diff --git a/go.mod b/go.mod index b7fbcb5..d4b9e79 100644 --- a/go.mod +++ b/go.mod @@ -7,31 +7,31 @@ require ( github.com/stretchr/testify v1.11.1 github.com/testcontainers/testcontainers-go v0.42.0 github.com/testcontainers/testcontainers-go/modules/consul v0.42.0 - gocloud.dev v0.45.0 + gocloud.dev v0.46.0 ) require ( - cloud.google.com/go/auth v0.17.0 // indirect + cloud.google.com/go/auth v0.18.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.9.0 // indirect dario.cat/mergo v1.0.2 // indirect github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/armon/go-metrics v0.4.1 // indirect - github.com/aws/aws-sdk-go-v2 v1.40.0 // indirect - github.com/aws/aws-sdk-go-v2/config v1.32.2 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.19.2 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 // indirect - github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 // indirect - github.com/aws/smithy-go v1.24.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.41.9 // indirect + github.com/aws/aws-sdk-go-v2/config v1.32.20 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.19 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.25 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.25 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.25 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.26 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.10 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.25 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.1.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.19 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.42.3 // indirect + github.com/aws/smithy-go v1.26.0 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/containerd/errdefs v1.0.0 // indirect @@ -57,8 +57,8 @@ require ( github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/google/wire v0.7.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect - github.com/googleapis/gax-go/v2 v2.15.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect + github.com/googleapis/gax-go/v2 v2.19.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.5.0 // indirect @@ -93,22 +93,22 @@ require ( github.com/tklauser/numcpus v0.11.0 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect go.opentelemetry.io/otel v1.43.0 // indirect go.opentelemetry.io/otel/metric v1.43.0 // indirect go.opentelemetry.io/otel/sdk v1.43.0 // indirect go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect go.opentelemetry.io/otel/trace v1.43.0 // indirect - golang.org/x/crypto v0.48.0 // indirect + golang.org/x/crypto v0.49.0 // indirect golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa // indirect - golang.org/x/net v0.51.0 // indirect - golang.org/x/oauth2 v0.34.0 // indirect + golang.org/x/net v0.52.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect golang.org/x/sys v0.42.0 // indirect - golang.org/x/text v0.34.0 // indirect + golang.org/x/text v0.35.0 // indirect golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect - google.golang.org/api v0.256.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/api v0.272.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5 // indirect google.golang.org/grpc v1.79.3 // indirect - google.golang.org/protobuf v1.36.10 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 5184d2d..cf94235 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,8 @@ cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E cloud.google.com/go v0.82.0/go.mod h1:vlKccHJGuFBFufnAnuB08dfEH9Y3H7dzDzRECFdC2TA= cloud.google.com/go v0.123.0 h1:2NAUJwPR47q+E35uaJeYoNhuNEM9kM8SjgRgdeOJUSE= cloud.google.com/go v0.123.0/go.mod h1:xBoMV08QcqUGuPW65Qfm1o9Y4zKZBpGS+7bImXLTAZU= -cloud.google.com/go/auth v0.17.0 h1:74yCm7hCj2rUyyAocqnFzsAYXgJhrG26XCFimrc/Kz4= -cloud.google.com/go/auth v0.17.0/go.mod h1:6wv/t5/6rOPAX4fJiRjKkJCvswLwdet7G8+UGXt7nCQ= +cloud.google.com/go/auth v0.18.2 h1:+Nbt5Ev0xEqxlNjd6c+yYUeosQ5TtEUaNcN/3FozlaM= +cloud.google.com/go/auth v0.18.2/go.mod h1:xD+oY7gcahcu7G2SG2DsBerfFxgPAJz17zz2joOFF3M= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -39,10 +39,10 @@ cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v1.5.3 h1:+vMINPiDF2ognBJ97ABAYYwRgsaqxPbQDlMnbHMjolc= cloud.google.com/go/iam v1.5.3/go.mod h1:MR3v9oLkZCTlaqljW6Eb2d3HGDGK5/bDv93jhfISFvU= -cloud.google.com/go/kms v1.23.2 h1:4IYDQL5hG4L+HzJBhzejUySoUOheh3Lk5YT4PCyyW6k= -cloud.google.com/go/kms v1.23.2/go.mod h1:rZ5kK0I7Kn9W4erhYVoIRPtpizjunlrfU4fUkumUp8g= -cloud.google.com/go/longrunning v0.7.0 h1:FV0+SYF1RIj59gyoWDRi45GiYUMM3K1qO51qoboQT1E= -cloud.google.com/go/longrunning v0.7.0/go.mod h1:ySn2yXmjbK9Ba0zsQqunhDkYi0+9rlXIwnoAf+h+TPY= +cloud.google.com/go/kms v1.26.0 h1:cK9mN2cf+9V63D3H1f6koxTatWy39aTI/hCjz1I+adU= +cloud.google.com/go/kms v1.26.0/go.mod h1:pHKOdFJm63hxBsiPkYtowZPltu9dW0MWvBa6IA4HM58= +cloud.google.com/go/longrunning v0.8.0 h1:LiKK77J3bx5gDLi4SMViHixjD2ohlkwBi+mKA7EhfW8= +cloud.google.com/go/longrunning v0.8.0/go.mod h1:UmErU2Onzi+fKDg2gR7dusz11Pe26aknR4kHmJJqIfk= cloud.google.com/go/monitoring v1.24.3 h1:dde+gMNc0UhPZD1Azu6at2e79bfdztVDS5lvhOdsgaE= cloud.google.com/go/monitoring v1.24.3/go.mod h1:nYP6W0tm3N9H/bOw8am7t62YTzZY+zUeQ+Bi6+2eonI= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= @@ -54,8 +54,8 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.57.2 h1:sVlym3cHGYhrp6XZKkKb+92I1V42ks2qKKpB0CF5Mb4= -cloud.google.com/go/storage v1.57.2/go.mod h1:n5ijg4yiRXXpCu0sJTD6k+eMf7GRrJmPyr9YxLXGHOk= +cloud.google.com/go/storage v1.61.3 h1:VS//ZfBuPGDvakfD9xyPW1RGF1Vy3BWUoVZXgW1KMOg= +cloud.google.com/go/storage v1.61.3/go.mod h1:JtqK8BBB7TWv0HVGHubtUdzYYrakOQIsMLffZ2Z/HWk= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -66,12 +66,12 @@ github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg6 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 h1:sBEjpZlNHzK1voKq9695PJSX2o5NEXl7/OL3coiIY0c= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0/go.mod h1:P4WPRUkOhJC13W//jWpyfJNDAIpvRbAUIYLX/4jtlE0= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.54.0 h1:lhhYARPUu3LmHysQ/igznQphfzynnqI3D75oUyw1HXk= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.54.0/go.mod h1:l9rva3ApbBpEJxSNYnwT9N4CDLrWgtq3u8736C5hyJw= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.54.0 h1:s0WlVbf9qpvkh1c/uDAPElam0WrL7fHRIidgZJ7UqZI= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.54.0/go.mod h1:Mf6O40IAyB9zR/1J8nGDDPirZQQPbYJni8Yisy7NTMc= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0 h1:DHa2U07rk8syqvCge0QIGMCE1WxGj9njT44GH7zNJLQ= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0/go.mod h1:P4WPRUkOhJC13W//jWpyfJNDAIpvRbAUIYLX/4jtlE0= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0 h1:UnDZ/zFfG1JhH/DqxIZYU/1CUAlTUScoXD/LcM2Ykk8= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0/go.mod h1:IA1C1U7jO/ENqm/vhi7V9YYpBsp+IMyqNrEN94N7tVc= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0 h1:0s6TxfCu2KHkkZPnBfsQ2y5qia0jl3MMrmBhu3nCOYk= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0/go.mod h1:Mf6O40IAyB9zR/1J8nGDDPirZQQPbYJni8Yisy7NTMc= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -84,34 +84,34 @@ github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJ github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/aws/aws-sdk-go-v2 v1.40.0 h1:/WMUA0kjhZExjOQN2z3oLALDREea1A7TobfuiBrKlwc= -github.com/aws/aws-sdk-go-v2 v1.40.0/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE= -github.com/aws/aws-sdk-go-v2/config v1.32.2 h1:4liUsdEpUUPZs5WVapsJLx5NPmQhQdez7nYFcovrytk= -github.com/aws/aws-sdk-go-v2/config v1.32.2/go.mod h1:l0hs06IFz1eCT+jTacU/qZtC33nvcnLADAPL/XyrkZI= -github.com/aws/aws-sdk-go-v2/credentials v1.19.2 h1:qZry8VUyTK4VIo5aEdUcBjPZHL2v4FyQ3QEOaWcFLu4= -github.com/aws/aws-sdk-go-v2/credentials v1.19.2/go.mod h1:YUqm5a1/kBnoK+/NY5WEiMocZihKSo15/tJdmdXnM5g= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 h1:WZVR5DbDgxzA0BJeudId89Kmgy6DIU4ORpxwsVHz0qA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14/go.mod h1:Dadl9QO0kHgbrH1GRqGiZdYtW5w+IXXaBNCHTIaheM4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 h1:PZHqQACxYb8mYgms4RZbhZG0a7dPW06xOjmaH0EJC/I= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14/go.mod h1:VymhrMJUWs69D8u0/lZ7jSB6WgaG/NqHi3gX0aYf6U0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 h1:bOS19y6zlJwagBfHxs0ESzr1XCOU2KXJCWcq3E2vfjY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14/go.mod h1:1ipeGBMAxZ0xcTm6y6paC2C/J6f6OO7LBODV9afuAyM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 h1:x2Ibm/Af8Fi+BH+Hsn9TXGdT+hKbDd5XOTZxTMxDk7o= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3/go.mod h1:IW1jwyrQgMdhisceG8fQLmQIydcT/jWY21rFhzgaKwo= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 h1:FIouAnCE46kyYqyhs0XEBDFFSREtdnr8HQuLPQPLCrY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14/go.mod h1:UTwDc5COa5+guonQU8qBikJo1ZJ4ln2r1MkF7Dqag1E= -github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 h1:MxMBdKTYBjPQChlJhi4qlEueqB1p1KcbTEa7tD5aqPs= -github.com/aws/aws-sdk-go-v2/service/signin v1.0.2/go.mod h1:iS6EPmNeqCsGo+xQmXv0jIMjyYtQfnwg36zl2FwEouk= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 h1:ksUT5KtgpZd3SAiFJNJ0AFEJVva3gjBmN7eXUZjzUwQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.5/go.mod h1:av+ArJpoYf3pgyrj6tcehSFW+y9/QvAY8kMooR9bZCw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 h1:GtsxyiF3Nd3JahRBJbxLCCdYW9ltGQYrFWg8XdkGDd8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10/go.mod h1:/j67Z5XBVDx8nZVp9EuFM9/BS5dvBznbqILGuu73hug= -github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 h1:a5UTtD4mHBU3t0o6aHQZFJTNKVfxFWfPX7J0Lr7G+uY= -github.com/aws/aws-sdk-go-v2/service/sts v1.41.2/go.mod h1:6TxbXoDSgBQ225Qd8Q+MbxUxUh6TtNKwbRt/EPS9xso= -github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk= -github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= +github.com/aws/aws-sdk-go-v2 v1.41.9 h1:/rYeyO2+HrMztAmxAq9++XJtFMqSIpSsNA0yDGALYq4= +github.com/aws/aws-sdk-go-v2 v1.41.9/go.mod h1:+HsoOEX80qAVUitj1A2DhCNTjmb3edVyuDypb6LNEeo= +github.com/aws/aws-sdk-go-v2/config v1.32.20 h1:8VMDnWc/kEzxsI/1ngGM9mG81a8IGmIHD8KLcYGwagc= +github.com/aws/aws-sdk-go-v2/config v1.32.20/go.mod h1:PuwEpciweIXGULWeOeSTXtSbH4CW9mWdWrhdCKQI1sM= +github.com/aws/aws-sdk-go-v2/credentials v1.19.19 h1:yuFzSV1U0aRNYCQGVaTY2zW2M/L93pYHnXnrJUphYhU= +github.com/aws/aws-sdk-go-v2/credentials v1.19.19/go.mod h1:7y63L1kGzeoDlJaQ3Z578KrnmfBut96JjvJUzGwR+YE= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.25 h1:0w6dCiO8iez+YKwRhRBlL1CH/E3GTfdkuzrwj1by8vo= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.25/go.mod h1:9FDWUothyr5RCRAHc45XOiVCzUR8n/IhCYX+uVqw6vk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.25 h1:Uii3frf9ztec/ABM2/FSH9/z7PLzxfpG8h4RpkUFflQ= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.25/go.mod h1:G6kntsA2GorAxDPbap6xgB2F+amSLUF8GJTi7PUoX44= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.25 h1:r1+/l6m+WaUJF9HISEsNOLHSNj5EXYQxK8VX6Cz9NlA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.25/go.mod h1:cKf+D+NMDK1LndD7BowHbBZPgR9V0/5HubH0PFWvA+c= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.26 h1:A1PmWU2zfkIm9EyFlJncFXL4W4phML+h8KjltUsCvNQ= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.26/go.mod h1:dY4MRzXEizrD4hqtpKvWVGPX7QleSGGVY+EBolo1RmM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.10 h1:d5/908OJ4bXg8lyjeMPvXetEKqoDoLi5Owy1zNue3yg= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.10/go.mod h1:a57l7Hwh+FWI+we50g5NPJHYUKeJKfXbc4w8SyXu8Ig= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.25 h1:dD3dhHNglpd98gs72my22Ndqi1hqQGllFFg1F+twfxg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.25/go.mod h1:0yAbjPfd64gG7mj85RW+fMEYdfBgCRZw8g/oWcL1pjc= +github.com/aws/aws-sdk-go-v2/service/signin v1.1.1 h1:1VwbP3qMNfxUDEXWki4rCE5iA+44VA1lokTz9HasGzw= +github.com/aws/aws-sdk-go-v2/service/signin v1.1.1/go.mod h1:vUtyoSj0OPji3kjIVSc/GlKuWEiL33f/WFxl6dmpy/A= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.19 h1:N6pIsdFOW1Kd9S4KyFKXdGRBojPPxkP32+uHFWLv4Hc= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.19/go.mod h1:3gt5WJArFooNmyLONS+h/R4J+o86II8du38IgCwj9dE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.2 h1:hc+lBYiiTr8Zk4MTzIsQ92MeDWCIDvWGmzKUWOaBcOg= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.2/go.mod h1:hU6fqB3OJA6/ePheD47LQnxvjYk6br6PtQxs+Q9ojvk= +github.com/aws/aws-sdk-go-v2/service/sts v1.42.3 h1:ErklX/7uhSbkAAeyQD/Y1OoQ9hO3SJXQNEgksORW3Js= +github.com/aws/aws-sdk-go-v2/service/sts v1.42.3/go.mod h1:ULe4HCzfKPiR6R3HEurE3b1upEkuk8AkMrOKtaOxKO8= +github.com/aws/smithy-go v1.26.0 h1:9ouqbi+NyKP7fV3Te7UElCwdAb6Y8uk7LGwPE5tVe/s= +github.com/aws/smithy-go v1.26.0/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= @@ -131,8 +131,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w= -github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI= +github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 h1:aBangftG7EVZoUb69Os8IaYg++6uMOdKK83QtkkvJik= +github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2/go.mod h1:qwXFYgsP6T7XnJtbKlf1HP8AjxZZyzxMmc+Lq5GjlU4= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= @@ -164,11 +164,11 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA= -github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g= -github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98= +github.com/envoyproxy/go-control-plane/envoy v1.37.0 h1:u3riX6BoYRfF4Dr7dwSOroNfdSbEPe9Yyl09/B6wBrQ= +github.com/envoyproxy/go-control-plane/envoy v1.37.0/go.mod h1:DReE9MMrmecPy+YvQOAOHNYMALuowAnbjjEMkkWOi6A= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4= -github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA= +github.com/envoyproxy/protoc-gen-validate v1.3.3 h1:MVQghNeW+LZcmXe7SY1V36Z+WFMDjpqGAGacLe2T0ds= +github.com/envoyproxy/protoc-gen-validate v1.3.3/go.mod h1:TsndJ/ngyIdQRhMcVVGDDHINPLWB7C82oDArY51KfB0= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= @@ -179,8 +179,8 @@ github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= -github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -278,12 +278,12 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.7.0 h1:JxUKI6+CVBgCO2WToKy/nQk0sS+amI9z9EjVmdaocj4= github.com/google/wire v0.7.0/go.mod h1:n6YbUQD9cPKTnHXEBN2DXlOp/mVADhVErcMFb0v3J18= -github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ= -github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= +github.com/googleapis/enterprise-certificate-proxy v0.3.14 h1:yh8ncqsbUY4shRD5dA6RlzjJaT4hi3kII+zYw8wmLb8= +github.com/googleapis/enterprise-certificate-proxy v0.3.14/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= -github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= +github.com/googleapis/gax-go/v2 v2.19.0 h1:fYQaUOiGwll0cGj7jmHT/0nPlcrZDFPrZRhTsoCr8hE= +github.com/googleapis/gax-go/v2 v2.19.0/go.mod h1:w2ROXVdfGEVFXzmlciUU4EdjHgWvB5h2n6x/8XSTTJA= github.com/hashicorp/consul/api v1.34.3 h1:OiZaQnwkS6uvutie3CF6NFXj8uScNezDlsU9MEqKT0s= github.com/hashicorp/consul/api v1.34.3/go.mod h1:A4wKd7yw7Wz4zn07p74+o0bLBi5dXsSDMMcMCEinY40= github.com/hashicorp/consul/sdk v0.18.1 h1:RDTeBvAeOveI2xI86sV+8WkaN7OkP4zz+cG3fOobDCM= @@ -482,12 +482,12 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= -go.opentelemetry.io/contrib/detectors/gcp v1.39.0 h1:kWRNZMsfBHZ+uHjiH4y7Etn2FK26LAGkNFw7RHv1DhE= -go.opentelemetry.io/contrib/detectors/gcp v1.39.0/go.mod h1:t/OGqzHBa5v6RHZwrDBJ2OirWc+4q/w2fTbLZwAKjTk= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 h1:YH4g8lQroajqUwWbq/tr2QX1JFmEXaDLgG+ew9bLMWo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0/go.mod h1:fvPi2qXDqFs8M4B4fmJhE92TyQs9Ydjlg3RvfUp+NbQ= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= +go.opentelemetry.io/contrib/detectors/gcp v1.42.0 h1:kpt2PEJuOuqYkPcktfJqWWDjTEd/FNgrxcniL7kQrXQ= +go.opentelemetry.io/contrib/detectors/gcp v1.42.0/go.mod h1:W9zQ439utxymRrXsUOzZbFX4JhLxXU4+ZnCt8GG7yA8= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0 h1:yI1/OhfEPy7J9eoa6Sj051C7n5dvpj0QX8g4sRchg04= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0/go.mod h1:NoUCKYWK+3ecatC4HjkRktREheMeEtrXoQxrqYFeHSc= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg= go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= @@ -498,8 +498,8 @@ go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfC go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= -gocloud.dev v0.45.0 h1:WknIK8IbRdmynDvara3Q7G6wQhmEiOGwpgJufbM39sY= -gocloud.dev v0.45.0/go.mod h1:0kXKmkCLG6d31N7NyLZWzt7jDSQura9zD/mWgiB6THI= +gocloud.dev v0.46.0 h1:niIuZwSjMtBx8K+ITB2s5kZullB13PGOS2ZoQPZxQ4Q= +gocloud.dev v0.46.0/go.mod h1:ACQe+2qO+hEO+pdcvvsM+RB63r8TyGD1W3ESCLFyzvM= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -508,8 +508,8 @@ golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= -golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -590,8 +590,8 @@ golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= -golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -605,8 +605,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= -golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -620,8 +620,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -690,8 +690,8 @@ golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= +golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= +golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -703,13 +703,13 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= -golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= -golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= +golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -791,8 +791,8 @@ google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBz google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.256.0 h1:u6Khm8+F9sxbCTYNoBHg6/Hwv0N/i+V94MvkOSor6oI= -google.golang.org/api v0.256.0/go.mod h1:KIgPhksXADEKJlnEoRa9qAII4rXcy40vfI8HRqcU964= +google.golang.org/api v0.272.0 h1:eLUQZGnAS3OHn31URRf9sAmRk3w2JjMx37d2k8AjJmA= +google.golang.org/api v0.272.0/go.mod h1:wKjowi5LNJc5qarNvDCvNQBn3rVK8nSy6jg2SwRwzIA= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -842,12 +842,12 @@ google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaE google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210517163617-5e0236093d7a/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20251124214823-79d6a2a48846 h1:dDbsTLIK7EzwUq36kCSAsk0slouq/S0tWHeeGi97cD8= -google.golang.org/genproto v0.0.0-20251124214823-79d6a2a48846/go.mod h1:PP0g88Dz3C7hRAfbQCQggeWAXjuqGsNPLE4s7jh0RGU= -google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= -google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto v0.0.0-20260316180232-0b37fe3546d5 h1:JNfk58HZ8lfmXbYK2vx/UvsqIL59TzByCxPIX4TDmsE= +google.golang.org/genproto v0.0.0-20260316180232-0b37fe3546d5/go.mod h1:x5julN69+ED4PcFk/XWayw35O0lf/nGa4aNgODCmNmw= +google.golang.org/genproto/googleapis/api v0.0.0-20260316180232-0b37fe3546d5 h1:CogIeEXn4qWYzzQU0QqvYBM8yDF9cFYzDq9ojSpv0Js= +google.golang.org/genproto/googleapis/api v0.0.0-20260316180232-0b37fe3546d5/go.mod h1:EIQZ5bFCfRQDV4MhRle7+OgjNtZ6P1PiZBgAKuxXu/Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5 h1:aJmi6DVGGIStN9Mobk/tZOOQUBbj0BPjZjjnOdoZKts= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -883,8 +883,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/cloud.google.com/go/auth/CHANGES.md b/vendor/cloud.google.com/go/auth/CHANGES.md index 4deca44..846231f 100644 --- a/vendor/cloud.google.com/go/auth/CHANGES.md +++ b/vendor/cloud.google.com/go/auth/CHANGES.md @@ -1,3 +1,26 @@ +# Changes + +## [0.18.2](https://github.com/googleapis/google-cloud-go/releases/tag/auth%2Fv0.18.2) (2026-02-13) + +### Bug Fixes + +* fixes gdch credentials logic (#13741) ([f82cda5](https://github.com/googleapis/google-cloud-go/commit/f82cda58bd9885b7b8a9d8b15126f5a1e0add0dc)) + +## [0.18.1](https://github.com/googleapis/google-cloud-go/releases/tag/auth%2Fv0.18.1) (2026-01-21) + +### Bug Fixes + +* add InternalOptions.TelemetryAttributes for internal client use (#13641) ([3876978](https://github.com/googleapis/google-cloud-go/commit/38769789755ed47d85e85dcd56596109de65f780)) +* remove singleton and restore normal usage of otelgrpc.clientHandler (#13522) ([673d4b0](https://github.com/googleapis/google-cloud-go/commit/673d4b05617f833aa433f7f6a350b5cb888ea20d)) + +## [0.18.0](https://github.com/googleapis/google-cloud-go/releases/tag/auth%2Fv0.18.0) (2025-12-15) + +### Features + +* Support scopes field from impersonated credential json (#13308) ([e3f62e1](https://github.com/googleapis/google-cloud-go/commit/e3f62e102840127a0058f5cced4c9738f2bf45f2)) +* add support for parsing EC private key (#13317) ([ea6bc62](https://github.com/googleapis/google-cloud-go/commit/ea6bc62ffe2cc0a6d607d698a181b37fa46c340d)) +* deprecate unsafe credentials JSON loading options (#13397) ([0dd2a3b](https://github.com/googleapis/google-cloud-go/commit/0dd2a3bdece9a85ee7216a737559fa9f5a869545)) + ## [0.17.0](https://github.com/googleapis/google-cloud-go/releases/tag/auth%2Fv0.17.0) (2025-10-02) ### Features @@ -5,8 +28,6 @@ * Add trust boundary support for service accounts and impersonation (HTTP/gRPC) (#11870) ([5c2b665](https://github.com/googleapis/google-cloud-go/commit/5c2b665f392e6dd90192f107188720aa1357e7da)) * add trust boundary support for external accounts (#12864) ([a67a146](https://github.com/googleapis/google-cloud-go/commit/a67a146a6a88a6f1ba10c409dfce8015ecd60a64)) -# Changelog - ## [0.16.5](https://github.com/googleapis/google-cloud-go/compare/auth/v0.16.4...auth/v0.16.5) (2025-08-14) diff --git a/vendor/cloud.google.com/go/auth/credentials/detect.go b/vendor/cloud.google.com/go/auth/credentials/detect.go index 6700e33..c9d7600 100644 --- a/vendor/cloud.google.com/go/auth/credentials/detect.go +++ b/vendor/cloud.google.com/go/auth/credentials/detect.go @@ -52,6 +52,44 @@ var ( allowOnGCECheck = true ) +// CredType specifies the type of JSON credentials being provided +// to a loading function such as [NewCredentialsFromFile] or +// [NewCredentialsFromJSON]. +type CredType string + +const ( + // ServiceAccount represents a service account file type. + ServiceAccount CredType = "service_account" + // AuthorizedUser represents a user credentials file type. + AuthorizedUser CredType = "authorized_user" + // ExternalAccount represents an external account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ExternalAccount CredType = "external_account" + // ImpersonatedServiceAccount represents an impersonated service account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ImpersonatedServiceAccount CredType = "impersonated_service_account" + // GDCHServiceAccount represents a GDCH service account credentials. + GDCHServiceAccount CredType = "gdch_service_account" + // ExternalAccountAuthorizedUser represents an external account authorized user credentials. + ExternalAccountAuthorizedUser CredType = "external_account_authorized_user" +) + // TokenBindingType specifies the type of binding used when requesting a token // whether to request a hard-bound token using mTLS or an instance identity // bound token using ALTS. @@ -92,6 +130,14 @@ func OnGCE() bool { // - On Google Compute Engine, Google App Engine standard second generation // runtimes, and Google App Engine flexible environment, it fetches // credentials from the metadata server. +// +// Important: If you accept a credential configuration (credential +// JSON/File/Stream) from an external source for authentication to Google +// Cloud Platform, you must validate it before providing it to any Google +// API or library. Providing an unvalidated credential configuration to +// Google APIs can compromise the security of your systems and data. For +// more information, refer to [Validate credential configurations from +// external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). func DetectDefault(opts *DetectOptions) (*auth.Credentials, error) { if err := opts.validate(); err != nil { return nil, err @@ -189,25 +235,61 @@ type DetectOptions struct { // from the provided filepath. If provided, CredentialsJSON must not be. // Optional. // - // Important: If you accept a credential configuration (credential - // JSON/File/Stream) from an external source for authentication to Google - // Cloud Platform, you must validate it before providing it to any Google - // API or library. Providing an unvalidated credential configuration to - // Google APIs can compromise the security of your systems and data. For - // more information, refer to [Validate credential configurations from - // external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). + // Deprecated: This field is deprecated because of a potential security risk. + // It does not validate the credential configuration. The security risk occurs + // when a credential configuration is accepted from a source that is not + // under your control and used without validation on your side. + // + // If you know that you will be loading credential configurations of a + // specific type, it is recommended to use a credential-type-specific + // NewCredentialsFromFile method. This will ensure that an unexpected + // credential type with potential for malicious intent is not loaded + // unintentionally. You might still have to do validation for certain + // credential types. Please follow the recommendation for that method. For + // example, if you want to load only service accounts, you can use + // + // creds, err := credentials.NewCredentialsFromFile(ctx, credentials.ServiceAccount, filename, opts) + // + // If you are loading your credential configuration from an untrusted source + // and have not mitigated the risks (e.g. by validating the configuration + // yourself), make these changes as soon as possible to prevent security + // risks to your environment. + // + // Regardless of the method used, it is always your responsibility to + // validate configurations received from external sources. + // + // For more details see: + // https://cloud.google.com/docs/authentication/external/externally-sourced-credentials CredentialsFile string // CredentialsJSON overrides detection logic and uses the JSON bytes as the // source for the credential. If provided, CredentialsFile must not be. // Optional. // - // Important: If you accept a credential configuration (credential - // JSON/File/Stream) from an external source for authentication to Google - // Cloud Platform, you must validate it before providing it to any Google - // API or library. Providing an unvalidated credential configuration to - // Google APIs can compromise the security of your systems and data. For - // more information, refer to [Validate credential configurations from - // external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). + // Deprecated: This field is deprecated because of a potential security risk. + // It does not validate the credential configuration. The security risk occurs + // when a credential configuration is accepted from a source that is not + // under your control and used without validation on your side. + // + // If you know that you will be loading credential configurations of a + // specific type, it is recommended to use a credential-type-specific + // NewCredentialsFromJSON method. This will ensure that an unexpected + // credential type with potential for malicious intent is not loaded + // unintentionally. You might still have to do validation for certain + // credential types. Please follow the recommendation for that method. For + // example, if you want to load only service accounts, you can use + // + // creds, err := credentials.NewCredentialsFromJSON(ctx, credentials.ServiceAccount, json, opts) + // + // If you are loading your credential configuration from an untrusted source + // and have not mitigated the risks (e.g. by validating the configuration + // yourself), make these changes as soon as possible to prevent security + // risks to your environment. + // + // Regardless of the method used, it is always your responsibility to + // validate configurations received from external sources. + // + // For more details see: + // https://cloud.google.com/docs/authentication/external/externally-sourced-credentials CredentialsJSON []byte // UseSelfSignedJWT directs service account based credentials to create a // self-signed JWT with the private key found in the file, skipping any @@ -227,6 +309,61 @@ type DetectOptions struct { Logger *slog.Logger } +// NewCredentialsFromFile creates a [cloud.google.com/go/auth.Credentials] from +// the provided file. The credType argument specifies the expected credential +// type. If the file content does not match the expected type, an error is +// returned. +// +// Important: If you accept a credential configuration (credential +// JSON/File/Stream) from an external source for authentication to Google +// Cloud Platform, you must validate it before providing it to any Google +// API or library. Providing an unvalidated credential configuration to +// Google APIs can compromise the security of your systems and data. For +// more information, refer to [Validate credential configurations from +// external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). +func NewCredentialsFromFile(credType CredType, filename string, opts *DetectOptions) (*auth.Credentials, error) { + b, err := os.ReadFile(filename) + if err != nil { + return nil, err + } + return NewCredentialsFromJSON(credType, b, opts) +} + +// NewCredentialsFromJSON creates a [cloud.google.com/go/auth.Credentials] from +// the provided JSON bytes. The credType argument specifies the expected +// credential type. If the JSON does not match the expected type, an error is +// returned. +// +// Important: If you accept a credential configuration (credential +// JSON/File/Stream) from an external source for authentication to Google +// Cloud Platform, you must validate it before providing it to any Google +// API or library. Providing an unvalidated credential configuration to +// Google APIs can compromise the security of your systems and data. For +// more information, refer to [Validate credential configurations from +// external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). +func NewCredentialsFromJSON(credType CredType, b []byte, opts *DetectOptions) (*auth.Credentials, error) { + if err := checkCredentialType(b, credType); err != nil { + return nil, err + } + // We can't use readCredentialsFileJSON because it does auto-detection + // for client_credentials.json which we don't support here (no type field). + // Instead, we call fileCredentials just as readCredentialsFileJSON does + // when it doesn't detect client_credentials.json. + return fileCredentials(b, opts) +} + +func checkCredentialType(b []byte, expected CredType) error { + + fileType, err := credsfile.ParseFileType(b) + if err != nil { + return err + } + if CredType(fileType) != expected { + return fmt.Errorf("credentials: expected type %q, found %q", expected, fileType) + } + return nil +} + func (o *DetectOptions) validate() error { if o == nil { return errors.New("credentials: options must be provided") diff --git a/vendor/cloud.google.com/go/auth/credentials/filetypes.go b/vendor/cloud.google.com/go/auth/credentials/filetypes.go index d2a0424..f3737a5 100644 --- a/vendor/cloud.google.com/go/auth/credentials/filetypes.go +++ b/vendor/cloud.google.com/go/auth/credentials/filetypes.go @@ -28,18 +28,21 @@ import ( "cloud.google.com/go/auth/internal/trustboundary" ) +const cloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" + func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) { fileType, err := credsfile.ParseFileType(b) if err != nil { return nil, err } + if fileType == "" { + return nil, errors.New("credentials: unsupported unidentified file type") + } var projectID, universeDomain string var tp auth.TokenProvider - switch fileType { - case credsfile.UnknownCredType: - return nil, errors.New("credentials: unsupported unidentified file type") - case credsfile.ServiceAccountKey: + switch CredType(fileType) { + case ServiceAccount: f, err := credsfile.ParseServiceAccount(b) if err != nil { return nil, err @@ -50,7 +53,7 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) { } projectID = f.ProjectID universeDomain = resolveUniverseDomain(opts.UniverseDomain, f.UniverseDomain) - case credsfile.UserCredentialsKey: + case AuthorizedUser: f, err := credsfile.ParseUserCredentials(b) if err != nil { return nil, err @@ -60,7 +63,7 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) { return nil, err } universeDomain = f.UniverseDomain - case credsfile.ExternalAccountKey: + case ExternalAccount: f, err := credsfile.ParseExternalAccount(b) if err != nil { return nil, err @@ -70,7 +73,7 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) { return nil, err } universeDomain = resolveUniverseDomain(opts.UniverseDomain, f.UniverseDomain) - case credsfile.ExternalAccountAuthorizedUserKey: + case ExternalAccountAuthorizedUser: f, err := credsfile.ParseExternalAccountAuthorizedUser(b) if err != nil { return nil, err @@ -80,7 +83,7 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) { return nil, err } universeDomain = f.UniverseDomain - case credsfile.ImpersonatedServiceAccountKey: + case ImpersonatedServiceAccount: f, err := credsfile.ParseImpersonatedServiceAccount(b) if err != nil { return nil, err @@ -90,7 +93,7 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) { return nil, err } universeDomain = resolveUniverseDomain(opts.UniverseDomain, f.UniverseDomain) - case credsfile.GDCHServiceAccountKey: + case GDCHServiceAccount: f, err := credsfile.ParseGDCHServiceAccount(b) if err != nil { return nil, err @@ -275,14 +278,24 @@ func handleImpersonatedServiceAccount(f *credsfile.ImpersonatedServiceAccountFil return nil, errors.New("missing 'source_credentials' field or 'service_account_impersonation_url' in credentials") } - sourceTP, err := fileCredentials(f.CredSource, opts) + sourceOpts := *opts + + // Source credential needs IAM or Cloud Platform scope to call the + // iamcredentials endpoint. The scopes provided by the user are for the + // impersonated credentials. + sourceOpts.Scopes = []string{cloudPlatformScope} + sourceTP, err := fileCredentials(f.CredSource, &sourceOpts) if err != nil { return nil, err } ud := resolveUniverseDomain(opts.UniverseDomain, f.UniverseDomain) + scopes := opts.scopes() + if len(scopes) == 0 { + scopes = f.Scopes + } impOpts := &impersonate.Options{ URL: f.ServiceAccountImpersonationURL, - Scopes: opts.scopes(), + Scopes: scopes, Tp: sourceTP, Delegates: f.Delegates, Client: opts.client(), diff --git a/vendor/cloud.google.com/go/auth/credentials/internal/gdch/gdch.go b/vendor/cloud.google.com/go/auth/credentials/internal/gdch/gdch.go index c2d320f..19a2051 100644 --- a/vendor/cloud.google.com/go/auth/credentials/internal/gdch/gdch.go +++ b/vendor/cloud.google.com/go/auth/credentials/internal/gdch/gdch.go @@ -15,6 +15,7 @@ package gdch import ( + "bytes" "context" "crypto" "crypto/tls" @@ -24,9 +25,7 @@ import ( "fmt" "log/slog" "net/http" - "net/url" "os" - "strings" "time" "cloud.google.com/go/auth" @@ -121,27 +120,34 @@ func (g gdchProvider) Token(ctx context.Context) (*auth.Token, error) { Exp: exp.Unix(), } h := jwt.Header{ - Algorithm: jwt.HeaderAlgRSA256, + Algorithm: jwt.HeaderAlgES256, Type: jwt.HeaderType, - KeyID: string(g.pkID), + KeyID: g.pkID, } payload, err := jwt.EncodeJWS(&h, &claims, g.signer) if err != nil { return nil, err } - v := url.Values{} - v.Set("grant_type", GrantType) - v.Set("audience", g.aud) - v.Set("requested_token_type", requestTokenType) - v.Set("subject_token", payload) - v.Set("subject_token_type", subjectTokenType) - req, err := http.NewRequestWithContext(ctx, "POST", g.tokenURL, strings.NewReader(v.Encode())) + v := map[string]string{ + "grant_type": GrantType, + "audience": g.aud, + "requested_token_type": requestTokenType, + "subject_token": payload, + "subject_token_type": subjectTokenType, + } + + r, err := json.Marshal(v) + if err != nil { + return nil, fmt.Errorf("credentials: cannot marshal token request: %w", err) + } + + req, err := http.NewRequestWithContext(ctx, "POST", g.tokenURL, bytes.NewReader(r)) if err != nil { return nil, err } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - g.logger.DebugContext(ctx, "gdch token request", "request", internallog.HTTPRequest(req, []byte(v.Encode()))) + req.Header.Set("Content-Type", "application/json") + g.logger.DebugContext(ctx, "gdch token request", "request", internallog.HTTPRequest(req, r)) resp, body, err := internal.DoRequest(g.client, req) if err != nil { return nil, fmt.Errorf("credentials: cannot fetch token: %w", err) @@ -188,4 +194,5 @@ func addCertToTransport(hc *http.Client, certPool *x509.CertPool) { trans.TLSClientConfig = &tls.Config{ RootCAs: certPool, } + hc.Transport = trans } diff --git a/vendor/cloud.google.com/go/auth/httptransport/httptransport.go b/vendor/cloud.google.com/go/auth/httptransport/httptransport.go index c912653..bd69390 100644 --- a/vendor/cloud.google.com/go/auth/httptransport/httptransport.go +++ b/vendor/cloud.google.com/go/auth/httptransport/httptransport.go @@ -168,6 +168,15 @@ type InternalOptions struct { // for the credentials. It should only be used internally for clients that // need more control over their transport. The default is false. SkipUniverseDomainValidation bool + // TelemetryAttributes specifies a map of telemetry attributes to be added + // to all OpenTelemetry signals, such as tracing and metrics, for purposes + // including representing the static identity of the client (e.g., service + // name, version). These attributes are expected to be consistent across all + // signals to enable cross-signal correlation. + // + // It should only be used internally by generated clients. Callers should not + // modify the map after it is passed in. + TelemetryAttributes map[string]string } // AddAuthorizationMiddleware adds a middleware to the provided client's diff --git a/vendor/cloud.google.com/go/auth/internal/credsfile/credsfile.go b/vendor/cloud.google.com/go/auth/internal/credsfile/credsfile.go index 9cd4bed..84aab84 100644 --- a/vendor/cloud.google.com/go/auth/internal/credsfile/credsfile.go +++ b/vendor/cloud.google.com/go/auth/internal/credsfile/credsfile.go @@ -32,50 +32,6 @@ const ( userCredsFilename = "application_default_credentials.json" ) -// CredentialType represents different credential filetypes Google credentials -// can be. -type CredentialType int - -const ( - // UnknownCredType is an unidentified file type. - UnknownCredType CredentialType = iota - // UserCredentialsKey represents a user creds file type. - UserCredentialsKey - // ServiceAccountKey represents a service account file type. - ServiceAccountKey - // ImpersonatedServiceAccountKey represents a impersonated service account - // file type. - ImpersonatedServiceAccountKey - // ExternalAccountKey represents a external account file type. - ExternalAccountKey - // GDCHServiceAccountKey represents a GDCH file type. - GDCHServiceAccountKey - // ExternalAccountAuthorizedUserKey represents a external account authorized - // user file type. - ExternalAccountAuthorizedUserKey -) - -// parseCredentialType returns the associated filetype based on the parsed -// typeString provided. -func parseCredentialType(typeString string) CredentialType { - switch typeString { - case "service_account": - return ServiceAccountKey - case "authorized_user": - return UserCredentialsKey - case "impersonated_service_account": - return ImpersonatedServiceAccountKey - case "external_account": - return ExternalAccountKey - case "external_account_authorized_user": - return ExternalAccountAuthorizedUserKey - case "gdch_service_account": - return GDCHServiceAccountKey - default: - return UnknownCredType - } -} - // GetFileNameFromEnv returns the override if provided or detects a filename // from the environment. func GetFileNameFromEnv(override string) string { diff --git a/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go b/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go index 6063473..cbba2eb 100644 --- a/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go +++ b/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go @@ -140,6 +140,7 @@ type ImpersonatedServiceAccountFile struct { Type string `json:"type"` ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"` Delegates []string `json:"delegates"` + Scopes []string `json:"scopes"` CredSource json.RawMessage `json:"source_credentials"` UniverseDomain string `json:"universe_domain"` } diff --git a/vendor/cloud.google.com/go/auth/internal/credsfile/parse.go b/vendor/cloud.google.com/go/auth/internal/credsfile/parse.go index a02b9f5..f2cedb7 100644 --- a/vendor/cloud.google.com/go/auth/internal/credsfile/parse.go +++ b/vendor/cloud.google.com/go/auth/internal/credsfile/parse.go @@ -89,10 +89,11 @@ type fileTypeChecker struct { } // ParseFileType determines the [CredentialType] based on bytes provided. -func ParseFileType(b []byte) (CredentialType, error) { +// Only returns error for json.Unmarshal. +func ParseFileType(b []byte) (string, error) { var f fileTypeChecker if err := json.Unmarshal(b, &f); err != nil { - return 0, err + return "", err } - return parseCredentialType(f.Type), nil + return f.Type, nil } diff --git a/vendor/cloud.google.com/go/auth/internal/internal.go b/vendor/cloud.google.com/go/auth/internal/internal.go index 72a8a6b..48e9bd9 100644 --- a/vendor/cloud.google.com/go/auth/internal/internal.go +++ b/vendor/cloud.google.com/go/auth/internal/internal.go @@ -88,12 +88,13 @@ func ParseKey(key []byte) (crypto.Signer, error) { key = block.Bytes } var parsedKey crypto.PrivateKey - var err error - parsedKey, err = x509.ParsePKCS8PrivateKey(key) - if err != nil { - parsedKey, err = x509.ParsePKCS1PrivateKey(key) - if err != nil { - return nil, fmt.Errorf("private key should be a PEM or plain PKCS1 or PKCS8: %w", err) + + var errPKCS8, errPKCS1, errEC error + if parsedKey, errPKCS8 = x509.ParsePKCS8PrivateKey(key); errPKCS8 != nil { + if parsedKey, errPKCS1 = x509.ParsePKCS1PrivateKey(key); errPKCS1 != nil { + if parsedKey, errEC = x509.ParseECPrivateKey(key); errEC != nil { + return nil, fmt.Errorf("failed to parse private key. Tried PKCS8, PKCS1, and EC formats. Errors: [PKCS8: %v], [PKCS1: %v], [EC: %v]", errPKCS8, errPKCS1, errEC) + } } } parsed, ok := parsedKey.(crypto.Signer) diff --git a/vendor/cloud.google.com/go/auth/internal/jwt/jwt.go b/vendor/cloud.google.com/go/auth/internal/jwt/jwt.go index 9bd55f5..027c0da 100644 --- a/vendor/cloud.google.com/go/auth/internal/jwt/jwt.go +++ b/vendor/cloud.google.com/go/auth/internal/jwt/jwt.go @@ -17,13 +17,16 @@ package jwt import ( "bytes" "crypto" + "crypto/ecdsa" "crypto/rand" "crypto/rsa" "crypto/sha256" + "encoding/asn1" "encoding/base64" "encoding/json" "errors" "fmt" + "math/big" "strings" "time" ) @@ -35,6 +38,8 @@ const ( HeaderAlgES256 = "ES256" // HeaderType is the standard [Header.Type]. HeaderType = "JWT" + // ES256 key size + es256KeySize = 32 ) // Header represents a JWT header. @@ -127,6 +132,22 @@ func EncodeJWS(header *Header, c *Claims, signer crypto.Signer) (string, error) if err != nil { return "", err } + + if header.Algorithm == HeaderAlgES256 { + var ecSig struct { + R, S *big.Int + } + if _, err := asn1.Unmarshal(sig, &ecSig); err != nil { + return "", err + } + + rawSig := make([]byte, es256KeySize*2) + + ecSig.R.FillBytes(rawSig[:es256KeySize]) + ecSig.S.FillBytes(rawSig[es256KeySize:]) + + sig = rawSig + } return fmt.Sprintf("%s.%s", ss, base64.RawURLEncoding.EncodeToString(sig)), nil } @@ -153,7 +174,7 @@ func DecodeJWS(payload string) (*Claims, error) { // VerifyJWS tests whether the provided JWT token's signature was produced by // the private key associated with the provided public key. -func VerifyJWS(token string, key *rsa.PublicKey) error { +func VerifyJWS(token string, key crypto.PublicKey) error { parts := strings.Split(token, ".") if len(parts) != 3 { return errors.New("jwt: invalid token received, token must have 3 parts") @@ -167,5 +188,21 @@ func VerifyJWS(token string, key *rsa.PublicKey) error { h := sha256.New() h.Write([]byte(signedContent)) - return rsa.VerifyPKCS1v15(key, crypto.SHA256, h.Sum(nil), signatureString) + hashed := h.Sum(nil) + + switch pub := key.(type) { + case *rsa.PublicKey: + return rsa.VerifyPKCS1v15(pub, crypto.SHA256, hashed, signatureString) + case *ecdsa.PublicKey: + if len(signatureString) != 2*32 { + return fmt.Errorf("jwt: ecdsa signature size should be 64 bytes, got %d", len(signatureString)) + } + r := new(big.Int).SetBytes(signatureString[:32]) + s := new(big.Int).SetBytes(signatureString[32:]) + if !ecdsa.Verify(pub, hashed, r, s) { + return errors.New("jwt: ecdsa signature verification failed") + } + return nil + } + return fmt.Errorf("jwt: unsupported public key type: %T", key) } diff --git a/vendor/cloud.google.com/go/auth/internal/version.go b/vendor/cloud.google.com/go/auth/internal/version.go index e2f56cf..b730086 100644 --- a/vendor/cloud.google.com/go/auth/internal/version.go +++ b/vendor/cloud.google.com/go/auth/internal/version.go @@ -1,4 +1,4 @@ -// Copyright 2025 Google LLC +// Copyright 2026 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ package internal // Version is the current tagged release of the library. -const Version = "0.17.0" +const Version = "0.18.2" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go index 3219517..372b151 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go @@ -204,6 +204,10 @@ type Config struct { // when constructing clients for specific services. Each callback function receives the service ID // and the service's Options struct, allowing for dynamic configuration based on the service. ServiceOptions []func(string, any) + + // Controls whether the SDK restricts file permissions on credential + // cache files it creates. + RestrictFilePermissions RestrictFilePermissions } // NewConfig returns a new Config pointer that can be chained with builder diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go index 97bc17f..3c59b29 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go @@ -3,4 +3,4 @@ package aws // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.40.0" +const goModuleVersion = "1.41.9" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go index 3603447..39efd84 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go @@ -3,7 +3,7 @@ package query import ( "context" "fmt" - "io/ioutil" + "io" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -52,7 +52,7 @@ func (m *asGetRequest) HandleSerialize( delim = "&" } - b, err := ioutil.ReadAll(stream) + b, err := io.ReadAll(stream) if err != nil { return out, metadata, fmt.Errorf("unable to get request body %w", err) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/restrict_file_permissions.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/restrict_file_permissions.go new file mode 100644 index 0000000..6360b65 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/restrict_file_permissions.go @@ -0,0 +1,21 @@ +package aws + +// RestrictFilePermissions controls whether the SDK restricts file permissions +// on credential cache files it creates. +type RestrictFilePermissions string + +const ( + // RestrictFilePermissionsUnset indicates the setting has not been + // configured. + RestrictFilePermissionsUnset RestrictFilePermissions = "" + + // RestrictFilePermissionsUserReadWrite sets file permissions to owner + // read/write only (0600) and directory permissions to owner only (0700) + // when creating new cache files and directories on Unix. This is the + // default behavior. + RestrictFilePermissionsUserReadWrite RestrictFilePermissions = "user_read_write" + + // RestrictFilePermissionsUnrestricted does not set any file or directory + // permissions, relying on the system's default umask. + RestrictFilePermissionsUnrestricted RestrictFilePermissions = "unrestricted" +) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go index 5549922..52acb62 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go @@ -6,6 +6,7 @@ import ( "fmt" "strconv" "strings" + "sync/atomic" "time" internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" @@ -43,6 +44,10 @@ type Attempt struct { // A Meter instance for recording retry-related metrics. OperationMeter metrics.Meter + // Initial clock skew that would have been saved from a previous operation + // call. + ClientSkew *atomic.Int64 + retryer aws.RetryerV2 requestCloner RequestCloner } @@ -82,8 +87,12 @@ func (r Attempt) logf(logger logging.Logger, classification logging.Classificati func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeInput, next smithymiddle.FinalizeHandler) ( out smithymiddle.FinalizeOutput, metadata smithymiddle.Metadata, err error, ) { - var attemptNum int var attemptClockSkew time.Duration + if r.ClientSkew != nil { + attemptClockSkew = time.Duration(r.ClientSkew.Load()) + } + + var attemptNum int var attemptResults AttemptResults maxAttempts := r.retryer.MaxAttempts() @@ -99,6 +108,8 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn attemptInput := in attemptInput.Request = r.requestCloner(attemptInput.Request) + ctx = internalcontext.SetAttemptSkewContext(ctx, attemptClockSkew) + // Record the metadata for the for attempt being started. attemptCtx := setRetryMetadata(ctx, retryMetadata{ AttemptNum: attemptNum, @@ -107,9 +118,6 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn AttemptClockSkew: attemptClockSkew, }) - // Setting clock skew to be used on other context (like signing) - ctx = internalcontext.SetAttemptSkewContext(ctx, attemptClockSkew) - var attemptResult AttemptResult attemptCtx, span := tracing.StartSpan(attemptCtx, "Attempt", func(o *tracing.SpanOptions) { @@ -149,6 +157,14 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn } } + // this guarantees we are staying on top of the persistent skew value + // (either to apply it or to heal it back if the clocks realign) + if r.ClientSkew != nil { + if resultSkew, ok := awsmiddle.GetAttemptSkew(metadata); ok { + r.ClientSkew.Store(resultSkew.Nanoseconds()) + } + } + addAttemptResults(&metadata, attemptResults) return out, metadata, err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go index 8d7c35a..49cc312 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go @@ -18,6 +18,7 @@ var ( // Default connection pool options DefaultHTTPTransportMaxIdleConns = 100 DefaultHTTPTransportMaxIdleConnsPerHost = 10 + DefaultHTTPTransportMaxConnsPerHost = 2048 // Default connection timeouts DefaultHTTPTransportIdleConnTimeout = 90 * time.Second @@ -186,6 +187,7 @@ func defaultHTTPTransport() *http.Transport { TLSHandshakeTimeout: DefaultHTTPTransportTLSHandleshakeTimeout, MaxIdleConns: DefaultHTTPTransportMaxIdleConns, MaxIdleConnsPerHost: DefaultHTTPTransportMaxIdleConnsPerHost, + MaxConnsPerHost: DefaultHTTPTransportMaxConnsPerHost, IdleConnTimeout: DefaultHTTPTransportIdleConnTimeout, ExpectContinueTimeout: DefaultHTTPTransportExpectContinueTimeout, ForceAttemptHTTP2: true, @@ -298,6 +300,17 @@ func limitedRedirect(r *http.Request, via []*http.Request) error { switch resp.StatusCode { case 307, 308: // Only allow 307 and 308 redirects as they preserve the method. + + // If redirecting to a different host, remove X-Amz-Security-Token header + // to prevent credentials from being sent to a different host, similar to + // how Authorization header is handled by the HTTP client. + if len(via) > 0 { + lastRequest := via[len(via)-1] + if lastRequest.URL.Host != r.URL.Host { + r.Header.Del("X-Amz-Security-Token") + } + } + return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md index 37b9f3f..5fed898 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md @@ -1,3 +1,83 @@ +# v1.32.20 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.19 (2026-05-28) + +* **Bug Fix**: Adds support for AWS_RESTRICT_FILE_PERMISSIONS for env and in-code config. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.18 (2026-05-22) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.17 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.16 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.15 (2026-04-16) + +* No change notes available for this release. + +# v1.32.14 (2026-04-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.13 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.12 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.11 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.10 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.9 (2026-02-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.8 (2026-02-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.7 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.6 (2025-12-16) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.5 (2025-12-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.4 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.3 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.32.2 (2025-11-25) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go index caa20a1..c6a6365 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go @@ -96,6 +96,8 @@ var defaultAWSConfigResolvers = []awsConfigResolver{ // Sets the ServiceOptions if present in LoadOptions resolveServiceOptions, + + resolveRestrictFilePermissions, } // A Config represents a generic configuration value or set of values. This type @@ -103,7 +105,7 @@ var defaultAWSConfigResolvers = []awsConfigResolver{ // // General the Config type will use type assertion against the Provider interfaces // to extract specific data from the Config. -type Config interface{} +type Config any // A loader is used to load external configuration data and returns it as // a generic Config type. @@ -170,8 +172,8 @@ func (cs configs) ResolveAWSConfig(ctx context.Context, resolvers []awsConfigRes // ResolveConfig calls the provide function passing slice of configuration sources. // This implements the aws.ConfigResolver interface. -func (cs configs) ResolveConfig(f func(configs []interface{}) error) error { - var cfgs []interface{} +func (cs configs) ResolveConfig(f func(configs []any) error) error { + var cfgs []any for i := range cs { cfgs = append(cfgs, cs[i]) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go index e932c63..f0619ce 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go @@ -87,6 +87,8 @@ const ( awsResponseChecksumValidation = "AWS_RESPONSE_CHECKSUM_VALIDATION" awsAuthSchemePreferenceEnv = "AWS_AUTH_SCHEME_PREFERENCE" + + awsRestrictFilePermissionsEnv = "AWS_RESTRICT_FILE_PERMISSIONS" ) var ( @@ -309,6 +311,10 @@ type EnvConfig struct { // Priority list of preferred auth scheme names (e.g. sigv4a). AuthSchemePreference []string + + // Controls whether the SDK restricts file permissions on credential + // cache files it creates. + RestrictFilePermissions aws.RestrictFilePermissions } // loadEnvConfig reads configuration values from the OS's environment variables. @@ -422,6 +428,10 @@ func NewEnvConfig() (EnvConfig, error) { cfg.AuthSchemePreference = toAuthSchemePreferenceList(os.Getenv(awsAuthSchemePreferenceEnv)) + if err := setRestrictFilePermissionsFromEnvVal(&cfg.RestrictFilePermissions, []string{awsRestrictFilePermissionsEnv}); err != nil { + return cfg, err + } + return cfg, nil } @@ -930,3 +940,27 @@ func (c EnvConfig) getAuthSchemePreference() ([]string, bool) { } return nil, false } + +func (c EnvConfig) getRestrictFilePermissions(context.Context) (aws.RestrictFilePermissions, bool, error) { + return c.RestrictFilePermissions, len(c.RestrictFilePermissions) > 0, nil +} + +func setRestrictFilePermissionsFromEnvVal(m *aws.RestrictFilePermissions, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + switch strings.ToLower(value) { + case "user_read_write": + *m = aws.RestrictFilePermissionsUserReadWrite + case "unrestricted": + *m = aws.RestrictFilePermissionsUnrestricted + default: + return fmt.Errorf("invalid value for environment variable, %s=%s, must be user_read_write/unrestricted", k, value) + } + break + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go index d59007f..0f69bcd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go @@ -3,4 +3,4 @@ package config // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.32.2" +const goModuleVersion = "1.32.20" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/errors.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/errors.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/errors.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/ini.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/ini.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/ini.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/ini.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/parse.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/parse.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/sections.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/sections.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/sections.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/sections.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/strings.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/strings.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/token.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/token.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/token.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/token.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/tokenize.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/tokenize.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/value.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/value.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go index 7cb5a13..843ea6b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go @@ -240,6 +240,10 @@ type LoadOptions struct { // when constructing clients for specific services. Each callback function receives the service ID // and the service's Options struct, allowing for dynamic configuration based on the service. ServiceOptions []func(string, any) + + // Controls whether the SDK restricts file permissions on credential + // cache files it creates. + RestrictFilePermissions aws.RestrictFilePermissions } func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) { @@ -1353,3 +1357,15 @@ func (o LoadOptions) getAuthSchemePreference() ([]string, bool) { } return nil, false } + +func (o LoadOptions) getRestrictFilePermissions(context.Context) (aws.RestrictFilePermissions, bool, error) { + return o.RestrictFilePermissions, len(o.RestrictFilePermissions) > 0, nil +} + +// WithRestrictFilePermissions sets the RestrictFilePermissions mode on config. +func WithRestrictFilePermissions(m aws.RestrictFilePermissions) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.RestrictFilePermissions = m + return nil + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go index 18b9b5a..deabd29 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go @@ -130,7 +130,7 @@ type IgnoreConfiguredEndpointsProvider interface { // GetIgnoreConfiguredEndpoints is used in knowing when to disable configured // endpoints feature. -func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []interface{}) (value bool, found bool, err error) { +func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []any) (value bool, found bool, err error) { for _, cfg := range configs { if p, ok := cfg.(IgnoreConfiguredEndpointsProvider); ok { value, found, err = p.GetIgnoreConfiguredEndpoints(ctx) @@ -784,3 +784,19 @@ func getServiceOptions(ctx context.Context, configs configs) (v []func(string, a } return v, found, err } + +type restrictFilePermissionsProvider interface { + getRestrictFilePermissions(context.Context) (aws.RestrictFilePermissions, bool, error) +} + +func getRestrictFilePermissions(ctx context.Context, configs configs) (value aws.RestrictFilePermissions, found bool, err error) { + for _, cfg := range configs { + if p, ok := cfg.(restrictFilePermissionsProvider); ok { + value, found, err = p.getRestrictFilePermissions(ctx) + if err != nil || found { + break + } + } + } + return +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go index 92a16d7..b6796fc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "io/ioutil" + "io" "net/http" "os" @@ -21,7 +21,7 @@ import ( // This should be used as the first resolver in the slice of resolvers when // resolving external configuration. func resolveDefaultAWSConfig(ctx context.Context, cfg *aws.Config, cfgs configs) error { - var sources []interface{} + var sources []any for _, s := range cfgs { sources = append(sources, s) } @@ -69,7 +69,7 @@ func resolveCustomCABundle(ctx context.Context, cfg *aws.Config, cfgs configs) e tr.TLSClientConfig.RootCAs = x509.NewCertPool() } - b, err := ioutil.ReadAll(pemCerts) + b, err := io.ReadAll(pemCerts) if err != nil { appendErr = fmt.Errorf("failed to read custom CA bundle PEM file") } @@ -106,9 +106,9 @@ func resolveRegion(ctx context.Context, cfg *aws.Config, configs configs) error } func resolveBaseEndpoint(ctx context.Context, cfg *aws.Config, configs configs) error { - var downcastCfgSources []interface{} + var downcastCfgSources []any for _, cs := range configs { - downcastCfgSources = append(downcastCfgSources, interface{}(cs)) + downcastCfgSources = append(downcastCfgSources, any(cs)) } if val, found, err := GetIgnoreConfiguredEndpoints(ctx, downcastCfgSources); found && val && err == nil { @@ -442,3 +442,17 @@ func resolveServiceOptions(ctx context.Context, cfg *aws.Config, configs configs cfg.ServiceOptions = serviceOptions return nil } + +func resolveRestrictFilePermissions(ctx context.Context, cfg *aws.Config, configs configs) error { + m, found, err := getRestrictFilePermissions(ctx, configs) + if err != nil { + return err + } + + if !found { + m = aws.RestrictFilePermissionsUserReadWrite + } + + cfg.RestrictFilePermissions = m + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go index de83985..fc9d47b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go @@ -3,7 +3,6 @@ package config import ( "context" "fmt" - "io/ioutil" "net" "net/url" "os" @@ -346,7 +345,7 @@ func resolveHTTPCredProvider(ctx context.Context, cfg *aws.Config, url, authToke options.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) { var contents []byte var err error - if contents, err = ioutil.ReadFile(authFilePath); err != nil { + if contents, err = os.ReadFile(authFilePath); err != nil { return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err) } return string(contents), nil @@ -641,6 +640,7 @@ func resolveLoginCredentials(ctx context.Context, cfg *aws.Config, sharedCfg *Sh svc := signin.NewFromConfig(*cfg) provider := logincreds.New(svc, tokenPath, func(o *logincreds.Options) { o.CredentialSources = getCredentialSources(ctx) + o.RestrictPermissions = cfg.RestrictFilePermissions != aws.RestrictFilePermissionsUnrestricted }) cfg.Credentials, err = wrapWithCredentialsCache(ctx, configs, provider) if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go index 5a0fea2..5b251f5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go @@ -6,15 +6,14 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "path/filepath" "strings" "time" "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config/internal/ini" "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" - "github.com/aws/aws-sdk-go-v2/internal/ini" "github.com/aws/aws-sdk-go-v2/internal/shareddefaults" "github.com/aws/smithy-go/logging" smithyrequestcompression "github.com/aws/smithy-go/private/requestcompression" @@ -502,7 +501,7 @@ func (c SharedConfig) getCustomCABundle(context.Context) (io.Reader, bool, error return nil, false, nil } - b, err := ioutil.ReadFile(c.CustomCABundle) + b, err := os.ReadFile(c.CustomCABundle) if err != nil { return nil, false, err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md index 547c330..87c8769 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md @@ -1,3 +1,78 @@ +# v1.19.19 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.18 (2026-05-28) + +* **Bug Fix**: Create new login cache files with 0600 on Unix platforms. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.17 (2026-05-22) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.16 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.15 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.14 (2026-04-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.13 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.12 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.11 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.10 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.9 (2026-02-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.8 (2026-02-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.7 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.6 (2025-12-16) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.5 (2025-12-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.4 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.3 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.19.2 (2025-11-25) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go index ff8fa09..0bf0937 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go @@ -3,4 +3,4 @@ package credentials // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.19.2" +const goModuleVersion = "1.19.19" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go index 6cd5281..a9dbe54 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go @@ -9,6 +9,6 @@ var openFile func(string) (io.ReadCloser, error) = func(name string) (io.ReadClo return os.Open(name) } -var createFile func(string) (io.WriteCloser, error) = func(name string) (io.WriteCloser, error) { - return os.Create(name) +var createFile func(string, os.FileMode) (io.WriteCloser, error) = func(name string, mode os.FileMode) (io.WriteCloser, error) { + return os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go index 3e6357b..1ca2a58 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go @@ -42,6 +42,10 @@ type Options struct { // The path to the cached login token. CachedTokenFilepath string + // Whether to restrict file permissions on newly-written cache files. + // When true, files are created with 0600 on Unix. + RestrictPermissions bool + // The chain of providers that was used to create this provider. // // These values are for reporting purposes and are not meant to be set up @@ -145,7 +149,15 @@ func (p *Provider) saveToken(token *loginToken) error { return err } - f, err := createFile(p.options.CachedTokenFilepath) + mode := os.FileMode(0666) // matches that used by os.Create + if p.options.RestrictPermissions { + mode = 0600 + } + + // createFile DOES NOT re-create the file with new permissions if it + // already exists, so in that scenario any existing permissions are + // preserved + f, err := createFile(p.options.CachedTokenFilepath, mode) if err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go index 46ae2f9..1fb6b2f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go @@ -5,7 +5,6 @@ import ( "encoding/hex" "encoding/json" "fmt" - "io/ioutil" "os" "path/filepath" "strconv" @@ -145,7 +144,7 @@ func getTokenFieldRFC3339(v interface{}, value **rfc3339) error { } func loadCachedToken(filename string) (token, error) { - fileBytes, err := ioutil.ReadFile(filename) + fileBytes, err := os.ReadFile(filename) if err != nil { return token{}, fmt.Errorf("failed to read cached SSO token file, %w", err) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go index 5f4286d..e3d4a3c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go @@ -3,7 +3,7 @@ package stscreds import ( "context" "fmt" - "io/ioutil" + "os" "strconv" "strings" "time" @@ -80,7 +80,7 @@ type IdentityTokenFile string // GetIdentityToken retrieves the JWT token from the file and returns the contents as a []byte func (j IdentityTokenFile) GetIdentityToken() ([]byte, error) { - b, err := ioutil.ReadFile(string(j)) + b, err := os.ReadFile(string(j)) if err != nil { return nil, fmt.Errorf("unable to read file at %s: %v", string(j), err) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md index 1797e1d..8a90d85 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md @@ -1,3 +1,54 @@ +# v1.18.25 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.24 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.21 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.20 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.16 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.15 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.18.14 (2025-11-19.2) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go index 75edc4e..a1da93d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go @@ -226,10 +226,10 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) { } func (c *Client) invokeOperation( - ctx context.Context, opID string, params interface{}, optFns []func(*Options), + ctx context.Context, opID string, params any, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error, ) ( - result interface{}, metadata middleware.Metadata, err error, + result any, metadata middleware.Metadata, err error, ) { stack := middleware.NewStack(opID, smithyhttp.NewStackRequest) options := c.options.Copy() diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go index af58b6b..4f8775b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go @@ -61,7 +61,7 @@ func addGetDynamicDataMiddleware(stack *middleware.Stack, options Options) error buildGetDynamicDataOutput) } -func buildGetDynamicDataPath(params interface{}) (string, error) { +func buildGetDynamicDataPath(params any) (string, error) { p, ok := params.(*GetDynamicDataInput) if !ok { return "", fmt.Errorf("unknown parameter type %T", params) @@ -70,7 +70,7 @@ func buildGetDynamicDataPath(params interface{}) (string, error) { return appendURIPath(getDynamicDataPath, p.Path), nil } -func buildGetDynamicDataOutput(resp *smithyhttp.Response) (interface{}, error) { +func buildGetDynamicDataOutput(resp *smithyhttp.Response) (any, error) { return &GetDynamicDataOutput{ Content: resp.Body, }, nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go index 5111cc9..1ce70cb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go @@ -59,11 +59,11 @@ func addGetIAMInfoMiddleware(stack *middleware.Stack, options Options) error { ) } -func buildGetIAMInfoPath(params interface{}) (string, error) { +func buildGetIAMInfoPath(params any) (string, error) { return getIAMInfoPath, nil } -func buildGetIAMInfoOutput(resp *smithyhttp.Response) (v interface{}, err error) { +func buildGetIAMInfoOutput(resp *smithyhttp.Response) (v any, err error) { defer func() { closeErr := resp.Body.Close() if err == nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go index dc8c09e..5c454c7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go @@ -60,11 +60,11 @@ func addGetInstanceIdentityDocumentMiddleware(stack *middleware.Stack, options O ) } -func buildGetInstanceIdentityDocumentPath(params interface{}) (string, error) { +func buildGetInstanceIdentityDocumentPath(params any) (string, error) { return getInstanceIdentityDocumentPath, nil } -func buildGetInstanceIdentityDocumentOutput(resp *smithyhttp.Response) (v interface{}, err error) { +func buildGetInstanceIdentityDocumentOutput(resp *smithyhttp.Response) (v any, err error) { defer func() { closeErr := resp.Body.Close() if err == nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go index 869bfc9..4a9f754 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go @@ -61,7 +61,7 @@ func addGetMetadataMiddleware(stack *middleware.Stack, options Options) error { buildGetMetadataOutput) } -func buildGetMetadataPath(params interface{}) (string, error) { +func buildGetMetadataPath(params any) (string, error) { p, ok := params.(*GetMetadataInput) if !ok { return "", fmt.Errorf("unknown parameter type %T", params) @@ -70,7 +70,7 @@ func buildGetMetadataPath(params interface{}) (string, error) { return appendURIPath(getMetadataPath, p.Path), nil } -func buildGetMetadataOutput(resp *smithyhttp.Response) (interface{}, error) { +func buildGetMetadataOutput(resp *smithyhttp.Response) (any, error) { return &GetMetadataOutput{ Content: resp.Body, }, nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go index 8c0572b..3171b45 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go @@ -51,7 +51,7 @@ func addGetRegionMiddleware(stack *middleware.Stack, options Options) error { ) } -func buildGetRegionOutput(resp *smithyhttp.Response) (interface{}, error) { +func buildGetRegionOutput(resp *smithyhttp.Response) (any, error) { out, err := buildGetInstanceIdentityDocumentOutput(resp) if err != nil { return nil, err diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go index 1f9ee97..1d33081 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go @@ -64,11 +64,11 @@ func addGetTokenMiddleware(stack *middleware.Stack, options Options) error { return nil } -func buildGetTokenPath(interface{}) (string, error) { +func buildGetTokenPath(any) (string, error) { return getTokenPath, nil } -func buildGetTokenOutput(resp *smithyhttp.Response) (v interface{}, err error) { +func buildGetTokenOutput(resp *smithyhttp.Response) (v any, err error) { defer func() { closeErr := resp.Body.Close() if err == nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go index 8903697..abda6eb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go @@ -50,11 +50,11 @@ func addGetUserDataMiddleware(stack *middleware.Stack, options Options) error { buildGetUserDataOutput) } -func buildGetUserDataPath(params interface{}) (string, error) { +func buildGetUserDataPath(params any) (string, error) { return getUserDataPath, nil } -func buildGetUserDataOutput(resp *smithyhttp.Response) (interface{}, error) { +func buildGetUserDataOutput(resp *smithyhttp.Response) (any, error) { return &GetUserDataOutput{ Content: resp.Body, }, nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go index b763617..7f28da5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go @@ -3,4 +3,4 @@ package imds // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.18.14" +const goModuleVersion = "1.18.25" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go index 90cf4ae..0585f14 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "fmt" - "io/ioutil" + "io" "net/url" "path" "time" @@ -18,8 +18,8 @@ import ( func addAPIRequestMiddleware(stack *middleware.Stack, options Options, operation string, - getPath func(interface{}) (string, error), - getOutput func(*smithyhttp.Response) (interface{}, error), + getPath func(any) (string, error), + getOutput func(*smithyhttp.Response) (any, error), ) (err error) { err = addRequestMiddleware(stack, options, "GET", operation, getPath, getOutput) if err != nil { @@ -46,8 +46,8 @@ func addRequestMiddleware(stack *middleware.Stack, options Options, method string, operation string, - getPath func(interface{}) (string, error), - getOutput func(*smithyhttp.Response) (interface{}, error), + getPath func(any) (string, error), + getOutput func(*smithyhttp.Response) (any, error), ) (err error) { err = awsmiddleware.AddSDKAgentKey(awsmiddleware.FeatureMetadata, "ec2-imds")(stack) if err != nil { @@ -120,7 +120,7 @@ func addSetLoggerMiddleware(stack *middleware.Stack, o Options) error { } type serializeRequest struct { - GetPath func(interface{}) (string, error) + GetPath func(any) (string, error) Method string } @@ -150,7 +150,7 @@ func (m *serializeRequest) HandleSerialize( } type deserializeResponse struct { - GetOutput func(*smithyhttp.Response) (interface{}, error) + GetOutput func(*smithyhttp.Response) (any, error) } func (*deserializeResponse) ID() string { @@ -176,11 +176,11 @@ func (m *deserializeResponse) HandleDeserialize( // read the full body so that any operation timeouts cleanup will not race // the body being read. - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return out, metadata, fmt.Errorf("read response body failed, %w", err) } - resp.Body = ioutil.NopCloser(bytes.NewReader(body)) + resp.Body = io.NopCloser(bytes.NewReader(body)) // Anything that's not 200 |< 300 is error if resp.StatusCode < 200 || resp.StatusCode >= 300 { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md index afcfb2c..9671c1f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md @@ -1,3 +1,53 @@ +# v1.4.25 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.24 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.21 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.20 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.16 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.15 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.4.14 (2025-11-19.2) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/config.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/config.go index cd4d19b..bd731e5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/config.go @@ -14,7 +14,7 @@ type EnableEndpointDiscoveryProvider interface { // ResolveEnableEndpointDiscovery extracts the first instance of a EnableEndpointDiscoveryProvider from the config slice. // Additionally returns a aws.EndpointDiscoveryEnableState to indicate if the value was found in provided configs, // and error if one is encountered. -func ResolveEnableEndpointDiscovery(ctx context.Context, configs []interface{}) (value aws.EndpointDiscoveryEnableState, found bool, err error) { +func ResolveEnableEndpointDiscovery(ctx context.Context, configs []any) (value aws.EndpointDiscoveryEnableState, found bool, err error) { for _, cfg := range configs { if p, ok := cfg.(EnableEndpointDiscoveryProvider); ok { value, found, err = p.GetEnableEndpointDiscovery(ctx) @@ -33,7 +33,7 @@ type UseDualStackEndpointProvider interface { // ResolveUseDualStackEndpoint extracts the first instance of a UseDualStackEndpoint from the config slice. // Additionally returns a boolean to indicate if the value was found in provided configs, and error if one is encountered. -func ResolveUseDualStackEndpoint(ctx context.Context, configs []interface{}) (value aws.DualStackEndpointState, found bool, err error) { +func ResolveUseDualStackEndpoint(ctx context.Context, configs []any) (value aws.DualStackEndpointState, found bool, err error) { for _, cfg := range configs { if p, ok := cfg.(UseDualStackEndpointProvider); ok { value, found, err = p.GetUseDualStackEndpoint(ctx) @@ -52,7 +52,7 @@ type UseFIPSEndpointProvider interface { // ResolveUseFIPSEndpoint extracts the first instance of a UseFIPSEndpointProvider from the config slice. // Additionally, returns a boolean to indicate if the value was found in provided configs, and error if one is encountered. -func ResolveUseFIPSEndpoint(ctx context.Context, configs []interface{}) (value aws.FIPSEndpointState, found bool, err error) { +func ResolveUseFIPSEndpoint(ctx context.Context, configs []any) (value aws.FIPSEndpointState, found bool, err error) { for _, cfg := range configs { if p, ok := cfg.(UseFIPSEndpointProvider); ok { value, found, err = p.GetUseFIPSEndpoint(ctx) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/endpoints.go index e7835f8..1ebe8f4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/endpoints.go @@ -26,7 +26,7 @@ type IgnoreConfiguredEndpointsProvider interface { // Currently duplicated from github.com/aws/aws-sdk-go-v2/config because // service packages cannot import github.com/aws/aws-sdk-go-v2/config // due to result import cycle error. -func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []interface{}) (value bool, found bool, err error) { +func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []any) (value bool, found bool, err error) { for _, cfg := range configs { if p, ok := cfg.(IgnoreConfiguredEndpointsProvider); ok { value, found, err = p.GetIgnoreConfiguredEndpoints(ctx) @@ -40,7 +40,7 @@ func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []interface{}) (v // ResolveServiceBaseEndpoint is used to retrieve service endpoints from configured sources // while allowing for configured endpoints to be disabled -func ResolveServiceBaseEndpoint(ctx context.Context, sdkID string, configs []interface{}) (value string, found bool, err error) { +func ResolveServiceBaseEndpoint(ctx context.Context, sdkID string, configs []any) (value string, found bool, err error) { if val, found, _ := GetIgnoreConfiguredEndpoints(ctx, configs); found && val { return "", false, nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go index 816dad7..f431558 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go @@ -3,4 +3,4 @@ package configsources // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.4.14" +const goModuleVersion = "1.4.25" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json index c789264..fb9ebb1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json @@ -152,7 +152,7 @@ "regionRegex" : "^eusc\\-(de)\\-\\w+\\-\\d+$", "regions" : { "eusc-de-east-1" : { - "description" : "EU (Germany)" + "description" : "AWS European Sovereign Cloud (Germany)" } } }, { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md index caa16de..5998f71 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md @@ -1,3 +1,53 @@ +# v2.7.25 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.24 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.21 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.20 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.16 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.15 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v2.7.14 (2025-11-19.2) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/endpoints.go index 32251a7..b425031 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/endpoints.go @@ -101,7 +101,7 @@ func (ps Partitions) ResolveEndpoint(region string, opts Options) (aws.Endpoint, region = opts.ResolvedRegion } - for i := 0; i < len(ps); i++ { + for i := range ps { if !ps[i].canResolveEndpoint(region, opts) { continue } @@ -290,8 +290,8 @@ func getByPriority(s []string, p []string, def string) string { return def } - for i := 0; i < len(p); i++ { - for j := 0; j < len(s); j++ { + for i := range p { + for j := range s { if s[j] == p[i] { return s[j] } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go index 0606394..9a68f47 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go @@ -3,4 +3,4 @@ package endpoints // goModuleVersion is the tagged release for this module -const goModuleVersion = "2.7.14" +const goModuleVersion = "2.7.25" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md deleted file mode 100644 index 4791d32..0000000 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md +++ /dev/null @@ -1,287 +0,0 @@ -# v1.8.4 (2025-10-16) - -* **Dependency Update**: Bump minimum Go version to 1.23. - -# v1.8.3 (2025-02-18) - -* **Bug Fix**: Bump go version to 1.22 - -# v1.8.2 (2025-01-24) - -* **Bug Fix**: Refactor filepath.Walk to filepath.WalkDir - -# v1.8.1 (2024-08-15) - -* **Dependency Update**: Bump minimum Go version to 1.21. - -# v1.8.0 (2024-02-13) - -* **Feature**: Bump minimum Go version to 1.20 per our language support policy. - -# v1.7.3 (2024-01-22) - -* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons. - -# v1.7.2 (2023-12-08) - -* **Bug Fix**: Correct loading of [services *] sections into shared config. - -# v1.7.1 (2023-11-16) - -* **Bug Fix**: Fix recognition of trailing comments in shared config properties. # or ; separators that aren't preceded by whitespace at the end of a property value should be considered part of it. - -# v1.7.0 (2023-11-13) - -* **Feature**: Replace the legacy config parser with a modern, less-strict implementation. Parsing failures within a section will now simply ignore the invalid line rather than silently drop the entire section. - -# v1.6.0 (2023-11-09.2) - -* **Feature**: BREAKFIX: In order to support subproperty parsing, invalid property definitions must not be ignored - -# v1.5.2 (2023-11-09) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.5.1 (2023-11-07) - -* **Bug Fix**: Fix subproperty performance regression - -# v1.5.0 (2023-11-01) - -* **Feature**: Adds support for configured endpoints via environment variables and the AWS shared configuration file. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.4.0 (2023-10-31) - -* **Feature**: **BREAKING CHANGE**: Bump minimum go version to 1.19 per the revised [go version support policy](https://aws.amazon.com/blogs/developer/aws-sdk-for-go-aligns-with-go-release-policy-on-supported-runtimes/). -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.45 (2023-10-12) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.44 (2023-10-06) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.43 (2023-09-22) - -* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0. -* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats. - -# v1.3.42 (2023-08-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.41 (2023-08-18) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.40 (2023-08-17) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.39 (2023-08-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.38 (2023-07-31) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.37 (2023-07-28) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.36 (2023-07-13) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.35 (2023-06-13) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.34 (2023-04-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.33 (2023-04-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.32 (2023-03-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.31 (2023-03-10) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.30 (2023-02-20) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.29 (2023-02-03) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.28 (2022-12-15) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.27 (2022-12-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.26 (2022-10-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.25 (2022-10-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.24 (2022-09-20) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.23 (2022-09-14) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.22 (2022-09-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.21 (2022-08-31) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.20 (2022-08-29) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.19 (2022-08-11) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.18 (2022-08-09) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.17 (2022-08-08) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.16 (2022-08-01) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.15 (2022-07-05) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.14 (2022-06-29) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.13 (2022-06-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.12 (2022-05-17) - -* **Bug Fix**: Removes the fuzz testing files from the module, as they are invalid and not used. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.11 (2022-04-25) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.10 (2022-03-30) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.9 (2022-03-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.8 (2022-03-23) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.7 (2022-03-08) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.6 (2022-02-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.5 (2022-01-28) - -* **Bug Fix**: Fixes the SDK's handling of `duration_sections` in the shared credentials file or specified in multiple shared config and shared credentials files under the same profile. [#1568](https://github.com/aws/aws-sdk-go-v2/pull/1568). Thanks to [Amir Szekely](https://github.com/kichik) for help reproduce this bug. - -# v1.3.4 (2022-01-14) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.3 (2022-01-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.2 (2021-12-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.1 (2021-11-19) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.0 (2021-11-06) - -* **Feature**: The SDK now supports configuration of FIPS and DualStack endpoints using environment variables, shared configuration, or programmatically. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.5 (2021-10-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.4 (2021-10-11) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.3 (2021-09-17) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.2 (2021-08-27) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.1 (2021-08-19) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.0 (2021-08-04) - -* **Feature**: adds error handling for defered close calls -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.1.1 (2021-07-15) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.1.0 (2021-07-01) - -* **Feature**: Support for `:`, `=`, `[`, `]` being present in expression values. - -# v1.0.1 (2021-06-25) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.0.0 (2021-05-20) - -* **Release**: The `github.com/aws/aws-sdk-go-v2/internal/ini` package is now a Go Module. -* **Dependency Update**: Updated to the latest SDK module versions - diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go deleted file mode 100644 index 8e24a3f..0000000 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go +++ /dev/null @@ -1,42 +0,0 @@ -package middleware - -import ( - "context" - "sync/atomic" - "time" - - internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" - "github.com/aws/smithy-go/middleware" -) - -// AddTimeOffsetMiddleware sets a value representing clock skew on the request context. -// This can be read by other operations (such as signing) to correct the date value they send -// on the request -type AddTimeOffsetMiddleware struct { - Offset *atomic.Int64 -} - -// ID the identifier for AddTimeOffsetMiddleware -func (m *AddTimeOffsetMiddleware) ID() string { return "AddTimeOffsetMiddleware" } - -// HandleBuild sets a value for attemptSkew on the request context if one is set on the client. -func (m AddTimeOffsetMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) ( - out middleware.BuildOutput, metadata middleware.Metadata, err error, -) { - if m.Offset != nil { - offset := time.Duration(m.Offset.Load()) - ctx = internalcontext.SetAttemptSkewContext(ctx, offset) - } - return next.HandleBuild(ctx, in) -} - -// HandleDeserialize gets the clock skew context from the context, and if set, sets it on the pointer -// held by AddTimeOffsetMiddleware -func (m *AddTimeOffsetMiddleware) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( - out middleware.DeserializeOutput, metadata middleware.Metadata, err error, -) { - if v := internalcontext.GetAttemptSkewContext(ctx); v != 0 { - m.Offset.Store(v.Nanoseconds()) - } - return next.HandleDeserialize(ctx, in) -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md new file mode 100644 index 0000000..ef18fa7 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md @@ -0,0 +1,469 @@ +# v1.4.26 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.25 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.24 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.23 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.22 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.21 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.20 (2026-03-05) + +* **Bug Fix**: Read the correct auth property for SigV4A signing names. + +# v1.4.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.16 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.15 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.4.14 (2025-11-19.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.13 (2025-11-04) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. + +# v1.4.12 (2025-10-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.11 (2025-10-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.10 (2025-10-16) + +* **Dependency Update**: Bump minimum Go version to 1.23. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.9 (2025-09-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.8 (2025-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.7 (2025-09-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.6 (2025-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.5 (2025-08-27) + +* **Dependency Update**: Update to smithy-go v1.23.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.4 (2025-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.3 (2025-08-11) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.2 (2025-08-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.1 (2025-07-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.0 (2025-07-28) + +* **Feature**: Add support for HTTP interceptors. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.37 (2025-07-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.36 (2025-06-17) + +* **Dependency Update**: Update to smithy-go v1.22.4. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.35 (2025-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.34 (2025-02-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.33 (2025-02-18) + +* **Bug Fix**: Bump go version to 1.22 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.32 (2025-02-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.31 (2025-01-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.30 (2025-01-30) + +* **Bug Fix**: Do not sign Transfer-Encoding header in Sigv4[a]. Fixes a signer mismatch issue with S3 Accelerate. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.29 (2025-01-24) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.22.2. + +# v1.3.28 (2025-01-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.27 (2025-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.26 (2024-12-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.25 (2024-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.24 (2024-11-18) + +* **Dependency Update**: Update to smithy-go v1.22.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.23 (2024-11-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.22 (2024-10-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.21 (2024-10-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.20 (2024-10-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.19 (2024-10-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.18 (2024-09-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.17 (2024-09-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.16 (2024-08-15) + +* **Dependency Update**: Bump minimum Go version to 1.21. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.15 (2024-07-10.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.14 (2024-07-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.13 (2024-06-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.12 (2024-06-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.11 (2024-06-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.10 (2024-06-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.9 (2024-06-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.8 (2024-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.7 (2024-05-16) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.6 (2024-05-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.5 (2024-03-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.4 (2024-03-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.3 (2024-03-07) + +* **Bug Fix**: Remove dependency on go-cmp. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.2 (2024-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.1 (2024-02-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.0 (2024-02-13) + +* **Feature**: Bump minimum Go version to 1.20 per our language support policy. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.10 (2024-01-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.9 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.8 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.7 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.6 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.3 (2023-11-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.2 (2023-11-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.1 (2023-11-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.0 (2023-10-31) + +* **Feature**: **BREAKING CHANGE**: Bump minimum go version to 1.19 per the revised [go version support policy](https://aws.amazon.com/blogs/developer/aws-sdk-for-go-aligns-with-go-release-policy-on-supported-runtimes/). +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.6 (2023-10-12) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.5 (2023-10-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.4 (2023-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.3 (2023-08-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.2 (2023-08-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.1 (2023-08-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.0 (2023-07-31) + +* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.28 (2023-07-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.27 (2023-07-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.26 (2023-06-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.25 (2023-04-24) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.24 (2023-04-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.23 (2023-03-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.22 (2023-03-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.21 (2023-02-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.20 (2023-02-14) + +* No change notes available for this release. + +# v1.0.19 (2023-02-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.18 (2022-12-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.17 (2022-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.16 (2022-10-24) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.15 (2022-10-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.14 (2022-09-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.13 (2022-09-14) + +* **Bug Fix**: Fixes an issues where an error from an underlying SigV4 credential provider would not be surfaced from the SigV4a credential provider. Contribution by [sakthipriyan-aqfer](https://github.com/sakthipriyan-aqfer). +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.12 (2022-09-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.11 (2022-08-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.10 (2022-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.9 (2022-08-11) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.8 (2022-08-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.7 (2022-08-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.6 (2022-08-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.5 (2022-07-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.4 (2022-06-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.3 (2022-06-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.2 (2022-05-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.1 (2022-04-25) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.0 (2022-04-07) + +* **Release**: New internal v4a signing module location. + diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/LICENSE.txt b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/LICENSE.txt similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/LICENSE.txt rename to vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/LICENSE.txt diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go new file mode 100644 index 0000000..3ae3a01 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go @@ -0,0 +1,141 @@ +package v4a + +import ( + "context" + "crypto/ecdsa" + "fmt" + "sync" + "sync/atomic" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/internal/sdk" +) + +// Credentials is Context, ECDSA, and Optional Session Token that can be used +// to sign requests using SigV4a +type Credentials struct { + Context string + PrivateKey *ecdsa.PrivateKey + SessionToken string + + // Time the credentials will expire. + CanExpire bool + Expires time.Time +} + +// Expired returns if the credentials have expired. +func (v Credentials) Expired() bool { + if v.CanExpire { + return !v.Expires.After(sdk.NowTime()) + } + + return false +} + +// HasKeys returns if the credentials keys are set. +func (v Credentials) HasKeys() bool { + return len(v.Context) > 0 && v.PrivateKey != nil +} + +// SymmetricCredentialAdaptor wraps a SigV4 AccessKey/SecretKey provider and adapts the credentials +// to a ECDSA PrivateKey for signing with SiV4a +type SymmetricCredentialAdaptor struct { + SymmetricProvider aws.CredentialsProvider + + asymmetric atomic.Value + m sync.Mutex +} + +// Retrieve retrieves symmetric credentials from the underlying provider. +func (s *SymmetricCredentialAdaptor) Retrieve(ctx context.Context) (aws.Credentials, error) { + symCreds, err := s.retrieveFromSymmetricProvider(ctx) + if err != nil { + return aws.Credentials{}, err + } + + if asymCreds := s.getCreds(); asymCreds == nil { + return symCreds, nil + } + + s.m.Lock() + defer s.m.Unlock() + + asymCreds := s.getCreds() + if asymCreds == nil { + return symCreds, nil + } + + // if the context does not match the access key id clear it + if asymCreds.Context != symCreds.AccessKeyID { + s.asymmetric.Store((*Credentials)(nil)) + } + + return symCreds, nil +} + +// RetrievePrivateKey returns credentials suitable for SigV4a signing +func (s *SymmetricCredentialAdaptor) RetrievePrivateKey(ctx context.Context) (Credentials, error) { + if asymCreds := s.getCreds(); asymCreds != nil { + return *asymCreds, nil + } + + s.m.Lock() + defer s.m.Unlock() + + if asymCreds := s.getCreds(); asymCreds != nil { + return *asymCreds, nil + } + + symmetricCreds, err := s.retrieveFromSymmetricProvider(ctx) + if err != nil { + return Credentials{}, fmt.Errorf("failed to retrieve symmetric credentials: %v", err) + } + + privateKey, err := deriveKeyFromAccessKeyPair(symmetricCreds.AccessKeyID, symmetricCreds.SecretAccessKey) + if err != nil { + return Credentials{}, fmt.Errorf("failed to derive assymetric key from credentials") + } + + creds := Credentials{ + Context: symmetricCreds.AccessKeyID, + PrivateKey: privateKey, + SessionToken: symmetricCreds.SessionToken, + CanExpire: symmetricCreds.CanExpire, + Expires: symmetricCreds.Expires, + } + + s.asymmetric.Store(&creds) + + return creds, nil +} + +func (s *SymmetricCredentialAdaptor) getCreds() *Credentials { + v := s.asymmetric.Load() + + if v == nil { + return nil + } + + c := v.(*Credentials) + if c != nil && c.HasKeys() && !c.Expired() { + return c + } + + return nil +} + +func (s *SymmetricCredentialAdaptor) retrieveFromSymmetricProvider(ctx context.Context) (aws.Credentials, error) { + credentials, err := s.SymmetricProvider.Retrieve(ctx) + if err != nil { + return aws.Credentials{}, err + } + + return credentials, nil +} + +// CredentialsProvider is the interface for a provider to retrieve credentials +// to sign requests with. +type CredentialsProvider interface { + RetrievePrivateKey(context.Context) (Credentials, error) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go new file mode 100644 index 0000000..380d174 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go @@ -0,0 +1,17 @@ +package v4a + +import "fmt" + +// SigningError indicates an error condition occurred while performing SigV4a signing +type SigningError struct { + Err error +} + +func (e *SigningError) Error() string { + return fmt.Sprintf("failed to sign request: %v", e.Err) +} + +// Unwrap returns the underlying error cause +func (e *SigningError) Unwrap() error { + return e.Err +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go similarity index 74% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go rename to vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go index f94970e..a537d6e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go @@ -1,6 +1,6 @@ // Code generated by internal/repotools/cmd/updatemodulemeta DO NOT EDIT. -package ini +package v4a // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.8.4" +const goModuleVersion = "1.4.26" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go new file mode 100644 index 0000000..1d0f25f --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go @@ -0,0 +1,30 @@ +package crypto + +import "fmt" + +// ConstantTimeByteCompare is a constant-time byte comparison of x and y. This function performs an absolute comparison +// if the two byte slices assuming they represent a big-endian number. +// +// error if len(x) != len(y) +// -1 if x < y +// 0 if x == y +// +1 if x > y +func ConstantTimeByteCompare(x, y []byte) (int, error) { + if len(x) != len(y) { + return 0, fmt.Errorf("slice lengths do not match") + } + + xLarger, yLarger := 0, 0 + + for i := 0; i < len(x); i++ { + xByte, yByte := int(x[i]), int(y[i]) + + x := ((yByte - xByte) >> 8) & 1 + y := ((xByte - yByte) >> 8) & 1 + + xLarger |= x &^ yLarger + yLarger |= y &^ xLarger + } + + return xLarger - yLarger, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go new file mode 100644 index 0000000..758c73f --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go @@ -0,0 +1,113 @@ +package crypto + +import ( + "bytes" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/hmac" + "encoding/asn1" + "encoding/binary" + "fmt" + "hash" + "math" + "math/big" +) + +type ecdsaSignature struct { + R, S *big.Int +} + +// ECDSAKey takes the given elliptic curve, and private key (d) byte slice +// and returns the private ECDSA key. +func ECDSAKey(curve elliptic.Curve, d []byte) *ecdsa.PrivateKey { + return ECDSAKeyFromPoint(curve, (&big.Int{}).SetBytes(d)) +} + +// ECDSAKeyFromPoint takes the given elliptic curve and point and returns the +// private and public keypair +func ECDSAKeyFromPoint(curve elliptic.Curve, d *big.Int) *ecdsa.PrivateKey { + pX, pY := curve.ScalarBaseMult(d.Bytes()) + + privKey := &ecdsa.PrivateKey{ + PublicKey: ecdsa.PublicKey{ + Curve: curve, + X: pX, + Y: pY, + }, + D: d, + } + + return privKey +} + +// ECDSAPublicKey takes the provide curve and (x, y) coordinates and returns +// *ecdsa.PublicKey. Returns an error if the given points are not on the curve. +func ECDSAPublicKey(curve elliptic.Curve, x, y []byte) (*ecdsa.PublicKey, error) { + xPoint := (&big.Int{}).SetBytes(x) + yPoint := (&big.Int{}).SetBytes(y) + + if !curve.IsOnCurve(xPoint, yPoint) { + return nil, fmt.Errorf("point(%v, %v) is not on the given curve", xPoint.String(), yPoint.String()) + } + + return &ecdsa.PublicKey{ + Curve: curve, + X: xPoint, + Y: yPoint, + }, nil +} + +// VerifySignature takes the provided public key, hash, and asn1 encoded signature and returns +// whether the given signature is valid. +func VerifySignature(key *ecdsa.PublicKey, hash []byte, signature []byte) (bool, error) { + var ecdsaSignature ecdsaSignature + + _, err := asn1.Unmarshal(signature, &ecdsaSignature) + if err != nil { + return false, err + } + + return ecdsa.Verify(key, hash, ecdsaSignature.R, ecdsaSignature.S), nil +} + +// HMACKeyDerivation provides an implementation of a NIST-800-108 of a KDF (Key Derivation Function) in Counter Mode. +// For the purposes of this implantation HMAC is used as the PRF (Pseudorandom function), where the value of +// `r` is defined as a 4 byte counter. +func HMACKeyDerivation(hash func() hash.Hash, bitLen int, key []byte, label, context []byte) ([]byte, error) { + // verify that we won't overflow the counter + n := int64(math.Ceil((float64(bitLen) / 8) / float64(hash().Size()))) + if n > 0x7FFFFFFF { + return nil, fmt.Errorf("unable to derive key of size %d using 32-bit counter", bitLen) + } + + // verify the requested bit length is not larger then the length encoding size + if int64(bitLen) > 0x7FFFFFFF { + return nil, fmt.Errorf("bitLen is greater than 32-bits") + } + + fixedInput := bytes.NewBuffer(nil) + fixedInput.Write(label) + fixedInput.WriteByte(0x00) + fixedInput.Write(context) + if err := binary.Write(fixedInput, binary.BigEndian, int32(bitLen)); err != nil { + return nil, fmt.Errorf("failed to write bit length to fixed input string: %v", err) + } + + var output []byte + + h := hmac.New(hash, key) + + for i := int64(1); i <= n; i++ { + h.Reset() + if err := binary.Write(h, binary.BigEndian, int32(i)); err != nil { + return nil, err + } + _, err := h.Write(fixedInput.Bytes()) + if err != nil { + return nil, err + } + output = append(output, h.Sum(nil)...) + } + + return output[:bitLen/8], nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go new file mode 100644 index 0000000..89a76e2 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go @@ -0,0 +1,36 @@ +package v4 + +const ( + // EmptyStringSHA256 is the hex encoded sha256 value of an empty string + EmptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` + + // UnsignedPayload indicates that the request payload body is unsigned + UnsignedPayload = "UNSIGNED-PAYLOAD" + + // AmzAlgorithmKey indicates the signing algorithm + AmzAlgorithmKey = "X-Amz-Algorithm" + + // AmzSecurityTokenKey indicates the security token to be used with temporary credentials + AmzSecurityTokenKey = "X-Amz-Security-Token" + + // AmzDateKey is the UTC timestamp for the request in the format YYYYMMDD'T'HHMMSS'Z' + AmzDateKey = "X-Amz-Date" + + // AmzCredentialKey is the access key ID and credential scope + AmzCredentialKey = "X-Amz-Credential" + + // AmzSignedHeadersKey is the set of headers signed for the request + AmzSignedHeadersKey = "X-Amz-SignedHeaders" + + // AmzSignatureKey is the query parameter to store the SigV4 signature + AmzSignatureKey = "X-Amz-Signature" + + // TimeFormat is the time format to be used in the X-Amz-Date header or query parameter + TimeFormat = "20060102T150405Z" + + // ShortTimeFormat is the shorten time format used in the credential scope + ShortTimeFormat = "20060102" + + // ContentSHAKey is the SHA256 of request body + ContentSHAKey = "X-Amz-Content-Sha256" +) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go new file mode 100644 index 0000000..a15177e --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go @@ -0,0 +1,82 @@ +package v4 + +import ( + sdkstrings "github.com/aws/aws-sdk-go-v2/internal/strings" +) + +// Rules houses a set of Rule needed for validation of a +// string value +type Rules []Rule + +// Rule interface allows for more flexible rules and just simply +// checks whether or not a value adheres to that Rule +type Rule interface { + IsValid(value string) bool +} + +// IsValid will iterate through all rules and see if any rules +// apply to the value and supports nested rules +func (r Rules) IsValid(value string) bool { + for _, rule := range r { + if rule.IsValid(value) { + return true + } + } + return false +} + +// MapRule generic Rule for maps +type MapRule map[string]struct{} + +// IsValid for the map Rule satisfies whether it exists in the map +func (m MapRule) IsValid(value string) bool { + _, ok := m[value] + return ok +} + +// AllowList is a generic Rule for whitelisting +type AllowList struct { + Rule +} + +// IsValid for AllowList checks if the value is within the AllowList +func (w AllowList) IsValid(value string) bool { + return w.Rule.IsValid(value) +} + +// DenyList is a generic Rule for blacklisting +type DenyList struct { + Rule +} + +// IsValid for AllowList checks if the value is within the AllowList +func (b DenyList) IsValid(value string) bool { + return !b.Rule.IsValid(value) +} + +// Patterns is a list of strings to match against +type Patterns []string + +// IsValid for Patterns checks each pattern and returns if a match has +// been found +func (p Patterns) IsValid(value string) bool { + for _, pattern := range p { + if sdkstrings.HasPrefixFold(value, pattern) { + return true + } + } + return false +} + +// InclusiveRules rules allow for rules to depend on one another +type InclusiveRules []Rule + +// IsValid will return true if all rules are true +func (r InclusiveRules) IsValid(value string) bool { + for _, rule := range r { + if !rule.IsValid(value) { + return false + } + } + return true +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go new file mode 100644 index 0000000..688f834 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go @@ -0,0 +1,68 @@ +package v4 + +// IgnoredHeaders is a list of headers that are ignored during signing +var IgnoredHeaders = Rules{ + DenyList{ + MapRule{ + "Authorization": struct{}{}, + "User-Agent": struct{}{}, + "X-Amzn-Trace-Id": struct{}{}, + "Transfer-Encoding": struct{}{}, + }, + }, +} + +// RequiredSignedHeaders is a whitelist for Build canonical headers. +var RequiredSignedHeaders = Rules{ + AllowList{ + MapRule{ + "Cache-Control": struct{}{}, + "Content-Disposition": struct{}{}, + "Content-Encoding": struct{}{}, + "Content-Language": struct{}{}, + "Content-Md5": struct{}{}, + "Content-Type": struct{}{}, + "Expires": struct{}{}, + "If-Match": struct{}{}, + "If-Modified-Since": struct{}{}, + "If-None-Match": struct{}{}, + "If-Unmodified-Since": struct{}{}, + "Range": struct{}{}, + "X-Amz-Acl": struct{}{}, + "X-Amz-Copy-Source": struct{}{}, + "X-Amz-Copy-Source-If-Match": struct{}{}, + "X-Amz-Copy-Source-If-Modified-Since": struct{}{}, + "X-Amz-Copy-Source-If-None-Match": struct{}{}, + "X-Amz-Copy-Source-If-Unmodified-Since": struct{}{}, + "X-Amz-Copy-Source-Range": struct{}{}, + "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, + "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, + "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, + "X-Amz-Grant-Full-control": struct{}{}, + "X-Amz-Grant-Read": struct{}{}, + "X-Amz-Grant-Read-Acp": struct{}{}, + "X-Amz-Grant-Write": struct{}{}, + "X-Amz-Grant-Write-Acp": struct{}{}, + "X-Amz-Metadata-Directive": struct{}{}, + "X-Amz-Mfa": struct{}{}, + "X-Amz-Request-Payer": struct{}{}, + "X-Amz-Server-Side-Encryption": struct{}{}, + "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, + "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, + "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, + "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, + "X-Amz-Storage-Class": struct{}{}, + "X-Amz-Website-Redirect-Location": struct{}{}, + "X-Amz-Content-Sha256": struct{}{}, + "X-Amz-Tagging": struct{}{}, + }, + }, + Patterns{"X-Amz-Meta-"}, +} + +// AllowedQueryHoisting is a whitelist for Build query headers. The boolean value +// represents whether or not it is a pattern. +var AllowedQueryHoisting = InclusiveRules{ + DenyList{RequiredSignedHeaders}, + Patterns{"X-Amz-"}, +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go new file mode 100644 index 0000000..e7fa7a1 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go @@ -0,0 +1,13 @@ +package v4 + +import ( + "crypto/hmac" + "crypto/sha256" +) + +// HMACSHA256 computes a HMAC-SHA256 of data given the provided key. +func HMACSHA256(key []byte, data []byte) []byte { + hash := hmac.New(sha256.New, key) + hash.Write(data) + return hash.Sum(nil) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go new file mode 100644 index 0000000..bf93659 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go @@ -0,0 +1,75 @@ +package v4 + +import ( + "net/http" + "strings" +) + +// SanitizeHostForHeader removes default port from host and updates request.Host +func SanitizeHostForHeader(r *http.Request) { + host := getHost(r) + port := portOnly(host) + if port != "" && isDefaultPort(r.URL.Scheme, port) { + r.Host = stripPort(host) + } +} + +// Returns host from request +func getHost(r *http.Request) string { + if r.Host != "" { + return r.Host + } + + return r.URL.Host +} + +// Hostname returns u.Host, without any port number. +// +// If Host is an IPv6 literal with a port number, Hostname returns the +// IPv6 literal without the square brackets. IPv6 literals may include +// a zone identifier. +// +// Copied from the Go 1.8 standard library (net/url) +func stripPort(hostport string) string { + colon := strings.IndexByte(hostport, ':') + if colon == -1 { + return hostport + } + if i := strings.IndexByte(hostport, ']'); i != -1 { + return strings.TrimPrefix(hostport[:i], "[") + } + return hostport[:colon] +} + +// Port returns the port part of u.Host, without the leading colon. +// If u.Host doesn't contain a port, Port returns an empty string. +// +// Copied from the Go 1.8 standard library (net/url) +func portOnly(hostport string) string { + colon := strings.IndexByte(hostport, ':') + if colon == -1 { + return "" + } + if i := strings.Index(hostport, "]:"); i != -1 { + return hostport[i+len("]:"):] + } + if strings.Contains(hostport, "]") { + return "" + } + return hostport[colon+len(":"):] +} + +// Returns true if the specified URI is using the standard port +// (i.e. port 80 for HTTP URIs or 443 for HTTPS URIs) +func isDefaultPort(scheme, port string) bool { + if port == "" { + return true + } + + lowerCaseScheme := strings.ToLower(scheme) + if (lowerCaseScheme == "http" && port == "80") || (lowerCaseScheme == "https" && port == "443") { + return true + } + + return false +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go new file mode 100644 index 0000000..1de06a7 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go @@ -0,0 +1,36 @@ +package v4 + +import "time" + +// SigningTime provides a wrapper around a time.Time which provides cached values for SigV4 signing. +type SigningTime struct { + time.Time + timeFormat string + shortTimeFormat string +} + +// NewSigningTime creates a new SigningTime given a time.Time +func NewSigningTime(t time.Time) SigningTime { + return SigningTime{ + Time: t, + } +} + +// TimeFormat provides a time formatted in the X-Amz-Date format. +func (m *SigningTime) TimeFormat() string { + return m.format(&m.timeFormat, TimeFormat) +} + +// ShortTimeFormat provides a time formatted of 20060102. +func (m *SigningTime) ShortTimeFormat() string { + return m.format(&m.shortTimeFormat, ShortTimeFormat) +} + +func (m *SigningTime) format(target *string, format string) string { + if len(*target) > 0 { + return *target + } + v := m.Time.Format(format) + *target = v + return v +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go new file mode 100644 index 0000000..741019b --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go @@ -0,0 +1,64 @@ +package v4 + +import ( + "net/url" + "strings" +) + +const doubleSpace = " " + +// StripExcessSpaces will rewrite the passed in slice's string values to not +// contain muliple side-by-side spaces. +func StripExcessSpaces(str string) string { + var j, k, l, m, spaces int + // Trim trailing spaces + for j = len(str) - 1; j >= 0 && str[j] == ' '; j-- { + } + + // Trim leading spaces + for k = 0; k < j && str[k] == ' '; k++ { + } + str = str[k : j+1] + + // Strip multiple spaces. + j = strings.Index(str, doubleSpace) + if j < 0 { + return str + } + + buf := []byte(str) + for k, m, l = j, j, len(buf); k < l; k++ { + if buf[k] == ' ' { + if spaces == 0 { + // First space. + buf[m] = buf[k] + m++ + } + spaces++ + } else { + // End of multiple spaces. + spaces = 0 + buf[m] = buf[k] + m++ + } + } + + return string(buf[:m]) +} + +// GetURIPath returns the escaped URI component from the provided URL +func GetURIPath(u *url.URL) string { + var uri string + + if len(u.Opaque) > 0 { + uri = "/" + strings.Join(strings.Split(u.Opaque, "/")[3:], "/") + } else { + uri = u.EscapedPath() + } + + if len(uri) == 0 { + uri = "/" + } + + return uri +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go new file mode 100644 index 0000000..64b8b4e --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go @@ -0,0 +1,118 @@ +package v4a + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" + "net/http" + "time" +) + +// HTTPSigner is SigV4a HTTP signer implementation +type HTTPSigner interface { + SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optfns ...func(*SignerOptions)) error +} + +// SignHTTPRequestMiddlewareOptions is the middleware options for constructing a SignHTTPRequestMiddleware. +type SignHTTPRequestMiddlewareOptions struct { + Credentials CredentialsProvider + Signer HTTPSigner + LogSigning bool +} + +// SignHTTPRequestMiddleware is a middleware for signing an HTTP request using SigV4a. +type SignHTTPRequestMiddleware struct { + credentials CredentialsProvider + signer HTTPSigner + logSigning bool +} + +// NewSignHTTPRequestMiddleware constructs a SignHTTPRequestMiddleware using the given SignHTTPRequestMiddlewareOptions. +func NewSignHTTPRequestMiddleware(options SignHTTPRequestMiddlewareOptions) *SignHTTPRequestMiddleware { + return &SignHTTPRequestMiddleware{ + credentials: options.Credentials, + signer: options.Signer, + logSigning: options.LogSigning, + } +} + +// ID the middleware identifier. +func (s *SignHTTPRequestMiddleware) ID() string { + return "Signing" +} + +// HandleFinalize signs an HTTP request using SigV4a. +func (s *SignHTTPRequestMiddleware) HandleFinalize( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, +) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + if !hasCredentialProvider(s.credentials) { + return next.HandleFinalize(ctx, in) + } + + req, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, fmt.Errorf("unexpected request middleware type %T", in.Request) + } + + signingName, signingRegion := awsmiddleware.GetSigningName(ctx), awsmiddleware.GetSigningRegion(ctx) + payloadHash := v4.GetPayloadHash(ctx) + if len(payloadHash) == 0 { + return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")} + } + + credentials, err := s.credentials.RetrievePrivateKey(ctx) + if err != nil { + return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)} + } + + signerOptions := []func(o *SignerOptions){ + func(o *SignerOptions) { + o.Logger = middleware.GetLogger(ctx) + o.LogSigning = s.logSigning + }, + } + + // existing DisableURIPathEscaping is equivalent in purpose + // to authentication scheme property DisableDoubleEncoding + disableDoubleEncoding, overridden := internalauth.GetDisableDoubleEncoding(ctx) + if overridden { + signerOptions = append(signerOptions, func(o *SignerOptions) { + o.DisableURIPathEscaping = disableDoubleEncoding + }) + } + + err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, []string{signingRegion}, time.Now().UTC(), signerOptions...) + if err != nil { + return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)} + } + + return next.HandleFinalize(ctx, in) +} + +func hasCredentialProvider(p CredentialsProvider) bool { + if p == nil { + return false + } + + return true +} + +// RegisterSigningMiddleware registers the SigV4a signing middleware to the stack. If a signing middleware is already +// present, this provided middleware will be swapped. Otherwise the middleware will be added at the tail of the +// finalize step. +func RegisterSigningMiddleware(stack *middleware.Stack, signingMiddleware *SignHTTPRequestMiddleware) (err error) { + const signedID = "Signing" + _, present := stack.Finalize.Get(signedID) + if present { + _, err = stack.Finalize.Swap(signedID, signingMiddleware) + } else { + err = stack.Finalize.Add(signingMiddleware, middleware.After) + } + return err +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go new file mode 100644 index 0000000..951fc41 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go @@ -0,0 +1,117 @@ +package v4a + +import ( + "context" + "fmt" + "net/http" + "time" + + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/smithy-go/middleware" + smithyHTTP "github.com/aws/smithy-go/transport/http" +) + +// HTTPPresigner is an interface to a SigV4a signer that can sign create a +// presigned URL for a HTTP requests. +type HTTPPresigner interface { + PresignHTTP( + ctx context.Context, credentials Credentials, r *http.Request, + payloadHash string, service string, regionSet []string, signingTime time.Time, + optFns ...func(*SignerOptions), + ) (url string, signedHeader http.Header, err error) +} + +// PresignHTTPRequestMiddlewareOptions is the options for the PresignHTTPRequestMiddleware middleware. +type PresignHTTPRequestMiddlewareOptions struct { + CredentialsProvider CredentialsProvider + Presigner HTTPPresigner + LogSigning bool +} + +// PresignHTTPRequestMiddleware provides the Finalize middleware for creating a +// presigned URL for an HTTP request. +// +// Will short circuit the middleware stack and not forward onto the next +// Finalize handler. +type PresignHTTPRequestMiddleware struct { + credentialsProvider CredentialsProvider + presigner HTTPPresigner + logSigning bool +} + +// NewPresignHTTPRequestMiddleware returns a new PresignHTTPRequestMiddleware +// initialized with the presigner. +func NewPresignHTTPRequestMiddleware(options PresignHTTPRequestMiddlewareOptions) *PresignHTTPRequestMiddleware { + return &PresignHTTPRequestMiddleware{ + credentialsProvider: options.CredentialsProvider, + presigner: options.Presigner, + logSigning: options.LogSigning, + } +} + +// ID provides the middleware ID. +func (*PresignHTTPRequestMiddleware) ID() string { return "PresignHTTPRequest" } + +// HandleFinalize will take the provided input and create a presigned url for +// the http request using the SigV4 presign authentication scheme. +func (s *PresignHTTPRequestMiddleware) HandleFinalize( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, +) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + req, ok := in.Request.(*smithyHTTP.Request) + if !ok { + return out, metadata, &SigningError{ + Err: fmt.Errorf("unexpected request middleware type %T", in.Request), + } + } + + httpReq := req.Build(ctx) + if !hasCredentialProvider(s.credentialsProvider) { + out.Result = &v4.PresignedHTTPRequest{ + URL: httpReq.URL.String(), + Method: httpReq.Method, + SignedHeader: http.Header{}, + } + + return out, metadata, nil + } + + signingName := awsmiddleware.GetSigningName(ctx) + signingRegion := awsmiddleware.GetSigningRegion(ctx) + payloadHash := v4.GetPayloadHash(ctx) + if len(payloadHash) == 0 { + return out, metadata, &SigningError{ + Err: fmt.Errorf("computed payload hash missing from context"), + } + } + + credentials, err := s.credentialsProvider.RetrievePrivateKey(ctx) + if err != nil { + return out, metadata, &SigningError{ + Err: fmt.Errorf("failed to retrieve credentials: %w", err), + } + } + + u, h, err := s.presigner.PresignHTTP(ctx, credentials, + httpReq, payloadHash, signingName, []string{signingRegion}, sdk.NowTime(), + func(o *SignerOptions) { + o.Logger = middleware.GetLogger(ctx) + o.LogSigning = s.logSigning + }) + if err != nil { + return out, metadata, &SigningError{ + Err: fmt.Errorf("failed to sign http request, %w", err), + } + } + + out.Result = &v4.PresignedHTTPRequest{ + URL: u, + Method: httpReq.Method, + SignedHeader: h, + } + + return out, metadata, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go new file mode 100644 index 0000000..c3b689b --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go @@ -0,0 +1,92 @@ +package v4a + +import ( + "context" + "fmt" + "time" + + internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" + + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/smithy-go" + "github.com/aws/smithy-go/auth" + "github.com/aws/smithy-go/logging" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// CredentialsAdapter adapts v4a.Credentials to smithy auth.Identity. +type CredentialsAdapter struct { + Credentials Credentials +} + +var _ auth.Identity = (*CredentialsAdapter)(nil) + +// Expiration returns the time of expiration for the credentials. +func (v *CredentialsAdapter) Expiration() time.Time { + return v.Credentials.Expires +} + +// CredentialsProviderAdapter adapts v4a.CredentialsProvider to +// auth.IdentityResolver. +type CredentialsProviderAdapter struct { + Provider CredentialsProvider +} + +var _ (auth.IdentityResolver) = (*CredentialsProviderAdapter)(nil) + +// GetIdentity retrieves v4a credentials using the underlying provider. +func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.Properties) ( + auth.Identity, error, +) { + creds, err := v.Provider.RetrievePrivateKey(ctx) + if err != nil { + return nil, fmt.Errorf("get credentials: %w", err) + } + + return &CredentialsAdapter{Credentials: creds}, nil +} + +// SignerAdapter adapts v4a.HTTPSigner to smithy http.Signer. +type SignerAdapter struct { + Signer HTTPSigner + Logger logging.Logger + LogSigning bool +} + +var _ (smithyhttp.Signer) = (*SignerAdapter)(nil) + +// SignRequest signs the request with the provided identity. +func (v *SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithy.Properties) error { + ca, ok := identity.(*CredentialsAdapter) + if !ok { + return fmt.Errorf("unexpected identity type: %T", identity) + } + + name, ok := smithyhttp.GetSigV4ASigningName(&props) + if !ok { + return fmt.Errorf("sigv4a signing name is required") + } + + regions, ok := smithyhttp.GetSigV4ASigningRegions(&props) + if !ok { + return fmt.Errorf("sigv4a signing region is required") + } + + hash := v4.GetPayloadHash(ctx) + signingTime := sdk.NowTime() + if skew := internalcontext.GetAttemptSkewContext(ctx); skew != 0 { + signingTime.Add(skew) + } + err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, regions, signingTime, func(o *SignerOptions) { + o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props) + + o.Logger = v.Logger + o.LogSigning = v.LogSigning + }) + if err != nil { + return fmt.Errorf("sign http: %w", err) + } + + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go new file mode 100644 index 0000000..f226bcd --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go @@ -0,0 +1,520 @@ +package v4a + +import ( + "bytes" + "context" + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "encoding/hex" + "fmt" + "hash" + "math/big" + "net/http" + "net/textproto" + "net/url" + "sort" + "strconv" + "strings" + "time" + + signerCrypto "github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto" + v4Internal "github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4" + "github.com/aws/smithy-go/encoding/httpbinding" + "github.com/aws/smithy-go/logging" +) + +const ( + // AmzRegionSetKey represents the region set header used for sigv4a + AmzRegionSetKey = "X-Amz-Region-Set" + amzAlgorithmKey = v4Internal.AmzAlgorithmKey + amzSecurityTokenKey = v4Internal.AmzSecurityTokenKey + amzDateKey = v4Internal.AmzDateKey + amzCredentialKey = v4Internal.AmzCredentialKey + amzSignedHeadersKey = v4Internal.AmzSignedHeadersKey + authorizationHeader = "Authorization" + + signingAlgorithm = "AWS4-ECDSA-P256-SHA256" + + timeFormat = "20060102T150405Z" + shortTimeFormat = "20060102" + + // EmptyStringSHA256 is a hex encoded SHA-256 hash of an empty string + EmptyStringSHA256 = v4Internal.EmptyStringSHA256 + + // Version of signing v4a + Version = "SigV4A" +) + +var ( + p256 elliptic.Curve + nMinusTwoP256 *big.Int + + one = new(big.Int).SetInt64(1) +) + +func init() { + // Ensure the elliptic curve parameters are initialized on package import rather then on first usage + p256 = elliptic.P256() + + nMinusTwoP256 = new(big.Int).SetBytes(p256.Params().N.Bytes()) + nMinusTwoP256 = nMinusTwoP256.Sub(nMinusTwoP256, new(big.Int).SetInt64(2)) +} + +// SignerOptions is the SigV4a signing options for constructing a Signer. +type SignerOptions struct { + Logger logging.Logger + LogSigning bool + + // Disables the Signer's moving HTTP header key/value pairs from the HTTP + // request header to the request's query string. This is most commonly used + // with pre-signed requests preventing headers from being added to the + // request's query string. + DisableHeaderHoisting bool + + // Disables the automatic escaping of the URI path of the request for the + // siganture's canonical string's path. For services that do not need additional + // escaping then use this to disable the signer escaping the path. + // + // S3 is an example of a service that does not need additional escaping. + // + // http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html + DisableURIPathEscaping bool +} + +// Signer is a SigV4a HTTP signing implementation +type Signer struct { + options SignerOptions +} + +// NewSigner constructs a SigV4a Signer. +func NewSigner(optFns ...func(*SignerOptions)) *Signer { + options := SignerOptions{} + + for _, fn := range optFns { + fn(&options) + } + + return &Signer{options: options} +} + +// deriveKeyFromAccessKeyPair derives a NIST P-256 PrivateKey from the given +// IAM AccessKey and SecretKey pair. +// +// Based on FIPS.186-4 Appendix B.4.2 +func deriveKeyFromAccessKeyPair(accessKey, secretKey string) (*ecdsa.PrivateKey, error) { + params := p256.Params() + bitLen := params.BitSize // Testing random candidates does not require an additional 64 bits + counter := 0x01 + + buffer := make([]byte, 1+len(accessKey)) // 1 byte counter + len(accessKey) + kdfContext := bytes.NewBuffer(buffer) + + inputKey := append([]byte("AWS4A"), []byte(secretKey)...) + + d := new(big.Int) + for { + kdfContext.Reset() + kdfContext.WriteString(accessKey) + kdfContext.WriteByte(byte(counter)) + + key, err := signerCrypto.HMACKeyDerivation(sha256.New, bitLen, inputKey, []byte(signingAlgorithm), kdfContext.Bytes()) + if err != nil { + return nil, err + } + + // Check key first before calling SetBytes if key key is in fact a valid candidate. + // This ensures the byte slice is the correct length (32-bytes) to compare in constant-time + cmp, err := signerCrypto.ConstantTimeByteCompare(key, nMinusTwoP256.Bytes()) + if err != nil { + return nil, err + } + if cmp == -1 { + d.SetBytes(key) + break + } + + counter++ + if counter > 0xFF { + return nil, fmt.Errorf("exhausted single byte external counter") + } + } + d = d.Add(d, one) + + priv := new(ecdsa.PrivateKey) + priv.PublicKey.Curve = p256 + priv.D = d + priv.PublicKey.X, priv.PublicKey.Y = p256.ScalarBaseMult(d.Bytes()) + + return priv, nil +} + +type httpSigner struct { + Request *http.Request + ServiceName string + RegionSet []string + Time time.Time + Credentials Credentials + IsPreSign bool + + Logger logging.Logger + Debug bool + + // PayloadHash is the hex encoded SHA-256 hash of the request payload + // If len(PayloadHash) == 0 the signer will attempt to send the request + // as an unsigned payload. Note: Unsigned payloads only work for a subset of services. + PayloadHash string + + DisableHeaderHoisting bool + DisableURIPathEscaping bool +} + +// SignHTTP takes the provided http.Request, payload hash, service, regionSet, and time and signs using SigV4a. +// The passed in request will be modified in place. +func (s *Signer) SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) error { + options := s.options + for _, fn := range optFns { + fn(&options) + } + + signer := &httpSigner{ + Request: r, + PayloadHash: payloadHash, + ServiceName: service, + RegionSet: regionSet, + Credentials: credentials, + Time: signingTime.UTC(), + DisableHeaderHoisting: options.DisableHeaderHoisting, + DisableURIPathEscaping: options.DisableURIPathEscaping, + } + + signedRequest, err := signer.Build() + if err != nil { + return err + } + + logHTTPSigningInfo(ctx, options, signedRequest) + + return nil +} + +// PresignHTTP takes the provided http.Request, payload hash, service, regionSet, and time and presigns using SigV4a +// Returns the presigned URL along with the headers that were signed with the request. +// +// PresignHTTP will not set the expires time of the presigned request +// automatically. To specify the expire duration for a request add the +// "X-Amz-Expires" query parameter on the request with the value as the +// duration in seconds the presigned URL should be considered valid for. This +// parameter is not used by all AWS services, and is most notable used by +// Amazon S3 APIs. +func (s *Signer) PresignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) (signedURI string, signedHeaders http.Header, err error) { + options := s.options + for _, fn := range optFns { + fn(&options) + } + + signer := &httpSigner{ + Request: r, + PayloadHash: payloadHash, + ServiceName: service, + RegionSet: regionSet, + Credentials: credentials, + Time: signingTime.UTC(), + IsPreSign: true, + DisableHeaderHoisting: options.DisableHeaderHoisting, + DisableURIPathEscaping: options.DisableURIPathEscaping, + } + + signedRequest, err := signer.Build() + if err != nil { + return "", nil, err + } + + logHTTPSigningInfo(ctx, options, signedRequest) + + signedHeaders = make(http.Header) + + // For the signed headers we canonicalize the header keys in the returned map. + // This avoids situations where can standard library double headers like host header. For example the standard + // library will set the Host header, even if it is present in lower-case form. + for k, v := range signedRequest.SignedHeaders { + key := textproto.CanonicalMIMEHeaderKey(k) + signedHeaders[key] = append(signedHeaders[key], v...) + } + + return signedRequest.Request.URL.String(), signedHeaders, nil +} + +func (s *httpSigner) setRequiredSigningFields(headers http.Header, query url.Values) { + amzDate := s.Time.Format(timeFormat) + + if s.IsPreSign { + query.Set(AmzRegionSetKey, strings.Join(s.RegionSet, ",")) + query.Set(amzDateKey, amzDate) + query.Set(amzAlgorithmKey, signingAlgorithm) + if len(s.Credentials.SessionToken) > 0 { + query.Set(amzSecurityTokenKey, s.Credentials.SessionToken) + } + return + } + + headers.Set(AmzRegionSetKey, strings.Join(s.RegionSet, ",")) + headers.Set(amzDateKey, amzDate) + if len(s.Credentials.SessionToken) > 0 { + headers.Set(amzSecurityTokenKey, s.Credentials.SessionToken) + } +} + +func (s *httpSigner) Build() (signedRequest, error) { + req := s.Request + + query := req.URL.Query() + headers := req.Header + + s.setRequiredSigningFields(headers, query) + + // Sort Each Query Key's Values + for key := range query { + sort.Strings(query[key]) + } + + v4Internal.SanitizeHostForHeader(req) + + credentialScope := s.buildCredentialScope() + credentialStr := s.Credentials.Context + "/" + credentialScope + if s.IsPreSign { + query.Set(amzCredentialKey, credentialStr) + } + + unsignedHeaders := headers + if s.IsPreSign && !s.DisableHeaderHoisting { + urlValues := url.Values{} + urlValues, unsignedHeaders = buildQuery(v4Internal.AllowedQueryHoisting, unsignedHeaders) + for k := range urlValues { + query[k] = urlValues[k] + } + } + + host := req.URL.Host + if len(req.Host) > 0 { + host = req.Host + } + + signedHeaders, signedHeadersStr, canonicalHeaderStr := s.buildCanonicalHeaders(host, v4Internal.IgnoredHeaders, unsignedHeaders, s.Request.ContentLength) + + if s.IsPreSign { + query.Set(amzSignedHeadersKey, signedHeadersStr) + } + + rawQuery := strings.Replace(query.Encode(), "+", "%20", -1) + + canonicalURI := v4Internal.GetURIPath(req.URL) + if !s.DisableURIPathEscaping { + canonicalURI = httpbinding.EscapePath(canonicalURI, false) + } + + canonicalString := s.buildCanonicalString( + req.Method, + canonicalURI, + rawQuery, + signedHeadersStr, + canonicalHeaderStr, + ) + + strToSign := s.buildStringToSign(credentialScope, canonicalString) + signingSignature, err := s.buildSignature(strToSign) + if err != nil { + return signedRequest{}, err + } + + if s.IsPreSign { + rawQuery += "&X-Amz-Signature=" + signingSignature + } else { + headers[authorizationHeader] = append(headers[authorizationHeader][:0], buildAuthorizationHeader(credentialStr, signedHeadersStr, signingSignature)) + } + + req.URL.RawQuery = rawQuery + + return signedRequest{ + Request: req, + SignedHeaders: signedHeaders, + CanonicalString: canonicalString, + StringToSign: strToSign, + PreSigned: s.IsPreSign, + }, nil +} + +func buildAuthorizationHeader(credentialStr, signedHeadersStr, signingSignature string) string { + const credential = "Credential=" + const signedHeaders = "SignedHeaders=" + const signature = "Signature=" + const commaSpace = ", " + + var parts strings.Builder + parts.Grow(len(signingAlgorithm) + 1 + + len(credential) + len(credentialStr) + len(commaSpace) + + len(signedHeaders) + len(signedHeadersStr) + len(commaSpace) + + len(signature) + len(signingSignature), + ) + parts.WriteString(signingAlgorithm) + parts.WriteRune(' ') + parts.WriteString(credential) + parts.WriteString(credentialStr) + parts.WriteString(commaSpace) + parts.WriteString(signedHeaders) + parts.WriteString(signedHeadersStr) + parts.WriteString(commaSpace) + parts.WriteString(signature) + parts.WriteString(signingSignature) + return parts.String() +} + +func (s *httpSigner) buildCredentialScope() string { + return strings.Join([]string{ + s.Time.Format(shortTimeFormat), + s.ServiceName, + "aws4_request", + }, "/") + +} + +func buildQuery(r v4Internal.Rule, header http.Header) (url.Values, http.Header) { + query := url.Values{} + unsignedHeaders := http.Header{} + for k, h := range header { + if r.IsValid(k) { + query[k] = h + } else { + unsignedHeaders[k] = h + } + } + + return query, unsignedHeaders +} + +func (s *httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, header http.Header, length int64) (signed http.Header, signedHeaders, canonicalHeadersStr string) { + signed = make(http.Header) + + var headers []string + const hostHeader = "host" + headers = append(headers, hostHeader) + signed[hostHeader] = append(signed[hostHeader], host) + + if length > 0 { + const contentLengthHeader = "content-length" + headers = append(headers, contentLengthHeader) + signed[contentLengthHeader] = append(signed[contentLengthHeader], strconv.FormatInt(length, 10)) + } + + for k, v := range header { + if !rule.IsValid(k) { + continue // ignored header + } + + lowerCaseKey := strings.ToLower(k) + if _, ok := signed[lowerCaseKey]; ok { + // include additional values + signed[lowerCaseKey] = append(signed[lowerCaseKey], v...) + continue + } + + headers = append(headers, lowerCaseKey) + signed[lowerCaseKey] = v + } + sort.Strings(headers) + + signedHeaders = strings.Join(headers, ";") + + var canonicalHeaders strings.Builder + n := len(headers) + const colon = ':' + for i := range n { + if headers[i] == hostHeader { + canonicalHeaders.WriteString(hostHeader) + canonicalHeaders.WriteRune(colon) + canonicalHeaders.WriteString(v4Internal.StripExcessSpaces(host)) + } else { + canonicalHeaders.WriteString(headers[i]) + canonicalHeaders.WriteRune(colon) + // Trim out leading, trailing, and dedup inner spaces from signed header values. + values := signed[headers[i]] + for j, v := range values { + cleanedValue := strings.TrimSpace(v4Internal.StripExcessSpaces(v)) + canonicalHeaders.WriteString(cleanedValue) + if j < len(values)-1 { + canonicalHeaders.WriteRune(',') + } + } + } + canonicalHeaders.WriteRune('\n') + } + canonicalHeadersStr = canonicalHeaders.String() + + return signed, signedHeaders, canonicalHeadersStr +} + +func (s *httpSigner) buildCanonicalString(method, uri, query, signedHeaders, canonicalHeaders string) string { + return strings.Join([]string{ + method, + uri, + query, + canonicalHeaders, + signedHeaders, + s.PayloadHash, + }, "\n") +} + +func (s *httpSigner) buildStringToSign(credentialScope, canonicalRequestString string) string { + return strings.Join([]string{ + signingAlgorithm, + s.Time.Format(timeFormat), + credentialScope, + hex.EncodeToString(makeHash(sha256.New(), []byte(canonicalRequestString))), + }, "\n") +} + +func makeHash(hash hash.Hash, b []byte) []byte { + hash.Reset() + hash.Write(b) + return hash.Sum(nil) +} + +func (s *httpSigner) buildSignature(strToSign string) (string, error) { + sig, err := s.Credentials.PrivateKey.Sign(rand.Reader, makeHash(sha256.New(), []byte(strToSign)), crypto.SHA256) + if err != nil { + return "", err + } + return hex.EncodeToString(sig), nil +} + +const logSignInfoMsg = `Request Signature: +---[ CANONICAL STRING ]----------------------------- +%s +---[ STRING TO SIGN ]-------------------------------- +%s%s +-----------------------------------------------------` +const logSignedURLMsg = ` +---[ SIGNED URL ]------------------------------------ +%s` + +func logHTTPSigningInfo(ctx context.Context, options SignerOptions, r signedRequest) { + if !options.LogSigning { + return + } + signedURLMsg := "" + if r.PreSigned { + signedURLMsg = fmt.Sprintf(logSignedURLMsg, r.Request.URL.String()) + } + logger := logging.WithContext(ctx, options.Logger) + logger.Logf(logging.Debug, logSignInfoMsg, r.CanonicalString, r.StringToSign, signedURLMsg) +} + +type signedRequest struct { + Request *http.Request + SignedHeaders http.Header + CanonicalString string + StringToSign string + PreSigned bool +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md index c05f82e..be7b96d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md @@ -1,3 +1,31 @@ +# v1.13.10 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. + +# v1.13.9 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. + +# v1.13.8 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait + +# v1.13.7 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. + +# v1.13.6 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 + +# v1.13.5 (2026-02-23) + +* No change notes available for this release. + +# v1.13.4 (2025-12-02) + +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.13.3 (2025-11-04) * **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go index 6a4c336..8593d35 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go @@ -3,4 +3,4 @@ package acceptencoding // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.3" +const goModuleVersion = "1.13.10" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md index 0db87c8..7cb5e53 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md @@ -1,3 +1,53 @@ +# v1.13.25 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.24 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.21 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.20 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.16 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.15 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.13.14 (2025-11-19.2) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go index b9c350a..58c0777 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go @@ -3,4 +3,4 @@ package presignedurl // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.14" +const goModuleVersion = "1.13.25" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/middleware.go index 1e2f5c8..8b25d03 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/middleware.go @@ -14,26 +14,26 @@ import ( // presigned URL. type URLPresigner interface { // PresignURL presigns a URL. - PresignURL(ctx context.Context, srcRegion string, params interface{}) (*v4.PresignedHTTPRequest, error) + PresignURL(ctx context.Context, srcRegion string, params any) (*v4.PresignedHTTPRequest, error) } // ParameterAccessor provides an collection of accessor to for retrieving and // setting the values needed to PresignedURL generation type ParameterAccessor struct { // GetPresignedURL accessor points to a function that retrieves a presigned url if present - GetPresignedURL func(interface{}) (string, bool, error) + GetPresignedURL func(any) (string, bool, error) // GetSourceRegion accessor points to a function that retrieves source region for presigned url - GetSourceRegion func(interface{}) (string, bool, error) + GetSourceRegion func(any) (string, bool, error) // CopyInput accessor points to a function that takes in an input, and returns a copy. - CopyInput func(interface{}) (interface{}, error) + CopyInput func(any) (any, error) // SetDestinationRegion accessor points to a function that sets destination region on api input struct - SetDestinationRegion func(interface{}, string) error + SetDestinationRegion func(any, string) error // SetPresignedURL accessor points to a function that sets presigned url on api input struct - SetPresignedURL func(interface{}, string) error + SetPresignedURL func(any, string) error } // Options provides the set of options needed by the presigned URL middleware. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md index fa50673..d033a73 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md @@ -1,3 +1,54 @@ +# v1.1.1 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.0 (2026-05-28) + +* **Feature**: Adding new BDD representation of endpoint ruleset +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.11 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.10 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.9 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.8 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.7 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.6 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.5 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.4 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.3 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.0.2 (2025-11-25) * **Bug Fix**: Add error check for endpoint param binding during auth scheme resolution to fix panic reported in #3234 diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go index d2db11d..2c0413c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go @@ -15,9 +15,7 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" smithy "github.com/aws/smithy-go" - smithyauth "github.com/aws/smithy-go/auth" smithydocument "github.com/aws/smithy-go/document" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -711,10 +709,11 @@ func addIsPaginatorUserAgent(o *Options) { }) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/signin") + m.ClientSkew = c.timeOffset }) if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err @@ -755,25 +754,6 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } -func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string { - if mode == aws.AccountIDEndpointModeDisabled { - return nil - } - - if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" { - return aws.String(ca.Credentials.AccountID) - } - - return nil -} - -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) -} func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go index 54ba424..dec8656 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go @@ -134,7 +134,7 @@ func (c *Client) addOperationCreateOAuth2TokenMiddlewares(stack *middleware.Stac if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -158,9 +158,6 @@ func (c *Client) addOperationCreateOAuth2TokenMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go index cf6b365..c987626 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go @@ -190,7 +190,7 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) } for _, scheme := range m.options.AuthSchemes { - if scheme.SchemeID() != option.SchemeID { + if !matchSchemeID(scheme.SchemeID(), option.SchemeID) { continue } @@ -203,6 +203,16 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func matchSchemeID(registered, option string) bool { + if registered == option { + return true + } + if i := strings.LastIndex(registered, "#"); i != -1 { + return registered[i+1:] == option + } + return false +} + func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { byPriority := make([]*smithyauth.Option, 0, len(options)) for _, prefName := range preferred { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go index db2e6a6..6392501 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go @@ -14,6 +14,7 @@ import ( internalendpoints "github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/bdd" "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" @@ -229,6 +230,8 @@ func bindRegion(region string) (*string, error) { return aws.String(endpoints.MapFIPSRegion(region)), nil } +var _ = rulesfn.StringSlice(nil) + // EndpointParameters provides the parameters that influence how endpoints are // resolved. type EndpointParameters struct { @@ -294,21 +297,193 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { return p } -type stringSlice []string +const bddRoot int32 = 2 -func (s stringSlice) Get(i int) *string { - if i < 0 || i >= len(s) { - return nil - } +var bddNodes = [48]int32{ + -1, 1, -1, 0, 15, 3, 1, 4, 100000014, 2, 5, 100000014, 3, 11, 6, 4, 10, 7, 7, 100000004, 8, 8, 100000005, 9, 9, 100000006, 100000013, 5, 100000011, 100000012, 4, 13, 12, 6, 100000009, 100000010, 5, 14, 100000008, 6, 100000007, 100000008, 3, 100000001, 16, 4, 100000002, 100000003} + +type conditionContext struct { + PartitionResult *awsrulesfn.PartitionConfig +} - v := s[i] - return &v +func evalCondition(idx int, params *EndpointParameters, c *conditionContext) bool { + switch idx { + case 0: + return params.Endpoint != nil + case 1: + return params.Region != nil + case 2: + if v := awsrulesfn.GetPartition(*params.Region); v != nil { + c.PartitionResult = v + return true + } + return false + case 3: + return *params.UseFIPS == true + case 4: + return *params.UseDualStack == true + case 5: + return c.PartitionResult.SupportsDualStack == true + case 6: + return c.PartitionResult.SupportsFIPS == true + case 7: + return c.PartitionResult.Name == "aws" + case 8: + return c.PartitionResult.Name == "aws-cn" + case 9: + return c.PartitionResult.Name == "aws-us-gov" + } + return false +} + +func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) (smithyendpoints.Endpoint, error) { + switch idx { + case 0: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint resolution failed: no matching rule") + case 1: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") + case 2: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") + case 3: + uriString := *params.Endpoint + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 4: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.aws.amazon.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 5: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.amazonaws.cn") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 6: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.amazonaws-us-gov.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 7: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 8: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") + case 9: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 10: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") + case 11: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 12: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") + case 13: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 14: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + } + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, invalid result index: %d", idx) } // EndpointResolverV2 provides the interface for resolving service endpoints. type EndpointResolverV2 interface { - // ResolveEndpoint attempts to resolve the endpoint with the provided options, - // returning the endpoint if found. Otherwise an error is returned. ResolveEndpoint(ctx context.Context, params EndpointParameters) ( smithyendpoints.Endpoint, error, ) @@ -332,206 +507,12 @@ func (r *resolver) ResolveEndpoint( if err = params.ValidateRequired(); err != nil { return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } - _UseDualStack := *params.UseDualStack - _ = _UseDualStack - _UseFIPS := *params.UseFIPS - _ = _UseFIPS - if exprVal := params.Endpoint; exprVal != nil { - _Endpoint := *exprVal - _ = _Endpoint - if _UseFIPS == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") - } - if _UseDualStack == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") - } - uriString := _Endpoint - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - if exprVal := params.Region; exprVal != nil { - _Region := *exprVal - _ = _Region - if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil { - _PartitionResult := *exprVal - _ = _PartitionResult - if _PartitionResult.Name == "aws" { - if _UseFIPS == false { - if _UseDualStack == false { - uriString := func() string { - var out strings.Builder - out.WriteString("https://") - out.WriteString(_Region) - out.WriteString(".signin.aws.amazon.com") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - } - if _PartitionResult.Name == "aws-cn" { - if _UseFIPS == false { - if _UseDualStack == false { - uriString := func() string { - var out strings.Builder - out.WriteString("https://") - out.WriteString(_Region) - out.WriteString(".signin.amazonaws.cn") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - } - if _PartitionResult.Name == "aws-us-gov" { - if _UseFIPS == false { - if _UseDualStack == false { - uriString := func() string { - var out strings.Builder - out.WriteString("https://") - out.WriteString(_Region) - out.WriteString(".signin.amazonaws-us-gov.com") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - } - if _UseFIPS == true { - if _UseDualStack == true { - if true == _PartitionResult.SupportsFIPS { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://signin-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") - } - } - if _UseFIPS == true { - if _UseDualStack == false { - if _PartitionResult.SupportsFIPS == true { - uriString := func() string { - var out strings.Builder - out.WriteString("https://signin-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") - } - } - if _UseFIPS == false { - if _UseDualStack == true { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://signin.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") - } - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://signin.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.") - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + c := &conditionContext{} + ref := bdd.Evaluate(bddNodes[:], bddRoot, func(idx int) bool { + return evalCondition(idx, ¶ms, c) + }) + return resolveResult(ref, ¶ms, c) } type endpointParamsBinder interface { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json index 8014c56..6043ab6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json @@ -19,7 +19,6 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", "sra_operation_order_test.go", @@ -28,7 +27,7 @@ "types/types.go", "validators.go" ], - "go": "1.23", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/signin", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go index 4b1b814..b496461 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go @@ -3,4 +3,4 @@ package signin // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.0.2" +const goModuleVersion = "1.1.1" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go index 3262aa5..8855970 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go @@ -58,8 +58,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md index 4c047bf..edaa8da 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md @@ -1,3 +1,65 @@ +# v1.30.19 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.18 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.17 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.16 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.15 (2026-04-02) + +* No change notes available for this release. + +# v1.30.14 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.13 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.12 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.11 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.10 (2026-02-18) + +* No change notes available for this release. + +# v1.30.9 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.8 (2025-12-16) + +* No change notes available for this release. + +# v1.30.7 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.6 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.30.5 (2025-11-25) * **Bug Fix**: Add error check for endpoint param binding during auth scheme resolution to fix panic reported in #3234 diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go index 8e5a2e7..ca53647 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go @@ -15,9 +15,7 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" smithy "github.com/aws/smithy-go" - smithyauth "github.com/aws/smithy-go/auth" smithydocument "github.com/aws/smithy-go/document" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -711,10 +709,11 @@ func addIsPaginatorUserAgent(o *Options) { }) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sso") + m.ClientSkew = c.timeOffset }) if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err @@ -755,25 +754,6 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } -func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string { - if mode == aws.AccountIDEndpointModeDisabled { - return nil - } - - if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" { - return aws.String(ca.Credentials.AccountID) - } - - return nil -} - -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) -} func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go index c0b961f..5482b7a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go @@ -93,7 +93,7 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -117,9 +117,6 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go index f5ca09a..8759d52 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go @@ -98,7 +98,7 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -122,9 +122,6 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go index 54511d3..fea5b43 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go @@ -97,7 +97,7 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -121,9 +121,6 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go index a21116e..84aef7c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go @@ -92,7 +92,7 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -116,9 +116,6 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go index c658615..a17cf6e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go @@ -208,7 +208,7 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) } for _, scheme := range m.options.AuthSchemes { - if scheme.SchemeID() != option.SchemeID { + if !matchSchemeID(scheme.SchemeID(), option.SchemeID) { continue } @@ -221,6 +221,16 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func matchSchemeID(registered, option string) bool { + if registered == option { + return true + } + if i := strings.LastIndex(registered, "#"); i != -1 { + return registered[i+1:] == option + } + return false +} + func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { byPriority := make([]*smithyauth.Option, 0, len(options)) for _, prefName := range preferred { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go index 551f059..3b6c902 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go @@ -229,6 +229,8 @@ func bindRegion(region string) (*string, error) { return aws.String(endpoints.MapFIPSRegion(region)), nil } +var _ = rulesfn.StringSlice(nil) + // EndpointParameters provides the parameters that influence how endpoints are // resolved. type EndpointParameters struct { @@ -294,17 +296,6 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { return p } -type stringSlice []string - -func (s stringSlice) Get(i int) *string { - if i < 0 || i >= len(s) { - return nil - } - - v := s[i] - return &v -} - // EndpointResolverV2 provides the interface for resolving service endpoints. type EndpointResolverV2 interface { // ResolveEndpoint attempts to resolve the endpoint with the provided options, diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json index 1499c0a..39a393d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json @@ -22,7 +22,6 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", "sra_operation_order_test.go", @@ -30,7 +29,7 @@ "types/types.go", "validators.go" ], - "go": "1.23", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/sso", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go index 29242d0..9545cdf 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go @@ -3,4 +3,4 @@ package sso // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.30.5" +const goModuleVersion = "1.30.19" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go index bbac359..871275a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go @@ -157,6 +157,9 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-east-1", }, }, + endpoints.EndpointKey{ + Region: "ap-east-2", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-northeast-1", }: endpoints.Endpoint{ @@ -237,6 +240,9 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-southeast-5", }, }, + endpoints.EndpointKey{ + Region: "ap-southeast-6", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-southeast-7", }: endpoints.Endpoint{}, @@ -476,6 +482,11 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsEusc, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eusc-de-east-1", + }: endpoints.Endpoint{}, + }, }, { ID: "aws-iso", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go index 277550a..8b4e34d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go @@ -58,8 +58,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md index bc04747..3cdae3e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md @@ -1,3 +1,65 @@ +# v1.36.2 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.1 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.0 (2026-05-22) + +* **Feature**: Adding new BDD representation of endpoint ruleset + +# v1.35.21 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.20 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.19 (2026-04-02) + +* No change notes available for this release. + +# v1.35.18 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.17 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.16 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.15 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.14 (2026-02-17) + +* No change notes available for this release. + +# v1.35.13 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.12 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.11 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.35.10 (2025-11-25) * **Bug Fix**: Add error check for endpoint param binding during auth scheme resolution to fix panic reported in #3234 diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go index 8e8508f..2c0958a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go @@ -15,9 +15,7 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" smithy "github.com/aws/smithy-go" - smithyauth "github.com/aws/smithy-go/auth" smithydocument "github.com/aws/smithy-go/document" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -711,10 +709,11 @@ func addIsPaginatorUserAgent(o *Options) { }) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc") + m.ClientSkew = c.timeOffset }) if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err @@ -755,25 +754,6 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } -func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string { - if mode == aws.AccountIDEndpointModeDisabled { - return nil - } - - if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" { - return aws.String(ca.Credentials.AccountID) - } - - return nil -} - -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) -} func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go index 3f622db..cd739d5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go @@ -163,7 +163,7 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -187,9 +187,6 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go index 24cb2fa..a02f62a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go @@ -210,7 +210,7 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -234,9 +234,6 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go index 14472ee..f32e86b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go @@ -134,7 +134,7 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack, if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -158,9 +158,6 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go index 92a6854..a35750b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go @@ -116,7 +116,7 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -140,9 +140,6 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go index 5f253df..2ceab3e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go @@ -202,7 +202,7 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) } for _, scheme := range m.options.AuthSchemes { - if scheme.SchemeID() != option.SchemeID { + if !matchSchemeID(scheme.SchemeID(), option.SchemeID) { continue } @@ -215,6 +215,16 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func matchSchemeID(registered, option string) bool { + if registered == option { + return true + } + if i := strings.LastIndex(registered, "#"); i != -1 { + return registered[i+1:] == option + } + return false +} + func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { byPriority := make([]*smithyauth.Option, 0, len(options)) for _, prefName := range preferred { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go index 884983e..1bc3292 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go @@ -14,6 +14,7 @@ import ( internalendpoints "github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/bdd" "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" @@ -229,6 +230,8 @@ func bindRegion(region string) (*string, error) { return aws.String(endpoints.MapFIPSRegion(region)), nil } +var _ = rulesfn.StringSlice(nil) + // EndpointParameters provides the parameters that influence how endpoints are // resolved. type EndpointParameters struct { @@ -294,21 +297,157 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { return p } -type stringSlice []string +const bddRoot int32 = 2 -func (s stringSlice) Get(i int) *string { - if i < 0 || i >= len(s) { - return nil - } +var bddNodes = [42]int32{ + -1, 1, -1, 0, 13, 3, 1, 4, 100000012, 2, 5, 100000012, 3, 8, 6, 4, 7, 100000011, 5, 100000009, 100000010, 4, 11, 9, 6, 10, 100000008, 7, 100000006, 100000007, 5, 12, 100000005, 6, 100000004, 100000005, 3, 100000001, 14, 4, 100000002, 100000003} - v := s[i] - return &v +type conditionContext struct { + PartitionResult *awsrulesfn.PartitionConfig +} + +func evalCondition(idx int, params *EndpointParameters, c *conditionContext) bool { + switch idx { + case 0: + return params.Endpoint != nil + case 1: + return params.Region != nil + case 2: + if v := awsrulesfn.GetPartition(*params.Region); v != nil { + c.PartitionResult = v + return true + } + return false + case 3: + return *params.UseFIPS == true + case 4: + return *params.UseDualStack == true + case 5: + return c.PartitionResult.SupportsDualStack == true + case 6: + return c.PartitionResult.SupportsFIPS == true + case 7: + return c.PartitionResult.Name == "aws-us-gov" + } + return false +} + +func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) (smithyendpoints.Endpoint, error) { + switch idx { + case 0: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint resolution failed: no matching rule") + case 1: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") + case 2: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") + case 3: + uriString := *params.Endpoint + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 4: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 5: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") + case 6: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc.") + out.WriteString(*params.Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 7: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 8: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") + case 9: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 10: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") + case 11: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 12: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + } + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, invalid result index: %d", idx) } // EndpointResolverV2 provides the interface for resolving service endpoints. type EndpointResolverV2 interface { - // ResolveEndpoint attempts to resolve the endpoint with the provided options, - // returning the endpoint if found. Otherwise an error is returned. ResolveEndpoint(ctx context.Context, params EndpointParameters) ( smithyendpoints.Endpoint, error, ) @@ -332,152 +471,12 @@ func (r *resolver) ResolveEndpoint( if err = params.ValidateRequired(); err != nil { return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } - _UseDualStack := *params.UseDualStack - _ = _UseDualStack - _UseFIPS := *params.UseFIPS - _ = _UseFIPS - - if exprVal := params.Endpoint; exprVal != nil { - _Endpoint := *exprVal - _ = _Endpoint - if _UseFIPS == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") - } - if _UseDualStack == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") - } - uriString := _Endpoint - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - if exprVal := params.Region; exprVal != nil { - _Region := *exprVal - _ = _Region - if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil { - _PartitionResult := *exprVal - _ = _PartitionResult - if _UseFIPS == true { - if _UseDualStack == true { - if true == _PartitionResult.SupportsFIPS { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") - } - } - if _UseFIPS == true { - if _PartitionResult.SupportsFIPS == true { - if _PartitionResult.Name == "aws-us-gov" { - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc.") - out.WriteString(_Region) - out.WriteString(".amazonaws.com") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") - } - if _UseDualStack == true { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.") - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + c := &conditionContext{} + ref := bdd.Evaluate(bddNodes[:], bddRoot, func(idx int) bool { + return evalCondition(idx, ¶ms, c) + }) + return resolveResult(ref, ¶ms, c) } type endpointParamsBinder interface { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json index ee79b48..1e34b9a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json @@ -22,7 +22,6 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", "sra_operation_order_test.go", @@ -31,7 +30,7 @@ "types/types.go", "validators.go" ], - "go": "1.23", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/ssooidc", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go index d93030f..6ab509b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go @@ -3,4 +3,4 @@ package ssooidc // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.35.10" +const goModuleVersion = "1.36.2" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go index 2088fc7..4ab58f6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go @@ -240,6 +240,9 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-southeast-5", }, }, + endpoints.EndpointKey{ + Region: "ap-southeast-6", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-southeast-7", }: endpoints.Endpoint{}, @@ -479,6 +482,11 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsEusc, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eusc-de-east-1", + }: endpoints.Endpoint{}, + }, }, { ID: "aws-iso", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go index f35f3d5..c2eac09 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go @@ -58,8 +58,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md index 166c584..6e99882 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md @@ -1,3 +1,58 @@ +# v1.42.3 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.42.2 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.42.1 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.42.0 (2026-04-17) + +* **Feature**: The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader. +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.10 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.9 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.8 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.7 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.6 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.5 (2025-12-09) + +* No change notes available for this release. + +# v1.41.4 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.3 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + # v1.41.2 (2025-11-25) * **Bug Fix**: Add error check for endpoint param binding during auth scheme resolution to fix panic reported in #3234 diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go index 70228d0..958c83c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go @@ -16,11 +16,10 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" + "github.com/aws/aws-sdk-go-v2/internal/v4a" acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding" presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url" smithy "github.com/aws/smithy-go" - smithyauth "github.com/aws/smithy-go/auth" smithydocument "github.com/aws/smithy-go/document" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -209,6 +208,8 @@ func New(options Options, optFns ...func(*Options)) *Client { resolveEndpointResolverV2(&options) + resolveHTTPSignerV4a(&options) + resolveTracerProvider(&options) resolveMeterProvider(&options) @@ -383,6 +384,11 @@ func resolveAuthSchemes(options *Options) { Logger: options.Logger, LogSigning: options.ClientLogMode.IsSigning(), }), + internalauth.NewHTTPAuthScheme("aws.auth#sigv4a", &v4a.SignerAdapter{ + Signer: options.httpSignerV4a, + Logger: options.Logger, + LogSigning: options.ClientLogMode.IsSigning(), + }), } } } @@ -715,10 +721,11 @@ func addIsPaginatorUserAgent(o *Options) { }) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sts") + m.ClientSkew = c.timeOffset }) if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err @@ -759,25 +766,26 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } -func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string { - if mode == aws.AccountIDEndpointModeDisabled { - return nil - } +type httpSignerV4a interface { + SignHTTP(ctx context.Context, credentials v4a.Credentials, r *http.Request, payloadHash, + service string, regionSet []string, signingTime time.Time, + optFns ...func(*v4a.SignerOptions)) error +} - if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" { - return aws.String(ca.Credentials.AccountID) +func resolveHTTPSignerV4a(o *Options) { + if o.httpSignerV4a != nil { + return } - - return nil + o.httpSignerV4a = newDefaultV4aSigner(*o) } -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) +func newDefaultV4aSigner(o Options) *v4a.Signer { + return v4a.NewSigner(func(so *v4a.SignerOptions) { + so.Logger = o.Logger + so.LogSigning = o.ClientLogMode.IsSigning() + }) } + func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go index 0ddd362..83aa65a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go @@ -448,7 +448,7 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -472,9 +472,6 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go index 15f1dd9..520e6e1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go @@ -383,7 +383,7 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -407,9 +407,6 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go index 7006eb3..8a164be 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go @@ -400,7 +400,7 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -424,9 +424,6 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go index 009c405..b52a372 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go @@ -157,7 +157,7 @@ func (c *Client) addOperationAssumeRootMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -181,9 +181,6 @@ func (c *Client) addOperationAssumeRootMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go index b00b0c4..eaeab8a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go @@ -117,7 +117,7 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -141,9 +141,6 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go index 887bb08..2f7adb2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go @@ -108,7 +108,7 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -132,9 +132,6 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go index 2c8d886..f2d4fbc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go @@ -99,7 +99,7 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -123,9 +123,6 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go index 092ec13..78d688a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go @@ -97,7 +97,7 @@ func (c *Client) addOperationGetDelegatedAccessTokenMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -121,9 +121,6 @@ func (c *Client) addOperationGetDelegatedAccessTokenMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go index e0fc9a5..57b77eb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go @@ -321,7 +321,7 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -345,9 +345,6 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go index 2f931f4..4b40835 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go @@ -170,7 +170,7 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -194,9 +194,6 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go index 306ee43..7738de5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go @@ -120,7 +120,7 @@ func (c *Client) addOperationGetWebIdentityTokenMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -144,9 +144,6 @@ func (c *Client) addOperationGetWebIdentityTokenMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go index 4db5a51..5fe4c60 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go @@ -149,6 +149,16 @@ func serviceAuthOptions(params *AuthResolverParameters) []*smithyauth.Option { return props }(), }, + + { + SchemeID: smithyauth.SchemeIDSigV4A, + SignerProperties: func() smithy.Properties { + var props smithy.Properties + smithyhttp.SetSigV4ASigningName(&props, "sts") + smithyhttp.SetSigV4ASigningRegions(&props, []string{params.Region}) + return props + }(), + }, } } @@ -196,7 +206,7 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) } for _, scheme := range m.options.AuthSchemes { - if scheme.SchemeID() != option.SchemeID { + if !matchSchemeID(scheme.SchemeID(), option.SchemeID) { continue } @@ -209,6 +219,16 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func matchSchemeID(registered, option string) bool { + if registered == option { + return true + } + if i := strings.LastIndex(registered, "#"); i != -1 { + return registered[i+1:] == option + } + return false +} + func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { byPriority := make([]*smithyauth.Option, 0, len(options)) for _, prefName := range preferred { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go index c8f9526..8a65329 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go @@ -230,6 +230,8 @@ func bindRegion(region string) (*string, error) { return aws.String(endpoints.MapFIPSRegion(region)), nil } +var _ = rulesfn.StringSlice(nil) + // EndpointParameters provides the parameters that influence how endpoints are // resolved. type EndpointParameters struct { @@ -312,17 +314,6 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { return p } -type stringSlice []string - -func (s stringSlice) Get(i int) *string { - if i < 0 || i >= len(s) { - return nil - } - - v := s[i] - return &v -} - // EndpointResolverV2 provides the interface for resolving service endpoints. type EndpointResolverV2 interface { // ResolveEndpoint attempts to resolve the endpoint with the provided options, @@ -382,7 +373,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -412,7 +403,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -442,7 +433,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -472,7 +463,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -502,7 +493,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -532,7 +523,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -562,7 +553,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -592,7 +583,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -622,7 +613,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -652,7 +643,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -682,7 +673,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -712,7 +703,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -742,7 +733,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -772,7 +763,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -802,7 +793,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -832,7 +823,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -868,7 +859,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") @@ -1022,7 +1013,7 @@ func (r *resolver) ResolveEndpoint( var out smithy.Properties smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ { - SchemeID: "aws.auth#sigv4", + SchemeID: "sigv4", SignerProperties: func() smithy.Properties { var sp smithy.Properties smithyhttp.SetSigV4SigningName(&sp, "sts") diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json index e61823e..2fc7b40 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json @@ -3,6 +3,7 @@ "github.com/aws/aws-sdk-go-v2": "v1.4.0", "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000", + "github.com/aws/aws-sdk-go-v2/internal/v4a": "v0.0.0-00010101000000-000000000000", "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding": "v1.0.5", "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url": "v1.0.7", "github.com/aws/smithy-go": "v1.4.0" @@ -31,7 +32,6 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", "sra_operation_order_test.go", @@ -39,7 +39,7 @@ "types/types.go", "validators.go" ], - "go": "1.23", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/sts", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go index 86a1e11..7c54f96 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go @@ -3,4 +3,4 @@ package sts // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.41.2" +const goModuleVersion = "1.42.3" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go index b2b933c..be72d93 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go @@ -390,6 +390,11 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsEusc, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eusc-de-east-1", + }: endpoints.Endpoint{}, + }, }, { ID: "aws-iso", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go index f60b7d3..a9f2361 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go @@ -4,9 +4,11 @@ package sts import ( "context" + "fmt" "github.com/aws/aws-sdk-go-v2/aws" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" + "github.com/aws/aws-sdk-go-v2/internal/v4a" smithyauth "github.com/aws/smithy-go/auth" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -58,8 +60,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer @@ -108,6 +109,9 @@ type Options struct { // The client tracer provider. TracerProvider tracing.TracerProvider + // Signature Version 4a (SigV4a) Signer + httpSignerV4a httpSignerV4a + // The initial DefaultsMode used when the client options were constructed. If the // DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved // value was at that point in time. @@ -147,6 +151,9 @@ func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolve if schemeID == "aws.auth#sigv4" { return getSigV4IdentityResolver(o) } + if schemeID == "aws.auth#sigv4a" { + return getSigV4AIdentityResolver(o) + } if schemeID == "smithy.api#noAuth" { return &smithyauth.AnonymousIdentityResolver{} } @@ -232,6 +239,46 @@ func WithSigV4SigningRegion(region string) func(*Options) { } } +func getSigV4AIdentityResolver(o Options) smithyauth.IdentityResolver { + if o.Credentials != nil { + return &v4a.CredentialsProviderAdapter{ + Provider: &v4a.SymmetricCredentialAdaptor{ + SymmetricProvider: o.Credentials, + }, + } + } + return nil +} + +// WithSigV4ASigningRegions applies an override to the authentication workflow to +// use the given signing region set for SigV4A-authenticated operations. +// +// This is an advanced setting. The value here is FINAL, taking precedence over +// the resolved signing region set from both auth scheme resolution and endpoint +// resolution. +func WithSigV4ASigningRegions(regions []string) func(*Options) { + fn := func(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, + ) { + rscheme := getResolvedAuthScheme(ctx) + if rscheme == nil { + return out, metadata, fmt.Errorf("no resolved auth scheme") + } + + smithyhttp.SetSigV4ASigningRegions(&rscheme.SignerProperties, regions) + return next.HandleFinalize(ctx, in) + } + return func(o *Options) { + o.APIOptions = append(o.APIOptions, func(s *middleware.Stack) error { + return s.Finalize.Insert( + middleware.FinalizeMiddlewareFunc("withSigV4ASigningRegions", fn), + "Signing", + middleware.Before, + ) + }) + } +} + func ignoreAnonymousAuth(options *Options) { if aws.IsCredentialsProvider(options.Credentials, (*aws.AnonymousCredentials)(nil)) { options.Credentials = nil diff --git a/vendor/github.com/aws/smithy-go/AGENTS.md b/vendor/github.com/aws/smithy-go/AGENTS.md new file mode 100644 index 0000000..e2a75b8 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/AGENTS.md @@ -0,0 +1,172 @@ +# AGENTS.md + +## Project overview + +smithy-go is the Go code generator and runtime for [Smithy](https://smithy.io/). +It has two major components: + +1. **Codegen** (`codegen/`) — A Smithy build plugin written in Java that + generates Go client/server/shape code from Smithy models. +2. **Runtime** (`./`, top-level Go module) — The Go packages that generated + code depends on at runtime. + +The primary downstream consumer is +[aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2). + +## Repository layout + +``` +. # Root Go module (github.com/aws/smithy-go) +├── auth/ # Auth identity + scheme interfaces +│ └── bearer/ # Bearer token auth +├── aws-http-auth/ # Separate module: AWS SigV4/SigV4A HTTP signing +├── codegen/ # Java/Gradle: Smithy code generator +│ ├── smithy-go-codegen/ # Main codegen source (Java) +│ └── smithy-go-codegen-test/ # Codegen integration tests +├── container/ # Generic container types +├── context/ # Context helpers +├── document/ # Smithy document type abstraction +│ └── json/ # JSON document codec +├── encoding/ # Wire format encoders/decoders +│ ├── cbor/ # CBOR (used by rpcv2Cbor) +│ ├── httpbinding/ # HTTP binding serde helpers +│ ├── json/ # JSON encoder/decoder +│ └── xml/ # XML encoder/decoder +├── endpoints/ # Endpoint resolution types +├── internal/ # Internal utilities (singleflight, etc.) +├── io/ # I/O helpers +├── logging/ # Logging interfaces +├── metrics/ # Metrics interfaces +│ └── smithyotelmetrics/ # Separate module: OpenTelemetry metrics adapter +├── middleware/ # Middleware stack (the core of the operation pipeline) +├── ptr/ # Pointer-to/from-value helpers +├── testing/ # Test assertion helpers for generated protocol tests +│ └── xml/ # XML comparison utilities +├── time/ # Smithy timestamp format helpers +├── tracing/ # Tracing interfaces +│ └── smithyoteltracing/ # Separate module: OpenTelemetry tracing adapter +└── transport/ + └── http/ # HTTP request/response types and middleware +``` + +## Building and testing + +### Runtime (Go) + +```bash +# Run unit tests +make unit +``` + +### Codegen (Java) + +```bash +# Build and test codegen +cd codegen && ./gradlew build + +# Publish to local Maven for downstream use +cd codegen && ./gradlew publishToMavenLocal +``` + +The codegen artifact version is fixed at `0.1.0` and is not published to +Maven Central — you **MUST** `publishToMavenLocal`. + +## Runtime architecture + +### Middleware stack + +The operation pipeline is built on a middleware stack defined in `middleware/`. +Steps execute in order: Initialize → Serialize → Build → Finalize → +Deserialize. Each step is a `middleware.Step` that holds an ordered list of +middleware. The codegen generates middleware registrations for each operation. + +### Encoding packages + +Each wire format has its own encoder/decoder under `encoding/`. These are +low-level — they produce/consume raw tokens or values, not full Smithy shapes. +Generated serde code calls into these packages. + +## Codegen: GoWriter and template system + +GoWriter extends Smithy's `SymbolWriter` and is the primary mechanism for +generating Go source. It has **two distinct writing styles** that must not be +confused. + +### Style 1: Positional args (`writer.write` / `writer.openBlock`) + +Inherited from `SymbolWriter`. Arguments are positional and referenced with +`$`-prefixed format characters. Each `$X` consumes the next argument in order. + +Format characters: +- `$L` — Literal (toString). Strings, names, anything that should be inserted + verbatim. +- `$S` — String, quoted. Wraps the value in Go double-quotes. +- `$T` — Type (Symbol). Inserts the symbol name and auto-adds its import. +- `$P` — Pointable type (Symbol). Like `$T` but prepends `*` if the symbol is + marked pointable. +- `$W` — Writable. Evaluates a `Writable` (lambda/closure) inline. +- `$D` — Dependency. Adds a `GoDependency` import, expands to empty string. + +Numbered variants (`$1L`, `$2T`, etc.) allow reusing the same argument +multiple times. The number is 1-indexed and refers to the position in the +argument list: + +```java +// $1L is used twice, $2L once — only 2 args needed +writer.write("type $1L struct{}\nvar _ $2L = (*$1L)(nil)", + DEFAULT_NAME, INTERFACE_NAME); +``` + +`openBlock`/`closeBlock` manage indentation for braced blocks. Arguments are +positional: + +```java +writer.openBlock("func (c $P) $T(ctx $T) ($P, error) {", "}", + serviceSymbol, operationSymbol, contextSymbol, outputSymbol, + () -> { + writer.write("return nil, nil"); + }); +``` + +### Style 2: Named template args (`goTemplate` / `writeGoTemplate`) + +Uses `$name:X` syntax where `name` is a key in a `Map` and `X` +is the format character. Arguments are passed as one or more maps. This is the +**preferred style for new code** — it is more readable and less error-prone +than positional args. + +```java +return goTemplate(""" + func $name:L(v $cborValue:T) ($type:T, error) { + return $coercer:T(v) + } + """, + Map.of( + "name", getDeserializerName(shape), + "cborValue", SmithyGoTypes.Encoding.Cbor.Value, + "type", symbolProvider.toSymbol(shape), + "coercer", coercer + )); +``` + +Rules: +- `goTemplate(String, Map...)` is a **static** method that returns a + `Writable` (a `Consumer` lambda). It does NOT write immediately. +- `writeGoTemplate(String, Map...)` is an **instance** method that writes + immediately to the writer. +- Maps are merged into the writer's context scope for the duration of the + template. Multiple maps can be passed and are applied in order. +- The writer pre-populates common symbols in context: `fmt.Sprintf`, + `fmt.Errorf`, `errors.As`, `context.Context`, `time.Now`. + +### Composing writables + +- `ChainWritable` — Collects multiple `Writable`s and composes them with + newlines between each. Use `.compose()` (with newlines) or + `.compose(false)` (without). + +### Symbol constants + +For symbols, use `SmithyGoDependency.*.valueSymbol("Name")` or +`SmithyGoDependency.*.pointableSymbol("Name")`. + diff --git a/vendor/github.com/aws/smithy-go/CHANGELOG.md b/vendor/github.com/aws/smithy-go/CHANGELOG.md index 80af245..7fc37ff 100644 --- a/vendor/github.com/aws/smithy-go/CHANGELOG.md +++ b/vendor/github.com/aws/smithy-go/CHANGELOG.md @@ -1,3 +1,55 @@ +# Release (2026-05-27) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.26.0 + * **Feature**: Add StringSlice to endpoint rulesfn. + +# Release (2026-04-23) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.25.1 + * **Bug Fix**: Fixed a memory leak in the LRU cache implementation used by some AWS services. + +# Release (2026-04-15) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.25.0 + * **Feature**: Add support for endpointBdd trait + +# Release (2026-04-02) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.24.3 + * **Bug Fix**: Add additional sigv4 configuration. +* `github.com/aws/smithy-go/aws-http-auth`: [v1.1.3](aws-http-auth/CHANGELOG.md#v113-2026-04-02) + * **Bug Fix**: Add additional sigv4 configuration. + +# Release (2026-02-27) + +## General Highlights +* **Dependency Update**: Bump minimum go version to 1.24. + +# Release (2026-02-20) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.24.1 + * **Feature**: Add new middleware functions to get event stream output from middleware + # Release (2025-12-01) ## General Highlights diff --git a/vendor/github.com/aws/smithy-go/README.md b/vendor/github.com/aws/smithy-go/README.md index ddce37b..a413ff3 100644 --- a/vendor/github.com/aws/smithy-go/README.md +++ b/vendor/github.com/aws/smithy-go/README.md @@ -4,7 +4,7 @@ [Smithy](https://smithy.io/) code generators for Go and the accompanying smithy-go runtime. -The smithy-go runtime requires a minimum version of Go 1.23. +The smithy-go runtime requires a minimum version of Go 1.24. **WARNING: All interfaces are subject to change.** @@ -80,7 +80,7 @@ example created from `smithy init`: "service": "example.weather#Weather", "module": "github.com/example/weather", "generateGoMod": true, - "goDirective": "1.23" + "goDirective": "1.24" } } } diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/bdd/evaluate.go b/vendor/github.com/aws/smithy-go/endpoints/private/bdd/evaluate.go new file mode 100644 index 0000000..ae0fb7f --- /dev/null +++ b/vendor/github.com/aws/smithy-go/endpoints/private/bdd/evaluate.go @@ -0,0 +1,35 @@ +package bdd + +const resultOffset int32 = 100_000_000 +const intsPerNode = 3 + +// Evaluate traverses a compiled BDD node array and returns the result index. +// nodes is a flat array of [condIdx, hi, lo] triples (1-indexed). +// root is the root node reference. evalCond returns true/false for condition index. +func Evaluate(nodes []int32, root int32, evalCond func(int) bool) int32 { + ref := root + for { + if ref >= resultOffset { + return ref - resultOffset + } + if ref == 1 || ref == -1 { + return 0 // NoMatchRule + } + + complement := ref < 0 + nodeIdx := ref + if complement { + nodeIdx = -ref + } + base := (nodeIdx - 1) * intsPerNode + condIdx := nodes[base] + hi := nodes[base+1] + lo := nodes[base+2] + + if complement != evalCond(int(condIdx)) { + ref = hi + } else { + ref = lo + } + } +} diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go new file mode 100644 index 0000000..f8b3078 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go @@ -0,0 +1,16 @@ +package rulesfn + +import "strings" + +// Split splits the input string by the delimiter and returns the resulting +// parts. If limit is > 0, at most limit substrings are returned. +// Returns a slice with a single empty string if the input is empty. +func Split(input, delimiter string, limit int) []string { + if len(input) == 0 { + return []string{""} + } + if limit > 0 { + return strings.SplitN(input, delimiter, limit) + } + return strings.Split(input, delimiter) +} diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/string_slice.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/string_slice.go new file mode 100644 index 0000000..7a82fcd --- /dev/null +++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/string_slice.go @@ -0,0 +1,18 @@ +package rulesfn + +// StringSlice is a string slice with a negative-index-aware Get method for use +// in endpoint rule evaluation. +type StringSlice []string + +// Get returns a pointer to the string at index i, or nil if the index is out +// of bounds. Negative indices count from the end of the slice. +func (s StringSlice) Get(i int) *string { + if i < 0 { + i = len(s) + i + } + if i < 0 || i >= len(s) { + return nil + } + v := s[i] + return &v +} diff --git a/vendor/github.com/aws/smithy-go/go_module_metadata.go b/vendor/github.com/aws/smithy-go/go_module_metadata.go index b6c4c2f..bf309b9 100644 --- a/vendor/github.com/aws/smithy-go/go_module_metadata.go +++ b/vendor/github.com/aws/smithy-go/go_module_metadata.go @@ -3,4 +3,4 @@ package smithy // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.24.0" +const goModuleVersion = "1.26.0" diff --git a/vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go b/vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go new file mode 100644 index 0000000..ce523d9 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go @@ -0,0 +1,21 @@ +package middleware + +type eventStreamOutputKey struct{} + +func AddEventStreamOutputToMetadata(metadata *Metadata, output any) { + metadata.Set(eventStreamOutputKey{}, output) +} + +func GetEventStreamOutputToMetadata[T any](metadata *Metadata) (*T, bool) { + val := metadata.Get(eventStreamOutputKey{}) + // not found + if val == nil { + return nil, false + } + // wrong type + res, ok := val.(*T) + if !ok { + return nil, false + } + return res, true +} diff --git a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md index fec6b1d..692e0b9 100644 --- a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md +++ b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md @@ -1,4 +1,37 @@ -# Changelog +# Changes + +## [2.19.0](https://github.com/googleapis/google-cloud-go/releases/tag/v2.19.0) (2026-03-17) + +### Features + +* add ClientMetrics initialization core (#473) ([f53618c](https://github.com/googleapis/google-cloud-go/commit/f53618c2a9f19d5e5945395001fdc9b317e71faf)) +* add TransportTelemetryData for dynamic transport attributes (#481) ([8a7caf0](https://github.com/googleapis/google-cloud-go/commit/8a7caf0014c9ee9bcf448f16a2e1ae77407a78b8)) +* add WithClientMetrics CallOption (#479) ([76f0284](https://github.com/googleapis/google-cloud-go/commit/76f0284ef42fb92484531483975b7ccff9c54016)) +* pass logger to downstream via context (#474) ([434fa67](https://github.com/googleapis/google-cloud-go/commit/434fa6768b9ee50ed1050a2b5aa11dbe7dbd33a6)) +* update WithLogger to WithLoggerContext. (#478) ([1cb70ba](https://github.com/googleapis/google-cloud-go/commit/1cb70baf5fda8cbff587206f94b1b08e078bd175)) + +### Bug Fixes + +* lazy initialization and getters for ClientMetrics (#485) ([fb6c5f4](https://github.com/googleapis/google-cloud-go/commit/fb6c5f4d56fc3177a2d0d2b8f9e8df6e4be95505)) + +## [2.18.0](https://github.com/googleapis/google-cloud-go/releases/tag/v2.18.0) (2026-03-09) + +### Features + +* add callctx telemetry helpers (#472) ([fa319ff](https://github.com/googleapis/google-cloud-go/commit/fa319ffc309366ab21e41f5d7480f450eedd2be9)) +* move gax-go to use 1.25 as the lower bound of support (#469) ([01594ca](https://github.com/googleapis/google-cloud-go/commit/01594ca54717eebe7229a5168ef41be61191a720)) + +## [2.17.0](https://github.com/googleapis/google-cloud-go/releases/tag/v2.17.0) (2026-02-03) + +### Features + +* update Invoke to add retry count to context (#462) ([ea7096d](https://github.com/googleapis/google-cloud-go/commit/ea7096d50d665064dbfeffd7d93fa13d810ad4e4)) + +## [2.16.0](https://github.com/googleapis/google-cloud-go/releases/tag/v2.16.0) (2025-12-17) + +### Features + +* add IsFeatureEnabled (#454) ([2700b8a](https://github.com/googleapis/google-cloud-go/commit/2700b8ab3062c6c6c5a26d0fc6ba1fc064a8fc04)) ## [2.15.0](https://github.com/googleapis/gax-go/compare/v2.14.2...v2.15.0) (2025-07-09) diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go index e4b03f1..90639e6 100644 --- a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go +++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.17.3 +// protoc-gen-go v1.36.11 +// protoc v6.30.2 // source: custom_error.proto package jsonerror @@ -23,6 +23,7 @@ package jsonerror import ( reflect "reflect" sync "sync" + unsafe "unsafe" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" @@ -95,25 +96,22 @@ func (CustomError_CustomErrorCode) EnumDescriptor() ([]byte, []int) { // CustomError is an example of a custom error message which may be included // in an rpc status. It is not meant to reflect a standard error. type CustomError struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Error code specific to the custom API being invoked. Code CustomError_CustomErrorCode `protobuf:"varint,1,opt,name=code,proto3,enum=error.CustomError_CustomErrorCode" json:"code,omitempty"` // Name of the failed entity. Entity string `protobuf:"bytes,2,opt,name=entity,proto3" json:"entity,omitempty"` // Message that describes the error. - ErrorMessage string `protobuf:"bytes,3,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"` + ErrorMessage string `protobuf:"bytes,3,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *CustomError) Reset() { *x = CustomError{} - if protoimpl.UnsafeEnabled { - mi := &file_custom_error_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_custom_error_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *CustomError) String() string { @@ -124,7 +122,7 @@ func (*CustomError) ProtoMessage() {} func (x *CustomError) ProtoReflect() protoreflect.Message { mi := &file_custom_error_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -162,47 +160,34 @@ func (x *CustomError) GetErrorMessage() string { var File_custom_error_proto protoreflect.FileDescriptor -var file_custom_error_proto_rawDesc = []byte{ - 0x0a, 0x12, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0xfa, 0x01, 0x0a, 0x0b, - 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x36, 0x0a, 0x04, 0x63, - 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x65, 0x72, 0x72, 0x6f, - 0x72, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x43, 0x75, - 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x63, - 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x65, - 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x22, 0x76, 0x0a, 0x0f, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, - 0x6f, 0x64, 0x65, 0x12, 0x21, 0x0a, 0x1d, 0x43, 0x55, 0x53, 0x54, 0x4f, 0x4d, 0x5f, 0x45, 0x52, - 0x52, 0x4f, 0x52, 0x5f, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, - 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x4f, 0x4f, 0x5f, 0x4d, 0x41, - 0x4e, 0x59, 0x5f, 0x46, 0x4f, 0x4f, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4e, 0x4f, 0x54, 0x5f, - 0x45, 0x4e, 0x4f, 0x55, 0x47, 0x48, 0x5f, 0x46, 0x4f, 0x4f, 0x10, 0x02, 0x12, 0x1a, 0x0a, 0x16, - 0x55, 0x4e, 0x49, 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x57, 0x41, 0x53, 0x5f, 0x44, 0x45, 0x53, - 0x54, 0x52, 0x4f, 0x59, 0x45, 0x44, 0x10, 0x03, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, - 0x73, 0x2f, 0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65, - 0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_custom_error_proto_rawDesc = "" + + "\n" + + "\x12custom_error.proto\x12\x05error\"\xfa\x01\n" + + "\vCustomError\x126\n" + + "\x04code\x18\x01 \x01(\x0e2\".error.CustomError.CustomErrorCodeR\x04code\x12\x16\n" + + "\x06entity\x18\x02 \x01(\tR\x06entity\x12#\n" + + "\rerror_message\x18\x03 \x01(\tR\ferrorMessage\"v\n" + + "\x0fCustomErrorCode\x12!\n" + + "\x1dCUSTOM_ERROR_CODE_UNSPECIFIED\x10\x00\x12\x10\n" + + "\fTOO_MANY_FOO\x10\x01\x12\x12\n" + + "\x0eNOT_ENOUGH_FOO\x10\x02\x12\x1a\n" + + "\x16UNIVERSE_WAS_DESTROYED\x10\x03BCZAgithub.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerrorb\x06proto3" var ( file_custom_error_proto_rawDescOnce sync.Once - file_custom_error_proto_rawDescData = file_custom_error_proto_rawDesc + file_custom_error_proto_rawDescData []byte ) func file_custom_error_proto_rawDescGZIP() []byte { file_custom_error_proto_rawDescOnce.Do(func() { - file_custom_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_custom_error_proto_rawDescData) + file_custom_error_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_custom_error_proto_rawDesc), len(file_custom_error_proto_rawDesc))) }) return file_custom_error_proto_rawDescData } var file_custom_error_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_custom_error_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_custom_error_proto_goTypes = []interface{}{ +var file_custom_error_proto_goTypes = []any{ (CustomError_CustomErrorCode)(0), // 0: error.CustomError.CustomErrorCode (*CustomError)(nil), // 1: error.CustomError } @@ -220,25 +205,11 @@ func file_custom_error_proto_init() { if File_custom_error_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_custom_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CustomError); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_custom_error_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_custom_error_proto_rawDesc), len(file_custom_error_proto_rawDesc)), NumEnums: 1, NumMessages: 1, NumExtensions: 0, @@ -250,7 +221,6 @@ func file_custom_error_proto_init() { MessageInfos: file_custom_error_proto_msgTypes, }.Build() File_custom_error_proto = out.File - file_custom_error_proto_rawDesc = nil file_custom_error_proto_goTypes = nil file_custom_error_proto_depIdxs = nil } diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go index 7dd9b83..1a29ff5 100644 --- a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go +++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go @@ -14,15 +14,16 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.15.8 -// source: apierror/internal/proto/error.proto +// protoc-gen-go v1.36.11 +// protoc v6.30.2 +// source: error.proto package jsonerror import ( reflect "reflect" sync "sync" + unsafe "unsafe" code "google.golang.org/genproto/googleapis/rpc/code" protoreflect "google.golang.org/protobuf/reflect/protoreflect" @@ -42,23 +43,20 @@ const ( // // NOTE: This schema is not used for other wire protocols. type Error struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The actual error payload. The nested message structure is for backward // compatibility with Google API client libraries. It also makes the error // more readable to developers. - Error *Error_Status `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"` + Error *Error_Status `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Error) Reset() { *x = Error{} - if protoimpl.UnsafeEnabled { - mi := &file_apierror_internal_proto_error_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_error_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Error) String() string { @@ -68,8 +66,8 @@ func (x *Error) String() string { func (*Error) ProtoMessage() {} func (x *Error) ProtoReflect() protoreflect.Message { - mi := &file_apierror_internal_proto_error_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_error_proto_msgTypes[0] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -81,7 +79,7 @@ func (x *Error) ProtoReflect() protoreflect.Message { // Deprecated: Use Error.ProtoReflect.Descriptor instead. func (*Error) Descriptor() ([]byte, []int) { - return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0} + return file_error_proto_rawDescGZIP(), []int{0} } func (x *Error) GetError() *Error_Status { @@ -95,10 +93,7 @@ func (x *Error) GetError() *Error_Status { // status code instead of gRPC status code. It has an extra field `status` // for backward compatibility with Google API Client Libraries. type Error_Status struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The HTTP status code that corresponds to `google.rpc.Status.code`. Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"` // This corresponds to `google.rpc.Status.message`. @@ -106,16 +101,16 @@ type Error_Status struct { // This is the enum version for `google.rpc.Status.code`. Status code.Code `protobuf:"varint,4,opt,name=status,proto3,enum=google.rpc.Code" json:"status,omitempty"` // This corresponds to `google.rpc.Status.details`. - Details []*anypb.Any `protobuf:"bytes,5,rep,name=details,proto3" json:"details,omitempty"` + Details []*anypb.Any `protobuf:"bytes,5,rep,name=details,proto3" json:"details,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Error_Status) Reset() { *x = Error_Status{} - if protoimpl.UnsafeEnabled { - mi := &file_apierror_internal_proto_error_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_error_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Error_Status) String() string { @@ -125,8 +120,8 @@ func (x *Error_Status) String() string { func (*Error_Status) ProtoMessage() {} func (x *Error_Status) ProtoReflect() protoreflect.Message { - mi := &file_apierror_internal_proto_error_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_error_proto_msgTypes[1] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -138,7 +133,7 @@ func (x *Error_Status) ProtoReflect() protoreflect.Message { // Deprecated: Use Error_Status.ProtoReflect.Descriptor instead. func (*Error_Status) Descriptor() ([]byte, []int) { - return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0, 0} + return file_error_proto_rawDescGZIP(), []int{0, 0} } func (x *Error_Status) GetCode() int32 { @@ -169,55 +164,39 @@ func (x *Error_Status) GetDetails() []*anypb.Any { return nil } -var File_apierror_internal_proto_error_proto protoreflect.FileDescriptor +var File_error_proto protoreflect.FileDescriptor -var file_apierror_internal_proto_error_proto_rawDesc = []byte{ - 0x0a, 0x23, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0x19, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, - 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, - 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5, - 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x29, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, - 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e, - 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x65, 0x72, - 0x72, 0x6f, 0x72, 0x1a, 0x90, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, - 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x28, 0x0a, 0x06, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x06, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, - 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64, - 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, - 0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72, - 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} +const file_error_proto_rawDesc = "" + + "\n" + + "\verror.proto\x12\x05error\x1a\x19google/protobuf/any.proto\x1a\x15google/rpc/code.proto\"\xc5\x01\n" + + "\x05Error\x12)\n" + + "\x05error\x18\x01 \x01(\v2\x13.error.Error.StatusR\x05error\x1a\x90\x01\n" + + "\x06Status\x12\x12\n" + + "\x04code\x18\x01 \x01(\x05R\x04code\x12\x18\n" + + "\amessage\x18\x02 \x01(\tR\amessage\x12(\n" + + "\x06status\x18\x04 \x01(\x0e2\x10.google.rpc.CodeR\x06status\x12.\n" + + "\adetails\x18\x05 \x03(\v2\x14.google.protobuf.AnyR\adetailsBCZAgithub.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerrorb\x06proto3" var ( - file_apierror_internal_proto_error_proto_rawDescOnce sync.Once - file_apierror_internal_proto_error_proto_rawDescData = file_apierror_internal_proto_error_proto_rawDesc + file_error_proto_rawDescOnce sync.Once + file_error_proto_rawDescData []byte ) -func file_apierror_internal_proto_error_proto_rawDescGZIP() []byte { - file_apierror_internal_proto_error_proto_rawDescOnce.Do(func() { - file_apierror_internal_proto_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_apierror_internal_proto_error_proto_rawDescData) +func file_error_proto_rawDescGZIP() []byte { + file_error_proto_rawDescOnce.Do(func() { + file_error_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_error_proto_rawDesc), len(file_error_proto_rawDesc))) }) - return file_apierror_internal_proto_error_proto_rawDescData + return file_error_proto_rawDescData } -var file_apierror_internal_proto_error_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_apierror_internal_proto_error_proto_goTypes = []interface{}{ +var file_error_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_error_proto_goTypes = []any{ (*Error)(nil), // 0: error.Error (*Error_Status)(nil), // 1: error.Error.Status (code.Code)(0), // 2: google.rpc.Code (*anypb.Any)(nil), // 3: google.protobuf.Any } -var file_apierror_internal_proto_error_proto_depIdxs = []int32{ +var file_error_proto_depIdxs = []int32{ 1, // 0: error.Error.error:type_name -> error.Error.Status 2, // 1: error.Error.Status.status:type_name -> google.rpc.Code 3, // 2: error.Error.Status.details:type_name -> google.protobuf.Any @@ -228,53 +207,26 @@ var file_apierror_internal_proto_error_proto_depIdxs = []int32{ 0, // [0:3] is the sub-list for field type_name } -func init() { file_apierror_internal_proto_error_proto_init() } -func file_apierror_internal_proto_error_proto_init() { - if File_apierror_internal_proto_error_proto != nil { +func init() { file_error_proto_init() } +func file_error_proto_init() { + if File_error_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_apierror_internal_proto_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Error); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_apierror_internal_proto_error_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Error_Status); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_apierror_internal_proto_error_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_error_proto_rawDesc), len(file_error_proto_rawDesc)), NumEnums: 0, NumMessages: 2, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_apierror_internal_proto_error_proto_goTypes, - DependencyIndexes: file_apierror_internal_proto_error_proto_depIdxs, - MessageInfos: file_apierror_internal_proto_error_proto_msgTypes, + GoTypes: file_error_proto_goTypes, + DependencyIndexes: file_error_proto_depIdxs, + MessageInfos: file_error_proto_msgTypes, }.Build() - File_apierror_internal_proto_error_proto = out.File - file_apierror_internal_proto_error_proto_rawDesc = nil - file_apierror_internal_proto_error_proto_goTypes = nil - file_apierror_internal_proto_error_proto_depIdxs = nil + File_error_proto = out.File + file_error_proto_goTypes = nil + file_error_proto_depIdxs = nil } diff --git a/vendor/github.com/googleapis/gax-go/v2/call_option.go b/vendor/github.com/googleapis/gax-go/v2/call_option.go index ac1f2b1..8f5948e 100644 --- a/vendor/github.com/googleapis/gax-go/v2/call_option.go +++ b/vendor/github.com/googleapis/gax-go/v2/call_option.go @@ -250,6 +250,22 @@ func WithTimeout(t time.Duration) CallOption { return &timeoutOpt{t: t} } +type clientMetricsOpt struct { + cm *ClientMetrics +} + +// Resolve applies the ClientMetrics to the CallSettings. +func (o clientMetricsOpt) Resolve(s *CallSettings) { + s.clientMetrics = o.cm +} + +// WithClientMetrics applies metrics instrumentation to the CallSettings. +// +// This is for internal use only. +func WithClientMetrics(cm *ClientMetrics) CallOption { + return clientMetricsOpt{cm: cm} +} + // CallSettings allow fine-grained control over how calls are made. type CallSettings struct { // Retry returns a Retryer to be used to control retry logic of a method call. @@ -265,4 +281,8 @@ type CallSettings struct { // Timeout defines the amount of time that Invoke has to complete. // Unexported so it cannot be changed by the code in an APICall. timeout time.Duration + + // clientMetrics holds the pre-allocated OpenTelemetry metrics instruments + // to use for this call. + clientMetrics *ClientMetrics } diff --git a/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go b/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go index f5af5c9..3d7be5f 100644 --- a/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go +++ b/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go @@ -35,6 +35,7 @@ package callctx import ( "context" "fmt" + "log/slog" ) const ( @@ -98,3 +99,48 @@ func cloneHeaders(h map[string][]string) map[string][]string { } return c } + +// telemetryKey is a private type used to store/retrieve telemetry context values. +type telemetryKey string + +// WithTelemetryContext injects telemetry attribute values (like resource name +// or client version) into the context. In accordance with standard Go context +// guidelines, this should only be used for data that transits processes and APIs, +// and not for passing optional parameters to functions. keyvals should have a +// corresponding value for every key provided. If there is an odd number of keyvals +// this method will panic. +func WithTelemetryContext(ctx context.Context, keyvals ...string) context.Context { + if len(keyvals)%2 != 0 { + panic(fmt.Sprintf("callctx: an even number of key value pairs must be provided, got %d", len(keyvals))) + } + + for i := 0; i < len(keyvals); i = i + 2 { + ctx = context.WithValue(ctx, telemetryKey(keyvals[i]), keyvals[i+1]) + } + return ctx +} + +// TelemetryFromContext extracts a telemetry attribute value from the context. +// The returned bool indicates a successful typecast of the value to a string. +func TelemetryFromContext(ctx context.Context, key string) (string, bool) { + val, ok := ctx.Value(telemetryKey(key)).(string) + return val, ok +} + +// loggerKey is a private type used to store/retrieve the logger context value. +type loggerContextKey string + +const loggerCKey = loggerContextKey("logger") + +// WithLoggerContext injects a slog.Logger into the context. This logger will +// be extracted by the client library or transport wrappers to emit logs. +func WithLoggerContext(ctx context.Context, logger *slog.Logger) context.Context { + return context.WithValue(ctx, loggerCKey, logger) +} + +// LoggerFromContext extracts a slog.Logger from the context. +// The returned bool indicates whether a logger was found. +func LoggerFromContext(ctx context.Context) (*slog.Logger, bool) { + logger, ok := ctx.Value(loggerCKey).(*slog.Logger) + return logger, ok +} diff --git a/vendor/github.com/googleapis/gax-go/v2/content_type.go b/vendor/github.com/googleapis/gax-go/v2/content_type.go index 1b53d0a..818a3b0 100644 --- a/vendor/github.com/googleapis/gax-go/v2/content_type.go +++ b/vendor/github.com/googleapis/gax-go/v2/content_type.go @@ -31,7 +31,7 @@ package gax import ( "io" - "io/ioutil" + "net/http" ) @@ -78,7 +78,7 @@ func (cs *contentSniffer) ContentType() (string, bool) { } cs.sniffed = true // If ReadAll hits EOF, it returns err==nil. - cs.start, cs.err = ioutil.ReadAll(io.LimitReader(cs.r, sniffBuffSize)) + cs.start, cs.err = io.ReadAll(io.LimitReader(cs.r, sniffBuffSize)) // Don't try to detect the content type based on possibly incomplete data. if cs.err != nil { diff --git a/vendor/github.com/googleapis/gax-go/v2/feature.go b/vendor/github.com/googleapis/gax-go/v2/feature.go new file mode 100644 index 0000000..32e05a3 --- /dev/null +++ b/vendor/github.com/googleapis/gax-go/v2/feature.go @@ -0,0 +1,75 @@ +// Copyright 2025, Google Inc. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package gax + +import ( + "os" + "strings" + "sync" +) + +var ( + // featureEnabledOnce caches results for IsFeatureEnabled. + featureEnabledOnce sync.Once + featureEnabledStore map[string]bool +) + +// IsFeatureEnabled checks if an experimental feature is enabled via +// environment variable. The environment variable must be prefixed with +// "GOOGLE_SDK_GO_EXPERIMENTAL_". The feature name passed to this +// function must be the suffix (e.g., "FOO" for "GOOGLE_SDK_GO_EXPERIMENTAL_FOO"). +// To enable the feature, the environment variable's value must be "true", +// case-insensitive. The result for each name is cached on the first call. +func IsFeatureEnabled(name string) bool { + featureEnabledOnce.Do(func() { + featureEnabledStore = make(map[string]bool) + for _, env := range os.Environ() { + if strings.HasPrefix(env, "GOOGLE_SDK_GO_EXPERIMENTAL_") { + // Parse "KEY=VALUE" + kv := strings.SplitN(env, "=", 2) + if len(kv) == 2 && strings.ToLower(kv[1]) == "true" { + key := strings.TrimPrefix(kv[0], "GOOGLE_SDK_GO_EXPERIMENTAL_") + featureEnabledStore[key] = true + } + } + } + }) + return featureEnabledStore[name] +} + +// TestOnlyResetIsFeatureEnabled is for testing purposes only. It resets the cached +// feature flags, allowing environment variables to be re-read on the next call to IsFeatureEnabled. +// This function is not thread-safe; if another goroutine reads a feature after this +// function is called but before the `featureEnabledOnce` is re-initialized by IsFeatureEnabled, +// it may see an inconsistent state. +func TestOnlyResetIsFeatureEnabled() { + featureEnabledOnce = sync.Once{} + featureEnabledStore = nil +} diff --git a/vendor/github.com/googleapis/gax-go/v2/internal/version.go b/vendor/github.com/googleapis/gax-go/v2/internal/version.go index 0ab1bce..b374c67 100644 --- a/vendor/github.com/googleapis/gax-go/v2/internal/version.go +++ b/vendor/github.com/googleapis/gax-go/v2/internal/version.go @@ -1,33 +1,20 @@ -// Copyright 2022, Google Inc. -// All rights reserved. +// Copyright 2026 Google LLC // -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at // -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// * Neither the name of Google Inc. nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. +// http://www.apache.org/licenses/LICENSE-2.0 // -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by gapicgen. DO NOT EDIT. package internal // Version is the current tagged release of the library. -const Version = "2.15.0" +const Version = "2.19.0" diff --git a/vendor/github.com/googleapis/gax-go/v2/invoke.go b/vendor/github.com/googleapis/gax-go/v2/invoke.go index 721d1af..594ac16 100644 --- a/vendor/github.com/googleapis/gax-go/v2/invoke.go +++ b/vendor/github.com/googleapis/gax-go/v2/invoke.go @@ -31,15 +31,26 @@ package gax import ( "context" + "strconv" "strings" "time" "github.com/googleapis/gax-go/v2/apierror" + "github.com/googleapis/gax-go/v2/callctx" ) // APICall is a user defined call stub. type APICall func(context.Context, CallSettings) error +// withRetryCount returns a new context with the retry count appended to +// the telemetry context. The retry count is the number of retries that have been +// attempted. On the initial request, retry count is 0. +// On a second request (the first retry), retry count is 1. +func withRetryCount(ctx context.Context, retryCount int) context.Context { + // Add to telemetry context so it's visible to observability wrappers + return callctx.WithTelemetryContext(ctx, "resend_count", strconv.Itoa(retryCount)) +} + // Invoke calls the given APICall, performing retries as specified by opts, if // any. func Invoke(ctx context.Context, call APICall, opts ...CallOption) error { @@ -78,8 +89,15 @@ func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper ctx = c } + retryCount := 0 + // Feature gate: GOOGLE_SDK_GO_EXPERIMENTAL_TRACING=true + tracingEnabled := IsFeatureEnabled("TRACING") for { - err := call(ctx, settings) + ctxToUse := ctx + if tracingEnabled { + ctxToUse = withRetryCount(ctx, retryCount) + } + err := call(ctxToUse, settings) if err == nil { return nil } @@ -110,5 +128,6 @@ func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper } else if err = sp(ctx, d); err != nil { return err } + retryCount++ } } diff --git a/vendor/github.com/googleapis/gax-go/v2/telemetry.go b/vendor/github.com/googleapis/gax-go/v2/telemetry.go new file mode 100644 index 0000000..1e0320a --- /dev/null +++ b/vendor/github.com/googleapis/gax-go/v2/telemetry.go @@ -0,0 +1,295 @@ +// Copyright 2026, Google Inc. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package gax + +import ( + "context" + "log/slog" + "sync" + + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/metric" +) + +// TransportTelemetryData contains mutable telemetry information that the transport +// layer (e.g. gRPC or HTTP) populates during an RPC. This allows gax.Invoke to +// correctly emit metric data without directly importing those transport layers. +// TransportTelemetryData is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +// It should not be used by external consumers. +type TransportTelemetryData struct { + serverAddress string + serverPort int + responseStatusCode int +} + +// SetServerAddress sets the server address. +// Experimental: This function is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +func (d *TransportTelemetryData) SetServerAddress(addr string) { d.serverAddress = addr } + +// ServerAddress returns the server address. +// Experimental: This function is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +func (d *TransportTelemetryData) ServerAddress() string { return d.serverAddress } + +// SetServerPort sets the server port. +// Experimental: This function is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +func (d *TransportTelemetryData) SetServerPort(port int) { d.serverPort = port } + +// ServerPort returns the server port. +// Experimental: This function is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +func (d *TransportTelemetryData) ServerPort() int { return d.serverPort } + +// SetResponseStatusCode sets the response status code. +// Experimental: This function is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +func (d *TransportTelemetryData) SetResponseStatusCode(code int) { d.responseStatusCode = code } + +// ResponseStatusCode returns the response status code. +// Experimental: This function is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +func (d *TransportTelemetryData) ResponseStatusCode() int { return d.responseStatusCode } + +// transportTelemetryKey is the private context key used to inject TransportTelemetryData +type transportTelemetryKey struct{} + +// InjectTransportTelemetry injects a mutable TransportTelemetryData pointer into the context. +// Experimental: This function is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +func InjectTransportTelemetry(ctx context.Context, data *TransportTelemetryData) context.Context { + return context.WithValue(ctx, transportTelemetryKey{}, data) +} + +// ExtractTransportTelemetry retrieves a mutable TransportTelemetryData pointer from the context. +// It returns nil if the data is not present. +// Experimental: This function is experimental and may be modified or removed in future versions, +// regardless of any other documented package stability guarantees. +func ExtractTransportTelemetry(ctx context.Context) *TransportTelemetryData { + data, _ := ctx.Value(transportTelemetryKey{}).(*TransportTelemetryData) + return data +} + +const ( + metricName = "gcp.client.request.duration" + metricDescription = "Duration of the request to the Google Cloud API" + + // Constants for ClientMetrics configuration map keys. + // These are used by generated clients to pass attributes to the ClientMetrics option. + // Because they are used in generated code, these values must not be changed. + + // ClientService is the Google Cloud API service name. E.g. "storage". + ClientService = "client_service" + // ClientVersion is the version of the client. E.g. "1.43.0". + ClientVersion = "client_version" + // ClientArtifact is the library name. E.g. "cloud.google.com/go/storage". + ClientArtifact = "client_artifact" + // RPCSystem is the RPC system type. E.g. "grpc" or "http". + RPCSystem = "rpc_system" + // URLDomain is the nominal service domain. E.g. "storage.googleapis.com". + URLDomain = "url_domain" + + // Constants for telemetry attribute keys. + keyGCPClientService = "gcp.client.service" + keyRPCSystemName = "rpc.system.name" + keyURLDomain = "url.domain" + + // SchemaURL specifies the OpenTelemetry schema version. + schemaURL = "https://opentelemetry.io/schemas/1.39.0" +) + +// Default bucket boundaries for the duration metric in seconds. +// An exponential-ish distribution. +var defaultHistogramBoundaries = []float64{ + 0.0, 0.0001, 0.0005, 0.0010, 0.005, 0.010, 0.050, 0.100, 0.5, 1.0, 5.0, 10.0, 60.0, 300.0, 900.0, 3600.0, +} + +// ClientMetrics contains the pre-allocated OpenTelemetry instruments and attributes +// for a specific generated Google Cloud client library. +// There should be exactly one ClientMetrics instance instantiated per generated client. +type ClientMetrics struct { + get func() clientMetricsData +} + +type clientMetricsData struct { + duration metric.Float64Histogram + attr []attribute.KeyValue +} + +type telemetryOptions struct { + provider metric.MeterProvider + attributes map[string]string + explicitBucketBoundaries []float64 + logger *slog.Logger +} + +// TelemetryOption is an option to configure a ClientMetrics instance. +// TelemetryOption works by modifying relevant fields of telemetryOptions. +type TelemetryOption interface { + // Resolve applies the option by modifying opts. + Resolve(opts *telemetryOptions) +} + +type providerOpt struct { + p metric.MeterProvider +} + +func (p providerOpt) Resolve(opts *telemetryOptions) { + opts.provider = p.p +} + +// WithMeterProvider specifies the metric.MeterProvider to use for instruments. +func WithMeterProvider(p metric.MeterProvider) TelemetryOption { + return &providerOpt{p: p} +} + +type attrOpt struct { + attrs map[string]string +} + +func (a attrOpt) Resolve(opts *telemetryOptions) { + opts.attributes = a.attrs +} + +// WithTelemetryAttributes specifies the static attributes attachments. +func WithTelemetryAttributes(attr map[string]string) TelemetryOption { + return &attrOpt{attrs: attr} +} + +type boundariesOpt struct { + boundaries []float64 +} + +func (b boundariesOpt) Resolve(opts *telemetryOptions) { + opts.explicitBucketBoundaries = b.boundaries +} + +// WithExplicitBucketBoundaries overrides the default histogram bucket boundaries. +func WithExplicitBucketBoundaries(boundaries []float64) TelemetryOption { + return &boundariesOpt{boundaries: boundaries} +} + +type loggerOpt struct { + l *slog.Logger +} + +func (l loggerOpt) Resolve(opts *telemetryOptions) { + opts.logger = l.l +} + +// WithTelemetryLogger specifies a logger to record internal telemetry errors. +func WithTelemetryLogger(l *slog.Logger) TelemetryOption { + return &loggerOpt{l: l} +} + +func (config *telemetryOptions) meterProvider() metric.MeterProvider { + if config.provider != nil { + return config.provider + } + return otel.GetMeterProvider() +} + +func (config *telemetryOptions) bucketBoundaries() []float64 { + if len(config.explicitBucketBoundaries) > 0 { + return config.explicitBucketBoundaries + } + return defaultHistogramBoundaries +} + +// NewClientMetrics initializes and returns a new ClientMetrics instance. +// It is intended to be called once per generated client during initialization. +func NewClientMetrics(opts ...TelemetryOption) *ClientMetrics { + var config telemetryOptions + for _, opt := range opts { + opt.Resolve(&config) + } + + return &ClientMetrics{ + get: sync.OnceValue(func() clientMetricsData { + provider := config.meterProvider() + + var meterAttrs []attribute.KeyValue + if val, ok := config.attributes[ClientService]; ok { + meterAttrs = append(meterAttrs, attribute.KeyValue{Key: attribute.Key(keyGCPClientService), Value: attribute.StringValue(val)}) + } + + meterOpts := []metric.MeterOption{ + metric.WithInstrumentationVersion(config.attributes[ClientVersion]), + metric.WithSchemaURL(schemaURL), + } + if len(meterAttrs) > 0 { + meterOpts = append(meterOpts, metric.WithInstrumentationAttributes(meterAttrs...)) + } + + meter := provider.Meter(config.attributes[ClientArtifact], meterOpts...) + + boundaries := config.bucketBoundaries() + + duration, err := meter.Float64Histogram( + metricName, + metric.WithDescription(metricDescription), + metric.WithUnit("s"), + metric.WithExplicitBucketBoundaries(boundaries...), + ) + if err != nil && config.logger != nil { + config.logger.Warn("failed to initialize OTel duration histogram", "error", err) + } + + var attr []attribute.KeyValue + if val, ok := config.attributes[URLDomain]; ok { + attr = append(attr, attribute.KeyValue{Key: attribute.Key(keyURLDomain), Value: attribute.StringValue(val)}) + } + if val, ok := config.attributes[RPCSystem]; ok { + attr = append(attr, attribute.KeyValue{Key: attribute.Key(keyRPCSystemName), Value: attribute.StringValue(val)}) + } + return clientMetricsData{ + duration: duration, + attr: attr, + } + }), + } +} + +func (cm *ClientMetrics) durationHistogram() metric.Float64Histogram { + if cm == nil || cm.get == nil { + return nil + } + return cm.get().duration +} + +func (cm *ClientMetrics) attributes() []attribute.KeyValue { + if cm == nil || cm.get == nil { + return nil + } + return cm.get().attr +} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/client.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/client.go deleted file mode 100644 index 521daa2..0000000 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/client.go +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright The OpenTelemetry Authors -// SPDX-License-Identifier: Apache-2.0 - -package otelhttp // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" - -import ( - "context" - "io" - "net/http" - "net/url" - "strings" -) - -// DefaultClient is the default Client and is used by Get, Head, Post and PostForm. -// Please be careful of initialization order - for example, if you change -// the global propagator, the DefaultClient might still be using the old one. -var DefaultClient = &http.Client{Transport: NewTransport(http.DefaultTransport)} - -// Get is a convenient replacement for http.Get that adds a span around the request. -func Get(ctx context.Context, targetURL string) (resp *http.Response, err error) { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, targetURL, http.NoBody) - if err != nil { - return nil, err - } - return DefaultClient.Do(req) -} - -// Head is a convenient replacement for http.Head that adds a span around the request. -func Head(ctx context.Context, targetURL string) (resp *http.Response, err error) { - req, err := http.NewRequestWithContext(ctx, http.MethodHead, targetURL, http.NoBody) - if err != nil { - return nil, err - } - return DefaultClient.Do(req) -} - -// Post is a convenient replacement for http.Post that adds a span around the request. -func Post(ctx context.Context, targetURL, contentType string, body io.Reader) (resp *http.Response, err error) { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, targetURL, body) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", contentType) - return DefaultClient.Do(req) -} - -// PostForm is a convenient replacement for http.PostForm that adds a span around the request. -func PostForm(ctx context.Context, targetURL string, data url.Values) (resp *http.Response, err error) { - return Post(ctx, targetURL, "application/x-www-form-urlencoded", strings.NewReader(data.Encode())) -} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/common.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/common.go index a83a026..3ae0824 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/common.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/common.go @@ -23,5 +23,5 @@ const ( type Filter func(*http.Request) bool func newTracer(tp trace.TracerProvider) trace.Tracer { - return tp.Tracer(ScopeName, trace.WithInstrumentationVersion(Version())) + return tp.Tracer(ScopeName, trace.WithInstrumentationVersion(Version)) } diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/config.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/config.go index 38fb79c..a7d4b2a 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/config.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/config.go @@ -26,7 +26,6 @@ type config struct { Meter metric.Meter Propagators propagation.TextMapPropagator SpanStartOptions []trace.SpanStartOption - PublicEndpoint bool PublicEndpointFn func(*http.Request) bool ReadEvent bool WriteEvent bool @@ -67,7 +66,7 @@ func newConfig(opts ...Option) *config { c.Meter = c.MeterProvider.Meter( ScopeName, - metric.WithInstrumentationVersion(Version()), + metric.WithInstrumentationVersion(Version), ) return c @@ -93,20 +92,10 @@ func WithMeterProvider(provider metric.MeterProvider) Option { }) } -// WithPublicEndpoint configures the Handler to link the span with an incoming -// span context. If this option is not provided, then the association is a child -// association instead of a link. -func WithPublicEndpoint() Option { - return optionFunc(func(c *config) { - c.PublicEndpoint = true - }) -} - // WithPublicEndpointFn runs with every request, and allows conditionally // configuring the Handler to link the span with an incoming span context. If // this option is not provided or returns false, then the association is a // child association instead of a link. -// Note: WithPublicEndpoint takes precedence over WithPublicEndpointFn. func WithPublicEndpointFn(fn func(*http.Request) bool) Option { return optionFunc(func(c *config) { c.PublicEndpointFn = fn @@ -143,11 +132,13 @@ func WithFilter(f Filter) Option { }) } -type event int +// Event represents message event types for [WithMessageEvents]. +type Event int // Different types of events that can be recorded, see WithMessageEvents. const ( - ReadEvents event = iota + unspecifiedEvents Event = iota + ReadEvents WriteEvents ) @@ -160,7 +151,7 @@ const ( // using the ReadBytesKey // - WriteEvents: Record the number of bytes written after every http.ResponeWriter.Write // using the WriteBytesKey -func WithMessageEvents(events ...event) Option { +func WithMessageEvents(events ...Event) Option { return optionFunc(func(c *config) { for _, e := range events { switch e { @@ -203,6 +194,9 @@ func WithServerName(server string) Option { // WithMetricAttributesFn returns an Option to set a function that maps an HTTP request to a slice of attribute.KeyValue. // These attributes will be included in metrics for every request. +// +// Deprecated: WithMetricAttributesFn is deprecated and will be removed in a +// future release. Use [Labeler] instead. func WithMetricAttributesFn(metricAttributesFn func(r *http.Request) []attribute.KeyValue) Option { return optionFunc(func(c *config) { c.MetricAttributesFn = metricAttributesFn diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/doc.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/doc.go index 56b24b9..1c9aa3f 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/doc.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/doc.go @@ -2,6 +2,5 @@ // SPDX-License-Identifier: Apache-2.0 // Package otelhttp provides an http.Handler and functions that are intended -// to be used to add tracing by wrapping existing handlers (with Handler) and -// routes WithRouteTag. +// to be used to add tracing by wrapping existing handlers. package otelhttp // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go index fef83b4..a269fce 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go @@ -29,7 +29,6 @@ type middleware struct { writeEvent bool filters []Filter spanNameFormatter func(string, *http.Request) string - publicEndpoint bool publicEndpointFn func(*http.Request) bool metricAttributesFn func(*http.Request) []attribute.KeyValue @@ -77,7 +76,6 @@ func (h *middleware) configure(c *config) { h.writeEvent = c.WriteEvent h.filters = c.Filters h.spanNameFormatter = c.SpanNameFormatter - h.publicEndpoint = c.PublicEndpoint h.publicEndpointFn = c.PublicEndpointFn h.server = c.ServerName h.semconv = semconv.NewHTTPServer(c.Meter) @@ -102,7 +100,7 @@ func (h *middleware) serveHTTP(w http.ResponseWriter, r *http.Request, next http } opts = append(opts, h.spanStartOptions...) - if h.publicEndpoint || (h.publicEndpointFn != nil && h.publicEndpointFn(r.WithContext(ctx))) { + if h.publicEndpointFn != nil && h.publicEndpointFn(r.WithContext(ctx)) { opts = append(opts, trace.WithNewRoot()) // Linking incoming span context if any for public endpoint. if s := trace.SpanContextFromContext(ctx); s.IsValid() && s.IsRemote() { @@ -186,30 +184,26 @@ func (h *middleware) serveHTTP(w http.ResponseWriter, r *http.Request, next http statusCode := rww.StatusCode() bytesWritten := rww.BytesWritten() span.SetStatus(h.semconv.Status(statusCode)) + bytesRead := bw.BytesRead() span.SetAttributes(h.semconv.ResponseTraceAttrs(semconv.ResponseTelemetry{ StatusCode: statusCode, - ReadBytes: bw.BytesRead(), + ReadBytes: bytesRead, ReadError: bw.Error(), WriteBytes: bytesWritten, WriteError: rww.Error(), })...) - // Use floating point division here for higher precision (instead of Millisecond method). - elapsedTime := float64(time.Since(requestStartTime)) / float64(time.Millisecond) - - metricAttributes := semconv.MetricAttributes{ - Req: r, - StatusCode: statusCode, - AdditionalAttributes: append(labeler.Get(), h.metricAttributesFromRequest(r)...), - } - h.semconv.RecordMetrics(ctx, semconv.ServerMetricData{ - ServerName: h.server, - ResponseSize: bytesWritten, - MetricAttributes: metricAttributes, + ServerName: h.server, + ResponseSize: bytesWritten, + MetricAttributes: semconv.MetricAttributes{ + Req: r, + StatusCode: statusCode, + AdditionalAttributes: append(labeler.Get(), h.metricAttributesFromRequest(r)...), + }, MetricData: semconv.MetricData{ - RequestSize: bw.BytesRead(), - ElapsedTime: elapsedTime, + RequestSize: bytesRead, + RequestDuration: time.Since(requestStartTime), }, }) } @@ -221,18 +215,3 @@ func (h *middleware) metricAttributesFromRequest(r *http.Request) []attribute.Ke } return attributeForRequest } - -// WithRouteTag annotates spans and metrics with the provided route name -// with HTTP route attribute. -func WithRouteTag(route string, h http.Handler) http.Handler { - attr := semconv.NewHTTPServer(nil).Route(route) - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - span := trace.SpanFromContext(r.Context()) - span.SetAttributes(attr) - - labeler, _ := LabelerFromContext(r.Context()) - labeler.Add(attr) - - h.ServeHTTP(w, r) - }) -} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request/resp_writer_wrapper.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request/resp_writer_wrapper.go index ca2e4c1..f29f9b7 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request/resp_writer_wrapper.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request/resp_writer_wrapper.go @@ -61,7 +61,7 @@ func (w *RespWriterWrapper) Write(p []byte) (int, error) { // WriteHeader persists initial statusCode for span attribution. // All calls to WriteHeader will be propagated to the underlying ResponseWriter -// and will persist the statusCode from the first call. +// and will persist the statusCode from the first call (except for informational response status codes). // Blocking consecutive calls to WriteHeader alters expected behavior and will // remove warning logs from net/http where developers will notice incorrect handler implementations. func (w *RespWriterWrapper) WriteHeader(statusCode int) { @@ -77,6 +77,13 @@ func (w *RespWriterWrapper) WriteHeader(statusCode int) { // parent method. func (w *RespWriterWrapper) writeHeader(statusCode int) { if !w.wroteHeader { + // Ignore informational response status codes. + // Based on https://github.com/golang/go/blob/go1.24.1/src/net/http/server.go#L1216 + if statusCode >= 100 && statusCode <= 199 && statusCode != http.StatusSwitchingProtocols { + w.ResponseWriter.WriteHeader(statusCode) + return + } + w.wroteHeader = true w.statusCode = statusCode } diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/client.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/client.go new file mode 100644 index 0000000..1398d85 --- /dev/null +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/client.go @@ -0,0 +1,291 @@ +// Code generated by gotmpl. DO NOT MODIFY. +// source: internal/shared/semconv/client.go.tmpl + +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package semconv provides OpenTelemetry semantic convention types and +// functionality. +package semconv // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv" + +import ( + "context" + "fmt" + "net/http" + "slices" + "strconv" + "strings" + + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" + "go.opentelemetry.io/otel/metric" + "go.opentelemetry.io/otel/semconv/v1.40.0" + "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv" +) + +type HTTPClient struct { + requestBodySize httpconv.ClientRequestBodySize + requestDuration httpconv.ClientRequestDuration +} + +func NewHTTPClient(meter metric.Meter) HTTPClient { + client := HTTPClient{} + + var err error + client.requestBodySize, err = httpconv.NewClientRequestBodySize(meter) + handleErr(err) + + client.requestDuration, err = httpconv.NewClientRequestDuration( + meter, + metric.WithExplicitBucketBoundaries(0.005, 0.01, 0.025, 0.05, 0.075, 0.1, 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10), + ) + handleErr(err) + + return client +} + +func (n HTTPClient) Status(code int) (codes.Code, string) { + if code < 100 || code >= 600 { + return codes.Error, fmt.Sprintf("Invalid HTTP status code %d", code) + } + if code >= 400 { + return codes.Error, "" + } + return codes.Unset, "" +} + +// RequestTraceAttrs returns trace attributes for an HTTP request made by a client. +func (n HTTPClient) RequestTraceAttrs(req *http.Request) []attribute.KeyValue { + /* + below attributes are returned: + - http.request.method + - http.request.method.original + - url.full + - server.address + - server.port + - network.protocol.name + - network.protocol.version + */ + numOfAttributes := 3 // URL, server address, proto, and method. + + var urlHost string + if req.URL != nil { + urlHost = req.URL.Host + } + var requestHost string + var requestPort int + for _, hostport := range []string{urlHost, req.Header.Get("Host")} { + requestHost, requestPort = SplitHostPort(hostport) + if requestHost != "" || requestPort > 0 { + break + } + } + + eligiblePort := requiredHTTPPort(req.URL != nil && req.URL.Scheme == "https", requestPort) + if eligiblePort > 0 { + numOfAttributes++ + } + useragent := req.UserAgent() + if useragent != "" { + numOfAttributes++ + } + + protoName, protoVersion := netProtocol(req.Proto) + if protoName != "" && protoName != "http" { + numOfAttributes++ + } + if protoVersion != "" { + numOfAttributes++ + } + + method, originalMethod := n.method(req.Method) + if originalMethod != (attribute.KeyValue{}) { + numOfAttributes++ + } + + attrs := make([]attribute.KeyValue, 0, numOfAttributes) + + attrs = append(attrs, method) + if originalMethod != (attribute.KeyValue{}) { + attrs = append(attrs, originalMethod) + } + + var u string + if req.URL != nil { + // Remove any username/password info that may be in the URL. + userinfo := req.URL.User + req.URL.User = nil + u = req.URL.String() + // Restore any username/password info that was removed. + req.URL.User = userinfo + } + attrs = append(attrs, semconv.URLFull(u)) + + attrs = append(attrs, semconv.ServerAddress(requestHost)) + if eligiblePort > 0 { + attrs = append(attrs, semconv.ServerPort(eligiblePort)) + } + + if protoName != "" && protoName != "http" { + attrs = append(attrs, semconv.NetworkProtocolName(protoName)) + } + if protoVersion != "" { + attrs = append(attrs, semconv.NetworkProtocolVersion(protoVersion)) + } + + return attrs +} + +// ResponseTraceAttrs returns trace attributes for an HTTP response made by a client. +func (n HTTPClient) ResponseTraceAttrs(resp *http.Response) []attribute.KeyValue { + /* + below attributes are returned: + - http.response.status_code + - error.type + */ + var count int + if resp.StatusCode > 0 { + count++ + } + + if isErrorStatusCode(resp.StatusCode) { + count++ + } + + attrs := make([]attribute.KeyValue, 0, count) + if resp.StatusCode > 0 { + attrs = append(attrs, semconv.HTTPResponseStatusCode(resp.StatusCode)) + } + + if isErrorStatusCode(resp.StatusCode) { + errorType := strconv.Itoa(resp.StatusCode) + attrs = append(attrs, semconv.ErrorTypeKey.String(errorType)) + } + return attrs +} + +func (n HTTPClient) method(method string) (attribute.KeyValue, attribute.KeyValue) { + if method == "" { + return semconv.HTTPRequestMethodGet, attribute.KeyValue{} + } + if attr, ok := methodLookup[method]; ok { + return attr, attribute.KeyValue{} + } + + orig := semconv.HTTPRequestMethodOriginal(method) + if attr, ok := methodLookup[strings.ToUpper(method)]; ok { + return attr, orig + } + return semconv.HTTPRequestMethodGet, orig +} + +func (n HTTPClient) MetricAttributes(req *http.Request, statusCode int, additionalAttributes []attribute.KeyValue) []attribute.KeyValue { + num := len(additionalAttributes) + 2 + var h string + if req.URL != nil { + h = req.URL.Host + } + var requestHost string + var requestPort int + for _, hostport := range []string{h, req.Header.Get("Host")} { + requestHost, requestPort = SplitHostPort(hostport) + if requestHost != "" || requestPort > 0 { + break + } + } + + port := requiredHTTPPort(req.URL != nil && req.URL.Scheme == "https", requestPort) + if port > 0 { + num++ + } + + protoName, protoVersion := netProtocol(req.Proto) + if protoName != "" { + num++ + } + if protoVersion != "" { + num++ + } + + if statusCode > 0 { + num++ + } + + attributes := slices.Grow(additionalAttributes, num) + attributes = append(attributes, + semconv.HTTPRequestMethodKey.String(standardizeHTTPMethod(req.Method)), + semconv.ServerAddress(requestHost), + n.scheme(req), + ) + + if port > 0 { + attributes = append(attributes, semconv.ServerPort(port)) + } + if protoName != "" { + attributes = append(attributes, semconv.NetworkProtocolName(protoName)) + } + if protoVersion != "" { + attributes = append(attributes, semconv.NetworkProtocolVersion(protoVersion)) + } + + if statusCode > 0 { + attributes = append(attributes, semconv.HTTPResponseStatusCode(statusCode)) + } + return attributes +} + +type MetricOpts struct { + measurement metric.MeasurementOption + addOptions metric.AddOption +} + +func (o MetricOpts) MeasurementOption() metric.MeasurementOption { + return o.measurement +} + +func (o MetricOpts) AddOptions() metric.AddOption { + return o.addOptions +} + +func (n HTTPClient) MetricOptions(ma MetricAttributes) MetricOpts { + attributes := n.MetricAttributes(ma.Req, ma.StatusCode, ma.AdditionalAttributes) + set := metric.WithAttributeSet(attribute.NewSet(attributes...)) + + return MetricOpts{ + measurement: set, + addOptions: set, + } +} + +func (n HTTPClient) RecordMetrics(ctx context.Context, md MetricData, opts MetricOpts) { + recordOpts := metricRecordOptionPool.Get().(*[]metric.RecordOption) + defer func() { + *recordOpts = (*recordOpts)[:0] + metricRecordOptionPool.Put(recordOpts) + }() + *recordOpts = append(*recordOpts, opts.MeasurementOption()) + + n.requestBodySize.Inst().Record(ctx, md.RequestSize, *recordOpts...) + n.requestDuration.Inst().Record(ctx, durationToSeconds(md.RequestDuration), *recordOpts...) +} + +// TraceAttributes returns attributes for httptrace. +func (n HTTPClient) TraceAttributes(host string) []attribute.KeyValue { + return []attribute.KeyValue{ + semconv.ServerAddress(host), + } +} + +func (n HTTPClient) scheme(req *http.Request) attribute.KeyValue { + if req.URL != nil && req.URL.Scheme != "" { + return semconv.URLScheme(req.URL.Scheme) + } + if req.TLS != nil { + return semconv.URLScheme("https") + } + return semconv.URLScheme("http") +} + +func isErrorStatusCode(code int) bool { + return code >= 400 || code < 100 +} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/env.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/env.go deleted file mode 100644 index 821b80e..0000000 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/env.go +++ /dev/null @@ -1,248 +0,0 @@ -// Code generated by gotmpl. DO NOT MODIFY. -// source: internal/shared/semconv/env.go.tmpl - -// Copyright The OpenTelemetry Authors -// SPDX-License-Identifier: Apache-2.0 - -package semconv // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv" - -import ( - "context" - "fmt" - "net/http" - "strings" - "sync" - - "go.opentelemetry.io/otel/attribute" - "go.opentelemetry.io/otel/codes" - "go.opentelemetry.io/otel/metric" - "go.opentelemetry.io/otel/semconv/v1.37.0/httpconv" -) - -// OTelSemConvStabilityOptIn is an environment variable. -// That can be set to "http/dup" to keep getting the old HTTP semantic conventions. -const OTelSemConvStabilityOptIn = "OTEL_SEMCONV_STABILITY_OPT_IN" - -type ResponseTelemetry struct { - StatusCode int - ReadBytes int64 - ReadError error - WriteBytes int64 - WriteError error -} - -type HTTPServer struct { - requestBodySizeHistogram httpconv.ServerRequestBodySize - responseBodySizeHistogram httpconv.ServerResponseBodySize - requestDurationHistogram httpconv.ServerRequestDuration -} - -// RequestTraceAttrs returns trace attributes for an HTTP request received by a -// server. -// -// The server must be the primary server name if it is known. For example this -// would be the ServerName directive -// (https://httpd.apache.org/docs/2.4/mod/core.html#servername) for an Apache -// server, and the server_name directive -// (http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) for an -// nginx server. More generically, the primary server name would be the host -// header value that matches the default virtual host of an HTTP server. It -// should include the host identifier and if a port is used to route to the -// server that port identifier should be included as an appropriate port -// suffix. -// -// If the primary server name is not known, server should be an empty string. -// The req Host will be used to determine the server instead. -func (s HTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { - return CurrentHTTPServer{}.RequestTraceAttrs(server, req, opts) -} - -func (s HTTPServer) NetworkTransportAttr(network string) []attribute.KeyValue { - return []attribute.KeyValue{ - CurrentHTTPServer{}.NetworkTransportAttr(network), - } -} - -// ResponseTraceAttrs returns trace attributes for telemetry from an HTTP response. -// -// If any of the fields in the ResponseTelemetry are not set the attribute will be omitted. -func (s HTTPServer) ResponseTraceAttrs(resp ResponseTelemetry) []attribute.KeyValue { - return CurrentHTTPServer{}.ResponseTraceAttrs(resp) -} - -// Route returns the attribute for the route. -func (s HTTPServer) Route(route string) attribute.KeyValue { - return CurrentHTTPServer{}.Route(route) -} - -// Status returns a span status code and message for an HTTP status code -// value returned by a server. Status codes in the 400-499 range are not -// returned as errors. -func (s HTTPServer) Status(code int) (codes.Code, string) { - if code < 100 || code >= 600 { - return codes.Error, fmt.Sprintf("Invalid HTTP status code %d", code) - } - if code >= 500 { - return codes.Error, "" - } - return codes.Unset, "" -} - -type ServerMetricData struct { - ServerName string - ResponseSize int64 - - MetricData - MetricAttributes -} - -type MetricAttributes struct { - Req *http.Request - StatusCode int - AdditionalAttributes []attribute.KeyValue -} - -type MetricData struct { - RequestSize int64 - - // The request duration, in milliseconds - ElapsedTime float64 -} - -var ( - metricAddOptionPool = &sync.Pool{ - New: func() any { - return &[]metric.AddOption{} - }, - } - - metricRecordOptionPool = &sync.Pool{ - New: func() any { - return &[]metric.RecordOption{} - }, - } -) - -func (s HTTPServer) RecordMetrics(ctx context.Context, md ServerMetricData) { - attributes := CurrentHTTPServer{}.MetricAttributes(md.ServerName, md.Req, md.StatusCode, md.AdditionalAttributes) - o := metric.WithAttributeSet(attribute.NewSet(attributes...)) - recordOpts := metricRecordOptionPool.Get().(*[]metric.RecordOption) - *recordOpts = append(*recordOpts, o) - s.requestBodySizeHistogram.Inst().Record(ctx, md.RequestSize, *recordOpts...) - s.responseBodySizeHistogram.Inst().Record(ctx, md.ResponseSize, *recordOpts...) - s.requestDurationHistogram.Inst().Record(ctx, md.ElapsedTime/1000.0, o) - *recordOpts = (*recordOpts)[:0] - metricRecordOptionPool.Put(recordOpts) -} - -// hasOptIn returns true if the comma-separated version string contains the -// exact optIn value. -func hasOptIn(version, optIn string) bool { - for _, v := range strings.Split(version, ",") { - if strings.TrimSpace(v) == optIn { - return true - } - } - return false -} - -func NewHTTPServer(meter metric.Meter) HTTPServer { - server := HTTPServer{} - - var err error - server.requestBodySizeHistogram, err = httpconv.NewServerRequestBodySize(meter) - handleErr(err) - - server.responseBodySizeHistogram, err = httpconv.NewServerResponseBodySize(meter) - handleErr(err) - - server.requestDurationHistogram, err = httpconv.NewServerRequestDuration( - meter, - metric.WithExplicitBucketBoundaries( - 0.005, 0.01, 0.025, 0.05, 0.075, 0.1, - 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10, - ), - ) - handleErr(err) - return server -} - -type HTTPClient struct { - requestBodySize httpconv.ClientRequestBodySize - requestDuration httpconv.ClientRequestDuration -} - -func NewHTTPClient(meter metric.Meter) HTTPClient { - client := HTTPClient{} - - var err error - client.requestBodySize, err = httpconv.NewClientRequestBodySize(meter) - handleErr(err) - - client.requestDuration, err = httpconv.NewClientRequestDuration( - meter, - metric.WithExplicitBucketBoundaries(0.005, 0.01, 0.025, 0.05, 0.075, 0.1, 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10), - ) - handleErr(err) - - return client -} - -// RequestTraceAttrs returns attributes for an HTTP request made by a client. -func (c HTTPClient) RequestTraceAttrs(req *http.Request) []attribute.KeyValue { - return CurrentHTTPClient{}.RequestTraceAttrs(req) -} - -// ResponseTraceAttrs returns metric attributes for an HTTP request made by a client. -func (c HTTPClient) ResponseTraceAttrs(resp *http.Response) []attribute.KeyValue { - return CurrentHTTPClient{}.ResponseTraceAttrs(resp) -} - -func (c HTTPClient) Status(code int) (codes.Code, string) { - if code < 100 || code >= 600 { - return codes.Error, fmt.Sprintf("Invalid HTTP status code %d", code) - } - if code >= 400 { - return codes.Error, "" - } - return codes.Unset, "" -} - -func (c HTTPClient) ErrorType(err error) attribute.KeyValue { - return CurrentHTTPClient{}.ErrorType(err) -} - -type MetricOpts struct { - measurement metric.MeasurementOption - addOptions metric.AddOption -} - -func (o MetricOpts) MeasurementOption() metric.MeasurementOption { - return o.measurement -} - -func (o MetricOpts) AddOptions() metric.AddOption { - return o.addOptions -} - -func (c HTTPClient) MetricOptions(ma MetricAttributes) map[string]MetricOpts { - opts := map[string]MetricOpts{} - - attributes := CurrentHTTPClient{}.MetricAttributes(ma.Req, ma.StatusCode, ma.AdditionalAttributes) - set := metric.WithAttributeSet(attribute.NewSet(attributes...)) - opts["new"] = MetricOpts{ - measurement: set, - addOptions: set, - } - - return opts -} - -func (s HTTPClient) RecordMetrics(ctx context.Context, md MetricData, opts map[string]MetricOpts) { - s.requestBodySize.Inst().Record(ctx, md.RequestSize, opts["new"].MeasurementOption()) - s.requestDuration.Inst().Record(ctx, md.ElapsedTime/1000, opts["new"].MeasurementOption()) -} - -func (s HTTPClient) TraceAttributes(host string) []attribute.KeyValue { - return CurrentHTTPClient{}.TraceAttributes(host) -} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/gen.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/gen.go index 1bb207b..a8a0d58 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/gen.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/gen.go @@ -6,10 +6,10 @@ package semconv // import "go.opentelemetry.io/contrib/instrumentation/net/http/ // Generate semconv package: //go:generate gotmpl --body=../../../../../../internal/shared/semconv/bench_test.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=bench_test.go //go:generate gotmpl --body=../../../../../../internal/shared/semconv/common_test.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=common_test.go -//go:generate gotmpl --body=../../../../../../internal/shared/semconv/env.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=env.go -//go:generate gotmpl --body=../../../../../../internal/shared/semconv/env_test.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=env_test.go -//go:generate gotmpl --body=../../../../../../internal/shared/semconv/httpconv.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=httpconv.go -//go:generate gotmpl --body=../../../../../../internal/shared/semconv/httpconv_test.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=httpconv_test.go +//go:generate gotmpl --body=../../../../../../internal/shared/semconv/server.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=server.go +//go:generate gotmpl --body=../../../../../../internal/shared/semconv/server_test.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=server_test.go +//go:generate gotmpl --body=../../../../../../internal/shared/semconv/client.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=client.go +//go:generate gotmpl --body=../../../../../../internal/shared/semconv/client_test.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=client_test.go //go:generate gotmpl --body=../../../../../../internal/shared/semconv/httpconvtest_test.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=httpconvtest_test.go //go:generate gotmpl --body=../../../../../../internal/shared/semconv/util.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=util.go //go:generate gotmpl --body=../../../../../../internal/shared/semconv/util_test.go.tmpl "--data={ \"pkg\": \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\" }" --out=util_test.go diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/httpconv.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/httpconv.go deleted file mode 100644 index 28c51a3..0000000 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/httpconv.go +++ /dev/null @@ -1,517 +0,0 @@ -// Code generated by gotmpl. DO NOT MODIFY. -// source: internal/shared/semconv/httpconv.go.tmpl - -// Copyright The OpenTelemetry Authors -// SPDX-License-Identifier: Apache-2.0 - -// Package semconv provides OpenTelemetry semantic convention types and -// functionality. -package semconv // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv" - -import ( - "fmt" - "net/http" - "reflect" - "slices" - "strconv" - "strings" - - "go.opentelemetry.io/otel/attribute" - semconvNew "go.opentelemetry.io/otel/semconv/v1.37.0" -) - -type RequestTraceAttrsOpts struct { - // If set, this is used as value for the "http.client_ip" attribute. - HTTPClientIP string -} - -type CurrentHTTPServer struct{} - -// RequestTraceAttrs returns trace attributes for an HTTP request received by a -// server. -// -// The server must be the primary server name if it is known. For example this -// would be the ServerName directive -// (https://httpd.apache.org/docs/2.4/mod/core.html#servername) for an Apache -// server, and the server_name directive -// (http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) for an -// nginx server. More generically, the primary server name would be the host -// header value that matches the default virtual host of an HTTP server. It -// should include the host identifier and if a port is used to route to the -// server that port identifier should be included as an appropriate port -// suffix. -// -// If the primary server name is not known, server should be an empty string. -// The req Host will be used to determine the server instead. -func (n CurrentHTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { - count := 3 // ServerAddress, Method, Scheme - - var host string - var p int - if server == "" { - host, p = SplitHostPort(req.Host) - } else { - // Prioritize the primary server name. - host, p = SplitHostPort(server) - if p < 0 { - _, p = SplitHostPort(req.Host) - } - } - - hostPort := requiredHTTPPort(req.TLS != nil, p) - if hostPort > 0 { - count++ - } - - method, methodOriginal := n.method(req.Method) - if methodOriginal != (attribute.KeyValue{}) { - count++ - } - - scheme := n.scheme(req.TLS != nil) - - peer, peerPort := SplitHostPort(req.RemoteAddr) - if peer != "" { - // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a - // file-path that would be interpreted with a sock family. - count++ - if peerPort > 0 { - count++ - } - } - - useragent := req.UserAgent() - if useragent != "" { - count++ - } - - // For client IP, use, in order: - // 1. The value passed in the options - // 2. The value in the X-Forwarded-For header - // 3. The peer address - clientIP := opts.HTTPClientIP - if clientIP == "" { - clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) - if clientIP == "" { - clientIP = peer - } - } - if clientIP != "" { - count++ - } - - if req.URL != nil && req.URL.Path != "" { - count++ - } - - protoName, protoVersion := netProtocol(req.Proto) - if protoName != "" && protoName != "http" { - count++ - } - if protoVersion != "" { - count++ - } - - route := httpRoute(req.Pattern) - if route != "" { - count++ - } - - attrs := make([]attribute.KeyValue, 0, count) - attrs = append(attrs, - semconvNew.ServerAddress(host), - method, - scheme, - ) - - if hostPort > 0 { - attrs = append(attrs, semconvNew.ServerPort(hostPort)) - } - if methodOriginal != (attribute.KeyValue{}) { - attrs = append(attrs, methodOriginal) - } - - if peer, peerPort := SplitHostPort(req.RemoteAddr); peer != "" { - // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a - // file-path that would be interpreted with a sock family. - attrs = append(attrs, semconvNew.NetworkPeerAddress(peer)) - if peerPort > 0 { - attrs = append(attrs, semconvNew.NetworkPeerPort(peerPort)) - } - } - - if useragent != "" { - attrs = append(attrs, semconvNew.UserAgentOriginal(useragent)) - } - - if clientIP != "" { - attrs = append(attrs, semconvNew.ClientAddress(clientIP)) - } - - if req.URL != nil && req.URL.Path != "" { - attrs = append(attrs, semconvNew.URLPath(req.URL.Path)) - } - - if protoName != "" && protoName != "http" { - attrs = append(attrs, semconvNew.NetworkProtocolName(protoName)) - } - if protoVersion != "" { - attrs = append(attrs, semconvNew.NetworkProtocolVersion(protoVersion)) - } - - if route != "" { - attrs = append(attrs, n.Route(route)) - } - - return attrs -} - -func (n CurrentHTTPServer) NetworkTransportAttr(network string) attribute.KeyValue { - switch network { - case "tcp", "tcp4", "tcp6": - return semconvNew.NetworkTransportTCP - case "udp", "udp4", "udp6": - return semconvNew.NetworkTransportUDP - case "unix", "unixgram", "unixpacket": - return semconvNew.NetworkTransportUnix - default: - return semconvNew.NetworkTransportPipe - } -} - -func (n CurrentHTTPServer) method(method string) (attribute.KeyValue, attribute.KeyValue) { - if method == "" { - return semconvNew.HTTPRequestMethodGet, attribute.KeyValue{} - } - if attr, ok := methodLookup[method]; ok { - return attr, attribute.KeyValue{} - } - - orig := semconvNew.HTTPRequestMethodOriginal(method) - if attr, ok := methodLookup[strings.ToUpper(method)]; ok { - return attr, orig - } - return semconvNew.HTTPRequestMethodGet, orig -} - -func (n CurrentHTTPServer) scheme(https bool) attribute.KeyValue { //nolint:revive // ignore linter - if https { - return semconvNew.URLScheme("https") - } - return semconvNew.URLScheme("http") -} - -// ResponseTraceAttrs returns trace attributes for telemetry from an HTTP -// response. -// -// If any of the fields in the ResponseTelemetry are not set the attribute will -// be omitted. -func (n CurrentHTTPServer) ResponseTraceAttrs(resp ResponseTelemetry) []attribute.KeyValue { - var count int - - if resp.ReadBytes > 0 { - count++ - } - if resp.WriteBytes > 0 { - count++ - } - if resp.StatusCode > 0 { - count++ - } - - attributes := make([]attribute.KeyValue, 0, count) - - if resp.ReadBytes > 0 { - attributes = append(attributes, - semconvNew.HTTPRequestBodySize(int(resp.ReadBytes)), - ) - } - if resp.WriteBytes > 0 { - attributes = append(attributes, - semconvNew.HTTPResponseBodySize(int(resp.WriteBytes)), - ) - } - if resp.StatusCode > 0 { - attributes = append(attributes, - semconvNew.HTTPResponseStatusCode(resp.StatusCode), - ) - } - - return attributes -} - -// Route returns the attribute for the route. -func (n CurrentHTTPServer) Route(route string) attribute.KeyValue { - return semconvNew.HTTPRoute(route) -} - -func (n CurrentHTTPServer) MetricAttributes(server string, req *http.Request, statusCode int, additionalAttributes []attribute.KeyValue) []attribute.KeyValue { - num := len(additionalAttributes) + 3 - var host string - var p int - if server == "" { - host, p = SplitHostPort(req.Host) - } else { - // Prioritize the primary server name. - host, p = SplitHostPort(server) - if p < 0 { - _, p = SplitHostPort(req.Host) - } - } - hostPort := requiredHTTPPort(req.TLS != nil, p) - if hostPort > 0 { - num++ - } - protoName, protoVersion := netProtocol(req.Proto) - if protoName != "" { - num++ - } - if protoVersion != "" { - num++ - } - - if statusCode > 0 { - num++ - } - - attributes := slices.Grow(additionalAttributes, num) - attributes = append(attributes, - semconvNew.HTTPRequestMethodKey.String(standardizeHTTPMethod(req.Method)), - n.scheme(req.TLS != nil), - semconvNew.ServerAddress(host)) - - if hostPort > 0 { - attributes = append(attributes, semconvNew.ServerPort(hostPort)) - } - if protoName != "" { - attributes = append(attributes, semconvNew.NetworkProtocolName(protoName)) - } - if protoVersion != "" { - attributes = append(attributes, semconvNew.NetworkProtocolVersion(protoVersion)) - } - - if statusCode > 0 { - attributes = append(attributes, semconvNew.HTTPResponseStatusCode(statusCode)) - } - return attributes -} - -type CurrentHTTPClient struct{} - -// RequestTraceAttrs returns trace attributes for an HTTP request made by a client. -func (n CurrentHTTPClient) RequestTraceAttrs(req *http.Request) []attribute.KeyValue { - /* - below attributes are returned: - - http.request.method - - http.request.method.original - - url.full - - server.address - - server.port - - network.protocol.name - - network.protocol.version - */ - numOfAttributes := 3 // URL, server address, proto, and method. - - var urlHost string - if req.URL != nil { - urlHost = req.URL.Host - } - var requestHost string - var requestPort int - for _, hostport := range []string{urlHost, req.Header.Get("Host")} { - requestHost, requestPort = SplitHostPort(hostport) - if requestHost != "" || requestPort > 0 { - break - } - } - - eligiblePort := requiredHTTPPort(req.URL != nil && req.URL.Scheme == "https", requestPort) - if eligiblePort > 0 { - numOfAttributes++ - } - useragent := req.UserAgent() - if useragent != "" { - numOfAttributes++ - } - - protoName, protoVersion := netProtocol(req.Proto) - if protoName != "" && protoName != "http" { - numOfAttributes++ - } - if protoVersion != "" { - numOfAttributes++ - } - - method, originalMethod := n.method(req.Method) - if originalMethod != (attribute.KeyValue{}) { - numOfAttributes++ - } - - attrs := make([]attribute.KeyValue, 0, numOfAttributes) - - attrs = append(attrs, method) - if originalMethod != (attribute.KeyValue{}) { - attrs = append(attrs, originalMethod) - } - - var u string - if req.URL != nil { - // Remove any username/password info that may be in the URL. - userinfo := req.URL.User - req.URL.User = nil - u = req.URL.String() - // Restore any username/password info that was removed. - req.URL.User = userinfo - } - attrs = append(attrs, semconvNew.URLFull(u)) - - attrs = append(attrs, semconvNew.ServerAddress(requestHost)) - if eligiblePort > 0 { - attrs = append(attrs, semconvNew.ServerPort(eligiblePort)) - } - - if protoName != "" && protoName != "http" { - attrs = append(attrs, semconvNew.NetworkProtocolName(protoName)) - } - if protoVersion != "" { - attrs = append(attrs, semconvNew.NetworkProtocolVersion(protoVersion)) - } - - return attrs -} - -// ResponseTraceAttrs returns trace attributes for an HTTP response made by a client. -func (n CurrentHTTPClient) ResponseTraceAttrs(resp *http.Response) []attribute.KeyValue { - /* - below attributes are returned: - - http.response.status_code - - error.type - */ - var count int - if resp.StatusCode > 0 { - count++ - } - - if isErrorStatusCode(resp.StatusCode) { - count++ - } - - attrs := make([]attribute.KeyValue, 0, count) - if resp.StatusCode > 0 { - attrs = append(attrs, semconvNew.HTTPResponseStatusCode(resp.StatusCode)) - } - - if isErrorStatusCode(resp.StatusCode) { - errorType := strconv.Itoa(resp.StatusCode) - attrs = append(attrs, semconvNew.ErrorTypeKey.String(errorType)) - } - return attrs -} - -func (n CurrentHTTPClient) ErrorType(err error) attribute.KeyValue { - t := reflect.TypeOf(err) - var value string - if t.PkgPath() == "" && t.Name() == "" { - // Likely a builtin type. - value = t.String() - } else { - value = fmt.Sprintf("%s.%s", t.PkgPath(), t.Name()) - } - - if value == "" { - return semconvNew.ErrorTypeOther - } - - return semconvNew.ErrorTypeKey.String(value) -} - -func (n CurrentHTTPClient) method(method string) (attribute.KeyValue, attribute.KeyValue) { - if method == "" { - return semconvNew.HTTPRequestMethodGet, attribute.KeyValue{} - } - if attr, ok := methodLookup[method]; ok { - return attr, attribute.KeyValue{} - } - - orig := semconvNew.HTTPRequestMethodOriginal(method) - if attr, ok := methodLookup[strings.ToUpper(method)]; ok { - return attr, orig - } - return semconvNew.HTTPRequestMethodGet, orig -} - -func (n CurrentHTTPClient) MetricAttributes(req *http.Request, statusCode int, additionalAttributes []attribute.KeyValue) []attribute.KeyValue { - num := len(additionalAttributes) + 2 - var h string - if req.URL != nil { - h = req.URL.Host - } - var requestHost string - var requestPort int - for _, hostport := range []string{h, req.Header.Get("Host")} { - requestHost, requestPort = SplitHostPort(hostport) - if requestHost != "" || requestPort > 0 { - break - } - } - - port := requiredHTTPPort(req.URL != nil && req.URL.Scheme == "https", requestPort) - if port > 0 { - num++ - } - - protoName, protoVersion := netProtocol(req.Proto) - if protoName != "" { - num++ - } - if protoVersion != "" { - num++ - } - - if statusCode > 0 { - num++ - } - - attributes := slices.Grow(additionalAttributes, num) - attributes = append(attributes, - semconvNew.HTTPRequestMethodKey.String(standardizeHTTPMethod(req.Method)), - semconvNew.ServerAddress(requestHost), - n.scheme(req), - ) - - if port > 0 { - attributes = append(attributes, semconvNew.ServerPort(port)) - } - if protoName != "" { - attributes = append(attributes, semconvNew.NetworkProtocolName(protoName)) - } - if protoVersion != "" { - attributes = append(attributes, semconvNew.NetworkProtocolVersion(protoVersion)) - } - - if statusCode > 0 { - attributes = append(attributes, semconvNew.HTTPResponseStatusCode(statusCode)) - } - return attributes -} - -// TraceAttributes returns attributes for httptrace. -func (n CurrentHTTPClient) TraceAttributes(host string) []attribute.KeyValue { - return []attribute.KeyValue{ - semconvNew.ServerAddress(host), - } -} - -func (n CurrentHTTPClient) scheme(req *http.Request) attribute.KeyValue { - if req.URL != nil && req.URL.Scheme != "" { - return semconvNew.URLScheme(req.URL.Scheme) - } - if req.TLS != nil { - return semconvNew.URLScheme("https") - } - return semconvNew.URLScheme("http") -} - -func isErrorStatusCode(code int) bool { - return code >= 400 || code < 100 -} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/server.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/server.go new file mode 100644 index 0000000..6dcf1b5 --- /dev/null +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/server.go @@ -0,0 +1,396 @@ +// Code generated by gotmpl. DO NOT MODIFY. +// source: internal/shared/semconv/server.go.tmpl + +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package semconv provides OpenTelemetry semantic convention types and +// functionality. +package semconv // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv" + +import ( + "context" + "fmt" + "net/http" + "slices" + "strings" + "sync" + "time" + + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" + "go.opentelemetry.io/otel/metric" + "go.opentelemetry.io/otel/semconv/v1.40.0" + "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv" +) + +type RequestTraceAttrsOpts struct { + // If set, this is used as value for the "http.client_ip" attribute. + HTTPClientIP string +} + +type ResponseTelemetry struct { + StatusCode int + ReadBytes int64 + ReadError error + WriteBytes int64 + WriteError error +} + +type HTTPServer struct { + requestBodySizeHistogram httpconv.ServerRequestBodySize + responseBodySizeHistogram httpconv.ServerResponseBodySize + requestDurationHistogram httpconv.ServerRequestDuration +} + +func NewHTTPServer(meter metric.Meter) HTTPServer { + server := HTTPServer{} + + var err error + server.requestBodySizeHistogram, err = httpconv.NewServerRequestBodySize(meter) + handleErr(err) + + server.responseBodySizeHistogram, err = httpconv.NewServerResponseBodySize(meter) + handleErr(err) + + server.requestDurationHistogram, err = httpconv.NewServerRequestDuration( + meter, + metric.WithExplicitBucketBoundaries( + 0.005, 0.01, 0.025, 0.05, 0.075, 0.1, + 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10, + ), + ) + handleErr(err) + return server +} + +// Status returns a span status code and message for an HTTP status code +// value returned by a server. Status codes in the 400-499 range are not +// returned as errors. +func (n HTTPServer) Status(code int) (codes.Code, string) { + if code < 100 || code >= 600 { + return codes.Error, fmt.Sprintf("Invalid HTTP status code %d", code) + } + if code >= 500 { + return codes.Error, "" + } + return codes.Unset, "" +} + +// RequestTraceAttrs returns trace attributes for an HTTP request received by a +// server. +// +// The server must be the primary server name if it is known. For example this +// would be the ServerName directive +// (https://httpd.apache.org/docs/2.4/mod/core.html#servername) for an Apache +// server, and the server_name directive +// (http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) for an +// nginx server. More generically, the primary server name would be the host +// header value that matches the default virtual host of an HTTP server. It +// should include the host identifier and if a port is used to route to the +// server that port identifier should be included as an appropriate port +// suffix. +// +// If the primary server name is not known, server should be an empty string. +// The req Host will be used to determine the server instead. +func (n HTTPServer) RequestTraceAttrs(server string, req *http.Request, opts RequestTraceAttrsOpts) []attribute.KeyValue { + count := 3 // ServerAddress, Method, Scheme + + var host string + var p int + if server == "" { + host, p = SplitHostPort(req.Host) + } else { + // Prioritize the primary server name. + host, p = SplitHostPort(server) + if p < 0 { + _, p = SplitHostPort(req.Host) + } + } + + hostPort := requiredHTTPPort(req.TLS != nil, p) + if hostPort > 0 { + count++ + } + + method, methodOriginal := n.method(req.Method) + if methodOriginal != (attribute.KeyValue{}) { + count++ + } + + scheme := n.scheme(req.TLS != nil) + + peer, peerPort := SplitHostPort(req.RemoteAddr) + if peer != "" { + // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a + // file-path that would be interpreted with a sock family. + count++ + if peerPort > 0 { + count++ + } + } + + useragent := req.UserAgent() + if useragent != "" { + count++ + } + + // For client IP, use, in order: + // 1. The value passed in the options + // 2. The value in the X-Forwarded-For header + // 3. The peer address + clientIP := opts.HTTPClientIP + if clientIP == "" { + clientIP = serverClientIP(req.Header.Get("X-Forwarded-For")) + if clientIP == "" { + clientIP = peer + } + } + if clientIP != "" { + count++ + } + + if req.URL != nil && req.URL.Path != "" { + count++ + } + + protoName, protoVersion := netProtocol(req.Proto) + if protoName != "" && protoName != "http" { + count++ + } + if protoVersion != "" { + count++ + } + + route := httpRoute(req.Pattern) + if route != "" { + count++ + } + + attrs := make([]attribute.KeyValue, 0, count) + attrs = append(attrs, + semconv.ServerAddress(host), + method, + scheme, + ) + + if hostPort > 0 { + attrs = append(attrs, semconv.ServerPort(hostPort)) + } + if methodOriginal != (attribute.KeyValue{}) { + attrs = append(attrs, methodOriginal) + } + + if peer, peerPort := SplitHostPort(req.RemoteAddr); peer != "" { + // The Go HTTP server sets RemoteAddr to "IP:port", this will not be a + // file-path that would be interpreted with a sock family. + attrs = append(attrs, semconv.NetworkPeerAddress(peer)) + if peerPort > 0 { + attrs = append(attrs, semconv.NetworkPeerPort(peerPort)) + } + } + + if useragent != "" { + attrs = append(attrs, semconv.UserAgentOriginal(useragent)) + } + + if clientIP != "" { + attrs = append(attrs, semconv.ClientAddress(clientIP)) + } + + if req.URL != nil && req.URL.Path != "" { + attrs = append(attrs, semconv.URLPath(req.URL.Path)) + } + + if protoName != "" && protoName != "http" { + attrs = append(attrs, semconv.NetworkProtocolName(protoName)) + } + if protoVersion != "" { + attrs = append(attrs, semconv.NetworkProtocolVersion(protoVersion)) + } + + if route != "" { + attrs = append(attrs, n.Route(route)) + } + + return attrs +} + +func (s HTTPServer) NetworkTransportAttr(network string) []attribute.KeyValue { + attr := semconv.NetworkTransportPipe + switch network { + case "tcp", "tcp4", "tcp6": + attr = semconv.NetworkTransportTCP + case "udp", "udp4", "udp6": + attr = semconv.NetworkTransportUDP + case "unix", "unixgram", "unixpacket": + attr = semconv.NetworkTransportUnix + } + + return []attribute.KeyValue{attr} +} + +type ServerMetricData struct { + ServerName string + ResponseSize int64 + + MetricData + MetricAttributes +} + +type MetricAttributes struct { + Req *http.Request + StatusCode int + Route string + AdditionalAttributes []attribute.KeyValue +} + +type MetricData struct { + RequestSize int64 + RequestDuration time.Duration +} + +var ( + metricRecordOptionPool = &sync.Pool{ + New: func() any { + return &[]metric.RecordOption{} + }, + } +) + +func (n HTTPServer) RecordMetrics(ctx context.Context, md ServerMetricData) { + attributes := n.MetricAttributes(md.ServerName, md.Req, md.StatusCode, md.Route, md.AdditionalAttributes) + o := metric.WithAttributeSet(attribute.NewSet(attributes...)) + recordOpts := metricRecordOptionPool.Get().(*[]metric.RecordOption) + *recordOpts = append(*recordOpts, o) + n.requestBodySizeHistogram.Inst().Record(ctx, md.RequestSize, *recordOpts...) + n.responseBodySizeHistogram.Inst().Record(ctx, md.ResponseSize, *recordOpts...) + n.requestDurationHistogram.Inst().Record(ctx, durationToSeconds(md.RequestDuration), o) + *recordOpts = (*recordOpts)[:0] + metricRecordOptionPool.Put(recordOpts) +} + +func (n HTTPServer) method(method string) (attribute.KeyValue, attribute.KeyValue) { + if method == "" { + return semconv.HTTPRequestMethodGet, attribute.KeyValue{} + } + if attr, ok := methodLookup[method]; ok { + return attr, attribute.KeyValue{} + } + + orig := semconv.HTTPRequestMethodOriginal(method) + if attr, ok := methodLookup[strings.ToUpper(method)]; ok { + return attr, orig + } + return semconv.HTTPRequestMethodGet, orig +} + +func (n HTTPServer) scheme(https bool) attribute.KeyValue { //nolint:revive // ignore linter + if https { + return semconv.URLScheme("https") + } + return semconv.URLScheme("http") +} + +// ResponseTraceAttrs returns trace attributes for telemetry from an HTTP +// response. +// +// If any of the fields in the ResponseTelemetry are not set the attribute will +// be omitted. +func (n HTTPServer) ResponseTraceAttrs(resp ResponseTelemetry) []attribute.KeyValue { + var count int + + if resp.ReadBytes > 0 { + count++ + } + if resp.WriteBytes > 0 { + count++ + } + if resp.StatusCode > 0 { + count++ + } + + attributes := make([]attribute.KeyValue, 0, count) + + if resp.ReadBytes > 0 { + attributes = append(attributes, + semconv.HTTPRequestBodySize(int(resp.ReadBytes)), + ) + } + if resp.WriteBytes > 0 { + attributes = append(attributes, + semconv.HTTPResponseBodySize(int(resp.WriteBytes)), + ) + } + if resp.StatusCode > 0 { + attributes = append(attributes, + semconv.HTTPResponseStatusCode(resp.StatusCode), + ) + } + + return attributes +} + +// Route returns the attribute for the route. +func (n HTTPServer) Route(route string) attribute.KeyValue { + return semconv.HTTPRoute(route) +} + +func (n HTTPServer) MetricAttributes(server string, req *http.Request, statusCode int, route string, additionalAttributes []attribute.KeyValue) []attribute.KeyValue { + num := len(additionalAttributes) + 3 + var host string + var p int + if server == "" { + host, p = SplitHostPort(req.Host) + } else { + // Prioritize the primary server name. + host, p = SplitHostPort(server) + if p < 0 { + _, p = SplitHostPort(req.Host) + } + } + hostPort := requiredHTTPPort(req.TLS != nil, p) + if hostPort > 0 { + num++ + } + protoName, protoVersion := netProtocol(req.Proto) + if protoName != "" { + num++ + } + if protoVersion != "" { + num++ + } + + if statusCode > 0 { + num++ + } + + if route != "" { + num++ + } + + attributes := slices.Grow(additionalAttributes, num) + attributes = append(attributes, + semconv.HTTPRequestMethodKey.String(standardizeHTTPMethod(req.Method)), + n.scheme(req.TLS != nil), + semconv.ServerAddress(host)) + + if hostPort > 0 { + attributes = append(attributes, semconv.ServerPort(hostPort)) + } + if protoName != "" { + attributes = append(attributes, semconv.NetworkProtocolName(protoName)) + } + if protoVersion != "" { + attributes = append(attributes, semconv.NetworkProtocolVersion(protoVersion)) + } + + if statusCode > 0 { + attributes = append(attributes, semconv.HTTPResponseStatusCode(statusCode)) + } + + if route != "" { + attributes = append(attributes, semconv.HTTPRoute(route)) + } + return attributes +} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/util.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/util.go index 96422ad..2eab2ec 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/util.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv/util.go @@ -11,10 +11,11 @@ import ( "net/http" "strconv" "strings" + "time" "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/attribute" - semconvNew "go.opentelemetry.io/otel/semconv/v1.37.0" + semconvNew "go.opentelemetry.io/otel/semconv/v1.40.0" ) // SplitHostPort splits a network address hostport of the form "host", @@ -125,3 +126,8 @@ func standardizeHTTPMethod(method string) string { } return method } + +func durationToSeconds(d time.Duration) float64 { + // Use floating point division here for higher precision (instead of Seconds method). + return float64(d) / float64(time.Second) +} diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go index 514ae67..d8d204d 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go @@ -15,6 +15,7 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" "go.opentelemetry.io/otel/propagation" + otelsemconv "go.opentelemetry.io/otel/semconv/v1.40.0" "go.opentelemetry.io/otel/trace" "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request" @@ -102,9 +103,7 @@ func (t *Transport) RoundTrip(r *http.Request) (*http.Response, error) { } } - opts := append([]trace.SpanStartOption{}, t.spanStartOptions...) // start with the configured options - - ctx, span := tracer.Start(r.Context(), t.spanNameFormatter("", r), opts...) + ctx, span := tracer.Start(r.Context(), t.spanNameFormatter("", r), t.spanStartOptions...) if t.clientTrace != nil { ctx = httptrace.WithClientTrace(ctx, t.clientTrace(ctx)) @@ -117,12 +116,26 @@ func (t *Transport) RoundTrip(r *http.Request) (*http.Response, error) { r = r.Clone(ctx) // According to RoundTripper spec, we shouldn't modify the origin request. - // if request body is nil or NoBody, we don't want to mutate the body as it - // will affect the identity of it in an unforeseeable way because we assert - // ReadCloser fulfills a certain interface and it is indeed nil or NoBody. - bw := request.NewBodyWrapper(r.Body, func(int64) {}) - if r.Body != nil && r.Body != http.NoBody { - r.Body = bw + var lastBW *request.BodyWrapper // Records the last body wrapper. Can be nil. + maybeWrapBody := func(body io.ReadCloser) io.ReadCloser { + if body == nil || body == http.NoBody { + return body + } + bw := request.NewBodyWrapper(body, func(int64) {}) + lastBW = bw + return bw + } + r.Body = maybeWrapBody(r.Body) + if r.GetBody != nil { + originalGetBody := r.GetBody + r.GetBody = func() (io.ReadCloser, error) { + b, err := originalGetBody() + if err != nil { + lastBW = nil // The underlying transport will fail to make a retry request, hence, record no data. + return nil, err + } + return maybeWrapBody(b), nil + } } span.SetAttributes(t.semconv.RequestTraceAttrs(r)...) @@ -130,52 +143,38 @@ func (t *Transport) RoundTrip(r *http.Request) (*http.Response, error) { res, err := t.rt.RoundTrip(r) - // Defer metrics recording function to record the metrics on error or no error. - defer func() { - metricAttributes := semconv.MetricAttributes{ + // Record the metrics on error or no error. + statusCode := 0 + if err == nil { + statusCode = res.StatusCode + } + var requestSize int64 + if lastBW != nil { + requestSize = lastBW.BytesRead() + } + t.semconv.RecordMetrics( + ctx, + semconv.MetricData{ + RequestSize: requestSize, + RequestDuration: time.Since(requestStartTime), + }, + t.semconv.MetricOptions(semconv.MetricAttributes{ Req: r, + StatusCode: statusCode, AdditionalAttributes: append(labeler.Get(), t.metricAttributesFromRequest(r)...), - } - - if err == nil { - metricAttributes.StatusCode = res.StatusCode - } - - metricOpts := t.semconv.MetricOptions(metricAttributes) - - metricData := semconv.MetricData{ - RequestSize: bw.BytesRead(), - } - - if err == nil { - readRecordFunc := func(int64) {} - res.Body = newWrappedBody(span, readRecordFunc, res.Body) - } - - // Use floating point division here for higher precision (instead of Millisecond method). - elapsedTime := float64(time.Since(requestStartTime)) / float64(time.Millisecond) - - metricData.ElapsedTime = elapsedTime - - t.semconv.RecordMetrics(ctx, metricData, metricOpts) - }() + }), + ) if err != nil { - // set error type attribute if the error is part of the predefined - // error types. - // otherwise, record it as an exception - if errType := t.semconv.ErrorType(err); errType.Valid() { - span.SetAttributes(errType) - } else { - span.RecordError(err) - } - + span.SetAttributes(otelsemconv.ErrorType(err)) span.SetStatus(codes.Error, err.Error()) span.End() return res, err } + readRecordFunc := func(int64) {} + res.Body = newWrappedBody(span, readRecordFunc, res.Body) // traces span.SetAttributes(t.semconv.ResponseTraceAttrs(res)...) span.SetStatus(t.semconv.Status(res.StatusCode)) @@ -229,7 +228,7 @@ func (wb *wrappedBody) Write(p []byte) (int, error) { // This will not panic given the guard in newWrappedBody. n, err := wb.body.(io.Writer).Write(p) if err != nil { - wb.span.RecordError(err) + wb.span.SetAttributes(otelsemconv.ErrorType(err)) wb.span.SetStatus(codes.Error, err.Error()) } return n, err @@ -247,7 +246,7 @@ func (wb *wrappedBody) Read(b []byte) (int, error) { wb.recordBytesRead() wb.span.End() default: - wb.span.RecordError(err) + wb.span.SetAttributes(otelsemconv.ErrorType(err)) wb.span.SetStatus(codes.Error, err.Error()) } return n, err diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go index dfb53cf..1d90fc2 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go @@ -4,7 +4,4 @@ package otelhttp // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" // Version is the current release version of the otelhttp instrumentation. -func Version() string { - return "0.63.0" - // This string is updated by the pre_release.sh script during release -} +const Version = "0.67.0" diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/httpconv/metric.go b/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/httpconv/metric.go similarity index 94% rename from vendor/go.opentelemetry.io/otel/semconv/v1.37.0/httpconv/metric.go rename to vendor/go.opentelemetry.io/otel/semconv/v1.40.0/httpconv/metric.go index a0ddf65..7264925 100644 --- a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/httpconv/metric.go +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/httpconv/metric.go @@ -67,6 +67,8 @@ var ( RequestMethodPut RequestMethodAttr = "PUT" // RequestMethodTrace is the TRACE method. RequestMethodTrace RequestMethodAttr = "TRACE" + // RequestMethodQuery is the QUERY method. + RequestMethodQuery RequestMethodAttr = "QUERY" // RequestMethodOther is the any HTTP method that the instrumentation has no // prior knowledge of. RequestMethodOther RequestMethodAttr = "_OTHER" @@ -158,7 +160,10 @@ func (m ClientActiveRequests) Add( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Int64UpDownCounter.Add(ctx, incr) + m.Int64UpDownCounter.Add(ctx, incr, metric.WithAttributes( + attribute.String("server.address", serverAddress), + attribute.Int("server.port", serverPort), + )) return } @@ -172,7 +177,7 @@ func (m ClientActiveRequests) Add( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("server.address", serverAddress), attribute.Int("server.port", serverPort), )..., @@ -298,7 +303,10 @@ func (m ClientConnectionDuration) Record( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Float64Histogram.Record(ctx, val) + m.Float64Histogram.Record(ctx, val, metric.WithAttributes( + attribute.String("server.address", serverAddress), + attribute.Int("server.port", serverPort), + )) return } @@ -312,7 +320,7 @@ func (m ClientConnectionDuration) Record( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("server.address", serverAddress), attribute.Int("server.port", serverPort), )..., @@ -441,7 +449,11 @@ func (m ClientOpenConnections) Add( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Int64UpDownCounter.Add(ctx, incr) + m.Int64UpDownCounter.Add(ctx, incr, metric.WithAttributes( + attribute.String("http.connection.state", string(connectionState)), + attribute.String("server.address", serverAddress), + attribute.Int("server.port", serverPort), + )) return } @@ -455,7 +467,7 @@ func (m ClientOpenConnections) Add( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("http.connection.state", string(connectionState)), attribute.String("server.address", serverAddress), attribute.Int("server.port", serverPort), @@ -590,7 +602,11 @@ func (m ClientRequestBodySize) Record( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Int64Histogram.Record(ctx, val) + m.Int64Histogram.Record(ctx, val, metric.WithAttributes( + attribute.String("http.request.method", string(requestMethod)), + attribute.String("server.address", serverAddress), + attribute.Int("server.port", serverPort), + )) return } @@ -604,7 +620,7 @@ func (m ClientRequestBodySize) Record( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("http.request.method", string(requestMethod)), attribute.String("server.address", serverAddress), attribute.Int("server.port", serverPort), @@ -766,7 +782,11 @@ func (m ClientRequestDuration) Record( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Float64Histogram.Record(ctx, val) + m.Float64Histogram.Record(ctx, val, metric.WithAttributes( + attribute.String("http.request.method", string(requestMethod)), + attribute.String("server.address", serverAddress), + attribute.Int("server.port", serverPort), + )) return } @@ -780,7 +800,7 @@ func (m ClientRequestDuration) Record( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("http.request.method", string(requestMethod)), attribute.String("server.address", serverAddress), attribute.Int("server.port", serverPort), @@ -942,7 +962,11 @@ func (m ClientResponseBodySize) Record( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Int64Histogram.Record(ctx, val) + m.Int64Histogram.Record(ctx, val, metric.WithAttributes( + attribute.String("http.request.method", string(requestMethod)), + attribute.String("server.address", serverAddress), + attribute.Int("server.port", serverPort), + )) return } @@ -956,7 +980,7 @@ func (m ClientResponseBodySize) Record( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("http.request.method", string(requestMethod)), attribute.String("server.address", serverAddress), attribute.Int("server.port", serverPort), @@ -1116,7 +1140,10 @@ func (m ServerActiveRequests) Add( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Int64UpDownCounter.Add(ctx, incr) + m.Int64UpDownCounter.Add(ctx, incr, metric.WithAttributes( + attribute.String("http.request.method", string(requestMethod)), + attribute.String("url.scheme", urlScheme), + )) return } @@ -1130,7 +1157,7 @@ func (m ServerActiveRequests) Add( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("http.request.method", string(requestMethod)), attribute.String("url.scheme", urlScheme), )..., @@ -1253,7 +1280,10 @@ func (m ServerRequestBodySize) Record( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Int64Histogram.Record(ctx, val) + m.Int64Histogram.Record(ctx, val, metric.WithAttributes( + attribute.String("http.request.method", string(requestMethod)), + attribute.String("url.scheme", urlScheme), + )) return } @@ -1267,7 +1297,7 @@ func (m ServerRequestBodySize) Record( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("http.request.method", string(requestMethod)), attribute.String("url.scheme", urlScheme), )..., @@ -1318,8 +1348,9 @@ func (ServerRequestBodySize) AttrResponseStatusCode(val int) attribute.KeyValue } // AttrRoute returns an optional attribute for the "http.route" semantic -// convention. It represents the matched route, that is, the path template in the -// format used by the respective server framework. +// convention. It represents the matched route template for the request. This +// MUST be low-cardinality and include all static path segments, with dynamic +// path segments represented with placeholders. func (ServerRequestBodySize) AttrRoute(val string) attribute.KeyValue { return attribute.String("http.route", val) } @@ -1436,7 +1467,10 @@ func (m ServerRequestDuration) Record( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Float64Histogram.Record(ctx, val) + m.Float64Histogram.Record(ctx, val, metric.WithAttributes( + attribute.String("http.request.method", string(requestMethod)), + attribute.String("url.scheme", urlScheme), + )) return } @@ -1450,7 +1484,7 @@ func (m ServerRequestDuration) Record( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("http.request.method", string(requestMethod)), attribute.String("url.scheme", urlScheme), )..., @@ -1494,8 +1528,9 @@ func (ServerRequestDuration) AttrResponseStatusCode(val int) attribute.KeyValue } // AttrRoute returns an optional attribute for the "http.route" semantic -// convention. It represents the matched route, that is, the path template in the -// format used by the respective server framework. +// convention. It represents the matched route template for the request. This +// MUST be low-cardinality and include all static path segments, with dynamic +// path segments represented with placeholders. func (ServerRequestDuration) AttrRoute(val string) attribute.KeyValue { return attribute.String("http.route", val) } @@ -1619,7 +1654,10 @@ func (m ServerResponseBodySize) Record( attrs ...attribute.KeyValue, ) { if len(attrs) == 0 { - m.Int64Histogram.Record(ctx, val) + m.Int64Histogram.Record(ctx, val, metric.WithAttributes( + attribute.String("http.request.method", string(requestMethod)), + attribute.String("url.scheme", urlScheme), + )) return } @@ -1633,7 +1671,7 @@ func (m ServerResponseBodySize) Record( *o, metric.WithAttributes( append( - attrs, + attrs[:len(attrs):len(attrs)], attribute.String("http.request.method", string(requestMethod)), attribute.String("url.scheme", urlScheme), )..., @@ -1684,8 +1722,9 @@ func (ServerResponseBodySize) AttrResponseStatusCode(val int) attribute.KeyValue } // AttrRoute returns an optional attribute for the "http.route" semantic -// convention. It represents the matched route, that is, the path template in the -// format used by the respective server framework. +// convention. It represents the matched route template for the request. This +// MUST be low-cardinality and include all static path segments, with dynamic +// path segments represented with placeholders. func (ServerResponseBodySize) AttrRoute(val string) attribute.KeyValue { return attribute.String("http.route", val) } diff --git a/vendor/gocloud.dev/gcerrors/errors.go b/vendor/gocloud.dev/gcerrors/errors.go index 2b5bd41..5e0c625 100644 --- a/vendor/gocloud.dev/gcerrors/errors.go +++ b/vendor/gocloud.dev/gcerrors/errors.go @@ -41,7 +41,7 @@ const ( // AlreadyExists means that the resource exists, but it should not. AlreadyExists ErrorCode = gcerr.AlreadyExists - // InvalidArguments means that a value given to a Go CDK API is incorrect. + // InvalidArgument means that a value given to a Go CDK API is incorrect. InvalidArgument ErrorCode = gcerr.InvalidArgument // Internal means that something unexpected happened. Internal errors always indicate @@ -68,6 +68,43 @@ const ( DeadlineExceeded ErrorCode = gcerr.DeadlineExceeded ) +var ( + // ErrUnknown means that the error could not be categorized. + ErrUnknown = gcerr.ErrUnknown + + // ErrNotFound means that the resource was not found. + ErrNotFound = gcerr.ErrNotFound + + // ErrAlreadyExists means that the resource exists, but it should not. + ErrAlreadyExists = gcerr.ErrAlreadyExists + + // ErrInvalidArgument means that a value given to a Go CDK API is incorrect. + ErrInvalidArgument = gcerr.ErrInvalidArgument + + // ErrInternal means that something unexpected happened. Internal errors always indicate + // bugs in the Go CDK (or possibly the underlying service). + ErrInternal = gcerr.ErrInternal + + // ErrUnimplemented means that the feature is not implemented. + ErrUnimplemented = gcerr.ErrUnimplemented + + // ErrFailedPrecondition means that the system was in the wrong state. + ErrFailedPrecondition = gcerr.ErrFailedPrecondition + + // ErrPermissionDenied means that the caller does not have permission to execute the specified operation. + ErrPermissionDenied = gcerr.ErrPermissionDenied + + // ErrResourceExhausted means that some resource has been exhausted, typically because a service resource limit + // has been reached. + ErrResourceExhausted = gcerr.ErrResourceExhausted + + // ErrCanceled means that the operation was canceled. + ErrCanceled = gcerr.ErrCanceled + + // ErrDeadlinedExceeded means that the operation timed out. + ErrDeadlineExceeded = gcerr.ErrDeadlineExceeded +) + // Code returns the ErrorCode of err if it, or some error it wraps, is an *Error. // If err is context.Canceled or context.DeadlineExceeded, or wraps one of those errors, // it returns the Canceled or DeadlineExceeded codes, respectively. diff --git a/vendor/gocloud.dev/internal/gcerr/gcerr.go b/vendor/gocloud.dev/internal/gcerr/gcerr.go index 2638468..e780577 100644 --- a/vendor/gocloud.dev/internal/gcerr/gcerr.go +++ b/vendor/gocloud.dev/internal/gcerr/gcerr.go @@ -45,7 +45,7 @@ const ( // AlreadyExists means that the resource exists, but it should not. AlreadyExists ErrorCode = 3 - // InvalidArguments means that a value given to a Go CDK API is incorrect. + // InvalidArgument means that a value given to a Go CDK API is incorrect. InvalidArgument ErrorCode = 4 // Internal means that something unexpected happened. Internal errors always indicate @@ -72,11 +72,50 @@ const ( DeadlineExceeded ErrorCode = 11 ) -// When adding a new error code, try to use the names defined in google.golang.org/grpc/codes. +var ( + // ErrUnknown means that the error could not be categorized. + ErrUnknown = errors.New("Unknown") + + // ErrNotFound means that the resource was not found. + ErrNotFound = errors.New("NotFound") + + // ErrAlreadyExists means that the resource exists, but it should not. + ErrAlreadyExists = errors.New("AlreadyExists") + + // ErrInvalidArgument means that a value given to a Go CDK API is incorrect. + ErrInvalidArgument = errors.New("InvalidArgument") + + // ErrInternal means that something unexpected happened. Internal errors always indicate + // bugs in the Go CDK (or possibly the underlying service). + ErrInternal = errors.New("Internal") + + // ErrUnimplemented means that the feature is not implemented. + ErrUnimplemented = errors.New("Unimplemented") + + // ErrFailedPrecondition means that the system was in the wrong state. + ErrFailedPrecondition = errors.New("FailedPrecondition") -// Do not change the numbers assigned to codes: past values may be stored in metric databases. + // ErrPermissionDenied means that the caller does not have permission to execute the specified operation. + ErrPermissionDenied = errors.New("PermissionDenied") + + // ErrResourceExhausted means that some resource has been exhausted, typically because a service resource limit + // has been reached. + ErrResourceExhausted = errors.New("ResourceExhausted") -// Call "go generate" whenever you change the above list of error codes. + // ErrCanceled means that the operation was canceled. + ErrCanceled = errors.New("Canceled") + + // ErrDeadlineExceeded means that The operation timed out. + ErrDeadlineExceeded = errors.New("DeadlineExceeded") +) + +// When adding a new error code, try to use the names defined in google.golang.org/grpc/codes. + +// * Do not change the numbers assigned to codes: past values may be stored in metric databases. +// * Add a typed error struct to match (e.g., ErrInternal). +// * Add aliases for the error code and typed error to the public gcerrors package. +// * Call "go generate" whenever you change the above list of error codes. +// // To get stringer: // go get golang.org/x/tools/cmd/stringer // Make sure $GOPATH/bin or $GOBIN in on your path. @@ -114,8 +153,37 @@ func (e *Error) FormatError(p xerrors.Printer) (next error) { } // Unwrap returns the error underlying the receiver, which may be nil. -func (e *Error) Unwrap() error { - return e.err +func (e *Error) Unwrap() []error { + errs := []error{e.err} + var coded error + switch e.Code { + case Unknown: + coded = ErrUnknown + case NotFound: + coded = ErrNotFound + case AlreadyExists: + coded = ErrAlreadyExists + case InvalidArgument: + coded = ErrInvalidArgument + case Internal: + coded = ErrInternal + case Unimplemented: + coded = ErrUnimplemented + case FailedPrecondition: + coded = ErrFailedPrecondition + case PermissionDenied: + coded = ErrPermissionDenied + case ResourceExhausted: + coded = ErrResourceExhausted + case Canceled: + coded = ErrCanceled + case DeadlineExceeded: + coded = ErrDeadlineExceeded + } + if coded != nil { + errs = append(errs, coded) + } + return errs } // New returns a new error with the given code, underlying error and message. Pass 1 @@ -199,7 +267,7 @@ func ErrorAs(err error, target any, errorAs func(error, any) bool) bool { panic("ErrorAs target must be a non-nil pointer") } if e, ok := err.(*Error); ok { - err = e.Unwrap() + err = e.Unwrap()[0] // return the real error, ignore the possible coded one } return errorAs(err, target) } diff --git a/vendor/gocloud.dev/internal/useragent/useragent.go b/vendor/gocloud.dev/internal/useragent/useragent.go index 6f789bb..d5a0315 100644 --- a/vendor/gocloud.dev/internal/useragent/useragent.go +++ b/vendor/gocloud.dev/internal/useragent/useragent.go @@ -27,7 +27,7 @@ import ( const ( prefix = "go-cloud" - version = "0.45.0" + version = "0.46.0" ) // ClientOption returns an option.ClientOption that sets a Go CDK User-Agent. diff --git a/vendor/gocloud.dev/runtimevar/runtimevar.go b/vendor/gocloud.dev/runtimevar/runtimevar.go index b423429..3624360 100644 --- a/vendor/gocloud.dev/runtimevar/runtimevar.go +++ b/vendor/gocloud.dev/runtimevar/runtimevar.go @@ -18,6 +18,17 @@ // // See https://gocloud.dev/howto/runtimevar/ for a detailed how-to guide. // +// # Errors +// +// The errors returned from this package can be inspected in several ways: +// +// The Code function from gocloud.dev/gcerrors will return an error code, also +// defined in that package, when invoked on an error. Alternatively, errors.Is +// can be used with the code-specific errors from the same package (e.g., ErrInternal). +// +// The Variable.ErrorAs method can retrieve the driver error underlying the returned +// error. Alternatively, errors.As can be used in the same way. +// // # OpenTelemetry Integration // // OpenTelemetry supports tracing and metric collection for multiple languages and diff --git a/vendor/gocloud.dev/secrets/secrets.go b/vendor/gocloud.dev/secrets/secrets.go index 9304326..0cbda8c 100644 --- a/vendor/gocloud.dev/secrets/secrets.go +++ b/vendor/gocloud.dev/secrets/secrets.go @@ -18,6 +18,17 @@ // // See https://gocloud.dev/howto/secrets/ for a detailed how-to guide. // +// # Errors +// +// The errors returned from this package can be inspected in several ways: +// +// The Code function from gocloud.dev/gcerrors will return an error code, also +// defined in that package, when invoked on an error. Alternatively, errors.Is +// can be used with the code-specific errors from the same package (e.g., ErrInternal). +// +// The Keeper.ErrorAs method can retrieve the driver error underlying the returned +// error. Alternatively, errors.As can be used in the same way. +// // # OpenTelemetry Integration // // OpenTelemetry supports tracing and metric collection for multiple languages and diff --git a/vendor/golang.org/x/net/http2/http2.go b/vendor/golang.org/x/net/http2/http2.go index 6320f4e..0b99d83 100644 --- a/vendor/golang.org/x/net/http2/http2.go +++ b/vendor/golang.org/x/net/http2/http2.go @@ -4,13 +4,17 @@ // Package http2 implements the HTTP/2 protocol. // -// This package is low-level and intended to be used directly by very -// few people. Most users will use it indirectly through the automatic -// use by the net/http package (from Go 1.6 and later). -// For use in earlier Go versions see ConfigureServer. (Transport support -// requires Go 1.6 or later) +// Almost no users should need to import this package directly. +// The net/http package supports HTTP/2 natively. // -// See https://http2.github.io/ for more information on HTTP/2. +// To enable or disable HTTP/2 support in net/http clients and servers, see +// [http.Transport.Protocols] and [http.Server.Protocols]. +// +// To configure HTTP/2 parameters, see +// [http.Transport.HTTP2] and [http.Server.HTTP2]. +// +// To create HTTP/1 or HTTP/2 connections, see +// [http.Transport.NewClientConn]. package http2 // import "golang.org/x/net/http2" import ( diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index 7ef807f..65da517 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -164,6 +164,8 @@ type Server struct { // NewWriteScheduler constructs a write scheduler for a connection. // If nil, a default scheduler is chosen. + // + // Deprecated: User-provided write schedulers are deprecated. NewWriteScheduler func() WriteScheduler // CountError, if non-nil, is called on HTTP/2 server errors. diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 8cf64b7..2e9c2f6 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -712,10 +712,6 @@ func canRetryError(err error) bool { return true } if se, ok := err.(StreamError); ok { - if se.Code == ErrCodeProtocol && se.Cause == errFromPeer { - // See golang/go#47635, golang/go#42777 - return true - } return se.Code == ErrCodeRefusedStream } return false @@ -3233,10 +3229,6 @@ func (gz *gzipReader) Close() error { return gz.body.Close() } -type errorReader struct{ err error } - -func (r errorReader) Read(p []byte) (int, error) { return 0, r.err } - // isConnectionCloseRequest reports whether req should use its own // connection for a single request and then close the connection. func isConnectionCloseRequest(req *http.Request) bool { diff --git a/vendor/golang.org/x/net/http2/writesched.go b/vendor/golang.org/x/net/http2/writesched.go index 7de27be..551545f 100644 --- a/vendor/golang.org/x/net/http2/writesched.go +++ b/vendor/golang.org/x/net/http2/writesched.go @@ -8,6 +8,8 @@ import "fmt" // WriteScheduler is the interface implemented by HTTP/2 write schedulers. // Methods are never called concurrently. +// +// Deprecated: User-provided write schedulers are deprecated. type WriteScheduler interface { // OpenStream opens a new stream in the write scheduler. // It is illegal to call this with streamID=0 or with a streamID that is @@ -38,6 +40,8 @@ type WriteScheduler interface { } // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream. +// +// Deprecated: User-provided write schedulers are deprecated. type OpenStreamOptions struct { // PusherID is zero if the stream was initiated by the client. Otherwise, // PusherID names the stream that pushed the newly opened stream. @@ -47,6 +51,8 @@ type OpenStreamOptions struct { } // FrameWriteRequest is a request to write a frame. +// +// Deprecated: User-provided write schedulers are deprecated. type FrameWriteRequest struct { // write is the interface value that does the writing, once the // WriteScheduler has selected this frame to write. The write diff --git a/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go b/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go index 7803a92..c3d3e9b 100644 --- a/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go +++ b/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go @@ -14,6 +14,8 @@ import ( const priorityDefaultWeightRFC7540 = 15 // 16 = 15 + 1 // PriorityWriteSchedulerConfig configures a priorityWriteScheduler. +// +// Deprecated: User-provided write schedulers are deprecated. type PriorityWriteSchedulerConfig struct { // MaxClosedNodesInTree controls the maximum number of closed streams to // retain in the priority tree. Setting this to zero saves a small amount @@ -55,6 +57,9 @@ type PriorityWriteSchedulerConfig struct { // NewPriorityWriteScheduler constructs a WriteScheduler that schedules // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. // If cfg is nil, default options are used. +// +// Deprecated: The RFC 7540 write scheduler has known bugs and performance issues, +// and RFC 7540 prioritization was deprecated in RFC 9113. func NewPriorityWriteScheduler(cfg *PriorityWriteSchedulerConfig) WriteScheduler { return newPriorityWriteSchedulerRFC7540(cfg) } diff --git a/vendor/golang.org/x/net/http2/writesched_random.go b/vendor/golang.org/x/net/http2/writesched_random.go index f2e55e0..d5d4e22 100644 --- a/vendor/golang.org/x/net/http2/writesched_random.go +++ b/vendor/golang.org/x/net/http2/writesched_random.go @@ -10,6 +10,8 @@ import "math" // priorities. Control frames like SETTINGS and PING are written before DATA // frames, but if no control frames are queued and multiple streams have queued // HEADERS or DATA frames, Pop selects a ready stream arbitrarily. +// +// Deprecated: User-provided write schedulers are deprecated. func NewRandomWriteScheduler() WriteScheduler { return &randomWriteScheduler{sq: make(map[uint32]*writeQueue)} } diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go index 0260935..6e57206 100644 --- a/vendor/golang.org/x/oauth2/google/default.go +++ b/vendor/golang.org/x/oauth2/google/default.go @@ -153,6 +153,43 @@ func (params CredentialsParams) deepCopy() CredentialsParams { return paramsCopy } +// CredentialsType specifies the type of JSON credentials being provided +// to a loading function. +type CredentialsType string + +const ( + // ServiceAccount represents a service account file type. + ServiceAccount CredentialsType = "service_account" + // AuthorizedUser represents a user credentials file type. + AuthorizedUser CredentialsType = "authorized_user" + // ExternalAccount represents an external account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ExternalAccount CredentialsType = "external_account" + // ExternalAccountAuthorizedUser represents an external account authorized user file type. + ExternalAccountAuthorizedUser CredentialsType = "external_account_authorized_user" + // ImpersonatedServiceAccount represents an impersonated service account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ImpersonatedServiceAccount CredentialsType = "impersonated_service_account" + // GDCHServiceAccount represents a GDCH service account credentials. + GDCHServiceAccount CredentialsType = "gdch_service_account" +) + // DefaultClient returns an HTTP Client that uses the // DefaultTokenSource to obtain authentication credentials. func DefaultClient(ctx context.Context, scope ...string) (*http.Client, error) { @@ -246,17 +283,71 @@ func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials return FindDefaultCredentialsWithParams(ctx, params) } -// CredentialsFromJSONWithParams obtains Google credentials from a JSON value. The JSON can -// represent either a Google Developers Console client_credentials.json file (as in ConfigFromJSON), -// a Google Developers service account key file, a gcloud user credentials file (a.k.a. refresh -// token JSON), or the JSON configuration file for workload identity federation in non-Google cloud -// platforms (see https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation). +// CredentialsFromJSONWithType invokes CredentialsFromJSONWithTypeAndParams with the specified scopes. // // Important: If you accept a credential configuration (credential JSON/File/Stream) from an // external source for authentication to Google Cloud Platform, you must validate it before // providing it to any Google API or library. Providing an unvalidated credential configuration to // Google APIs can compromise the security of your systems and data. For more information, refer to // [Validate credential configurations from external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). +func CredentialsFromJSONWithType(ctx context.Context, jsonData []byte, credType CredentialsType, scopes ...string) (*Credentials, error) { + var params CredentialsParams + params.Scopes = scopes + return CredentialsFromJSONWithTypeAndParams(ctx, jsonData, credType, params) +} + +// CredentialsFromJSONWithTypeAndParams obtains Google credentials from a JSON value and +// validates that the credentials match the specified type. +// +// Important: If you accept a credential configuration (credential JSON/File/Stream) from an +// external source for authentication to Google Cloud Platform, you must validate it before +// providing it to any Google API or library. Providing an unvalidated credential configuration to +// Google APIs can compromise the security of your systems and data. For more information, refer to +// [Validate credential configurations from external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). +func CredentialsFromJSONWithTypeAndParams(ctx context.Context, jsonData []byte, credType CredentialsType, params CredentialsParams) (*Credentials, error) { + var f struct { + Type string `json:"type"` + } + if err := json.Unmarshal(jsonData, &f); err != nil { + return nil, err + } + if CredentialsType(f.Type) != credType { + return nil, fmt.Errorf("google: expected credential type %q, found %q", credType, f.Type) + } + return CredentialsFromJSONWithParams(ctx, jsonData, params) +} + +// CredentialsFromJSONWithParams obtains Google credentials from a JSON value. The JSON can +// represent either a Google Developers Console client_credentials.json file (as in ConfigFromJSON), +// a Google Developers service account key file, a gcloud user credentials file (a.k.a. refresh +// token JSON), or the JSON configuration file for workload identity federation in non-Google cloud +// platforms (see https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation). +// +// Deprecated: This function is deprecated because of a potential security risk. +// It does not validate the credential configuration. The security risk occurs +// when a credential configuration is accepted from a source that is not +// under your control and used without validation on your side. +// +// If you know that you will be loading credential configurations of a +// specific type, it is recommended to use a credential-type-specific +// CredentialsFromJSONWithTypeAndParams method. This will ensure that an unexpected +// credential type with potential for malicious intent is not loaded +// unintentionally. You might still have to do validation for certain +// credential types. Please follow the recommendation for that method. For +// example, if you want to load only service accounts, you can use +// +// creds, err := google.CredentialsFromJSONWithTypeAndParams(ctx, jsonData, google.ServiceAccount, params) +// +// If you are loading your credential configuration from an untrusted source +// and have not mitigated the risks (e.g. by validating the configuration +// yourself), make these changes as soon as possible to prevent security +// risks to your environment. +// +// Regardless of the method used, it is always your responsibility to +// validate configurations received from external sources. +// +// For more details see: +// https://cloud.google.com/docs/authentication/external/externally-sourced-credentials func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params CredentialsParams) (*Credentials, error) { // Make defensive copy of the slices in params. params = params.deepCopy() @@ -301,11 +392,31 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params // CredentialsFromJSON invokes CredentialsFromJSONWithParams with the specified scopes. // -// Important: If you accept a credential configuration (credential JSON/File/Stream) from an -// external source for authentication to Google Cloud Platform, you must validate it before -// providing it to any Google API or library. Providing an unvalidated credential configuration to -// Google APIs can compromise the security of your systems and data. For more information, refer to -// [Validate credential configurations from external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). +// Deprecated: This function is deprecated because of a potential security risk. +// It does not validate the credential configuration. The security risk occurs +// when a credential configuration is accepted from a source that is not +// under your control and used without validation on your side. +// +// If you know that you will be loading credential configurations of a +// specific type, it is recommended to use a credential-type-specific +// CredentialsFromJSONWithType method. This will ensure that an unexpected +// credential type with potential for malicious intent is not loaded +// unintentionally. You might still have to do validation for certain +// credential types. Please follow the recommendation for that method. For +// example, if you want to load only service accounts, you can use +// +// creds, err := google.CredentialsFromJSONWithType(ctx, jsonData, google.ServiceAccount, scopes...) +// +// If you are loading your credential configuration from an untrusted source +// and have not mitigated the risks (e.g. by validating the configuration +// yourself), make these changes as soon as possible to prevent security +// risks to your environment. +// +// Regardless of the method used, it is always your responsibility to +// validate configurations received from external sources. +// +// For more details see: +// https://cloud.google.com/docs/authentication/external/externally-sourced-credentials func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*Credentials, error) { var params CredentialsParams params.Scopes = scopes diff --git a/vendor/golang.org/x/oauth2/google/google.go b/vendor/golang.org/x/oauth2/google/google.go index 7d1fdd3..14c98eb 100644 --- a/vendor/golang.org/x/oauth2/google/google.go +++ b/vendor/golang.org/x/oauth2/google/google.go @@ -103,6 +103,7 @@ const ( externalAccountKey = "external_account" externalAccountAuthorizedUserKey = "external_account_authorized_user" impersonatedServiceAccount = "impersonated_service_account" + gdchServiceAccountKey = "gdch_service_account" ) // credentialsFile is the unmarshalled representation of a credentials file. @@ -165,7 +166,7 @@ func (f *credentialsFile) jwtConfig(scopes []string, subject string) *jwt.Config func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsParams) (oauth2.TokenSource, error) { switch f.Type { - case serviceAccountKey: + case serviceAccountKey, gdchServiceAccountKey: cfg := f.jwtConfig(params.Scopes, params.Subject) return cfg.TokenSource(ctx), nil case userCredentialsKey: diff --git a/vendor/google.golang.org/api/googleapi/googleapi.go b/vendor/google.golang.org/api/googleapi/googleapi.go index f8a85d5..167f061 100644 --- a/vendor/google.golang.org/api/googleapi/googleapi.go +++ b/vendor/google.golang.org/api/googleapi/googleapi.go @@ -333,6 +333,20 @@ func ChunkRetryDeadline(deadline time.Duration) MediaOption { return chunkRetryDeadlineOption(deadline) } +type enableAutoChecksumOption struct{} + +func (d enableAutoChecksumOption) setOptions(o *MediaOptions) { + o.EnableAutoChecksum = true +} + +// EnableAutoChecksum returns a MediaOption that enables automatic checksum +// calculation, which is only supported for resumable multi-chunk uploads. +// The computed checksum is sent on the final upload request to the server. +// Writes are rejected in the event of a checksum mismatch. +func EnableAutoChecksum() MediaOption { + return enableAutoChecksumOption{} +} + // MediaOptions stores options for customizing media upload. It is not used by developers directly. type MediaOptions struct { ContentType string @@ -340,6 +354,7 @@ type MediaOptions struct { ChunkSize int ChunkRetryDeadline time.Duration ChunkTransferTimeout time.Duration + EnableAutoChecksum bool } // ProcessMediaOptions stores options from opts in a MediaOptions. diff --git a/vendor/google.golang.org/api/internal/credentialstype/credentialstype.go b/vendor/google.golang.org/api/internal/credentialstype/credentialstype.go new file mode 100644 index 0000000..0e2c461 --- /dev/null +++ b/vendor/google.golang.org/api/internal/credentialstype/credentialstype.go @@ -0,0 +1,113 @@ +// Copyright 2024 Google LLC. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package credentialstype defines the CredType used for specifying the type of JSON credentials. +package credentialstype + +import ( + "encoding/json" + "fmt" + "slices" +) + +// CredType specifies the type of JSON credentials. +type CredType string + +const ( + // Unknown represents an unknown JSON file type. + Unknown CredType = "" + // ServiceAccount represents a service account file type. + ServiceAccount CredType = "service_account" + // AuthorizedUser represents an authorized user credentials file type. + AuthorizedUser CredType = "authorized_user" + // ImpersonatedServiceAccount represents an impersonated service account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ImpersonatedServiceAccount CredType = "impersonated_service_account" + // ExternalAccount represents an external account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ExternalAccount CredType = "external_account" + // GDCHServiceAccount represents a GDCH service account file type. + GDCHServiceAccount CredType = "gdc_service_account" + // ExternalAccountAuthorizedUser represents an external account authorized user file type. + ExternalAccountAuthorizedUser CredType = "external_account_authorized_user" +) + +var knownTypes = map[CredType]bool{ + ServiceAccount: true, + AuthorizedUser: true, + ImpersonatedServiceAccount: true, + ExternalAccount: true, + GDCHServiceAccount: true, + ExternalAccountAuthorizedUser: true, +} + +// GetCredType returns the credentials type or the Unknown type, +// or an error for empty data or failure to unmarshal JSON. +func GetCredType(data []byte) (CredType, error) { + var t CredType + if len(data) == 0 { + return t, fmt.Errorf("credential provided is 0 bytes") + } + var f struct { + Type string `json:"type"` + } + if err := json.Unmarshal(data, &f); err != nil { + return t, err + } + t = parseCredType(f.Type) + return t, nil +} + +// CheckCredentialType checks if the provided JSON bytes match the expected +// credential type and, if present, one of the allowed credential types. +// An error is returned if the JSON is invalid, the type field is missing, +// or the types do not match expected and (if present) allowed. +func CheckCredentialType(b []byte, expected CredType, allowed ...CredType) error { + var f struct { + Type string `json:"type"` + } + if err := json.Unmarshal(b, &f); err != nil { + return fmt.Errorf("unable to parse credential type: %w", err) + } + if f.Type == "" { + return fmt.Errorf("missing `type` field in credential") + } + credType := CredType(f.Type) + if credType != expected { + return fmt.Errorf("credential type mismatch: got %q, expected %q", credType, expected) + } + if len(allowed) == 0 { + return nil + } + if !slices.Contains(allowed, credType) { + return fmt.Errorf("credential type not allowed: %q", credType) + } + return nil +} + +// parseCredType returns the matching CredType for the JSON type string if +// it is in the list of publicly exposed types, otherwise Unknown. +func parseCredType(typeString string) CredType { + ct := CredType(typeString) + if knownTypes[ct] { + return ct + } + return Unknown +} diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go index 92bb42c..2172ba4 100644 --- a/vendor/google.golang.org/api/internal/creds.go +++ b/vendor/google.golang.org/api/internal/creds.go @@ -20,6 +20,7 @@ import ( "cloud.google.com/go/auth/oauth2adapt" "golang.org/x/oauth2" "google.golang.org/api/internal/cert" + "google.golang.org/api/internal/credentialstype" "google.golang.org/api/internal/impersonate" "golang.org/x/oauth2/google" @@ -139,11 +140,13 @@ func detectDefaultFromDialSettings(settings *DialSettings) (*auth.Credentials, e aud = settings.DefaultAudience } + credsFile, _ := settings.GetAuthCredentialsFile() + credsJSON, _ := settings.GetAuthCredentialsJSON() return credentials.DetectDefault(&credentials.DetectOptions{ Scopes: scopes, Audience: aud, - CredentialsFile: settings.CredentialsFile, - CredentialsJSON: settings.CredentialsJSON, + CredentialsFile: credsFile, + CredentialsJSON: credsJSON, UseSelfSignedJWT: useSelfSignedJWT, Logger: settings.Logger, }) @@ -156,15 +159,15 @@ func baseCreds(ctx context.Context, ds *DialSettings) (*google.Credentials, erro if ds.Credentials != nil { return ds.Credentials, nil } - if len(ds.CredentialsJSON) > 0 { - return credentialsFromJSON(ctx, ds.CredentialsJSON, ds) + if credsJSON, checkCredType := ds.GetAuthCredentialsJSON(); len(credsJSON) > 0 { + return credentialsFromJSON(ctx, credsJSON, ds, checkCredType) } - if ds.CredentialsFile != "" { - data, err := os.ReadFile(ds.CredentialsFile) + if credsFile, checkCredType := ds.GetAuthCredentialsFile(); credsFile != "" { + data, err := os.ReadFile(credsFile) if err != nil { return nil, fmt.Errorf("cannot read credentials file: %v", err) } - return credentialsFromJSON(ctx, data, ds) + return credentialsFromJSON(ctx, data, ds, checkCredType) } if ds.TokenSource != nil { return &google.Credentials{TokenSource: ds.TokenSource}, nil @@ -174,7 +177,7 @@ func baseCreds(ctx context.Context, ds *DialSettings) (*google.Credentials, erro return nil, err } if len(cred.JSON) > 0 { - return credentialsFromJSON(ctx, cred.JSON, ds) + return credentialsFromJSON(ctx, cred.JSON, ds, credentialstype.Unknown) } // For GAE and GCE, the JSON is empty so return the default credentials directly. return cred, nil @@ -197,7 +200,12 @@ const ( // // - Otherwise, executes standard OAuth 2.0 flow // More details: google.aip.dev/auth/4111 -func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings) (*google.Credentials, error) { +func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings, checkCredType credentialstype.CredType) (*google.Credentials, error) { + if checkCredType != credentialstype.Unknown { + if err := credentialstype.CheckCredentialType(data, checkCredType); err != nil { + return nil, err + } + } var params google.CredentialsParams params.Scopes = ds.GetScopes() diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go index a81d149..03e928c 100644 --- a/vendor/google.golang.org/api/internal/settings.go +++ b/vendor/google.golang.org/api/internal/settings.go @@ -17,6 +17,7 @@ import ( "cloud.google.com/go/auth" "golang.org/x/oauth2" "golang.org/x/oauth2/google" + "google.golang.org/api/internal/credentialstype" "google.golang.org/api/internal/impersonate" "google.golang.org/grpc" ) @@ -31,16 +32,18 @@ const ( // DialSettings holds information needed to establish a connection with a // Google API service. type DialSettings struct { - Endpoint string - DefaultEndpoint string - DefaultEndpointTemplate string - DefaultMTLSEndpoint string - Scopes []string - DefaultScopes []string - EnableJwtWithScope bool - TokenSource oauth2.TokenSource - Credentials *google.Credentials - CredentialsFile string // if set, Token Source is ignored. + Endpoint string + DefaultEndpoint string + DefaultEndpointTemplate string + DefaultMTLSEndpoint string + Scopes []string + DefaultScopes []string + EnableJwtWithScope bool + TokenSource oauth2.TokenSource + Credentials *google.Credentials + // Deprecated: Use AuthCredentialsFile instead, due to security risk. + CredentialsFile string + // Deprecated: Use AuthCredentialsJSON instead, due to security risk. CredentialsJSON []byte InternalCredentials *google.Credentials UserAgent string @@ -70,8 +73,18 @@ type DialSettings struct { QuotaProject string RequestReason string + // TelemetryAttributes specifies a map of telemetry attributes to be added + // to all OpenTelemetry signals, such as tracing and metrics, for purposes + // including representing the static identity of the client (e.g., service + // name, version). These attributes are expected to be consistent across all + // signals to enable cross-signal correlation. + TelemetryAttributes map[string]string + // New Auth library Options AuthCredentials *auth.Credentials + AuthCredentialsJSON []byte + AuthCredentialsFile string + AuthCredentialsType credentialstype.CredType EnableNewAuthLibrary bool // TODO(b/372244283): Remove after b/358175516 has been fixed @@ -113,22 +126,55 @@ func (ds *DialSettings) IsNewAuthLibraryEnabled() bool { if ds.AuthCredentials != nil { return true } + if len(ds.AuthCredentialsJSON) > 0 { + return true + } + if ds.AuthCredentialsFile != "" { + return true + } if b, err := strconv.ParseBool(os.Getenv(newAuthLibEnvVar)); err == nil { return b } return false } +// GetAuthCredentialsJSON returns the AuthCredentialsJSON and AuthCredentialsType, if set. +// Otherwise it falls back to the deprecated CredentialsJSON with an Unknown type. +// +// Use AuthCredentialsJSON if provided, as it is the safer, recommended option. +// CredentialsJSON is populated by the deprecated WithCredentialsJSON. +func (ds *DialSettings) GetAuthCredentialsJSON() ([]byte, credentialstype.CredType) { + if len(ds.AuthCredentialsJSON) > 0 { + return ds.AuthCredentialsJSON, ds.AuthCredentialsType + } + return ds.CredentialsJSON, credentialstype.Unknown +} + +// GetAuthCredentialsFile returns the AuthCredentialsFile and AuthCredentialsType, if set. +// Otherwise it falls back to the deprecated CredentialsFile with an Unknown type. +// +// Use AuthCredentialsFile if provided, as it is the safer, recommended option. +// CredentialsFile is populated by the deprecated WithCredentialsFile. +func (ds *DialSettings) GetAuthCredentialsFile() (string, credentialstype.CredType) { + if ds.AuthCredentialsFile != "" { + return ds.AuthCredentialsFile, ds.AuthCredentialsType + } + return ds.CredentialsFile, credentialstype.Unknown +} + // Validate reports an error if ds is invalid. func (ds *DialSettings) Validate() error { if ds.SkipValidation { return nil } - hasCreds := ds.APIKey != "" || ds.TokenSource != nil || ds.CredentialsFile != "" || ds.Credentials != nil + hasCreds := ds.APIKey != "" || ds.TokenSource != nil || ds.CredentialsFile != "" || ds.Credentials != nil || ds.AuthCredentials != nil || len(ds.AuthCredentialsJSON) > 0 || ds.AuthCredentialsFile != "" if ds.NoAuth && hasCreds { return errors.New("options.WithoutAuthentication is incompatible with any option that provides credentials") } // Credentials should not appear with other options. + // AuthCredentials is a special case that may be present with + // with other options in order to facilitate automatic conversion of + // oauth2 types (old auth) to cloud.google.com/go/auth types (new auth). // We currently allow TokenSource and CredentialsFile to coexist. // TODO(jba): make TokenSource & CredentialsFile an error (breaking change). nCreds := 0 @@ -138,6 +184,12 @@ func (ds *DialSettings) Validate() error { if len(ds.CredentialsJSON) > 0 { nCreds++ } + if len(ds.AuthCredentialsJSON) > 0 { + nCreds++ + } + if ds.AuthCredentialsFile != "" { + nCreds++ + } if ds.CredentialsFile != "" { nCreds++ } diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go index c29c5ff..bde1989 100644 --- a/vendor/google.golang.org/api/internal/version.go +++ b/vendor/google.golang.org/api/internal/version.go @@ -5,4 +5,4 @@ package internal // Version is the current tagged release of the library. -const Version = "0.256.0" +const Version = "0.272.0" diff --git a/vendor/google.golang.org/api/option/option.go b/vendor/google.golang.org/api/option/option.go index 1b134ca..4dbfc3a 100644 --- a/vendor/google.golang.org/api/option/option.go +++ b/vendor/google.golang.org/api/option/option.go @@ -14,10 +14,45 @@ import ( "golang.org/x/oauth2" "golang.org/x/oauth2/google" "google.golang.org/api/internal" + "google.golang.org/api/internal/credentialstype" "google.golang.org/api/internal/impersonate" "google.golang.org/grpc" ) +// CredentialsType specifies the type of JSON credentials being provided +// to a loading function such as [WithAuthCredentialsFile] or +// [WithAuthCredentialsJSON]. +type CredentialsType = credentialstype.CredType + +const ( + // ServiceAccount represents a service account file type. + ServiceAccount = credentialstype.ServiceAccount + // AuthorizedUser represents an authorized user credentials file type. + AuthorizedUser = credentialstype.AuthorizedUser + // ImpersonatedServiceAccount represents an impersonated service account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ImpersonatedServiceAccount = credentialstype.ImpersonatedServiceAccount + // ExternalAccount represents an external account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ExternalAccount = credentialstype.ExternalAccount +) + // A ClientOption is an option for a Google API client. type ClientOption interface { Apply(*internal.DialSettings) @@ -45,6 +80,36 @@ func (w withCredFile) Apply(o *internal.DialSettings) { // API calls with the given service account or refresh token JSON // credentials file. // +// Deprecated: This function is being deprecated because of a potential security risk. +// +// This function does not validate the credential configuration. The security +// risk occurs when a credential configuration is accepted from a source that +// is not under your control and used without validation on your side. +// +// If you know that you will be loading credential configurations of a +// specific type, it is recommended to use a credential-type-specific +// option function. +// This will ensure that an unexpected credential type with potential for +// malicious intent is not loaded unintentionally. You might still have to do +// validation for certain credential types. Please follow the recommendation +// for that function. For example, if you want to load only service accounts, +// you can use [WithAuthCredentialsFile] with [ServiceAccount]: +// +// option.WithAuthCredentialsFile(option.ServiceAccount, "/path/to/file.json") +// +// If you are loading your credential configuration from an untrusted source and have +// not mitigated the risks (e.g. by validating the configuration yourself), make +// these changes as soon as possible to prevent security risks to your environment. +// +// Regardless of the function used, it is always your responsibility to validate +// configurations received from external sources. +func WithCredentialsFile(filename string) ClientOption { + return withCredFile(filename) +} + +// WithAuthCredentialsFile returns a ClientOption that authenticates API calls +// with the given JSON credentials file and credential type. +// // Important: If you accept a credential configuration (credential // JSON/File/Stream) from an external source for authentication to Google // Cloud Platform, you must validate it before providing it to any Google @@ -52,8 +117,21 @@ func (w withCredFile) Apply(o *internal.DialSettings) { // Google APIs can compromise the security of your systems and data. For // more information, refer to [Validate credential configurations from // external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). -func WithCredentialsFile(filename string) ClientOption { - return withCredFile(filename) +func WithAuthCredentialsFile(credType CredentialsType, filename string) ClientOption { + return withAuthCredentialsFile{ + credsType: credType, + filename: filename, + } +} + +type withAuthCredentialsFile struct { + credsType CredentialsType + filename string +} + +func (w withAuthCredentialsFile) Apply(o *internal.DialSettings) { + o.AuthCredentialsFile = w.filename + o.AuthCredentialsType = w.credsType } // WithServiceAccountFile returns a ClientOption that uses a Google service @@ -67,15 +145,52 @@ func WithCredentialsFile(filename string) ClientOption { // more information, refer to [Validate credential configurations from // external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). // -// Deprecated: Use WithCredentialsFile instead. +// Deprecated: Use WithAuthCredentialsFile instead. func WithServiceAccountFile(filename string) ClientOption { - return WithCredentialsFile(filename) + return WithAuthCredentialsFile(ServiceAccount, filename) } // WithCredentialsJSON returns a ClientOption that authenticates // API calls with the given service account or refresh token JSON // credentials. // +// Deprecated: This function is being deprecated because of a potential security risk. +// +// This function does not validate the credential configuration. The security +// risk occurs when a credential configuration is accepted from a source that +// is not under your control and used without validation on your side. +// +// If you know that you will be loading credential configurations of a +// specific type, it is recommended to use a credential-type-specific +// option function. +// This will ensure that an unexpected credential type with potential for +// malicious intent is not loaded unintentionally. You might still have to do +// validation for certain credential types. Please follow the recommendation +// for that function. For example, if you want to load only service accounts, +// you can use [WithAuthCredentialsJSON] with [ServiceAccount]: +// +// option.WithAuthCredentialsJSON(option.ServiceAccount, json) +// +// If you are loading your credential configuration from an untrusted source and have +// not mitigated the risks (e.g. by validating the configuration yourself), make +// these changes as soon as possible to prevent security risks to your environment. +// +// Regardless of the function used, it is always your responsibility to validate +// configurations received from external sources. +func WithCredentialsJSON(p []byte) ClientOption { + return withCredentialsJSON(p) +} + +type withCredentialsJSON []byte + +func (w withCredentialsJSON) Apply(o *internal.DialSettings) { + o.CredentialsJSON = make([]byte, len(w)) + copy(o.CredentialsJSON, w) +} + +// WithAuthCredentialsJSON returns a ClientOption that authenticates API calls +// with the given JSON credentials and credential type. +// // Important: If you accept a credential configuration (credential // JSON/File/Stream) from an external source for authentication to Google // Cloud Platform, you must validate it before providing it to any Google @@ -83,15 +198,21 @@ func WithServiceAccountFile(filename string) ClientOption { // Google APIs can compromise the security of your systems and data. For // more information, refer to [Validate credential configurations from // external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). -func WithCredentialsJSON(p []byte) ClientOption { - return withCredentialsJSON(p) +func WithAuthCredentialsJSON(credType CredentialsType, json []byte) ClientOption { + return withAuthCredentialsJSON{ + credsType: credType, + json: json, + } } -type withCredentialsJSON []byte +type withAuthCredentialsJSON struct { + credsType CredentialsType + json []byte +} -func (w withCredentialsJSON) Apply(o *internal.DialSettings) { - o.CredentialsJSON = make([]byte, len(w)) - copy(o.CredentialsJSON, w) +func (w withAuthCredentialsJSON) Apply(o *internal.DialSettings) { + o.AuthCredentialsJSON = w.json + o.AuthCredentialsType = w.credsType } // WithEndpoint returns a ClientOption that overrides the default endpoint diff --git a/vendor/google.golang.org/api/transport/http/dial.go b/vendor/google.golang.org/api/transport/http/dial.go index a33df91..bd44cfa 100644 --- a/vendor/google.golang.org/api/transport/http/dial.go +++ b/vendor/google.golang.org/api/transport/http/dial.go @@ -108,6 +108,8 @@ func newClientNewAuth(ctx context.Context, base http.RoundTripper, ds *internal. if ds.UserAgent != "" { headers.Set("User-Agent", ds.UserAgent) } + credsJSON, _ := ds.GetAuthCredentialsJSON() + credsFile, _ := ds.GetAuthCredentialsFile() client, err := httptransport.NewClient(&httptransport.Options{ DisableTelemetry: ds.TelemetryDisabled, DisableAuthentication: ds.NoAuth, @@ -120,8 +122,8 @@ func newClientNewAuth(ctx context.Context, base http.RoundTripper, ds *internal. DetectOpts: &credentials.DetectOptions{ Scopes: ds.Scopes, Audience: aud, - CredentialsFile: ds.CredentialsFile, - CredentialsJSON: ds.CredentialsJSON, + CredentialsFile: credsFile, + CredentialsJSON: credsJSON, Logger: ds.Logger, }, InternalOptions: &httptransport.InternalOptions{ @@ -131,6 +133,7 @@ func newClientNewAuth(ctx context.Context, base http.RoundTripper, ds *internal. DefaultMTLSEndpoint: ds.DefaultMTLSEndpoint, DefaultScopes: ds.DefaultScopes, SkipValidation: skipValidation, + TelemetryAttributes: ds.TelemetryAttributes, }, UniverseDomain: ds.UniverseDomain, Logger: ds.Logger, diff --git a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go index 669133d..c96e448 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go @@ -32,7 +32,7 @@ var byteType = reflect.TypeOf(byte(0)) func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescriptors) protoreflect.FieldDescriptor { f := new(filedesc.Field) f.L0.ParentFile = filedesc.SurrogateProto2 - f.L1.EditionFeatures = f.L0.ParentFile.L1.EditionFeatures + packed := false for len(tag) > 0 { i := strings.IndexByte(tag, ',') if i < 0 { @@ -108,7 +108,7 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri f.L1.StringName.InitJSON(jsonName) } case s == "packed": - f.L1.EditionFeatures.IsPacked = true + packed = true case strings.HasPrefix(s, "def="): // The default tag is special in that everything afterwards is the // default regardless of the presence of commas. @@ -121,6 +121,13 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri tag = strings.TrimPrefix(tag[i:], ",") } + // Update EditionFeatures after the loop and after we know whether this is + // a proto2 or proto3 field. + f.L1.EditionFeatures = f.L0.ParentFile.L1.EditionFeatures + if packed { + f.L1.EditionFeatures.IsPacked = true + } + // The generator uses the group message name instead of the field name. // We obtain the real field name by lowercasing the group name. if f.L1.Kind == protoreflect.GroupKind { diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go index 099b2bf..9aa7a9b 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go @@ -424,27 +424,34 @@ func (d *Decoder) parseFieldName() (tok Token, err error) { return Token{}, d.newSyntaxError("invalid field name: %s", errId(d.in)) } -// parseTypeName parses Any type URL or extension field name. The name is -// enclosed in [ and ] characters. The C++ parser does not handle many legal URL -// strings. This implementation is more liberal and allows for the pattern -// ^[-_a-zA-Z0-9]+([./][-_a-zA-Z0-9]+)*`). Whitespaces and comments are allowed -// in between [ ], '.', '/' and the sub names. +// parseTypeName parses an Any type URL or an extension field name. The name is +// enclosed in [ and ] characters. We allow almost arbitrary type URL prefixes, +// closely following the text-format spec [1,2]. We implement "ExtensionName | +// AnyName" as follows (with some exceptions for backwards compatibility): +// +// char = [-_a-zA-Z0-9] +// url_char = char | [.~!$&'()*+,;=] | "%", hex, hex +// +// Ident = char, { char } +// TypeName = Ident, { ".", Ident } ; +// UrlPrefix = url_char, { url_char | "/" } ; +// ExtensionName = "[", TypeName, "]" ; +// AnyName = "[", UrlPrefix, "/", TypeName, "]" ; +// +// Additionally, we allow arbitrary whitespace and comments between [ and ]. +// +// [1] https://protobuf.dev/reference/protobuf/textformat-spec/#characters +// [2] https://protobuf.dev/reference/protobuf/textformat-spec/#field-names func (d *Decoder) parseTypeName() (Token, error) { - startPos := len(d.orig) - len(d.in) // Use alias s to advance first in order to use d.in for error handling. - // Caller already checks for [ as first character. + // Caller already checks for [ as first character (d.in[0] == '['). s := consume(d.in[1:], 0) if len(s) == 0 { return Token{}, ErrUnexpectedEOF } + // Collect everything between [ and ] in name. var name []byte - for len(s) > 0 && isTypeNameChar(s[0]) { - name = append(name, s[0]) - s = s[1:] - } - s = consume(s, 0) - var closed bool for len(s) > 0 && !closed { switch { @@ -452,23 +459,20 @@ func (d *Decoder) parseTypeName() (Token, error) { s = s[1:] closed = true - case s[0] == '/', s[0] == '.': - if len(name) > 0 && (name[len(name)-1] == '/' || name[len(name)-1] == '.') { - return Token{}, d.newSyntaxError("invalid type URL/extension field name: %s", - d.orig[startPos:len(d.orig)-len(s)+1]) - } + case s[0] == '/' || isTypeNameChar(s[0]) || isUrlExtraChar(s[0]): name = append(name, s[0]) - s = s[1:] - s = consume(s, 0) - for len(s) > 0 && isTypeNameChar(s[0]) { - name = append(name, s[0]) - s = s[1:] + s = consume(s[1:], 0) + + // URL percent-encoded chars + case s[0] == '%': + if len(s) < 3 || !isHexChar(s[1]) || !isHexChar(s[2]) { + return Token{}, d.parseTypeNameError(s, 3) } - s = consume(s, 0) + name = append(name, s[0], s[1], s[2]) + s = consume(s[3:], 0) default: - return Token{}, d.newSyntaxError( - "invalid type URL/extension field name: %s", d.orig[startPos:len(d.orig)-len(s)+1]) + return Token{}, d.parseTypeNameError(s, 1) } } @@ -476,15 +480,38 @@ func (d *Decoder) parseTypeName() (Token, error) { return Token{}, ErrUnexpectedEOF } - // First character cannot be '.'. Last character cannot be '.' or '/'. - size := len(name) - if size == 0 || name[0] == '.' || name[size-1] == '.' || name[size-1] == '/' { - return Token{}, d.newSyntaxError("invalid type URL/extension field name: %s", - d.orig[startPos:len(d.orig)-len(s)]) + // Split collected name on last '/' into urlPrefix and typeName (if '/' is + // present). + typeName := name + if i := bytes.LastIndexByte(name, '/'); i != -1 { + urlPrefix := name[:i] + typeName = name[i+1:] + + // urlPrefix may be empty (for backwards compatibility). + // If non-empty, it must not start with '/'. + if len(urlPrefix) > 0 && urlPrefix[0] == '/' { + return Token{}, d.parseTypeNameError(s, 0) + } } + // typeName must not be empty (note: "" splits to [""]) and all identifier + // parts must not be empty. + for _, ident := range bytes.Split(typeName, []byte{'.'}) { + if len(ident) == 0 { + return Token{}, d.parseTypeNameError(s, 0) + } + } + + // typeName must not contain any percent-encoded or special URL chars. + for _, b := range typeName { + if b == '%' || (b != '.' && isUrlExtraChar(b)) { + return Token{}, d.parseTypeNameError(s, 0) + } + } + + startPos := len(d.orig) - len(d.in) + endPos := len(d.orig) - len(s) d.in = s - endPos := len(d.orig) - len(d.in) d.consume(0) return Token{ @@ -496,16 +523,32 @@ func (d *Decoder) parseTypeName() (Token, error) { }, nil } +func (d *Decoder) parseTypeNameError(s []byte, numUnconsumedChars int) error { + return d.newSyntaxError( + "invalid type URL/extension field name: %s", + d.in[:len(d.in)-len(s)+min(numUnconsumedChars, len(s))], + ) +} + +func isHexChar(b byte) bool { + return ('0' <= b && b <= '9') || + ('a' <= b && b <= 'f') || + ('A' <= b && b <= 'F') +} + func isTypeNameChar(b byte) bool { - return (b == '-' || b == '_' || + return b == '-' || b == '_' || ('0' <= b && b <= '9') || ('a' <= b && b <= 'z') || - ('A' <= b && b <= 'Z')) + ('A' <= b && b <= 'Z') } -func isWhiteSpace(b byte) bool { +// isUrlExtraChar complements isTypeNameChar with extra characters that we allow +// in URLs but not in type names. Note that '/' is not included so that it can +// be treated specially. +func isUrlExtraChar(b byte) bool { switch b { - case ' ', '\n', '\r', '\t': + case '.', '~', '!', '$', '&', '(', ')', '*', '+', ',', ';', '=': return true default: return false diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index dbcf90b..c775e58 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -32,6 +32,7 @@ const ( EditionProto3 Edition = 999 Edition2023 Edition = 1000 Edition2024 Edition = 1001 + EditionUnstable Edition = 9999 EditionUnsupported Edition = 100000 ) diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go index dd31faa..78f02b1 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go @@ -330,7 +330,6 @@ func (md *Message) unmarshalFull(b []byte, sb *strs.Builder) { md.L1.Extensions.List[extensionIdx].unmarshalFull(v, sb) extensionIdx++ case genid.DescriptorProto_Options_field_number: - md.unmarshalOptions(v) rawOptions = appendOptions(rawOptions, v) } default: @@ -356,27 +355,6 @@ func (md *Message) unmarshalFull(b []byte, sb *strs.Builder) { md.L2.Options = md.L0.ParentFile.builder.optionsUnmarshaler(&descopts.Message, rawOptions) } -func (md *Message) unmarshalOptions(b []byte) { - for len(b) > 0 { - num, typ, n := protowire.ConsumeTag(b) - b = b[n:] - switch typ { - case protowire.VarintType: - v, m := protowire.ConsumeVarint(b) - b = b[m:] - switch num { - case genid.MessageOptions_MapEntry_field_number: - md.L1.IsMapEntry = protowire.DecodeBool(v) - case genid.MessageOptions_MessageSetWireFormat_field_number: - md.L1.IsMessageSet = protowire.DecodeBool(v) - } - default: - m := protowire.ConsumeFieldValue(num, typ, b) - b = b[m:] - } - } -} - func unmarshalMessageReservedRange(b []byte) (r [2]protoreflect.FieldNumber) { for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index 950a6a3..65aaf4d 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -26,6 +26,7 @@ const ( Edition_EDITION_PROTO3_enum_value = 999 Edition_EDITION_2023_enum_value = 1000 Edition_EDITION_2024_enum_value = 1001 + Edition_EDITION_UNSTABLE_enum_value = 9999 Edition_EDITION_1_TEST_ONLY_enum_value = 1 Edition_EDITION_2_TEST_ONLY_enum_value = 2 Edition_EDITION_99997_TEST_ONLY_enum_value = 99997 diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go index 229c698..4a3bf39 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go @@ -113,6 +113,9 @@ func sizeMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo, opts marshalO } func consumeMap(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if opts.depth--; opts.depth < 0 { + return out, errRecursionDepth + } if wtyp != protowire.BytesType { return out, errUnknown } @@ -170,6 +173,9 @@ func consumeMap(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo } func consumeMapOfMessage(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if opts.depth--; opts.depth < 0 { + return out, errRecursionDepth + } if wtyp != protowire.BytesType { return out, errUnknown } diff --git a/vendor/google.golang.org/protobuf/internal/impl/decode.go b/vendor/google.golang.org/protobuf/internal/impl/decode.go index e0dd21f..1228b5c 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/decode.go +++ b/vendor/google.golang.org/protobuf/internal/impl/decode.go @@ -102,8 +102,7 @@ var errUnknown = errors.New("unknown") func (mi *MessageInfo) unmarshalPointer(b []byte, p pointer, groupTag protowire.Number, opts unmarshalOptions) (out unmarshalOutput, err error) { mi.init() - opts.depth-- - if opts.depth < 0 { + if opts.depth--; opts.depth < 0 { return out, errRecursionDepth } if flags.ProtoLegacy && mi.isMessageSet { diff --git a/vendor/google.golang.org/protobuf/internal/impl/validate.go b/vendor/google.golang.org/protobuf/internal/impl/validate.go index 7b2995d..99a1eb9 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/validate.go +++ b/vendor/google.golang.org/protobuf/internal/impl/validate.go @@ -68,9 +68,13 @@ func Validate(mt protoreflect.MessageType, in protoiface.UnmarshalInput) (out pr if in.Resolver == nil { in.Resolver = protoregistry.GlobalTypes } + if in.Depth == 0 { + in.Depth = protowire.DefaultRecursionLimit + } o, st := mi.validate(in.Buf, 0, unmarshalOptions{ flags: in.Flags, resolver: in.Resolver, + depth: in.Depth, }) if o.initialized { out.Flags |= protoiface.UnmarshalInitialized @@ -257,6 +261,9 @@ func (mi *MessageInfo) validate(b []byte, groupTag protowire.Number, opts unmars states[0].typ = validationTypeGroup states[0].endGroup = groupTag } + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } initialized := true start := len(b) State: @@ -451,6 +458,13 @@ State: mi: vi.mi, tail: b, }) + if vi.typ == validationTypeMessage || + vi.typ == validationTypeGroup || + vi.typ == validationTypeMap { + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } + } b = v continue State case validationTypeRepeatedVarint: @@ -499,6 +513,9 @@ State: mi: vi.mi, endGroup: num, }) + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } continue State case flags.ProtoLegacy && vi.typ == validationTypeMessageSetItem: typeid, v, n, err := messageset.ConsumeFieldValue(b, false) @@ -521,6 +538,13 @@ State: mi: xvi.mi, tail: b[n:], }) + if xvi.typ == validationTypeMessage || + xvi.typ == validationTypeGroup || + xvi.typ == validationTypeMap { + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } + } b = v continue State } @@ -547,12 +571,14 @@ State: switch st.typ { case validationTypeMessage, validationTypeGroup: numRequiredFields = int(st.mi.numRequiredFields) + opts.depth++ case validationTypeMap: // If this is a map field with a message value that contains // required fields, require that the value be present. if st.mi != nil && st.mi.numRequiredFields > 0 { numRequiredFields = 1 } + opts.depth++ } // If there are more than 64 required fields, this check will // always fail and we will report that the message is potentially diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 77de0f2..763fd82 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 10 + Patch = 11 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go index 4cbf1ae..889d851 100644 --- a/vendor/google.golang.org/protobuf/proto/decode.go +++ b/vendor/google.golang.org/protobuf/proto/decode.go @@ -121,9 +121,8 @@ func (o UnmarshalOptions) unmarshal(b []byte, m protoreflect.Message) (out proto out, err = methods.Unmarshal(in) } else { - o.RecursionLimit-- - if o.RecursionLimit < 0 { - return out, errors.New("exceeded max recursion depth") + if o.RecursionLimit--; o.RecursionLimit < 0 { + return out, errRecursionDepth } err = o.unmarshalMessageSlow(b, m) } @@ -220,6 +219,9 @@ func (o UnmarshalOptions) unmarshalSingular(b []byte, wtyp protowire.Type, m pro } func (o UnmarshalOptions) unmarshalMap(b []byte, wtyp protowire.Type, mapv protoreflect.Map, fd protoreflect.FieldDescriptor) (n int, err error) { + if o.RecursionLimit--; o.RecursionLimit < 0 { + return 0, errRecursionDepth + } if wtyp != protowire.BytesType { return 0, errUnknown } @@ -305,3 +307,5 @@ func (o UnmarshalOptions) unmarshalMap(b []byte, wtyp protowire.Type, mapv proto var errUnknown = errors.New("BUG: internal error (unknown)") var errDecode = errors.New("cannot parse invalid wire-format data") + +var errRecursionDepth = errors.New("exceeded maximum recursion depth") diff --git a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go index 06d584c..484c21f 100644 --- a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go +++ b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go @@ -172,13 +172,14 @@ import ( // ) to obtain a formatter capable of generating timestamps in this format. type Timestamp struct { state protoimpl.MessageState `protogen:"open.v1"` - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. + // Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must + // be between -315576000000 and 315576000000 inclusive (which corresponds to + // 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z). Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"` - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 + // Non-negative fractions of a second at nanosecond resolution. This field is + // the nanosecond portion of the duration, not an alternative to seconds. + // Negative second values with fractions must still have non-negative nanos + // values that count forward in time. Must be between 0 and 999,999,999 // inclusive. Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"` unknownFields protoimpl.UnknownFields diff --git a/vendor/modules.txt b/vendor/modules.txt index ee99908..1e35e9c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# cloud.google.com/go/auth v0.17.0 +# cloud.google.com/go/auth v0.18.2 ## explicit; go 1.24.0 cloud.google.com/go/auth cloud.google.com/go/auth/credentials @@ -39,8 +39,8 @@ github.com/Microsoft/go-winio/pkg/guid # github.com/armon/go-metrics v0.4.1 ## explicit; go 1.12 github.com/armon/go-metrics -# github.com/aws/aws-sdk-go-v2 v1.40.0 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2 v1.41.9 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/aws github.com/aws/aws-sdk-go-v2/aws/defaults github.com/aws/aws-sdk-go-v2/aws/middleware @@ -57,7 +57,6 @@ github.com/aws/aws-sdk-go-v2/internal/auth/smithy github.com/aws/aws-sdk-go-v2/internal/context github.com/aws/aws-sdk-go-v2/internal/endpoints github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn -github.com/aws/aws-sdk-go-v2/internal/middleware github.com/aws/aws-sdk-go-v2/internal/rand github.com/aws/aws-sdk-go-v2/internal/sdk github.com/aws/aws-sdk-go-v2/internal/sdkio @@ -65,11 +64,12 @@ github.com/aws/aws-sdk-go-v2/internal/shareddefaults github.com/aws/aws-sdk-go-v2/internal/strings github.com/aws/aws-sdk-go-v2/internal/sync/singleflight github.com/aws/aws-sdk-go-v2/internal/timeconv -# github.com/aws/aws-sdk-go-v2/config v1.32.2 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/config v1.32.20 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/config -# github.com/aws/aws-sdk-go-v2/credentials v1.19.2 -## explicit; go 1.23 +github.com/aws/aws-sdk-go-v2/config/internal/ini +# github.com/aws/aws-sdk-go-v2/credentials v1.19.19 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/credentials github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds github.com/aws/aws-sdk-go-v2/credentials/endpointcreds @@ -78,47 +78,49 @@ github.com/aws/aws-sdk-go-v2/credentials/logincreds github.com/aws/aws-sdk-go-v2/credentials/processcreds github.com/aws/aws-sdk-go-v2/credentials/ssocreds github.com/aws/aws-sdk-go-v2/credentials/stscreds -# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.25 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/feature/ec2/imds github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config -# github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.25 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/internal/configsources -# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.25 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 -# github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 -## explicit; go 1.23 -github.com/aws/aws-sdk-go-v2/internal/ini -# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.26 +## explicit; go 1.24 +github.com/aws/aws-sdk-go-v2/internal/v4a +github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto +github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4 +# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.10 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding -# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.25 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url -# github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/service/signin v1.1.1 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/signin github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints github.com/aws/aws-sdk-go-v2/service/signin/types -# github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/service/sso v1.30.19 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/sso github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints github.com/aws/aws-sdk-go-v2/service/sso/types -# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.2 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/ssooidc github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints github.com/aws/aws-sdk-go-v2/service/ssooidc/types -# github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 -## explicit; go 1.23 +# github.com/aws/aws-sdk-go-v2/service/sts v1.42.3 +## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/sts github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints github.com/aws/aws-sdk-go-v2/service/sts/types -# github.com/aws/smithy-go v1.24.0 -## explicit; go 1.23 +# github.com/aws/smithy-go v1.26.0 +## explicit; go 1.24 github.com/aws/smithy-go github.com/aws/smithy-go/auth github.com/aws/smithy-go/auth/bearer @@ -129,6 +131,7 @@ github.com/aws/smithy-go/encoding/httpbinding github.com/aws/smithy-go/encoding/json github.com/aws/smithy-go/encoding/xml github.com/aws/smithy-go/endpoints +github.com/aws/smithy-go/endpoints/private/bdd github.com/aws/smithy-go/endpoints/private/rulesfn github.com/aws/smithy-go/internal/sync/singleflight github.com/aws/smithy-go/io @@ -267,12 +270,12 @@ github.com/google/uuid # github.com/google/wire v0.7.0 ## explicit; go 1.19 github.com/google/wire -# github.com/googleapis/enterprise-certificate-proxy v0.3.7 -## explicit; go 1.23.0 +# github.com/googleapis/enterprise-certificate-proxy v0.3.14 +## explicit; go 1.24.11 github.com/googleapis/enterprise-certificate-proxy/client github.com/googleapis/enterprise-certificate-proxy/client/util -# github.com/googleapis/gax-go/v2 v2.15.0 -## explicit; go 1.23.0 +# github.com/googleapis/gax-go/v2 v2.19.0 +## explicit; go 1.25.0 github.com/googleapis/gax-go/v2 github.com/googleapis/gax-go/v2/apierror github.com/googleapis/gax-go/v2/apierror/internal/proto @@ -445,8 +448,8 @@ github.com/yusufpapurcu/wmi ## explicit; go 1.24.0 go.opentelemetry.io/auto/sdk go.opentelemetry.io/auto/sdk/internal/telemetry -# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 -## explicit; go 1.23.0 +# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 +## explicit; go 1.25.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv @@ -463,8 +466,8 @@ go.opentelemetry.io/otel/internal/errorhandler go.opentelemetry.io/otel/internal/global go.opentelemetry.io/otel/propagation go.opentelemetry.io/otel/semconv/v1.37.0 -go.opentelemetry.io/otel/semconv/v1.37.0/httpconv go.opentelemetry.io/otel/semconv/v1.40.0 +go.opentelemetry.io/otel/semconv/v1.40.0/httpconv go.opentelemetry.io/otel/semconv/v1.40.0/otelconv # go.opentelemetry.io/otel/metric v1.43.0 ## explicit; go 1.25.0 @@ -492,8 +495,8 @@ go.opentelemetry.io/otel/trace go.opentelemetry.io/otel/trace/embedded go.opentelemetry.io/otel/trace/internal/telemetry go.opentelemetry.io/otel/trace/noop -# gocloud.dev v0.45.0 -## explicit; go 1.24.0 +# gocloud.dev v0.46.0 +## explicit; go 1.25.0 gocloud.dev/gcerrors gocloud.dev/gcp gocloud.dev/internal/gcerr @@ -507,8 +510,8 @@ gocloud.dev/runtimevar/driver gocloud.dev/runtimevar/drivertest gocloud.dev/secrets gocloud.dev/secrets/driver -# golang.org/x/crypto v0.48.0 -## explicit; go 1.24.0 +# golang.org/x/crypto v0.49.0 +## explicit; go 1.25.0 golang.org/x/crypto/blowfish golang.org/x/crypto/chacha20 golang.org/x/crypto/chacha20poly1305 @@ -523,7 +526,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf # golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa ## explicit; go 1.25.0 golang.org/x/exp/slices -# golang.org/x/net v0.51.0 +# golang.org/x/net v0.52.0 ## explicit; go 1.25.0 golang.org/x/net/http/httpguts golang.org/x/net/http2 @@ -533,8 +536,8 @@ golang.org/x/net/internal/httpcommon golang.org/x/net/internal/httpsfv golang.org/x/net/internal/timeseries golang.org/x/net/trace -# golang.org/x/oauth2 v0.34.0 -## explicit; go 1.24.0 +# golang.org/x/oauth2 v0.36.0 +## explicit; go 1.25.0 golang.org/x/oauth2 golang.org/x/oauth2/authhandler golang.org/x/oauth2/google @@ -551,8 +554,8 @@ golang.org/x/sys/cpu golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/text v0.34.0 -## explicit; go 1.24.0 +# golang.org/x/text v0.35.0 +## explicit; go 1.25.0 golang.org/x/text/secure/bidirule golang.org/x/text/transform golang.org/x/text/unicode/bidi @@ -561,18 +564,19 @@ golang.org/x/text/unicode/norm ## explicit; go 1.18 golang.org/x/xerrors golang.org/x/xerrors/internal -# google.golang.org/api v0.256.0 -## explicit; go 1.24.0 +# google.golang.org/api v0.272.0 +## explicit; go 1.25.0 google.golang.org/api/googleapi google.golang.org/api/googleapi/transport google.golang.org/api/internal google.golang.org/api/internal/cert +google.golang.org/api/internal/credentialstype google.golang.org/api/internal/impersonate google.golang.org/api/internal/third_party/uritemplates google.golang.org/api/option google.golang.org/api/transport/http -# google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 -## explicit; go 1.24.0 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5 +## explicit; go 1.25.0 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status @@ -640,7 +644,7 @@ google.golang.org/grpc/serviceconfig google.golang.org/grpc/stats google.golang.org/grpc/status google.golang.org/grpc/tap -# google.golang.org/protobuf v1.36.10 +# google.golang.org/protobuf v1.36.11 ## explicit; go 1.23 google.golang.org/protobuf/encoding/protojson google.golang.org/protobuf/encoding/prototext