLX4UGeKZdWntaocw= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 h1:kJOolE8xBAD13xTCgOakByZkyP4D/owNmvEiioeUNAg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3/go.mod h1:Owv1I59vaghv1Ax8zz8ELY8DN7/Y0rGS+WWAmjgi950= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.4 h1:rdovz3rEu0vZKbzoMYPTehp0E8veoE9AyfzqCr5Eeao= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.4/go.mod h1:aYCGNjyUCUelhofxlZyj63srdxWUSsBSGg5l6MCuXuE= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.3 h1:BKjwCJPnANbkwQ8vzSbaZDKawwagDubrH/z/c0X+kbQ= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.3/go.mod h1:Bm/v2IaN6rZ+Op7zX+bOUMdL4fsrYZiD0dsjLhNKwZc= github.com/aws/aws-sdk-go-v2/service/kms v1.16.3/go.mod h1:QuiHPBqlOFCi4LqdSskYYAWpQlx3PKmohy+rE2F+o5g= -github.com/aws/aws-sdk-go-v2/service/kms v1.26.2 h1:cd6qixgKwsu4i1oT14brIYx9qZaXX/9CFrBncxYr7OY= -github.com/aws/aws-sdk-go-v2/service/kms v1.26.2/go.mod h1:SBBCPcfsuNkvXnW4sDzoPNeow6xOaU6g2xTfj1dfxo4= github.com/aws/aws-sdk-go-v2/service/kms v1.26.4 h1:h7i9epxI6WCw4Mg0A2v6+zBgxlRYTuH/L+sBOMFKH3c= github.com/aws/aws-sdk-go-v2/service/kms v1.26.4/go.mod h1:N3++/sLV97B8Zliz7KRqNcojOX7iMBZWKiuit5FKtH0= -github.com/aws/aws-sdk-go-v2/service/outposts v1.33.2 h1:BGKMmQ1+g4B+xa7XN4Y4/+2wFQamkkEvKqVANcNUvz0= -github.com/aws/aws-sdk-go-v2/service/outposts v1.33.2/go.mod h1:05XXa0x5qP94PNvZV35LmnbC/gdfp3LsredHz6bX0h4= github.com/aws/aws-sdk-go-v2/service/outposts v1.33.4 h1:SEQCwls39YYqYUbM23R8FUUm0lJ9urL7EGuDSHMeSn4= github.com/aws/aws-sdk-go-v2/service/outposts v1.33.4/go.mod h1:/gRj71j9MfjKtN1hERMH6UNt/IqvDNaBanFvNr7+KDg= github.com/aws/aws-sdk-go-v2/service/pricing v1.17.0 h1:RQOMvPwte2H4ZqsiZmrla1crhBWDFnW8bZynkec5cGU= @@ -361,22 +327,14 @@ github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.4/go.mod h1:PJc8s+lxyU github.com/aws/aws-sdk-go-v2/service/sns v1.17.4/go.mod h1:kElt+uCcXxcqFyc+bQqZPFD9DME/eC6oHBXvFzQ9Bcw= github.com/aws/aws-sdk-go-v2/service/sqs v1.18.3/go.mod h1:skmQo0UPvsjsuYYSYMVmrPc1HWCbHUJyrCEp+ZaLzqM= github.com/aws/aws-sdk-go-v2/service/ssm v1.24.1/go.mod h1:NR/xoKjdbRJ+qx0pMR4mI+N/H1I1ynHwXnO6FowXJc0= -github.com/aws/aws-sdk-go-v2/service/ssm v1.43.0 h1:hrbnozmShh4n0ar1Zk7Ol0ST1sep1ECGHLwbdbfAFRo= -github.com/aws/aws-sdk-go-v2/service/ssm v1.43.0/go.mod h1:5tNnH3XNzW2Jo3TXQjKKH/Ivx7gRsz9nGcvGhq6YPRA= github.com/aws/aws-sdk-go-v2/service/ssm v1.43.2 h1:IZq7BDqMNK06lAuReVTGzPGFcC81yaZvjuuOnst8EEk= github.com/aws/aws-sdk-go-v2/service/ssm v1.43.2/go.mod h1:Iw3+XCa7ARZWsPiV3Zozf5Hb3gD7pHDLKu9Xcc4iwDM= github.com/aws/aws-sdk-go-v2/service/sso v1.11.3/go.mod h1:7UQ/e69kU7LDPtY40OyoHYgRmgfGM4mgsLYtcObdveU= -github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 h1:V47N5eKgVZoRSvx2+RQ0EpAEit/pqOhqeSQFiS4OFEQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.17.2/go.mod h1:/pE21vno3q1h4bbhUOEi+6Zu/aT26UK2WKkDXd+TssQ= github.com/aws/aws-sdk-go-v2/service/sso v1.17.4 h1:WSMiDIMaDGyIiXwruNITU0IJF0d0foXwjxpxRylamqQ= github.com/aws/aws-sdk-go-v2/service/sso v1.17.4/go.mod h1:oA6VjNsLll2eVuUoF2D+CMyORgNzPEW/3PyUdq6WQjI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.2 h1:sMAcO7VHVw28HTAdZpTULDzFirHOsVm/x25CxhUH0jA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.2/go.mod h1:dWqm5G767qwKPuayKfzm4rjzFmVjiBFbOJrpSPnAMDs= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.2 h1:GsrlsvTPBNxHvE3KBCwUMnR76MTO/6qnnO1ILSUOpTA= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.2/go.mod h1:hHL974p5auvXlZPIjJTblXJpbkfK4klBczlsEaMCGVY= github.com/aws/aws-sdk-go-v2/service/sts v1.16.3/go.mod h1:bfBj0iVmsUyUg4weDB4NxktD9rDGeKSVWnjTnwbx9b8= -github.com/aws/aws-sdk-go-v2/service/sts v1.25.2 h1:vwyiRTnXLqsak/6WAQ+uTRhVqKI6vxUQ0HJXjKij0zM= -github.com/aws/aws-sdk-go-v2/service/sts v1.25.2/go.mod h1:4EqRHDCKP78hq3zOnmFXu5k0j4bXbRFfCh/zQ6KnEfQ= github.com/aws/aws-sdk-go-v2/service/sts v1.25.5 h1:jwpmP8FnZPdpmJ8hkximoPQFGCUzfIekccwkxlfVfHQ= github.com/aws/aws-sdk-go-v2/service/sts v1.25.5/go.mod h1:feTnm2Tk/pJxdX+eooEsxvlvTWBvDm6CasRZ+JOs2IY= github.com/aws/smithy-go v1.11.2/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM= @@ -611,8 +569,6 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= @@ -903,7 +859,6 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0 github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= -github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gophercloud/gophercloud v1.1.1 h1:MuGyqbSxiuVBqkPZ3+Nhbytk1xZxhmfCB2Rg1cJWFWM= github.com/gophercloud/gophercloud v1.1.1/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= @@ -1683,8 +1638,6 @@ github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlI github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vburenin/ifacemaker v1.2.1 h1:3Vq8B/bfBgjWTkv+jDg4dVL1KHt3k1K4lO7XRxYA2sk= github.com/vburenin/ifacemaker v1.2.1/go.mod h1:5WqrzX2aD7/hi+okBjcaEQJMg4lDGrpuEX3B8L4Wgrs= -github.com/vektra/mockery/v2 v2.36.1 h1:F/2tEFFRWdHe36smr+e6YIiKzXTZVd0cCAUqG0GTw1s= -github.com/vektra/mockery/v2 v2.36.1/go.mod h1:diB13hxXG6QrTR0ol2Rk8s2dRMftzvExSvPDKr+IYKk= github.com/vektra/mockery/v2 v2.38.0 h1:I0LBuUzZHqAU4d1DknW0DTFBPO6n8TaD38WL2KJf3yI= github.com/vektra/mockery/v2 v2.38.0/go.mod h1:diB13hxXG6QrTR0ol2Rk8s2dRMftzvExSvPDKr+IYKk= github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 h1:txplJASvd6b/hrE0s/Ixfpp2cuwH9IO9oZBAN9iYa4A= @@ -1735,7 +1688,6 @@ github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTN github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= -github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= gitlab.com/bosi/decorder v0.4.1 h1:VdsdfxhstabyhZovHafFw+9eJ6eU0d2CkFNJcZz/NU4= gitlab.com/bosi/decorder v0.4.1/go.mod h1:jecSqWUew6Yle1pCr2eLWTensJMmsxHsBwt+PVbkAqA= gitlab.com/digitalxero/go-conventional-commit v1.0.7 h1:8/dO6WWG+98PMhlZowt/YjuiKhqhGlOCwlIV8SqqGh8= diff --git a/pkg/awsapi/generate/generate.go b/pkg/awsapi/generate/generate.go index 26cbb142ae..7ca40f8caa 100644 --- a/pkg/awsapi/generate/generate.go +++ b/pkg/awsapi/generate/generate.go @@ -1,6 +1,5 @@ package generate -//go:generate ../../../build/scripts/generate-aws-interfaces.sh sts STS //go:generate ../../../build/scripts/generate-aws-interfaces.sh autoscaling ASG //go:generate ../../../build/scripts/generate-aws-interfaces.sh cloudwatchlogs CloudWatchLogs //go:generate ../../../build/scripts/generate-aws-interfaces.sh cloudformation CloudFormation diff --git a/pkg/awsapi/sts.go b/pkg/awsapi/sts.go index c94f294baa..4aa58bcbf6 100644 --- a/pkg/awsapi/sts.go +++ b/pkg/awsapi/sts.go @@ -1,321 +1,14 @@ -// Code generated by ifacemaker; DO NOT EDIT. - package awsapi import ( "context" - . "github.com/aws/aws-sdk-go-v2/service/sts" + "github.com/aws/aws-sdk-go-v2/service/sts" ) // STS provides an interface to the AWS STS service. type STS interface { - // Returns a set of temporary security credentials that you can use to access - // Amazon Web Services resources. These temporary credentials consist of an access - // key ID, a secret access key, and a security token. Typically, you use AssumeRole - // within your account or for cross-account access. For a comparison of AssumeRole - // with other API operations that produce temporary credentials, see Requesting - // Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) - // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) - // in the IAM User Guide. Permissions The temporary security credentials created by - // AssumeRole can be used to make API calls to any Amazon Web Services service - // with the following exception: You cannot call the Amazon Web Services STS - // GetFederationToken or GetSessionToken API operations. (Optional) You can pass - // inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // to this operation. You can pass a single JSON policy document to use as an - // inline session policy. You can also specify up to 10 managed policy Amazon - // Resource Names (ARNs) to use as managed session policies. The plaintext that you - // use for both inline and managed session policies can't exceed 2,048 characters. - // Passing policies to this operation returns new temporary credentials. The - // resulting session's permissions are the intersection of the role's - // identity-based policy and the session policies. You can use the role's temporary - // credentials in subsequent Amazon Web Services API calls to access resources in - // the account that owns the role. You cannot use session policies to grant more - // permissions than those allowed by the identity-based policy of the role that is - // being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // in the IAM User Guide. When you create a role, you create two policies: a role - // trust policy that specifies who can assume the role, and a permissions policy - // that specifies what can be done with the role. You specify the trusted principal - // that is allowed to assume the role in the role trust policy. To assume a role - // from a different account, your Amazon Web Services account must be trusted by - // the role. The trust relationship is defined in the role's trust policy when the - // role is created. That trust policy states which accounts are allowed to delegate - // that access to users in the account. A user who wants to access a role in a - // different account must also have permissions that are delegated from the account - // administrator. The administrator must attach a policy that allows the user to - // call AssumeRole for the ARN of the role in the other account. To allow a user - // to assume a role in the same account, you can do either of the following: - // - Attach a policy to the user that allows the user to call AssumeRole (as long - // as the role's trust policy trusts the account). - // - Add the user as a principal directly in the role's trust policy. - // - // You can do either because the role’s trust policy acts as an IAM resource-based - // policy. When a resource-based policy grants access to a principal in the same - // account, no additional identity-based policy is required. For more information - // about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) - // in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your - // session. These tags are called session tags. For more information about session - // tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) - // in the IAM User Guide. An administrator must grant you the permissions necessary - // to pass session tags. The administrator can also create granular permissions to - // allow you to pass only specific session tags. For more information, see - // Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) - // in the IAM User Guide. You can set the session tags as transitive. Transitive - // tags persist during role chaining. For more information, see Chaining Roles - // with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) - // in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include - // multi-factor authentication (MFA) information when you call AssumeRole . This is - // useful for cross-account scenarios to ensure that the user that assumes the role - // has been authenticated with an Amazon Web Services MFA device. In that scenario, - // the trust policy of the role being assumed includes a condition that tests for - // MFA authentication. If the caller does not include valid MFA information, the - // request to assume the role is denied. The condition in a trust policy that tests - // for MFA authentication might look like the following example. "Condition": - // {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see - // Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) - // in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for - // the SerialNumber and TokenCode parameters. The SerialNumber value identifies - // the user's hardware or virtual MFA device. The TokenCode is the time-based - // one-time password (TOTP) that the MFA device produces. - AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) - // Returns a set of temporary security credentials for users who have been - // authenticated via a SAML authentication response. This operation provides a - // mechanism for tying an enterprise identity store or directory to role-based - // Amazon Web Services access without user-specific credentials or configuration. - // For a comparison of AssumeRoleWithSAML with the other API operations that - // produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) - // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) - // in the IAM User Guide. The temporary security credentials returned by this - // operation consist of an access key ID, a secret access key, and a security - // token. Applications can use these temporary security credentials to sign calls - // to Amazon Web Services services. Session Duration By default, the temporary - // security credentials created by AssumeRoleWithSAML last for one hour. However, - // you can use the optional DurationSeconds parameter to specify the duration of - // your session. Your role session lasts for the duration that you specify, or - // until the time specified in the SAML authentication response's - // SessionNotOnOrAfter value, whichever is shorter. You can provide a - // DurationSeconds value from 900 seconds (15 minutes) up to the maximum session - // duration setting for the role. This setting can have a value from 1 hour to 12 - // hours. To learn how to view the maximum value for your role, see View the - // Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) - // in the IAM User Guide. The maximum session duration limit applies when you use - // the AssumeRole* API operations or the assume-role* CLI commands. However the - // limit does not apply when you use those operations to create a console URL. For - // more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) - // in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining) - // limits your CLI or Amazon Web Services API role session to a maximum of one - // hour. When you use the AssumeRole API operation to assume a role, you can - // specify the duration of your role session with the DurationSeconds parameter. - // You can specify a parameter value of up to 43200 seconds (12 hours), depending - // on the maximum session duration setting for your role. However, if you assume a - // role using role chaining and provide a DurationSeconds parameter value greater - // than one hour, the operation fails. Permissions The temporary security - // credentials created by AssumeRoleWithSAML can be used to make API calls to any - // Amazon Web Services service with the following exception: you cannot call the - // STS GetFederationToken or GetSessionToken API operations. (Optional) You can - // pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // to this operation. You can pass a single JSON policy document to use as an - // inline session policy. You can also specify up to 10 managed policy Amazon - // Resource Names (ARNs) to use as managed session policies. The plaintext that you - // use for both inline and managed session policies can't exceed 2,048 characters. - // Passing policies to this operation returns new temporary credentials. The - // resulting session's permissions are the intersection of the role's - // identity-based policy and the session policies. You can use the role's temporary - // credentials in subsequent Amazon Web Services API calls to access resources in - // the account that owns the role. You cannot use session policies to grant more - // permissions than those allowed by the identity-based policy of the role that is - // being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of - // Amazon Web Services security credentials. The identity of the caller is - // validated by using keys in the metadata document that is uploaded for the SAML - // provider entity for your identity provider. Calling AssumeRoleWithSAML can - // result in an entry in your CloudTrail logs. The entry includes the value in the - // NameID element of the SAML assertion. We recommend that you use a NameIDType - // that is not associated with any personally identifiable information (PII). For - // example, you could instead use the persistent identifier ( - // urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can - // configure your IdP to pass attributes into your SAML assertion as session tags. - // Each session tag consists of a key name and an associated value. For more - // information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) - // in the IAM User Guide. You can pass up to 50 session tags. The plaintext session - // tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. - // For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) - // in the IAM User Guide. An Amazon Web Services conversion compresses the passed - // inline session policy, managed policy ARNs, and session tags into a packed - // binary format that has a separate limit. Your request can fail for this limit - // even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags for - // your request are to the upper size limit. You can pass a session tag with the - // same key as a tag that is attached to the role. When you do, session tags - // override the role's tags with the same key. An administrator must grant you the - // permissions necessary to pass session tags. The administrator can also create - // granular permissions to allow you to pass only specific session tags. For more - // information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) - // in the IAM User Guide. You can set the session tags as transitive. Transitive - // tags persist during role chaining. For more information, see Chaining Roles - // with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) - // in the IAM User Guide. SAML Configuration Before your application can call - // AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to - // issue the claims required by Amazon Web Services. Additionally, you must use - // Identity and Access Management (IAM) to create a SAML provider entity in your - // Amazon Web Services account that represents your identity provider. You must - // also create an IAM role that specifies this SAML provider in its trust policy. - // For more information, see the following resources: - // - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) - // in the IAM User Guide. - // - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) - // in the IAM User Guide. - // - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) - // in the IAM User Guide. - // - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) - // in the IAM User Guide. - AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error) - // Returns a set of temporary security credentials for users who have been - // authenticated in a mobile or web application with a web identity provider. - // Example providers include the OAuth 2.0 providers Login with Amazon and - // Facebook, or any OpenID Connect-compatible identity provider such as Google or - // Amazon Cognito federated identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) - // . For mobile applications, we recommend that you use Amazon Cognito. You can use - // Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) - // and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) - // to uniquely identify a user. You can also supply the user with a consistent - // identity throughout the lifetime of an application. To learn more about Amazon - // Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) - // in Amazon Cognito Developer Guide. Calling AssumeRoleWithWebIdentity does not - // require the use of Amazon Web Services security credentials. Therefore, you can - // distribute an application (for example, on mobile devices) that requests - // temporary security credentials without including long-term Amazon Web Services - // credentials in the application. You also don't need to deploy server-based proxy - // services that use long-term Amazon Web Services credentials. Instead, the - // identity of the caller is validated by using a token from the web identity - // provider. For a comparison of AssumeRoleWithWebIdentity with the other API - // operations that produce temporary credentials, see Requesting Temporary - // Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) - // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) - // in the IAM User Guide. The temporary security credentials returned by this API - // consist of an access key ID, a secret access key, and a security token. - // Applications can use these temporary security credentials to sign calls to - // Amazon Web Services service API operations. Session Duration By default, the - // temporary security credentials created by AssumeRoleWithWebIdentity last for - // one hour. However, you can use the optional DurationSeconds parameter to - // specify the duration of your session. You can provide a value from 900 seconds - // (15 minutes) up to the maximum session duration setting for the role. This - // setting can have a value from 1 hour to 12 hours. To learn how to view the - // maximum value for your role, see View the Maximum Session Duration Setting for - // a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) - // in the IAM User Guide. The maximum session duration limit applies when you use - // the AssumeRole* API operations or the assume-role* CLI commands. However the - // limit does not apply when you use those operations to create a console URL. For - // more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) - // in the IAM User Guide. Permissions The temporary security credentials created by - // AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web - // Services service with the following exception: you cannot call the STS - // GetFederationToken or GetSessionToken API operations. (Optional) You can pass - // inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // to this operation. You can pass a single JSON policy document to use as an - // inline session policy. You can also specify up to 10 managed policy Amazon - // Resource Names (ARNs) to use as managed session policies. The plaintext that you - // use for both inline and managed session policies can't exceed 2,048 characters. - // Passing policies to this operation returns new temporary credentials. The - // resulting session's permissions are the intersection of the role's - // identity-based policy and the session policies. You can use the role's temporary - // credentials in subsequent Amazon Web Services API calls to access resources in - // the account that owns the role. You cannot use session policies to grant more - // permissions than those allowed by the identity-based policy of the role that is - // being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // in the IAM User Guide. Tags (Optional) You can configure your IdP to pass - // attributes into your web identity token as session tags. Each session tag - // consists of a key name and an associated value. For more information about - // session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) - // in the IAM User Guide. You can pass up to 50 session tags. The plaintext session - // tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. - // For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) - // in the IAM User Guide. An Amazon Web Services conversion compresses the passed - // inline session policy, managed policy ARNs, and session tags into a packed - // binary format that has a separate limit. Your request can fail for this limit - // even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags for - // your request are to the upper size limit. You can pass a session tag with the - // same key as a tag that is attached to the role. When you do, the session tag - // overrides the role tag with the same key. An administrator must grant you the - // permissions necessary to pass session tags. The administrator can also create - // granular permissions to allow you to pass only specific session tags. For more - // information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) - // in the IAM User Guide. You can set the session tags as transitive. Transitive - // tags persist during role chaining. For more information, see Chaining Roles - // with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) - // in the IAM User Guide. Identities Before your application can call - // AssumeRoleWithWebIdentity , you must have an identity token from a supported - // identity provider and create a role that the application can assume. The role - // that your application assumes must trust the identity provider that is - // associated with the identity token. In other words, the identity provider must - // be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can - // result in an entry in your CloudTrail logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims) - // of the provided web identity token. We recommend that you avoid using any - // personally identifiable information (PII) in this field. For example, you could - // instead use a GUID or a pairwise identifier, as suggested in the OIDC - // specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes) - // . For more information about how to use web identity federation and the - // AssumeRoleWithWebIdentity API, see the following resources: - // - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) - // and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) - // . - // - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/) - // . Walk through the process of authenticating through Login with Amazon, - // Facebook, or Google, getting temporary security credentials, and then using - // those credentials to make a request to Amazon Web Services. - // - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) - // and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) - // . These toolkits contain sample apps that show how to invoke the identity - // providers. The toolkits then show how to use the information from these - // providers to get and use temporary security credentials. - // - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications) - // . This article discusses web identity federation and shows an example of how to - // use web identity federation to get access to content in Amazon S3. - AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) - // Decodes additional information about the authorization status of a request from - // an encoded message returned in response to an Amazon Web Services request. For - // example, if a user is not authorized to perform an operation that he or she has - // requested, the request returns a Client.UnauthorizedOperation response (an HTTP - // 403 response). Some Amazon Web Services operations additionally return an - // encoded message that can provide details about this authorization failure. Only - // certain Amazon Web Services operations return an encoded authorization message. - // The documentation for an individual operation indicates whether that operation - // returns an encoded message in addition to returning an HTTP code. The message is - // encoded because the details of the authorization status can contain privileged - // information that the user who requested the operation should not see. To decode - // an authorization status message, a user must be granted permissions through an - // IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) - // to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage ) - // action. The decoded message includes the following type of information: - // - Whether the request was denied due to an explicit deny or due to the - // absence of an explicit allow. For more information, see Determining Whether a - // Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) - // in the IAM User Guide. - // - The principal who made the request. - // - The requested action. - // - The requested resource. - // - The values of condition keys in the context of the user's request. - DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) - // Returns the account identifier for the specified access key ID. Access keys - // consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE ) and - // a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ). - // For more information about access keys, see Managing Access Keys for IAM Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) - // in the IAM User Guide. When you pass an access key ID to this operation, it - // returns the ID of the Amazon Web Services account to which the keys belong. - // Access key IDs beginning with AKIA are long-term credentials for an IAM user or - // the Amazon Web Services account root user. Access key IDs beginning with ASIA - // are temporary credentials that are created using STS operations. If the account - // in the response belongs to you, you can sign in as the root user and review your - // root user access keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) - // to learn which IAM user owns the keys. To learn who requested the temporary - // credentials for an ASIA access key, view the STS events in your CloudTrail logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) - // in the IAM User Guide. This operation does not indicate the state of the access - // key. The key might be active, inactive, or deleted. Active keys might not have - // permissions to perform an operation. Providing a deleted access key might return - // an error that the key doesn't exist. - GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error) - // Returns details about the IAM user or role whose credentials are used to call + // GetCallerIdentity returns details about the IAM user or role whose credentials are used to call // the operation. No permissions are required to perform this operation. If an // administrator attaches a policy to your identity that explicitly denies access // to the sts:GetCallerIdentity action, you can still perform this operation. @@ -323,120 +16,5 @@ type STS interface { // access is denied. To view an example response, see I Am Not Authorized to // Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) // in the IAM User Guide. - GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) - // Returns a set of temporary security credentials (consisting of an access key - // ID, a secret access key, and a security token) for a user. A typical use is in a - // proxy application that gets temporary security credentials on behalf of - // distributed applications inside a corporate network. You must call the - // GetFederationToken operation using the long-term security credentials of an IAM - // user. As a result, this call is appropriate in contexts where those credentials - // can be safeguarded, usually in a server-based application. For a comparison of - // GetFederationToken with the other API operations that produce temporary - // credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) - // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) - // in the IAM User Guide. Although it is possible to call GetFederationToken using - // the security credentials of an Amazon Web Services account root user rather than - // an IAM user that you create for the purpose of a proxy application, we do not - // recommend it. For more information, see Safeguard your root user credentials - // and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) - // in the IAM User Guide. You can create a mobile-based or browser-based app that - // can authenticate users using a web identity provider like Login with Amazon, - // Facebook, Google, or an OpenID Connect-compatible identity provider. In this - // case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/) - // or AssumeRoleWithWebIdentity . For more information, see Federation Through a - // Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) - // in the IAM User Guide. Session duration The temporary credentials are valid for - // the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 - // seconds (36 hours). The default session duration is 43,200 seconds (12 hours). - // Temporary credentials obtained by using the root user credentials have a maximum - // duration of 3,600 seconds (1 hour). Permissions You can use the temporary - // credentials created by GetFederationToken in any Amazon Web Services service - // with the following exceptions: - // - You cannot call any IAM operations using the CLI or the Amazon Web Services - // API. This limitation does not apply to console sessions. - // - You cannot call any STS operations except GetCallerIdentity . - // - // You can use temporary credentials for single sign-on (SSO) to the console. You - // must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // to this operation. You can pass a single JSON policy document to use as an - // inline session policy. You can also specify up to 10 managed policy Amazon - // Resource Names (ARNs) to use as managed session policies. The plaintext that you - // use for both inline and managed session policies can't exceed 2,048 characters. - // Though the session policy parameters are optional, if you do not pass a policy, - // then the resulting federated user session has no permissions. When you pass - // session policies, the session permissions are the intersection of the IAM user - // policies and the session policies that you pass. This gives you a way to further - // restrict the permissions for a federated user. You cannot use session policies - // to grant more permissions than those that are defined in the permissions policy - // of the IAM user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // in the IAM User Guide. For information about using GetFederationToken to create - // temporary security credentials, see GetFederationToken—Federation Through a - // Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken) - // . You can use the credentials to access a resource that has a resource-based - // policy. If that policy specifically references the federated user session in the - // Principal element of the policy, the session has the permissions allowed by the - // policy. These permissions are granted in addition to the permissions granted by - // the session policies. Tags (Optional) You can pass tag key-value pairs to your - // session. These are called session tags. For more information about session tags, - // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) - // in the IAM User Guide. You can create a mobile-based or browser-based app that - // can authenticate users using a web identity provider like Login with Amazon, - // Facebook, Google, or an OpenID Connect-compatible identity provider. In this - // case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/) - // or AssumeRoleWithWebIdentity . For more information, see Federation Through a - // Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) - // in the IAM User Guide. An administrator must grant you the permissions necessary - // to pass session tags. The administrator can also create granular permissions to - // allow you to pass only specific session tags. For more information, see - // Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) - // in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is - // preserved. This means that you cannot have separate Department and department - // tag keys. Assume that the user that you are federating has the Department = - // Marketing tag and you pass the department = engineering session tag. Department - // and department are not saved as separate tags, and the session tag passed in - // the request takes precedence over the user tag. - GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) - // Returns a set of temporary credentials for an Amazon Web Services account or - // IAM user. The credentials consist of an access key ID, a secret access key, and - // a security token. Typically, you use GetSessionToken if you want to use MFA to - // protect programmatic calls to specific Amazon Web Services API operations like - // Amazon EC2 StopInstances . MFA-enabled IAM users must call GetSessionToken and - // submit an MFA code that is associated with their MFA device. Using the temporary - // security credentials that the call returns, IAM users can then make programmatic - // calls to API operations that require MFA authentication. An incorrect MFA code - // causes the API to return an access denied error. For a comparison of - // GetSessionToken with the other API operations that produce temporary - // credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) - // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) - // in the IAM User Guide. No permissions are required for users to perform this - // operation. The purpose of the sts:GetSessionToken operation is to authenticate - // the user using MFA. You cannot use policies to control authentication - // operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html) - // in the IAM User Guide. Session Duration The GetSessionToken operation must be - // called by using the long-term Amazon Web Services security credentials of an IAM - // user. Credentials that are created by IAM users are valid for the duration that - // you specify. This duration can range from 900 seconds (15 minutes) up to a - // maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 - // hours). Credentials based on account credentials can range from 900 seconds (15 - // minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. Permissions The - // temporary security credentials created by GetSessionToken can be used to make - // API calls to any Amazon Web Services service with the following exceptions: - // - You cannot call any IAM API operations unless MFA authentication - // information is included in the request. - // - You cannot call any STS API except AssumeRole or GetCallerIdentity . - // - // The credentials that GetSessionToken returns are based on permissions - // associated with the IAM user whose credentials were used to call the operation. - // The temporary credentials have the same permissions as the IAM user. Although it - // is possible to call GetSessionToken using the security credentials of an Amazon - // Web Services account root user rather than an IAM user, we do not recommend it. - // If GetSessionToken is called using root user credentials, the temporary - // credentials have root user permissions. For more information, see Safeguard - // your root user credentials and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) - // in the IAM User Guide For more information about using GetSessionToken to - // create temporary credentials, see Temporary Credentials for Users in Untrusted - // Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) - // in the IAM User Guide. - GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) + GetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error) } -