Update aws-sdk-go dependency to v1.28.2

2025-12-07 09:43:15 +00:00 · 2020-01-16 19:22:14 -08:00
parent 90d6484f1c
commit a94346bef9
137 changed files with 43354 additions and 5454 deletions
--- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go
--- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go
@@ -6,7 +6,7 @@
 // AWS Key Management Service (AWS KMS) is an encryption and key management
 // web service. This guide describes the AWS KMS operations that you can call
 // programmatically. For general information about AWS KMS, see the AWS Key
-// Management Service Developer Guide (http://docs.aws.amazon.com/kms/latest/developerguide/).
+// Management Service Developer Guide (https://docs.aws.amazon.com/kms/latest/developerguide/).
 //
 // AWS provides SDKs that consist of libraries and sample code for various programming
 // languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs
@@ -30,11 +30,11 @@
 // Requests must be signed by using an access key ID and a secret access key.
 // We strongly recommend that you do not use your AWS account (root) access
 // key ID and secret key for everyday work with AWS KMS. Instead, use the access
-// key ID and secret access key for an IAM user, or you can use the AWS Security
+// key ID and secret access key for an IAM user. You can also use the AWS Security
 // Token Service to generate temporary security credentials that you can use
 // to sign requests.
 //
-// All AWS KMS operations require Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
+// All AWS KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
 //
 // Logging API Requests
 //
@@ -43,29 +43,29 @@
 // you specify. By using the information collected by CloudTrail, you can determine
 // what requests were made to AWS KMS, who made the request, when it was made,
 // and so on. To learn more about CloudTrail, including how to turn it on and
-// find your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
+// find your log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
 //
 // Additional Resources
 //
 // For more information about credentials and request signing, see the following:
 //
-//    * AWS Security Credentials (http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
-//    - This topic provides general information about the of credentials used
-//    for accessing AWS.
+//    * AWS Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
+//    - This topic provides general information about the types of credentials
+//    used for accessing AWS.
 //
-//    * Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
+//    * Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
 //    - This section of the IAM User Guide describes how to create and use temporary
 //    security credentials.
 //
-//    * Signature Version 4 Signing Process (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
+//    * Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
 //    - This set of topics walks you through the process of signing a request
 //    using an access key ID and a secret access key.
 //
-// Commonly Used APIs
+// Commonly Used API Operations
 //
-// Of the APIs discussed in this guide, the following will prove the most useful
-// for most applications. You will likely perform actions other than these,
-// such as creating keys and assigning policies, by using the console.
+// Of the API operations discussed in this guide, the following will prove the
+// most useful for most applications. You will likely perform operations other
+// than these, such as creating keys and assigning policies, by using the console.
 //
 //    * Encrypt
 //
--- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go
@@ -2,6 +2,10 @@

 package kms

+import (
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
 const (

 	// ErrCodeAlreadyExistsException for service response error code
@@ -20,7 +24,7 @@ const (
 	// associated with a different AWS CloudHSM cluster.
 	//
 	// Clusters that share a backup history have the same cluster certificate. To
-	// view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+	// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
 	// operation.
 	ErrCodeCloudHsmClusterInUseException = "CloudHsmClusterInUseException"

@@ -28,21 +32,35 @@ const (
 	// "CloudHsmClusterInvalidConfigurationException".
 	//
 	// The request was rejected because the associated AWS CloudHSM cluster did
-	// not meet the configuration requirements for a custom key store. The cluster
-	// must be configured with private subnets in at least two different Availability
-	// Zones in the Region. Also, it must contain at least as many HSMs as the operation
-	// requires.
+	// not meet the configuration requirements for a custom key store.
 	//
-	// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations,
-	// the AWS CloudHSM cluster must have at least two active HSMs, each in a different
-	// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM
-	// must contain at least one active HSM.
+	//    * The cluster must be configured with private subnets in at least two
+	//    different Availability Zones in the Region.
 	//
-	// For information about creating a private subnet for a AWS CloudHSM cluster,
-	// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
-	// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm
-	// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
-	// operation.
+	//    * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
+	//    (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound
+	//    rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
+	//    rules and the Destination in the outbound rules must match the security
+	//    group ID. These rules are set by default when you create the cluster.
+	//    Do not delete or change them. To get information about a particular security
+	//    group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
+	//    operation.
+	//
+	//    * The cluster must contain at least as many HSMs as the operation requires.
+	//    To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
+	//    operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
+	//    operations, the AWS CloudHSM cluster must have at least two active HSMs,
+	//    each in a different Availability Zone. For the ConnectCustomKeyStore operation,
+	//    the AWS CloudHSM must contain at least one active HSM.
+	//
+	// For information about the requirements for an AWS CloudHSM cluster that is
+	// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
+	// in the AWS Key Management Service Developer Guide. For information about
+	// creating a private subnet for an AWS CloudHSM cluster, see Create a Private
+	// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
+	// in the AWS CloudHSM User Guide. For information about cluster security groups,
+	// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
+	// in the AWS CloudHSM User Guide .
 	ErrCodeCloudHsmClusterInvalidConfigurationException = "CloudHsmClusterInvalidConfigurationException"

 	// ErrCodeCloudHsmClusterNotActiveException for service response error code
@@ -51,7 +69,7 @@ const (
 	// The request was rejected because the AWS CloudHSM cluster that is associated
 	// with the custom key store is not active. Initialize and activate the cluster
 	// and try the command again. For detailed instructions, see Getting Started
-	// (http://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
+	// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
 	// in the AWS CloudHSM User Guide.
 	ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException"

@@ -76,7 +94,7 @@ const (
 	// cluster.
 	//
 	// Clusters that share a backup history have the same cluster certificate. To
-	// view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
+	// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
 	// operation.
 	ErrCodeCloudHsmClusterNotRelatedException = "CloudHsmClusterNotRelatedException"

@@ -142,17 +160,25 @@ const (
 	// ErrCodeExpiredImportTokenException for service response error code
 	// "ExpiredImportTokenException".
 	//
-	// The request was rejected because the provided import token is expired. Use
+	// The request was rejected because the specified import token is expired. Use
 	// GetParametersForImport to get a new import token and public key, use the
 	// new public key to encrypt the key material, and then try the request again.
 	ErrCodeExpiredImportTokenException = "ExpiredImportTokenException"

+	// ErrCodeIncorrectKeyException for service response error code
+	// "IncorrectKeyException".
+	//
+	// The request was rejected because the specified CMK cannot decrypt the data.
+	// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request
+	// must identify the same CMK that was used to encrypt the ciphertext.
+	ErrCodeIncorrectKeyException = "IncorrectKeyException"
+
 	// ErrCodeIncorrectKeyMaterialException for service response error code
 	// "IncorrectKeyMaterialException".
 	//
-	// The request was rejected because the provided key material is invalid or
-	// is not the same key material that was previously imported into this customer
-	// master key (CMK).
+	// The request was rejected because the key material in the request is, expired,
+	// invalid, or is not the same key material that was previously imported into
+	// this customer master key (CMK).
 	ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException"

 	// ErrCodeIncorrectTrustAnchorException for service response error code
@@ -161,7 +187,7 @@ const (
 	// The request was rejected because the trust anchor certificate in the request
 	// is not the trust anchor certificate for the specified AWS CloudHSM cluster.
 	//
-	// When you initialize the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
+	// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
 	// you create the trust anchor certificate and save it in the customerCA.crt
 	// file.
 	ErrCodeIncorrectTrustAnchorException = "IncorrectTrustAnchorException"
@@ -182,15 +208,20 @@ const (
 	// ErrCodeInvalidArnException for service response error code
 	// "InvalidArnException".
 	//
-	// The request was rejected because a specified ARN was not valid.
+	// The request was rejected because a specified ARN, or an ARN in a key policy,
+	// is not valid.
 	ErrCodeInvalidArnException = "InvalidArnException"

 	// ErrCodeInvalidCiphertextException for service response error code
 	// "InvalidCiphertextException".
 	//
-	// The request was rejected because the specified ciphertext, or additional
-	// authenticated data incorporated into the ciphertext, such as the encryption
-	// context, is corrupted, missing, or otherwise invalid.
+	// From the Decrypt or ReEncrypt operation, the request was rejected because
+	// the specified ciphertext, or additional authenticated data incorporated into
+	// the ciphertext, such as the encryption context, is corrupted, missing, or
+	// otherwise invalid.
+	//
+	// From the ImportKeyMaterial operation, the request was rejected because AWS
+	// KMS could not decrypt the encrypted (wrapped) key material.
 	ErrCodeInvalidCiphertextException = "InvalidCiphertextException"

 	// ErrCodeInvalidGrantIdException for service response error code
@@ -215,7 +246,19 @@ const (
 	// ErrCodeInvalidKeyUsageException for service response error code
 	// "InvalidKeyUsageException".
 	//
-	// The request was rejected because the specified KeySpec value is not valid.
+	// The request was rejected for one of the following reasons:
+	//
+	//    * The KeyUsage value of the CMK is incompatible with the API operation.
+	//
+	//    * The encryption algorithm or signing algorithm specified for the operation
+	//    is incompatible with the type of key material in the CMK (CustomerMasterKeySpec).
+	//
+	// For encrypting, decrypting, re-encrypting, and generating data keys, the
+	// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage
+	// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation.
+	//
+	// To find the encryption or signing algorithms supported for a particular CMK,
+	// use the DescribeKey operation.
 	ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException"

 	// ErrCodeInvalidMarkerException for service response error code
@@ -232,22 +275,30 @@ const (
 	// valid for this request.
 	//
 	// For more information about how key state affects the use of a CMK, see How
-	// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
-	// in the AWS Key Management Service Developer Guide.
+	// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+	// in the AWS Key Management Service Developer Guide .
 	ErrCodeInvalidStateException = "KMSInvalidStateException"

+	// ErrCodeKMSInvalidSignatureException for service response error code
+	// "KMSInvalidSignatureException".
+	//
+	// The request was rejected because the signature verification failed. Signature
+	// verification fails when it cannot confirm that signature was produced by
+	// signing the specified message with the specified CMK and signing algorithm.
+	ErrCodeKMSInvalidSignatureException = "KMSInvalidSignatureException"
+
 	// ErrCodeKeyUnavailableException for service response error code
 	// "KeyUnavailableException".
 	//
-	// The request was rejected because the specified CMK was not available. The
-	// request can be retried.
+	// The request was rejected because the specified CMK was not available. You
+	// can retry the request.
 	ErrCodeKeyUnavailableException = "KeyUnavailableException"

 	// ErrCodeLimitExceededException for service response error code
 	// "LimitExceededException".
 	//
 	// The request was rejected because a limit was exceeded. For more information,
-	// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
+	// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
 	// in the AWS Key Management Service Developer Guide.
 	ErrCodeLimitExceededException = "LimitExceededException"

@@ -278,3 +329,39 @@ const (
 	// a specified resource is not valid for this operation.
 	ErrCodeUnsupportedOperationException = "UnsupportedOperationException"
 )
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+	"AlreadyExistsException":                       newErrorAlreadyExistsException,
+	"CloudHsmClusterInUseException":                newErrorCloudHsmClusterInUseException,
+	"CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException,
+	"CloudHsmClusterNotActiveException":            newErrorCloudHsmClusterNotActiveException,
+	"CloudHsmClusterNotFoundException":             newErrorCloudHsmClusterNotFoundException,
+	"CloudHsmClusterNotRelatedException":           newErrorCloudHsmClusterNotRelatedException,
+	"CustomKeyStoreHasCMKsException":               newErrorCustomKeyStoreHasCMKsException,
+	"CustomKeyStoreInvalidStateException":          newErrorCustomKeyStoreInvalidStateException,
+	"CustomKeyStoreNameInUseException":             newErrorCustomKeyStoreNameInUseException,
+	"CustomKeyStoreNotFoundException":              newErrorCustomKeyStoreNotFoundException,
+	"DependencyTimeoutException":                   newErrorDependencyTimeoutException,
+	"DisabledException":                            newErrorDisabledException,
+	"ExpiredImportTokenException":                  newErrorExpiredImportTokenException,
+	"IncorrectKeyException":                        newErrorIncorrectKeyException,
+	"IncorrectKeyMaterialException":                newErrorIncorrectKeyMaterialException,
+	"IncorrectTrustAnchorException":                newErrorIncorrectTrustAnchorException,
+	"KMSInternalException":                         newErrorInternalException,
+	"InvalidAliasNameException":                    newErrorInvalidAliasNameException,
+	"InvalidArnException":                          newErrorInvalidArnException,
+	"InvalidCiphertextException":                   newErrorInvalidCiphertextException,
+	"InvalidGrantIdException":                      newErrorInvalidGrantIdException,
+	"InvalidGrantTokenException":                   newErrorInvalidGrantTokenException,
+	"InvalidImportTokenException":                  newErrorInvalidImportTokenException,
+	"InvalidKeyUsageException":                     newErrorInvalidKeyUsageException,
+	"InvalidMarkerException":                       newErrorInvalidMarkerException,
+	"KMSInvalidStateException":                     newErrorInvalidStateException,
+	"KMSInvalidSignatureException":                 newErrorKMSInvalidSignatureException,
+	"KeyUnavailableException":                      newErrorKeyUnavailableException,
+	"LimitExceededException":                       newErrorLimitExceededException,
+	"MalformedPolicyDocumentException":             newErrorMalformedPolicyDocumentException,
+	"NotFoundException":                            newErrorNotFoundException,
+	"TagException":                                 newErrorTagException,
+	"UnsupportedOperationException":                newErrorUnsupportedOperationException,
+}
--- a/vendor/github.com/aws/aws-sdk-go/service/kms/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go
@@ -8,6 +8,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/client/metadata"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/aws/aws-sdk-go/private/protocol"
 	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
 )

@@ -31,7 +32,7 @@ var initRequest func(*request.Request)
 const (
 	ServiceName = "kms"       // Name of service.
 	EndpointsID = ServiceName // ID to lookup a service endpoint with.
-	ServiceID   = "KMS"       // ServiceID is a unique identifer of a specific service.
+	ServiceID   = "KMS"       // ServiceID is a unique identifier of a specific service.
 )

 // New creates a new instance of the KMS client with a session.
@@ -39,6 +40,8 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
+//     mySession := session.Must(session.NewSession())
+//
 //     // Create a KMS client from just a session.
 //     svc := kms.New(mySession)
 //
@@ -46,11 +49,11 @@ const (
 //     svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *KMS {
 	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
 }

 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *KMS {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *KMS {
 	svc := &KMS{
 		Client: client.New(
 			cfg,
@@ -59,6 +62,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 				ServiceID:     ServiceID,
 				SigningName:   signingName,
 				SigningRegion: signingRegion,
+				PartitionID:   partitionID,
 				Endpoint:      endpoint,
 				APIVersion:    "2014-11-01",
 				JSONVersion:   "1.1",
@@ -73,7 +77,9 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 	svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
 	svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
 	svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
-	svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(
+		protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+	)

 	// Run custom client initialization if present
 	if initClient != nil {