From 659e364d6544ea84b8b0db62da99962a797b6c2f Mon Sep 17 00:00:00 2001 From: ajayk Date: Wed, 26 Jun 2019 20:11:49 -0700 Subject: [PATCH 1/2] deps: github.com/aws/aws-sdk-go@v1.20.10 --- go.mod | 2 +- go.sum | 4 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 24 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/dynamodb/api.go | 421 +++++----- .../aws-sdk-go/service/dynamodb/doc_custom.go | 2 +- .../aws/aws-sdk-go/service/dynamodb/errors.go | 4 + .../aws/aws-sdk-go/service/iam/api.go | 765 +++++++++++++++++- .../aws/aws-sdk-go/service/iam/errors.go | 7 + vendor/modules.txt | 2 +- 10 files changed, 994 insertions(+), 239 deletions(-) diff --git a/go.mod b/go.mod index 7a0cebab458c..6be3f6ff8781 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect github.com/armon/go-radix v1.0.0 // indirect - github.com/aws/aws-sdk-go v1.20.4 + github.com/aws/aws-sdk-go v1.20.10 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect github.com/blang/semver v3.5.1+incompatible github.com/boltdb/bolt v1.3.1 // indirect diff --git a/go.sum b/go.sum index 84bb9de38200..c516b3f15bf3 100644 --- a/go.sum +++ b/go.sum @@ -57,8 +57,8 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.16.36 h1:POeH34ZME++pr7GBGh+ZO6Y5kOwSMQpqp5BGUgooJ6k= github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.20.4 h1:czX3oqFyqz/AELrK/tneNuyZgNIrWnyqP+iQXsQ32E0= -github.com/aws/aws-sdk-go v1.20.4/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.20.10 h1:wrwdNYb9Xe1ahNEEXl0M/O/g/dmonWag1TFAKVNQulM= +github.com/aws/aws-sdk-go v1.20.10/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 8d2b9dce0219..6a988a4aada4 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -1179,6 +1179,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "sa-east-1": endpoint{}, @@ -1556,6 +1557,7 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1831,12 +1833,6 @@ var awsPartition = partition{ "kms": service{ Endpoints: endpoints{ - "ProdFips": endpoint{ - Hostname: "kms-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - }, "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, @@ -2000,6 +1996,7 @@ var awsPartition = partition{ "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, @@ -2115,12 +2112,14 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -3416,6 +3415,7 @@ var awsPartition = partition{ "xray": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -3886,6 +3886,12 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "support": service{ + + Endpoints: endpoints{ + "aws-cn-global": endpoint{}, + }, + }, "swf": service{ Endpoints: endpoints{ @@ -4090,6 +4096,12 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "datasync": service{ + + Endpoints: endpoints{ + "us-gov-west-1": endpoint{}, + }, + }, "directconnect": service{ Endpoints: endpoints{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index d2be7cb6afd2..00efe6b9f217 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.20.4" +const SDKVersion = "1.20.10" diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go index f169423c2309..8c889ff34554 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go @@ -90,23 +90,23 @@ func (c *DynamoDB) BatchGetItemRequest(input *BatchGetItemInput) (req *request.R // one or more tables. You identify requested items by primary key. // // A single operation can retrieve up to 16 MB of data, which can contain as -// many as 100 items. BatchGetItem will return a partial result if the response +// many as 100 items. BatchGetItem returns a partial result if the response // size limit is exceeded, the table's provisioned throughput is exceeded, or // an internal processing failure occurs. If a partial result is returned, the // operation returns a value for UnprocessedKeys. You can use this value to // retry the operation starting with the next item to get. // -// If you request more than 100 items BatchGetItem will return a ValidationException -// with the message "Too many items requested for the BatchGetItem call". +// If you request more than 100 items, BatchGetItem returns a ValidationException +// with the message "Too many items requested for the BatchGetItem call." // // For example, if you ask to retrieve 100 items, but each individual item is // 300 KB in size, the system returns 52 items (so as not to exceed the 16 MB // limit). It also returns an appropriate UnprocessedKeys value so you can get // the next page of results. If desired, your application can include its own -// logic to assemble the pages of results into one data set. +// logic to assemble the pages of results into one dataset. // // If none of the items can be processed due to insufficient provisioned throughput -// on all of the tables in the request, then BatchGetItem will return a ProvisionedThroughputExceededException. +// on all of the tables in the request, then BatchGetItem returns a ProvisionedThroughputExceededException. // If at least one of the items is successfully processed, then BatchGetItem // completes successfully, while returning the keys of the unread items in UnprocessedKeys. // @@ -133,7 +133,7 @@ func (c *DynamoDB) BatchGetItemRequest(input *BatchGetItemInput) (req *request.R // // If a requested item does not exist, it is not returned in the result. Requests // for nonexistent items consume the minimum read capacity units according to -// the type of read. For more information, see Capacity Units Calculations (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#CapacityUnitCalculations) +// the type of read. For more information, see Working with Tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#CapacityUnitCalculations) // in the Amazon DynamoDB Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -317,9 +317,8 @@ func (c *DynamoDB) BatchWriteItemRequest(input *BatchWriteItemInput) (req *reque // check for unprocessed items and submit a new BatchWriteItem request with // those unprocessed items until all items have been processed. // -// Note that if none of the items can be processed due to insufficient provisioned -// throughput on all of the tables in the request, then BatchWriteItem will -// return a ProvisionedThroughputExceededException. +// If none of the items can be processed due to insufficient provisioned throughput +// on all of the tables in the request, then BatchWriteItem returns a ProvisionedThroughputExceededException. // // If DynamoDB returns any unprocessed items, you should retry the batch operation // on those items. However, we strongly recommend that you use an exponential @@ -328,16 +327,15 @@ func (c *DynamoDB) BatchWriteItemRequest(input *BatchWriteItemInput) (req *reque // tables. If you delay the batch operation using exponential backoff, the individual // requests in the batch are much more likely to succeed. // -// For more information, see Batch Operations and Error Handling (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ErrorHandling.html#BatchOperations) +// For more information, see Batch Operations and Error Handling (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ErrorHandling.html#Programming.Errors.BatchOperations) // in the Amazon DynamoDB Developer Guide. // // With BatchWriteItem, you can efficiently write or delete large amounts of -// data, such as from Amazon Elastic MapReduce (EMR), or copy data from another -// database into DynamoDB. In order to improve performance with these large-scale -// operations, BatchWriteItem does not behave in the same way as individual -// PutItem and DeleteItem calls would. For example, you cannot specify conditions -// on individual put and delete requests, and BatchWriteItem does not return -// deleted items in the response. +// data, such as from Amazon EMR, or copy data from another database into DynamoDB. +// In order to improve performance with these large-scale operations, BatchWriteItem +// does not behave in the same way as individual PutItem and DeleteItem calls +// would. For example, you cannot specify conditions on individual put and delete +// requests, and BatchWriteItem does not return deleted items in the response. // // If you use a programming language that supports concurrency, you can use // threads to write items in parallel. Your application must include the necessary @@ -495,10 +493,10 @@ func (c *DynamoDB) CreateBackupRequest(input *CreateBackupInput) (req *request.R // // Creates a backup for an existing table. // -// Each time you create an On-Demand Backup, the entire table data is backed +// Each time you create an on-demand backup, the entire table data is backed // up. There is no limit to the number of on-demand backups that can be taken. // -// When you create an On-Demand Backup, a time marker of the request is cataloged, +// When you create an on-demand backup, a time marker of the request is cataloged, // and the backup is created asynchronously, by applying all changes until the // time of the request to the last full table snapshot. Backup requests are // processed instantaneously and become available for restore within minutes. @@ -510,9 +508,8 @@ func (c *DynamoDB) CreateBackupRequest(input *CreateBackupInput) (req *request.R // // If you submit a backup request on 2018-12-14 at 14:25:00, the backup is guaranteed // to contain all data committed to the table up to 14:24:00, and data committed -// after 14:26:00 will not be. The backup may or may not contain data modifications -// made between 14:24:00 and 14:26:00. On-Demand Backup does not support causal -// consistency. +// after 14:26:00 will not be. The backup might contain data modifications made +// between 14:24:00 and 14:26:00. On-demand backup does not support causal consistency. // // Along with data, the following are also included on the backups: // @@ -652,7 +649,7 @@ func (c *DynamoDB) CreateGlobalTableRequest(input *CreateGlobalTableInput) (req // // Creates a global table from an existing table. A global table creates a replication // relationship between two or more DynamoDB tables with the same table name -// in the provided regions. +// in the provided Regions. // // If you want to add a new replica table to a global table, each of the following // conditions must be true: @@ -804,8 +801,8 @@ func (c *DynamoDB) CreateTableRequest(input *CreateTableInput) (req *request.Req // CreateTable API operation for Amazon DynamoDB. // // The CreateTable operation adds a new table to your account. In an AWS account, -// table names must be unique within each region. That is, you can have two -// tables with same name if you create the tables in different regions. +// table names must be unique within each Region. That is, you can have two +// tables with same name if you create the tables in different Regions. // // CreateTable is an asynchronous operation. Upon receiving a CreateTable request, // DynamoDB immediately returns a response with a TableStatus of CREATING. After @@ -1449,8 +1446,8 @@ func (c *DynamoDB) DescribeContinuousBackupsRequest(input *DescribeContinuousBac // If point in time recovery is enabled, PointInTimeRecoveryStatus will be set // to ENABLED. // -// Once continuous backups and point in time recovery are enabled, you can restore -// to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime. +// After continuous backups and point in time recovery are enabled, you can +// restore to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime. // // LatestRestorableDateTime is typically 5 minutes before the current time. // You can restore your table to any point in time during the last 35 days. @@ -1796,7 +1793,7 @@ func (c *DynamoDB) DescribeGlobalTableSettingsRequest(input *DescribeGlobalTable // DescribeGlobalTableSettings API operation for Amazon DynamoDB. // -// Describes region specific settings for a global table. +// Describes Region-specific settings for a global table. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1900,12 +1897,12 @@ func (c *DynamoDB) DescribeLimitsRequest(input *DescribeLimitsInput) (req *reque // DescribeLimits API operation for Amazon DynamoDB. // // Returns the current provisioned-capacity limits for your AWS account in a -// region, both for the region as a whole and for any one DynamoDB table that +// Region, both for the Region as a whole and for any one DynamoDB table that // you create there. // // When you establish an AWS account, the account has initial limits on the // maximum read capacity units and write capacity units that you can provision -// across all of your DynamoDB tables in a given region. Also, there are per-table +// across all of your DynamoDB tables in a given Region. Also, there are per-table // limits that apply when you create a table there. For more information, see // Limits (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) // page in the Amazon DynamoDB Developer Guide. @@ -1918,11 +1915,11 @@ func (c *DynamoDB) DescribeLimitsRequest(input *DescribeLimitsInput) (req *reque // // For example, you could use one of the AWS SDKs to do the following: // -// Call DescribeLimits for a particular region to obtain your current account +// Call DescribeLimits for a particular Region to obtain your current account // limits on provisioned capacity there. // // Create a variable to hold the aggregate read capacity units provisioned for -// all your tables in that region, and one to hold the aggregate write capacity +// all your tables in that Region, and one to hold the aggregate write capacity // units. Zero them both. // // Call ListTables to obtain a list of all your DynamoDB tables. @@ -1938,7 +1935,7 @@ func (c *DynamoDB) DescribeLimitsRequest(input *DescribeLimitsInput) (req *reque // these GSIs and add their provisioned capacity values to your variables // as well. // -// Report the account limits for that region returned by DescribeLimits, along +// Report the account limits for that Region returned by DescribeLimits, along // with the total current provisioned capacity levels you have calculated. // // This will let you see whether you are getting close to your account-level @@ -1948,8 +1945,8 @@ func (c *DynamoDB) DescribeLimitsRequest(input *DescribeLimitsInput) (req *reque // the sum of the provisioned capacity of the new table itself and all its global // secondary indexes. // -// For existing tables and their GSIs, DynamoDB will not let you increase provisioned -// capacity extremely rapidly, but the only upper limit that applies is that +// For existing tables and their GSIs, DynamoDB doesn't let you increase provisioned +// capacity extremely rapidly. But the only upper limit that applies is that // the aggregate provisioned capacity over all your tables and GSIs cannot exceed // either of the per-account limits. // @@ -2398,13 +2395,13 @@ func (c *DynamoDB) ListBackupsRequest(input *ListBackupsInput) (req *request.Req // // List backups associated with an AWS account. To list backups for a given // table, specify TableName. ListBackups returns a paginated list of results -// with at most 1MB worth of items in a page. You can also specify a limit for -// the maximum number of entries to be returned in a page. +// with at most 1 MB worth of items in a page. You can also specify a limit +// for the maximum number of entries to be returned in a page. // -// In the request, start time is inclusive but end time is exclusive. Note that -// these limits are for the time at which the original backup was requested. +// In the request, start time is inclusive, but end time is exclusive. Note +// that these limits are for the time at which the original backup was requested. // -// You can call ListBackups a maximum of 5 times per second. +// You can call ListBackups a maximum of five times per second. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2504,7 +2501,7 @@ func (c *DynamoDB) ListGlobalTablesRequest(input *ListGlobalTablesInput) (req *r // ListGlobalTables API operation for Amazon DynamoDB. // -// Lists all global tables that have a replica in the specified region. +// Lists all global tables that have a replica in the specified Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2901,10 +2898,10 @@ func (c *DynamoDB) PutItemRequest(input *PutItemInput) (req *request.Request, ou // // * PutItem in the AWS SDK for Ruby V2 (http://docs.aws.amazon.com/goto/SdkForRubyV2/dynamodb-2012-08-10/PutItem) // -// When you add an item, the primary key attribute(s) are the only required -// attributes. Attribute values cannot be null. String and Binary type attributes -// must have lengths greater than zero. Set type attributes cannot be empty. -// Requests with empty values will be rejected with a ValidationException exception. +// When you add an item, the primary key attributes are the only required attributes. +// Attribute values cannot be null. String and Binary type attributes must have +// lengths greater than zero. Set type attributes cannot be empty. Requests +// with empty values will be rejected with a ValidationException exception. // // To prevent a new item from replacing an existing item, use a conditional // expression that contains the attribute_not_exists function with the name @@ -3271,7 +3268,7 @@ func (c *DynamoDB) RestoreTableFromBackupRequest(input *RestoreTableFromBackupIn // // * IAM policies // -// * Cloudwatch metrics and alarms +// * Amazon CloudWatch metrics and alarms // // * Tags // @@ -3431,7 +3428,7 @@ func (c *DynamoDB) RestoreTableToPointInTimeRequest(input *RestoreTableToPointIn // // * IAM policies // -// * Cloudwatch metrics and alarms +// * Amazon CloudWatch metrics and alarms // // * Tags // @@ -3580,16 +3577,16 @@ func (c *DynamoDB) ScanRequest(input *ScanInput) (req *request.Request, output * // every item in a table or a secondary index. To have DynamoDB return fewer // items, you can provide a FilterExpression operation. // -// If the total number of scanned items exceeds the maximum data set size limit +// If the total number of scanned items exceeds the maximum dataset size limit // of 1 MB, the scan stops and results are returned to the user as a LastEvaluatedKey // value to continue the scan in a subsequent operation. The results also include // the number of items exceeding the limit. A scan can result in no table data // meeting the filter criteria. // -// A single Scan operation will read up to the maximum number of items set (if -// using the Limit parameter) or a maximum of 1 MB of data and then apply any -// filtering to the results using FilterExpression. If LastEvaluatedKey is present -// in the response, you will need to paginate the result set. For more information, +// A single Scan operation reads up to the maximum number of items set (if using +// the Limit parameter) or a maximum of 1 MB of data and then apply any filtering +// to the results using FilterExpression. If LastEvaluatedKey is present in +// the response, you need to paginate the result set. For more information, // see Paginating the Results (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Scan.html#Scan.Pagination) // in the Amazon DynamoDB Developer Guide. // @@ -3773,8 +3770,8 @@ func (c *DynamoDB) TagResourceRequest(input *TagResourceInput) (req *request.Req // // Associate a set of tags with an Amazon DynamoDB resource. You can then activate // these user-defined tags so that they appear on the Billing and Cost Management -// console for cost allocation tracking. You can call TagResource up to 5 times -// per second, per account. +// console for cost allocation tracking. You can call TagResource up to five +// times per second, per account. // // For an overview on tagging DynamoDB resources, see Tagging for DynamoDB (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html) // in the Amazon DynamoDB Developer Guide. @@ -3902,10 +3899,21 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // // TransactGetItems is a synchronous operation that atomically retrieves multiple // items from one or more tables (but not from indexes) in a single account -// and region. A TransactGetItems call can contain up to 10 TransactGetItem +// and Region. A TransactGetItems call can contain up to 25 TransactGetItem // objects, each of which contains a Get structure that specifies an item to -// retrieve from a table in the account and region. A call to TransactGetItems -// cannot retrieve items from tables in more than one AWS account or region. +// retrieve from a table in the account and Region. A call to TransactGetItems +// cannot retrieve items from tables in more than one AWS account or Region. +// The aggregate size of the items in the transaction cannot exceed 4 MB. +// +// All AWS Regions and AWS GovCloud (US) support up to 25 items per transaction +// with up to 4 MB of data, except the following AWS Regions: +// +// * China (Beijing) +// +// * China (Ningxia) +// +// The China (Beijing) and China (Ningxia) Regions support up to 10 items per +// transaction with up to 4 MB of data. // // DynamoDB rejects the entire TransactGetItems request if any of the following // is true: @@ -3918,6 +3926,8 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // // * There is a user error, such as an invalid data format. // +// * The aggregate size of the items in the transaction cannot exceed 4 MB. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3950,6 +3960,8 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // index (LSI) becomes too large, or a similar validation error occurs because // of changes made by the transaction. // +// * The aggregate size of the items in the transaction exceeds 4 MBs. +// // * There is a user error, such as an invalid data format. // // DynamoDB cancels a TransactGetItems request under the following circumstances: @@ -3964,6 +3976,8 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // * There is insufficient provisioned capacity for the transaction to be // completed. // +// * The aggregate size of the items in the transaction exceeds 4 MBs. +// // * There is a user error, such as an invalid data format. // // If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons @@ -4115,11 +4129,22 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // TransactWriteItems API operation for Amazon DynamoDB. // -// TransactWriteItems is a synchronous write operation that groups up to 10 +// TransactWriteItems is a synchronous write operation that groups up to 25 // action requests. These actions can target items in different tables, but -// not in different AWS accounts or regions, and no two actions can target the +// not in different AWS accounts or Regions, and no two actions can target the // same item. For example, you cannot both ConditionCheck and Update the same -// item. +// item. The aggregate size of the items in the transaction cannot exceed 4 +// MB. +// +// All AWS Regions and AWS GovCloud (US) support up to 25 items per transaction +// with up to 4 MB of data, except the following AWS Regions: +// +// * China (Beijing) +// +// * China (Ningxia) +// +// The China (Beijing) and China (Ningxia) Regions support up to 10 items per +// transaction with up to 4 MB of data. // // The actions are completed atomically so that either all of them succeed, // or all of them fail. They are defined by the following objects: @@ -4128,44 +4153,45 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // specifies the primary key of the item to be written, the name of the table // to write it in, an optional condition expression that must be satisfied // for the write to succeed, a list of the item's attributes, and a field -// indicating whether or not to retrieve the item's attributes if the condition +// indicating whether to retrieve the item's attributes if the condition // is not met. // // * Update — Initiates an UpdateItem operation to update an existing item. // This structure specifies the primary key of the item to be updated, the // name of the table where it resides, an optional condition expression that // must be satisfied for the update to succeed, an expression that defines -// one or more attributes to be updated, and a field indicating whether or -// not to retrieve the item's attributes if the condition is not met. +// one or more attributes to be updated, and a field indicating whether to +// retrieve the item's attributes if the condition is not met. // // * Delete — Initiates a DeleteItem operation to delete an existing item. // This structure specifies the primary key of the item to be deleted, the // name of the table where it resides, an optional condition expression that // must be satisfied for the deletion to succeed, and a field indicating -// whether or not to retrieve the item's attributes if the condition is not -// met. +// whether to retrieve the item's attributes if the condition is not met. // // * ConditionCheck — Applies a condition to an item that is not being // modified by the transaction. This structure specifies the primary key // of the item to be checked, the name of the table where it resides, a condition // expression that must be satisfied for the transaction to succeed, and -// a field indicating whether or not to retrieve the item's attributes if -// the condition is not met. +// a field indicating whether to retrieve the item's attributes if the condition +// is not met. // // DynamoDB rejects the entire TransactWriteItems request if any of the following // is true: // // * A condition in one of the condition expressions is not met. // -// * A conflicting operation is in the process of updating the same item. +// * An ongoing operation is in the process of updating the same item. // // * There is insufficient provisioned capacity for the transaction to be // completed. // -// * An item size becomes too large (bigger than 400 KB), a Local Secondary -// Index (LSI) becomes too large, or a similar validation error occurs because +// * An item size becomes too large (bigger than 400 KB), a local secondary +// index (LSI) becomes too large, or a similar validation error occurs because // of changes made by the transaction. // +// * The aggregate size of the items in the transaction exceeds 4 MB. +// // * There is a user error, such as an invalid data format. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4200,6 +4226,8 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // index (LSI) becomes too large, or a similar validation error occurs because // of changes made by the transaction. // +// * The aggregate size of the items in the transaction exceeds 4 MBs. +// // * There is a user error, such as an invalid data format. // // DynamoDB cancels a TransactGetItems request under the following circumstances: @@ -4214,6 +4242,8 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // * There is insufficient provisioned capacity for the transaction to be // completed. // +// * The aggregate size of the items in the transaction exceeds 4 MBs. +// // * There is a user error, such as an invalid data format. // // If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons @@ -4374,7 +4404,7 @@ func (c *DynamoDB) UntagResourceRequest(input *UntagResourceInput) (req *request // UntagResource API operation for Amazon DynamoDB. // // Removes the association of tags from an Amazon DynamoDB resource. You can -// call UntagResource up to 5 times per second, per account. +// call UntagResource up to five times per second, per account. // // For an overview on tagging DynamoDB resources, see Tagging for DynamoDB (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html) // in the Amazon DynamoDB Developer Guide. @@ -4510,7 +4540,7 @@ func (c *DynamoDB) UpdateContinuousBackupsRequest(input *UpdateContinuousBackups // to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime. // // LatestRestorableDateTime is typically 5 minutes before the current time. -// You can restore your table to any point in time during the last 35 days.. +// You can restore your table to any point in time during the last 35 days. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4619,9 +4649,9 @@ func (c *DynamoDB) UpdateGlobalTableRequest(input *UpdateGlobalTableInput) (req // // Adds or removes replicas in the specified global table. The global table // must already exist to be able to use this operation. Any replica to be added -// must be empty, must have the same name as the global table, must have the -// same key schema, and must have DynamoDB Streams enabled and must have same -// provisioned and maximum write capacity units. +// must be empty, have the same name as the global table, have the same key +// schema, have DynamoDB Streams enabled, and have the same provisioned and +// maximum write capacity units. // // Although you can use UpdateGlobalTable to add replicas and remove replicas // in a single request, for simplicity we recommend that you issue separate @@ -5018,11 +5048,11 @@ func (c *DynamoDB) UpdateTableRequest(input *UpdateTableInput) (req *request.Req // // * Modify the provisioned throughput settings of the table. // -// * Enable or disable Streams on the table. +// * Enable or disable DynamoDB Streams on the table. // // * Remove a global secondary index from the table. // -// * Create a new global secondary index on the table. Once the index begins +// * Create a new global secondary index on the table. After the index begins // backfilling, you can use UpdateTable to perform other operations. // // UpdateTable is an asynchronous operation; while it is executing, the table @@ -5151,9 +5181,9 @@ func (c *DynamoDB) UpdateTimeToLiveRequest(input *UpdateTimeToLiveInput) (req *r // UpdateTimeToLive API operation for Amazon DynamoDB. // -// The UpdateTimeToLive method will enable or disable TTL for the specified -// table. A successful UpdateTimeToLive call returns the current TimeToLiveSpecification; -// it may take up to one hour for the change to fully process. Any additional +// The UpdateTimeToLive method enables or disables Time to Live (TTL) for the +// specified table. A successful UpdateTimeToLive call returns the current TimeToLiveSpecification. +// It can take up to one hour for the change to fully process. Any additional // UpdateTimeToLive calls for the same table during this one hour duration result // in a ValidationException. // @@ -5163,7 +5193,7 @@ func (c *DynamoDB) UpdateTimeToLiveRequest(input *UpdateTimeToLiveInput) (req *r // deleted. // // The epoch time format is the number of seconds elapsed since 12:00:00 AM -// January 1st, 1970 UTC. +// January 1, 1970 UTC. // // DynamoDB deletes expired items on a best-effort basis to ensure availability // of throughput for other data operations. @@ -5173,8 +5203,8 @@ func (c *DynamoDB) UpdateTimeToLiveRequest(input *UpdateTimeToLiveInput) (req *r // to the nature of the workload. Items that have expired and not been deleted // will still show up in reads, queries, and scans. // -// As items are deleted, they are removed from any Local Secondary Index and -// Global Secondary Index immediately in the same eventually consistent way +// As items are deleted, they are removed from any local secondary index and +// global secondary index immediately in the same eventually consistent way // as a standard delete operation. // // For more information, see Time To Live (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html) @@ -6213,7 +6243,7 @@ type BatchGetItemInput struct { // You could then use this substitution in an expression, as in this example: // #P = :val Tokens that begin with the : character are expression attribute // values, which are placeholders for the actual value at runtime. For more - // information on expression attribute names, see Accessing Item Attributes + // information about expression attribute names, see Accessing Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. // @@ -6227,8 +6257,8 @@ type BatchGetItemInput struct { // to retrieve from the table. These attributes can include scalars, sets, // or elements of a JSON document. The attributes in the expression must // be separated by commas. If no attribute names are specified, then all - // attributes will be returned. If any of the requested attributes are not - // found, they will not appear in the result. For more information, see Accessing + // attributes are returned. If any of the requested attributes are not found, + // they do not appear in the result. For more information, see Accessing // Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. // @@ -6394,10 +6424,10 @@ type BatchWriteItemInput struct { // and their values. Each entry in this map consists of an attribute name // and an attribute value. Attribute values must not be null; string and // binary type attributes must have lengths greater than zero; and set type - // attributes must not be empty. Requests that contain empty values will - // be rejected with a ValidationException exception. If you specify any attributes - // that are part of an index key, then the data types for those attributes - // must match those of the schema in the table's attribute definition. + // attributes must not be empty. Requests that contain empty values are rejected + // with a ValidationException exception. If you specify any attributes that + // are part of an index key, then the data types for those attributes must + // match those of the schema in the table's attribute definition. // // RequestItems is a required field RequestItems map[string][]*WriteRequest `min:"1" type:"map" required:"true"` @@ -7284,7 +7314,7 @@ type CreateGlobalTableInput struct { // GlobalTableName is a required field GlobalTableName *string `min:"3" type:"string" required:"true"` - // The regions where the global table needs to be created. + // The Regions where the global table needs to be created. // // ReplicationGroup is a required field ReplicationGroup []*Replica `type:"list" required:"true"` @@ -7426,7 +7456,7 @@ type CreateTableInput struct { // specification is composed of: ProjectionType - One of the following: KEYS_ONLY // - Only the index and primary keys are projected into the index. INCLUDE // - Only the specified table attributes are projected into the index. The - // list of projected attributes are in NonKeyAttributes. ALL - All of the + // list of projected attributes is in NonKeyAttributes. ALL - All of the // table attributes are projected into the index. NonKeyAttributes - A list // of one or more non-key attribute names that are projected into the secondary // index. The total count of attributes provided in NonKeyAttributes, summed @@ -7451,7 +7481,7 @@ type CreateTableInput struct { // key RANGE - sort key // // The partition key of an item is also known as its hash attribute. The term - // "hash attribute" derives from DynamoDB' usage of an internal hash function + // "hash attribute" derives from the DynamoDB usage of an internal hash function // to evenly distribute data items across partitions, based on their partition // key values. // @@ -7466,7 +7496,7 @@ type CreateTableInput struct { // exactly two elements, in this order: The first element must have a KeyType // of HASH, and the second element must have a KeyType of RANGE. // - // For more information, see Specifying the Primary Key (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#WorkingWithTables.primary.key) + // For more information, see Working with Tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#WorkingWithTables.primary.key) // in the Amazon DynamoDB Developer Guide. // // KeySchema is a required field @@ -7491,7 +7521,7 @@ type CreateTableInput struct { // specification is composed of: ProjectionType - One of the following: KEYS_ONLY // - Only the index and primary keys are projected into the index. INCLUDE // - Only the specified table attributes are projected into the index. The - // list of projected attributes are in NonKeyAttributes. ALL - All of the + // list of projected attributes is in NonKeyAttributes. ALL - All of the // table attributes are projected into the index. NonKeyAttributes - A list // of one or more non-key attribute names that are projected into the secondary // index. The total count of attributes provided in NonKeyAttributes, summed @@ -7516,8 +7546,8 @@ type CreateTableInput struct { // The settings for DynamoDB Streams on the table. These settings consist of: // - // * StreamEnabled - Indicates whether Streams is to be enabled (true) or - // disabled (false). + // * StreamEnabled - Indicates whether DynamoDB Streams is to be enabled + // (true) or disabled (false). // // * StreamViewType - When an item in the table is modified, StreamViewType // determines what information is written to the table's stream. Valid values @@ -7930,7 +7960,7 @@ type DeleteItemInput struct { // // * Logical operators: AND | OR | NOT // - // For more information on condition expressions, see Specifying Conditions + // For more information about condition expressions, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ConditionExpression *string `type:"string"` @@ -7977,7 +8007,7 @@ type DeleteItemInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -7999,7 +8029,7 @@ type DeleteItemInput struct { // // ProductStatus IN (:avail, :back, :disc) // - // For more information on expression attribute values, see Specifying Conditions + // For more information on expression attribute values, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` @@ -8156,7 +8186,7 @@ type DeleteItemOutput struct { // includes the total provisioned throughput consumed, along with statistics // for the table and any indexes involved in the operation. ConsumedCapacity // is only returned if the ReturnConsumedCapacity parameter was specified. For - // more information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // more information, see Provisioned Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -8345,7 +8375,7 @@ func (s *DeleteTableOutput) SetTableDescription(v *TableDescription) *DeleteTabl type DescribeBackupInput struct { _ struct{} `type:"structure"` - // The ARN associated with the backup. + // The Amazon Resource Name (ARN) associated with the backup. // // BackupArn is a required field BackupArn *string `min:"37" type:"string" required:"true"` @@ -8622,7 +8652,7 @@ type DescribeGlobalTableSettingsOutput struct { // The name of the global table. GlobalTableName *string `min:"3" type:"string"` - // The region specific settings for the global table. + // The Region-specific settings for the global table. ReplicaSettings []*ReplicaSettingsDescription `type:"list"` } @@ -8668,20 +8698,20 @@ type DescribeLimitsOutput struct { _ struct{} `type:"structure"` // The maximum total read capacity units that your account allows you to provision - // across all of your tables in this region. + // across all of your tables in this Region. AccountMaxReadCapacityUnits *int64 `min:"1" type:"long"` // The maximum total write capacity units that your account allows you to provision - // across all of your tables in this region. + // across all of your tables in this Region. AccountMaxWriteCapacityUnits *int64 `min:"1" type:"long"` // The maximum read capacity units that your account allows you to provision - // for a new table that you are creating in this region, including the read + // for a new table that you are creating in this Region, including the read // capacity units provisioned for its global secondary indexes (GSIs). TableMaxReadCapacityUnits *int64 `min:"1" type:"long"` // The maximum write capacity units that your account allows you to provision - // for a new table that you are creating in this region, including the write + // for a new table that you are creating in this Region, including the write // capacity units provisioned for its global secondary indexes (GSIs). TableMaxWriteCapacityUnits *int64 `min:"1" type:"long"` } @@ -9234,7 +9264,7 @@ type GetItemInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -9254,11 +9284,11 @@ type GetItemInput struct { // These attributes can include scalars, sets, or elements of a JSON document. // The attributes in the expression must be separated by commas. // - // If no attribute names are specified, then all attributes will be returned. - // If any of the requested attributes are not found, they will not appear in - // the result. + // If no attribute names are specified, then all attributes are returned. If + // any of the requested attributes are not found, they do not appear in the + // result. // - // For more information, see Accessing Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) + // For more information, see Specifying Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ProjectionExpression *string `type:"string"` @@ -9365,7 +9395,7 @@ type GetItemOutput struct { // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only // returned if the ReturnConsumedCapacity parameter was specified. For more - // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // information, see Read/Write Capacity Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -10279,10 +10309,10 @@ type ListBackupsInput struct { // * ALL - All types of on-demand backups (USER and SYSTEM). BackupType *string `type:"string" enum:"BackupTypeFilter"` - // LastEvaluatedBackupArn is the ARN of the backup last evaluated when the current - // page of results was returned, inclusive of the current page of results. This - // value may be specified as the ExclusiveStartBackupArn of a new ListBackups - // operation in order to fetch the next page of results. + // LastEvaluatedBackupArn is the Amazon Resource Name (ARN) of the backup last + // evaluated when the current page of results was returned, inclusive of the + // current page of results. This value may be specified as the ExclusiveStartBackupArn + // of a new ListBackups operation in order to fetch the next page of results. ExclusiveStartBackupArn *string `min:"37" type:"string"` // Maximum number of backups to return at once. @@ -10378,9 +10408,9 @@ type ListBackupsOutput struct { // If LastEvaluatedBackupArn is empty, then the last page of results has been // processed and there are no more results to be retrieved. // - // If LastEvaluatedBackupArn is not empty, this may or may not indicate there - // is more data to be returned. All results are guaranteed to have been returned - // if and only if no value for LastEvaluatedBackupArn is returned. + // If LastEvaluatedBackupArn is not empty, this may or may not indicate that + // there is more data to be returned. All results are guaranteed to have been + // returned if and only if no value for LastEvaluatedBackupArn is returned. LastEvaluatedBackupArn *string `min:"37" type:"string"` } @@ -10415,7 +10445,7 @@ type ListGlobalTablesInput struct { // The maximum number of table names to return. Limit *int64 `min:"1" type:"integer"` - // Lists the global tables in a specific region. + // Lists the global tables in a specific Region. RegionName *string `type:"string"` } @@ -11334,7 +11364,7 @@ type PutItemInput struct { // // * Logical operators: AND | OR | NOT // - // For more information on condition expressions, see Specifying Conditions + // For more information on condition expressions, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ConditionExpression *string `type:"string"` @@ -11381,7 +11411,7 @@ type PutItemInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -11403,7 +11433,7 @@ type PutItemInput struct { // // ProductStatus IN (:avail, :back, :disc) // - // For more information on expression attribute values, see Specifying Conditions + // For more information on expression attribute values, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` @@ -11421,7 +11451,7 @@ type PutItemInput struct { // types for those attributes must match those of the schema in the table's // attribute definition. // - // For more information about primary keys, see Primary Key (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html#DataModelPrimaryKey) + // For more information about primary keys, see Primary Key (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.PrimaryKey) // in the Amazon DynamoDB Developer Guide. // // Each element in the Item map is an AttributeValue object. @@ -11572,7 +11602,7 @@ type PutItemOutput struct { // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only // returned if the ReturnConsumedCapacity parameter was specified. For more - // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // information, see Read/Write Capacity Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -11681,7 +11711,7 @@ type QueryInput struct { // The primary key of the first item that this operation will evaluate. Use // the value that was returned for LastEvaluatedKey in the previous operation. // - // The data type for ExclusiveStartKey must be String, Number or Binary. No + // The data type for ExclusiveStartKey must be String, Number, or Binary. No // set data types are allowed. ExclusiveStartKey map[string]*AttributeValue `type:"map"` @@ -11717,7 +11747,7 @@ type QueryInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -11763,7 +11793,7 @@ type QueryInput struct { // parameter, you must also provide TableName. IndexName *string `min:"3" type:"string"` - // The condition that specifies the key value(s) for items to be retrieved by + // The condition that specifies the key values for items to be retrieved by // the Query action. // // The condition must perform an equality test on a single partition key value. @@ -11842,7 +11872,7 @@ type QueryInput struct { // items). If DynamoDB processes the number of items up to the limit while processing // the results, it stops the operation and returns the matching values up to // that point, and a key in LastEvaluatedKey to apply in a subsequent operation, - // so that you can pick up where you left off. Also, if the processed data set + // so that you can pick up where you left off. Also, if the processed dataset // size exceeds 1 MB before DynamoDB reaches this limit, it stops the operation // and returns the matching values up to the limit, and a key in LastEvaluatedKey // to apply in a subsequent operation to continue the operation. For more information, @@ -11903,10 +11933,10 @@ type QueryInput struct { // // * ALL_ATTRIBUTES - Returns all of the item attributes from the specified // table or index. If you query a local secondary index, then for each matching - // item in the index DynamoDB will fetch the entire item from the parent - // table. If the index is configured to project all item attributes, then - // all of the data can be obtained from the local secondary index, and no - // fetching is required. + // item in the index, DynamoDB fetches the entire item from the parent table. + // If the index is configured to project all item attributes, then all of + // the data can be obtained from the local secondary index, and no fetching + // is required. // // * ALL_PROJECTED_ATTRIBUTES - Allowed only when querying an index. Retrieves // all attributes that have been projected into the index. If the index is @@ -11922,7 +11952,7 @@ type QueryInput struct { // index and request only attributes that are projected into that index, // the operation will read only the index and not the table. If any of the // requested attributes are not projected into the local secondary index, - // DynamoDB will fetch each of these attributes from the parent table. This + // DynamoDB fetches each of these attributes from the parent table. This // extra fetching incurs additional throughput cost and latency. If you query // or scan a global secondary index, you can only request attributes that // are projected into the index. Global secondary index queries cannot fetch @@ -12110,8 +12140,8 @@ type QueryOutput struct { // The capacity units consumed by the Query operation. The data returned includes // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only - // returned if the ReturnConsumedCapacity parameter was specified For more information, - // see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // returned if the ReturnConsumedCapacity parameter was specified. For more + // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -12707,7 +12737,7 @@ func (s *RestoreSummary) SetSourceTableArn(v string) *RestoreSummary { type RestoreTableFromBackupInput struct { _ struct{} `type:"structure"` - // The ARN associated with the backup. + // The Amazon Resource Name (ARN) associated with the backup. // // BackupArn is a required field BackupArn *string `min:"37" type:"string" required:"true"` @@ -13004,7 +13034,7 @@ type ScanInput struct { // // * If ConsistentRead is false, then the data returned from Scan might not // contain the results from other recently completed write operations (PutItem, - // UpdateItem or DeleteItem). + // UpdateItem, or DeleteItem). // // * If ConsistentRead is true, then all of the write operations that completed // before the Scan began are guaranteed to be contained in the Scan response. @@ -13059,7 +13089,7 @@ type ScanInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -13081,7 +13111,7 @@ type ScanInput struct { // // ProductStatus IN (:avail, :back, :disc) // - // For more information on expression attribute values, see Specifying Conditions + // For more information on expression attribute values, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` @@ -13106,11 +13136,11 @@ type ScanInput struct { // items). If DynamoDB processes the number of items up to the limit while processing // the results, it stops the operation and returns the matching values up to // that point, and a key in LastEvaluatedKey to apply in a subsequent operation, - // so that you can pick up where you left off. Also, if the processed data set + // so that you can pick up where you left off. Also, if the processed dataset // size exceeds 1 MB before DynamoDB reaches this limit, it stops the operation // and returns the matching values up to the limit, and a key in LastEvaluatedKey // to apply in a subsequent operation to continue the operation. For more information, - // see Query and Scan (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/QueryAndScan.html) + // see Working with Queries (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/QueryAndScan.html) // in the Amazon DynamoDB Developer Guide. Limit *int64 `min:"1" type:"integer"` @@ -13122,7 +13152,7 @@ type ScanInput struct { // If any of the requested attributes are not found, they will not appear in // the result. // - // For more information, see Accessing Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) + // For more information, see Specifying Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ProjectionExpression *string `type:"string"` @@ -13170,10 +13200,10 @@ type ScanInput struct { // // * ALL_ATTRIBUTES - Returns all of the item attributes from the specified // table or index. If you query a local secondary index, then for each matching - // item in the index DynamoDB will fetch the entire item from the parent - // table. If the index is configured to project all item attributes, then - // all of the data can be obtained from the local secondary index, and no - // fetching is required. + // item in the index, DynamoDB fetches the entire item from the parent table. + // If the index is configured to project all item attributes, then all of + // the data can be obtained from the local secondary index, and no fetching + // is required. // // * ALL_PROJECTED_ATTRIBUTES - Allowed only when querying an index. Retrieves // all attributes that have been projected into the index. If the index is @@ -13187,13 +13217,13 @@ type ScanInput struct { // This return value is equivalent to specifying AttributesToGet without // specifying any value for Select. If you query or scan a local secondary // index and request only attributes that are projected into that index, - // the operation will read only the index and not the table. If any of the - // requested attributes are not projected into the local secondary index, - // DynamoDB will fetch each of these attributes from the parent table. This - // extra fetching incurs additional throughput cost and latency. If you query - // or scan a global secondary index, you can only request attributes that - // are projected into the index. Global secondary index queries cannot fetch - // attributes from the parent table. + // the operation reads only the index and not the table. If any of the requested + // attributes are not projected into the local secondary index, DynamoDB + // fetches each of these attributes from the parent table. This extra fetching + // incurs additional throughput cost and latency. If you query or scan a + // global secondary index, you can only request attributes that are projected + // into the index. Global secondary index queries cannot fetch attributes + // from the parent table. // // If neither Select nor AttributesToGet are specified, DynamoDB defaults to // ALL_ATTRIBUTES when accessing a table, and ALL_PROJECTED_ATTRIBUTES when @@ -13765,7 +13795,7 @@ type TableDescription struct { // // * KeyType - The role of the attribute: HASH - partition key RANGE - sort // key The partition key of an item is also known as its hash attribute. - // The term "hash attribute" derives from DynamoDB' usage of an internal + // The term "hash attribute" derives from DynamoDB's usage of an internal // hash function to evenly distribute data items across partitions, based // on their partition key values. The sort key of an item is also known as // its range attribute. The term "range attribute" derives from the way DynamoDB @@ -14002,9 +14032,9 @@ func (s *TableDescription) SetTableStatus(v string) *TableDescription { type Tag struct { _ struct{} `type:"structure"` - // The key of the tag.Tag keys are case sensitive. Each DynamoDB table can only - // have up to one tag with the same key. If you try to add an existing tag (same - // key), the existing tag value will be updated to the new value. + // The key of the tag. Tag keys are case sensitive. Each DynamoDB table can + // only have up to one tag with the same key. If you try to add an existing + // tag (same key), the existing tag value will be updated to the new value. // // Key is a required field Key *string `min:"1" type:"string" required:"true"` @@ -14140,10 +14170,10 @@ func (s TagResourceOutput) GoString() string { type TimeToLiveDescription struct { _ struct{} `type:"structure"` - // The name of the Time to Live attribute for items in the table. + // The name of the TTL attribute for items in the table. AttributeName *string `min:"1" type:"string"` - // The Time to Live status for the table. + // The TTL status for the table. TimeToLiveStatus *string `type:"string" enum:"TimeToLiveStatus"` } @@ -14169,19 +14199,19 @@ func (s *TimeToLiveDescription) SetTimeToLiveStatus(v string) *TimeToLiveDescrip return s } -// Represents the settings used to enable or disable Time to Live for the specified -// table. +// Represents the settings used to enable or disable Time to Live (TTL) for +// the specified table. type TimeToLiveSpecification struct { _ struct{} `type:"structure"` - // The name of the Time to Live attribute used to store the expiration time - // for items in the table. + // The name of the TTL attribute used to store the expiration time for items + // in the table. // // AttributeName is a required field AttributeName *string `min:"1" type:"string" required:"true"` - // Indicates whether Time To Live is to be enabled (true) or disabled (false) - // on the table. + // Indicates whether TTL is to be enabled (true) or disabled (false) on the + // table. // // Enabled is a required field Enabled *bool `type:"boolean" required:"true"` @@ -14282,7 +14312,7 @@ type TransactGetItemsInput struct { // is valid. ReturnConsumedCapacity *string `type:"string" enum:"ReturnConsumedCapacity"` - // An ordered array of up to 10 TransactGetItem objects, each of which contains + // An ordered array of up to 25 TransactGetItem objects, each of which contains // a Get structure. // // TransactItems is a required field @@ -14346,7 +14376,7 @@ type TransactGetItemsOutput struct { // consumed by the TransactGetItems call in that table. ConsumedCapacity []*ConsumedCapacity `type:"list"` - // An ordered array of up to 10 ItemResponse objects, each of which corresponds + // An ordered array of up to 25 ItemResponse objects, each of which corresponds // to the TransactGetItem object in the same position in the TransactItems array. // Each ItemResponse object contains a Map of the name-value pairs that are // the projected attributes of the requested item. @@ -14470,19 +14500,20 @@ type TransactWriteItemsInput struct { // // Although multiple identical calls using the same client request token produce // the same result on the server (no side effects), the responses to the calls - // may not be the same. If the ReturnConsumedCapacity> parameter is set, then + // might not be the same. If the ReturnConsumedCapacity> parameter is set, then // the initial TransactWriteItems call returns the amount of write capacity - // units consumed in making the changes, and subsequent TransactWriteItems calls - // with the same client token return the amount of read capacity units consumed + // units consumed in making the changes. Subsequent TransactWriteItems calls + // with the same client token return the number of read capacity units consumed // in reading the item. // // A client request token is valid for 10 minutes after the first request that - // uses it completes. After 10 minutes, any request with the same client token - // is treated as a new request. Do not resubmit the same request with the same - // client token for more than 10 minutes or the result may not be idempotent. + // uses it is completed. After 10 minutes, any request with the same client + // token is treated as a new request. Do not resubmit the same request with + // the same client token for more than 10 minutes, or the result might not be + // idempotent. // // If you submit a request with the same client token but a change in other - // parameters within the 10 minute idempotency window, DynamoDB returns an IdempotentParameterMismatch + // parameters within the 10-minute idempotency window, DynamoDB returns an IdempotentParameterMismatch // exception. ClientRequestToken *string `min:"1" type:"string" idempotencyToken:"true"` @@ -14507,10 +14538,10 @@ type TransactWriteItemsInput struct { // NONE (the default), no statistics are returned. ReturnItemCollectionMetrics *string `type:"string" enum:"ReturnItemCollectionMetrics"` - // An ordered array of up to 10 TransactWriteItem objects, each of which contains + // An ordered array of up to 25 TransactWriteItem objects, each of which contains // a ConditionCheck, Put, Update, or Delete object. These can operate on items // in different tables, but the tables must reside in the same AWS account and - // region, and no two of them can operate on the same item. + // Region, and no two of them can operate on the same item. // // TransactItems is a required field TransactItems []*TransactWriteItem `min:"1" type:"list" required:"true"` @@ -14589,7 +14620,7 @@ type TransactWriteItemsOutput struct { // A list of tables that were processed by TransactWriteItems and, for each // table, information about any item collections that were affected by individual - // UpdateItem, PutItem or DeleteItem operations. + // UpdateItem, PutItem, or DeleteItem operations. ItemCollectionMetrics map[string][]*ItemCollectionMetrics `type:"map"` } @@ -14618,14 +14649,14 @@ func (s *TransactWriteItemsOutput) SetItemCollectionMetrics(v map[string][]*Item type UntagResourceInput struct { _ struct{} `type:"structure"` - // The Amazon DyanamoDB resource the tags will be removed from. This value is - // an Amazon Resource Name (ARN). + // The DynamoDB resource that the tags will be removed from. This value is an + // Amazon Resource Name (ARN). // // ResourceArn is a required field ResourceArn *string `min:"1" type:"string" required:"true"` // A list of tag keys. Existing tags of the resource whose keys are members - // of this list will be removed from the Amazon DynamoDB resource. + // of this list will be removed from the DynamoDB resource. // // TagKeys is a required field TagKeys []*string `type:"list" required:"true"` @@ -14955,7 +14986,7 @@ type UpdateGlobalTableInput struct { // GlobalTableName is a required field GlobalTableName *string `min:"3" type:"string" required:"true"` - // A list of regions that should be added or removed from the global table. + // A list of Regions that should be added or removed from the global table. // // ReplicaUpdates is a required field ReplicaUpdates []*ReplicaUpdate `type:"list" required:"true"` @@ -15051,7 +15082,7 @@ type UpdateGlobalTableSettingsInput struct { // GlobalTableName is a required field GlobalTableName *string `min:"3" type:"string" required:"true"` - // AutoScaling settings for managing provisioned write capacity for the global + // Auto scaling settings for managing provisioned write capacity for the global // table. GlobalTableProvisionedWriteCapacityAutoScalingSettingsUpdate *AutoScalingSettingsUpdate `type:"structure"` @@ -15059,7 +15090,7 @@ type UpdateGlobalTableSettingsInput struct { // a ThrottlingException. GlobalTableProvisionedWriteCapacityUnits *int64 `min:"1" type:"long"` - // Represents the settings for a global table in a region that will be modified. + // Represents the settings for a global table in a Region that will be modified. ReplicaSettingsUpdate []*ReplicaSettingsUpdate `min:"1" type:"list"` } @@ -15165,7 +15196,7 @@ type UpdateGlobalTableSettingsOutput struct { // The name of the global table. GlobalTableName *string `min:"3" type:"string"` - // The region specific settings for the global table. + // The Region-specific settings for the global table. ReplicaSettings []*ReplicaSettingsDescription `type:"list"` } @@ -15211,7 +15242,7 @@ type UpdateItemInput struct { // // * Logical operators: AND | OR | NOT // - // For more information on condition expressions, see Specifying Conditions + // For more information about condition expressions, see Specifying Conditions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ConditionExpression *string `type:"string"` @@ -15246,7 +15277,7 @@ type UpdateItemInput struct { // The name of this attribute conflicts with a reserved word, so it cannot be // used directly in an expression. (For the complete list of reserved words, // see Reserved Words (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ReservedWords.html) - // in the Amazon DynamoDB Developer Guide). To work around this, you could specify + // in the Amazon DynamoDB Developer Guide.) To work around this, you could specify // the following for ExpressionAttributeNames: // // * {"#P":"Percentile"} @@ -15258,8 +15289,8 @@ type UpdateItemInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes - // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) + // For more information about expression attribute names, see Specifying Item + // Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -15280,7 +15311,7 @@ type UpdateItemInput struct { // // ProductStatus IN (:avail, :back, :disc) // - // For more information on expression attribute values, see Specifying Conditions + // For more information on expression attribute values, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` @@ -15348,12 +15379,12 @@ type UpdateItemInput struct { TableName *string `min:"3" type:"string" required:"true"` // An expression that defines one or more attributes to be updated, the action - // to be performed on them, and new value(s) for them. + // to be performed on them, and new values for them. // // The following action values are available for UpdateExpression. // // * SET - Adds one or more attributes and values to an item. If any of these - // attribute already exist, they are replaced by the new values. You can + // attributes already exist, they are replaced by the new values. You can // also use SET to add or subtract from an attribute that is of type Number. // For example: SET myNum = myNum + :val SET supports the following functions: // if_not_exists (path, operand) - if the item does not contain an attribute @@ -15620,9 +15651,9 @@ type UpdateTableInput struct { // Represents the DynamoDB Streams configuration for the table. // - // You will receive a ResourceInUseException if you attempt to enable a stream - // on a table that already has a stream, or if you attempt to disable a stream - // on a table which does not have a stream. + // You receive a ResourceInUseException if you try to enable a stream on a table + // that already has a stream, or if you try to disable a stream on a table that + // doesn't have a stream. StreamSpecification *StreamSpecification `type:"structure"` // The name of the table to be updated. diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go index 5ebc58072846..013e9b1d2a3f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go @@ -3,7 +3,7 @@ AttributeValue Marshaling and Unmarshaling Helpers Utility helpers to marshal and unmarshal AttributeValue to and from Go types can be found in the dynamodbattribute sub package. This package -provides has specialized functions for the common ways of working with +provides specialized functions for the common ways of working with AttributeValues. Such as map[string]*AttributeValue, []*AttributeValue, and directly with *AttributeValue. This is helpful for marshaling Go types for API operations such as PutItem, and unmarshaling Query and Scan APIs' responses. diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go index e1b7931960d7..71f3e7d3d532 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go @@ -184,6 +184,8 @@ const ( // index (LSI) becomes too large, or a similar validation error occurs because // of changes made by the transaction. // + // * The aggregate size of the items in the transaction exceeds 4 MBs. + // // * There is a user error, such as an invalid data format. // // DynamoDB cancels a TransactGetItems request under the following circumstances: @@ -198,6 +200,8 @@ const ( // * There is insufficient provisioned capacity for the transaction to be // completed. // + // * The aggregate size of the items in the transaction exceeds 4 MBs. + // // * There is a user error, such as an invalid data format. // // If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go index 1a7f9466e4fe..ddefa47bfe69 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go @@ -5040,6 +5040,199 @@ func (c *IAM) GenerateCredentialReportWithContext(ctx aws.Context, input *Genera return out, req.Send() } +const opGenerateOrganizationsAccessReport = "GenerateOrganizationsAccessReport" + +// GenerateOrganizationsAccessReportRequest generates a "aws/request.Request" representing the +// client's request for the GenerateOrganizationsAccessReport operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GenerateOrganizationsAccessReport for more information on using the GenerateOrganizationsAccessReport +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GenerateOrganizationsAccessReportRequest method. +// req, resp := client.GenerateOrganizationsAccessReportRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport +func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizationsAccessReportInput) (req *request.Request, output *GenerateOrganizationsAccessReportOutput) { + op := &request.Operation{ + Name: opGenerateOrganizationsAccessReport, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateOrganizationsAccessReportInput{} + } + + output = &GenerateOrganizationsAccessReportOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateOrganizationsAccessReport API operation for AWS Identity and Access Management. +// +// Generates a report for service last accessed data for AWS Organizations. +// You can generate a report for any entities (organization root, organizational +// unit, or account) or policies in your organization. +// +// To call this operation, you must be signed in using your AWS Organizations +// master account credentials. You can use your long-term IAM user or root user +// credentials, or temporary credentials from assuming an IAM role. SCPs must +// be enabled for your organization root. You must have the required IAM and +// AWS Organizations permissions. For more information, see Refining Permissions +// Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// in the IAM User Guide. +// +// You can generate a service last accessed data report for entities by specifying +// only the entity's path. This data includes a list of services that are allowed +// by any service control policies (SCPs) that apply to the entity. +// +// You can generate a service last accessed data report for a policy by specifying +// an entity's path and an optional AWS Organizations policy ID. This data includes +// a list of services that are allowed by the specified SCP. +// +// For each service in both report types, the data includes the most recent +// account activity that the policy allows to account principals in the entity +// or the entity's children. For important information about the data, reporting +// period, permissions required, troubleshooting, and supported Regions see +// Reducing Permissions Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// in the IAM User Guide. +// +// The data includes all attempts to access AWS, not just the successful ones. +// This includes all attempts that were made using the AWS Management Console, +// the AWS API through any of the SDKs, or any of the command line tools. An +// unexpected entry in the service last accessed data does not mean that an +// account has been compromised, because the request might have been denied. +// Refer to your CloudTrail logs as the authoritative source for information +// about all API calls and whether they were successful or denied access. For +// more information, see Logging IAM Events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) +// in the IAM User Guide. +// +// This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport +// operation to check the status of the report generation. To check the status +// of this request, use the JobId parameter in the GetOrganizationsAccessReport +// operation and test the JobStatus response parameter. When the job is complete, +// you can retrieve the report. +// +// To generate a service last accessed data report for entities, specify an +// entity path without specifying the optional AWS Organizations policy ID. +// The type of entity that you specify determines the data returned in the report. +// +// * Root – When you specify the organizations root as the entity, the +// resulting report lists all of the services allowed by SCPs that are attached +// to your root. For each service, the report includes data for all accounts +// in your organization except the master account, because the master account +// is not limited by SCPs. +// +// * OU – When you specify an organizational unit (OU) as the entity, the +// resulting report lists all of the services allowed by SCPs that are attached +// to the OU and its parents. For each service, the report includes data +// for all accounts in the OU or its children. This data excludes the master +// account, because the master account is not limited by SCPs. +// +// * Master account – When you specify the master account, the resulting +// report lists all AWS services, because the master account is not limited +// by SCPs. For each service, the report includes data for only the master +// account. +// +// * Account – When you specify another account as the entity, the resulting +// report lists all of the services allowed by SCPs that are attached to +// the account and its parents. For each service, the report includes data +// for only the specified account. +// +// To generate a service last accessed data report for policies, specify an +// entity path and the optional AWS Organizations policy ID. The type of entity +// that you specify determines the data returned for each service. +// +// * Root – When you specify the root entity and a policy ID, the resulting +// report lists all of the services that are allowed by the specified SCP. +// For each service, the report includes data for all accounts in your organization +// to which the SCP applies. This data excludes the master account, because +// the master account is not limited by SCPs. If the SCP is not attached +// to any entities in the organization, then the report will return a list +// of services with no data. +// +// * OU – When you specify an OU entity and a policy ID, the resulting +// report lists all of the services that are allowed by the specified SCP. +// For each service, the report includes data for all accounts in the OU +// or its children to which the SCP applies. This means that other accounts +// outside the OU that are affected by the SCP might not be included in the +// data. This data excludes the master account, because the master account +// is not limited by SCPs. If the SCP is not attached to the OU or one of +// its children, the report will return a list of services with no data. +// +// * Master account – When you specify the master account, the resulting +// report lists all AWS services, because the master account is not limited +// by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. +// For each service, the report includes data for only the master account. +// +// * Account – When you specify another account entity and a policy ID, +// the resulting report lists all of the services that are allowed by the +// specified SCP. For each service, the report includes data for only the +// specified account. This means that other accounts in the organization +// that are affected by the SCP might not be included in the data. If the +// SCP is not attached to the account, the report will return a list of services +// with no data. +// +// Service last accessed data does not use other policy types when determining +// whether a principal could access a service. These other policy types include +// identity-based policies, resource-based policies, access control lists, IAM +// permissions boundaries, and STS assume role policies. It only applies SCP +// logic. For more about the evaluation of policy types, see Evaluating Policies +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) +// in the IAM User Guide. +// +// For more information about service last accessed data, see Reducing Policy +// Scope by Viewing User Activity (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// in the IAM User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Identity and Access Management's +// API operation GenerateOrganizationsAccessReport for usage and error information. +// +// Returned Error Codes: +// * ErrCodeReportGenerationLimitExceededException "ReportGenerationLimitExceeded" +// The request failed because the maximum number of concurrent requests for +// this account are already running. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport +func (c *IAM) GenerateOrganizationsAccessReport(input *GenerateOrganizationsAccessReportInput) (*GenerateOrganizationsAccessReportOutput, error) { + req, out := c.GenerateOrganizationsAccessReportRequest(input) + return out, req.Send() +} + +// GenerateOrganizationsAccessReportWithContext is the same as GenerateOrganizationsAccessReport with the addition of +// the ability to pass a context and additional request options. +// +// See GenerateOrganizationsAccessReport for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) GenerateOrganizationsAccessReportWithContext(ctx aws.Context, input *GenerateOrganizationsAccessReportInput, opts ...request.Option) (*GenerateOrganizationsAccessReportOutput, error) { + req, out := c.GenerateOrganizationsAccessReportRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGenerateServiceLastAccessedDetails = "GenerateServiceLastAccessedDetails" // GenerateServiceLastAccessedDetailsRequest generates a "aws/request.Request" representing the @@ -5084,12 +5277,11 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // GenerateServiceLastAccessedDetails API operation for AWS Identity and Access Management. // -// Generates a request for a report that includes details about when an IAM -// resource (user, group, role, or policy) was last used in an attempt to access -// AWS services. Recent activity usually appears within four hours. IAM reports -// activity for the last 365 days, or less if your Region began supporting this -// feature within the last year. For more information, see Regions Where Data -// Is Tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). +// Generates a report that includes details about when an IAM resource (user, +// group, role, or policy) was last used in an attempt to access AWS services. +// Recent activity usually appears within four hours. IAM reports activity for +// the last 365 days, or less if your Region began supporting this feature within +// the last year. For more information, see Regions Where Data Is Tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). // // The service last accessed data includes all attempts to access an AWS API, // not just the successful ones. This includes all attempts that were made using @@ -6361,6 +6553,105 @@ func (c *IAM) GetOpenIDConnectProviderWithContext(ctx aws.Context, input *GetOpe return out, req.Send() } +const opGetOrganizationsAccessReport = "GetOrganizationsAccessReport" + +// GetOrganizationsAccessReportRequest generates a "aws/request.Request" representing the +// client's request for the GetOrganizationsAccessReport operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetOrganizationsAccessReport for more information on using the GetOrganizationsAccessReport +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetOrganizationsAccessReportRequest method. +// req, resp := client.GetOrganizationsAccessReportRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport +func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessReportInput) (req *request.Request, output *GetOrganizationsAccessReportOutput) { + op := &request.Operation{ + Name: opGetOrganizationsAccessReport, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetOrganizationsAccessReportInput{} + } + + output = &GetOrganizationsAccessReportOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetOrganizationsAccessReport API operation for AWS Identity and Access Management. +// +// Retrieves the service last accessed data report for AWS Organizations that +// was previously generated using the GenerateOrganizationsAccessReport operation. +// This operation retrieves the status of your report job and the report contents. +// +// Depending on the parameters that you passed when you generated the report, +// the data returned could include different information. For details, see GenerateOrganizationsAccessReport. +// +// To call this operation, you must be signed in to the master account in your +// organization. SCPs must be enabled for your organization root. You must have +// permissions to perform this operation. For more information, see Refining +// Permissions Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// in the IAM User Guide. +// +// For each service that principals in an account (root users, IAM users, or +// IAM roles) could access using SCPs, the operation returns details about the +// most recent access attempt. If there was no attempt, the service is listed +// without details about the most recent attempt to access the service. If the +// operation fails, it returns the reason that it failed. +// +// By default, the list is sorted by service namespace. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Identity and Access Management's +// API operation GetOrganizationsAccessReport for usage and error information. +// +// Returned Error Codes: +// * ErrCodeNoSuchEntityException "NoSuchEntity" +// The request was rejected because it referenced a resource entity that does +// not exist. The error message describes the resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport +func (c *IAM) GetOrganizationsAccessReport(input *GetOrganizationsAccessReportInput) (*GetOrganizationsAccessReportOutput, error) { + req, out := c.GetOrganizationsAccessReportRequest(input) + return out, req.Send() +} + +// GetOrganizationsAccessReportWithContext is the same as GetOrganizationsAccessReport with the addition of +// the ability to pass a context and additional request options. +// +// See GetOrganizationsAccessReport for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) GetOrganizationsAccessReportWithContext(ctx aws.Context, input *GetOrganizationsAccessReportInput, opts ...request.Option) (*GetOrganizationsAccessReportOutput, error) { + req, out := c.GetOrganizationsAccessReportRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetPolicy = "GetPolicy" // GetPolicyRequest generates a "aws/request.Request" representing the @@ -7080,10 +7371,11 @@ func (c *IAM) GetServiceLastAccessedDetailsRequest(input *GetServiceLastAccessed // GetServiceLastAccessedDetails API operation for AWS Identity and Access Management. // -// After you generate a user, group, role, or policy report using the GenerateServiceLastAccessedDetails -// operation, you can use the JobId parameter in GetServiceLastAccessedDetails. -// This operation retrieves the status of your report job and a list of AWS -// services that the resource (user, group, role, or managed policy) can access. +// Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails +// operation. You can use the JobId parameter in GetServiceLastAccessedDetails +// to retrieve the status of your report job. When the report is complete, you +// can retrieve the generated report. The report includes a list of AWS services +// that the resource (user, group, role, or managed policy) can access. // // Service last accessed data does not use other policy types when determining // whether a resource could access a service. These other policy types include @@ -15036,6 +15328,108 @@ func (c *IAM) UploadSigningCertificateWithContext(ctx aws.Context, input *Upload return out, req.Send() } +// An object that contains details about when a principal in the reported AWS +// Organizations entity last attempted to access an AWS service. A principal +// can be an IAM user, an IAM role, or the AWS account root user within the +// reported Organizations entity. +// +// This data type is a response element in the GetOrganizationsAccessReport +// operation. +type AccessDetail struct { + _ struct{} `type:"structure"` + + // The path of the Organizations entity (root, organizational unit, or account) + // from which an authenticated principal last attempted to access the service. + // AWS does not report unauthenticated requests. + // + // This field is null if no principals (IAM users, IAM roles, or root users) + // in the reported Organizations entity attempted to access the service within + // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). + EntityPath *string `min:"19" type:"string"` + + // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + // when an authenticated principal most recently attempted to access the service. + // AWS does not report unauthenticated requests. + // + // This field is null if no principals in the reported Organizations entity + // attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). + LastAuthenticatedTime *time.Time `type:"timestamp"` + + // The Region where the last service access attempt occurred. + // + // This field is null if no principals in the reported Organizations entity + // attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). + Region *string `type:"string"` + + // The name of the service in which access was attempted. + // + // ServiceName is a required field + ServiceName *string `type:"string" required:"true"` + + // The namespace of the service in which access was attempted. + // + // To learn the service namespace of a service, go to Actions, Resources, and + // Condition Keys for AWS Services (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html) + // in the IAM User Guide. Choose the name of the service to view details for + // that service. In the first paragraph, find the service prefix. For example, + // (service prefix: a4b). For more information about service namespaces, see + // AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the AWS General Reference. + // + // ServiceNamespace is a required field + ServiceNamespace *string `min:"1" type:"string" required:"true"` + + // The number of accounts with authenticated principals (root users, IAM users, + // and IAM roles) that attempted to access the service in the reporting period. + TotalAuthenticatedEntities *int64 `type:"integer"` +} + +// String returns the string representation +func (s AccessDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AccessDetail) GoString() string { + return s.String() +} + +// SetEntityPath sets the EntityPath field's value. +func (s *AccessDetail) SetEntityPath(v string) *AccessDetail { + s.EntityPath = &v + return s +} + +// SetLastAuthenticatedTime sets the LastAuthenticatedTime field's value. +func (s *AccessDetail) SetLastAuthenticatedTime(v time.Time) *AccessDetail { + s.LastAuthenticatedTime = &v + return s +} + +// SetRegion sets the Region field's value. +func (s *AccessDetail) SetRegion(v string) *AccessDetail { + s.Region = &v + return s +} + +// SetServiceName sets the ServiceName field's value. +func (s *AccessDetail) SetServiceName(v string) *AccessDetail { + s.ServiceName = &v + return s +} + +// SetServiceNamespace sets the ServiceNamespace field's value. +func (s *AccessDetail) SetServiceNamespace(v string) *AccessDetail { + s.ServiceNamespace = &v + return s +} + +// SetTotalAuthenticatedEntities sets the TotalAuthenticatedEntities field's value. +func (s *AccessDetail) SetTotalAuthenticatedEntities(v int64) *AccessDetail { + s.TotalAuthenticatedEntities = &v + return s +} + // Contains information about an AWS access key. // // This data type is used as a response element in the CreateAccessKey and ListAccessKeys @@ -15130,12 +15524,12 @@ type AccessKeyLastUsed struct { // * An access key exists but has not been used since IAM began tracking // this information. // - // * There is no sign-in data associated with the user + // * There is no sign-in data associated with the user. // // LastUsedDate is a required field LastUsedDate *time.Time `type:"timestamp" required:"true"` - // The AWS region where this access key was most recently used. The value for + // The AWS Region where this access key was most recently used. The value for // this field is "N/A" in the following situations: // // * The user does not have an access key. @@ -15143,9 +15537,9 @@ type AccessKeyLastUsed struct { // * An access key exists but has not been used since IAM began tracking // this information. // - // * There is no sign-in data associated with the user + // * There is no sign-in data associated with the user. // - // For more information about AWS regions, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) + // For more information about AWS Regions, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) // in the Amazon Web Services General Reference. // // Region is a required field @@ -15159,7 +15553,7 @@ type AccessKeyLastUsed struct { // * An access key exists but has not been used since IAM started tracking // this information. // - // * There is no sign-in data associated with the user + // * There is no sign-in data associated with the user. // // ServiceName is a required field ServiceName *string `type:"string" required:"true"` @@ -16778,7 +17172,7 @@ type CreateRoleInput struct { // The trust relationship policy document that grants an entity permission to // assume the role. // - // in IAM, you must provide a JSON policy that has been converted to a string. + // In IAM, you must provide a JSON policy that has been converted to a string. // However, for AWS CloudFormation templates formatted in YAML, you can provide // the policy in JSON or YAML format. AWS CloudFormation always converts a YAML // policy to JSON format before submitting it to IAM. @@ -19072,7 +19466,7 @@ type DeletionTaskFailureReasonType struct { // role has active sessions or if any resources that were used by the role have // not been deleted from the linked service, the role can't be deleted. This // parameter includes a list of the resources that are associated with the role - // and the region in which the resources are being used. + // and the Region in which the resources are being used. RoleUsageList []*RoleUsageType `type:"list"` } @@ -19593,8 +19987,9 @@ func (s *EntityInfo) SetType(v string) *EntityInfo { // Contains information about the reason that the operation failed. // -// This data type is used as a response element in the GetServiceLastAccessedDetails -// operation and the GetServiceLastAccessedDetailsWithEntities operation. +// This data type is used as a response element in the GetOrganizationsAccessReport, +// GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities +// operations. type ErrorDetails struct { _ struct{} `type:"structure"` @@ -19662,7 +20057,7 @@ type EvaluationResult struct { // A list of the statements in the input policies that determine the result // for this scenario. Remember that even if multiple statements allow the operation // on the resource, if only one statement denies that operation, then the explicit - // deny overrides any allow. Inaddition, the deny statement is the only entry + // deny overrides any allow. In addition, the deny statement is the only entry // included in the result. MatchedStatements []*Statement `type:"list"` @@ -19675,7 +20070,7 @@ type EvaluationResult struct { // call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy. MissingContextValues []*string `type:"list"` - // A structure that details how AWS Organizations and its service control policies + // A structure that details how Organizations and its service control policies // affect the results of the simulation. Only applies if the simulated user's // account is part of an organization. OrganizationsDecisionDetail *OrganizationsDecisionDetail `type:"structure"` @@ -19790,6 +20185,87 @@ func (s *GenerateCredentialReportOutput) SetState(v string) *GenerateCredentialR return s } +type GenerateOrganizationsAccessReportInput struct { + _ struct{} `type:"structure"` + + // The path of the AWS Organizations entity (root, OU, or account). You can + // build an entity path using the known structure of your organization. For + // example, assume that your account ID is 123456789012 and its parent OU ID + // is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and + // your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. + // + // EntityPath is a required field + EntityPath *string `min:"19" type:"string" required:"true"` + + // The identifier of the AWS Organizations service control policy (SCP). This + // parameter is optional. + // + // This ID is used to generate information about when an account principal that + // is limited by the SCP attempted to access an AWS service. + OrganizationsPolicyId *string `type:"string"` +} + +// String returns the string representation +func (s GenerateOrganizationsAccessReportInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateOrganizationsAccessReportInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateOrganizationsAccessReportInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateOrganizationsAccessReportInput"} + if s.EntityPath == nil { + invalidParams.Add(request.NewErrParamRequired("EntityPath")) + } + if s.EntityPath != nil && len(*s.EntityPath) < 19 { + invalidParams.Add(request.NewErrParamMinLen("EntityPath", 19)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEntityPath sets the EntityPath field's value. +func (s *GenerateOrganizationsAccessReportInput) SetEntityPath(v string) *GenerateOrganizationsAccessReportInput { + s.EntityPath = &v + return s +} + +// SetOrganizationsPolicyId sets the OrganizationsPolicyId field's value. +func (s *GenerateOrganizationsAccessReportInput) SetOrganizationsPolicyId(v string) *GenerateOrganizationsAccessReportInput { + s.OrganizationsPolicyId = &v + return s +} + +type GenerateOrganizationsAccessReportOutput struct { + _ struct{} `type:"structure"` + + // The job identifier that you can use in the GetOrganizationsAccessReport operation. + JobId *string `min:"36" type:"string"` +} + +// String returns the string representation +func (s GenerateOrganizationsAccessReportOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateOrganizationsAccessReportOutput) GoString() string { + return s.String() +} + +// SetJobId sets the JobId field's value. +func (s *GenerateOrganizationsAccessReportOutput) SetJobId(v string) *GenerateOrganizationsAccessReportOutput { + s.JobId = &v + return s +} + type GenerateServiceLastAccessedDetailsInput struct { _ struct{} `type:"structure"` @@ -20878,6 +21354,211 @@ func (s *GetOpenIDConnectProviderOutput) SetUrl(v string) *GetOpenIDConnectProvi return s } +type GetOrganizationsAccessReportInput struct { + _ struct{} `type:"structure"` + + // The identifier of the request generated by the GenerateOrganizationsAccessReport + // operation. + // + // JobId is a required field + JobId *string `min:"36" type:"string" required:"true"` + + // Use this parameter only when paginating results and only after you receive + // a response indicating that the results are truncated. Set it to the value + // of the Marker element in the response that you received to indicate where + // the next call should start. + Marker *string `min:"1" type:"string"` + + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. + // + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. + MaxItems *int64 `min:"1" type:"integer"` + + // The key that is used to sort the results. If you choose the namespace key, + // the results are returned in alphabetical order. If you choose the time key, + // the results are sorted numerically by the date and time. + SortKey *string `type:"string" enum:"sortKeyType"` +} + +// String returns the string representation +func (s GetOrganizationsAccessReportInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetOrganizationsAccessReportInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetOrganizationsAccessReportInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetOrganizationsAccessReportInput"} + if s.JobId == nil { + invalidParams.Add(request.NewErrParamRequired("JobId")) + } + if s.JobId != nil && len(*s.JobId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("JobId", 36)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + if s.MaxItems != nil && *s.MaxItems < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetJobId sets the JobId field's value. +func (s *GetOrganizationsAccessReportInput) SetJobId(v string) *GetOrganizationsAccessReportInput { + s.JobId = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *GetOrganizationsAccessReportInput) SetMarker(v string) *GetOrganizationsAccessReportInput { + s.Marker = &v + return s +} + +// SetMaxItems sets the MaxItems field's value. +func (s *GetOrganizationsAccessReportInput) SetMaxItems(v int64) *GetOrganizationsAccessReportInput { + s.MaxItems = &v + return s +} + +// SetSortKey sets the SortKey field's value. +func (s *GetOrganizationsAccessReportInput) SetSortKey(v string) *GetOrganizationsAccessReportInput { + s.SortKey = &v + return s +} + +type GetOrganizationsAccessReportOutput struct { + _ struct{} `type:"structure"` + + // An object that contains details about the most recent attempt to access the + // service. + AccessDetails []*AccessDetail `type:"list"` + + // Contains information about the reason that the operation failed. + // + // This data type is used as a response element in the GetOrganizationsAccessReport, + // GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities + // operations. + ErrorDetails *ErrorDetails `type:"structure"` + + // A flag that indicates whether there are more items to return. If your results + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. + IsTruncated *bool `type:"boolean"` + + // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + // when the generated report job was completed or failed. + // + // This field is null if the job is still in progress, as indicated by a job + // status value of IN_PROGRESS. + JobCompletionDate *time.Time `type:"timestamp"` + + // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + // when the report job was created. + // + // JobCreationDate is a required field + JobCreationDate *time.Time `type:"timestamp" required:"true"` + + // The status of the job. + // + // JobStatus is a required field + JobStatus *string `type:"string" required:"true" enum:"jobStatusType"` + + // When IsTruncated is true, this element is present and contains the value + // to use for the Marker parameter in a subsequent pagination request. + Marker *string `min:"1" type:"string"` + + // The number of services that the applicable SCPs allow account principals + // to access. + NumberOfServicesAccessible *int64 `type:"integer"` + + // The number of services that account principals are allowed but did not attempt + // to access. + NumberOfServicesNotAccessed *int64 `type:"integer"` +} + +// String returns the string representation +func (s GetOrganizationsAccessReportOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetOrganizationsAccessReportOutput) GoString() string { + return s.String() +} + +// SetAccessDetails sets the AccessDetails field's value. +func (s *GetOrganizationsAccessReportOutput) SetAccessDetails(v []*AccessDetail) *GetOrganizationsAccessReportOutput { + s.AccessDetails = v + return s +} + +// SetErrorDetails sets the ErrorDetails field's value. +func (s *GetOrganizationsAccessReportOutput) SetErrorDetails(v *ErrorDetails) *GetOrganizationsAccessReportOutput { + s.ErrorDetails = v + return s +} + +// SetIsTruncated sets the IsTruncated field's value. +func (s *GetOrganizationsAccessReportOutput) SetIsTruncated(v bool) *GetOrganizationsAccessReportOutput { + s.IsTruncated = &v + return s +} + +// SetJobCompletionDate sets the JobCompletionDate field's value. +func (s *GetOrganizationsAccessReportOutput) SetJobCompletionDate(v time.Time) *GetOrganizationsAccessReportOutput { + s.JobCompletionDate = &v + return s +} + +// SetJobCreationDate sets the JobCreationDate field's value. +func (s *GetOrganizationsAccessReportOutput) SetJobCreationDate(v time.Time) *GetOrganizationsAccessReportOutput { + s.JobCreationDate = &v + return s +} + +// SetJobStatus sets the JobStatus field's value. +func (s *GetOrganizationsAccessReportOutput) SetJobStatus(v string) *GetOrganizationsAccessReportOutput { + s.JobStatus = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *GetOrganizationsAccessReportOutput) SetMarker(v string) *GetOrganizationsAccessReportOutput { + s.Marker = &v + return s +} + +// SetNumberOfServicesAccessible sets the NumberOfServicesAccessible field's value. +func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesAccessible(v int64) *GetOrganizationsAccessReportOutput { + s.NumberOfServicesAccessible = &v + return s +} + +// SetNumberOfServicesNotAccessed sets the NumberOfServicesNotAccessed field's value. +func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesNotAccessed(v int64) *GetOrganizationsAccessReportOutput { + s.NumberOfServicesNotAccessed = &v + return s +} + type GetPolicyInput struct { _ struct{} `type:"structure"` @@ -21585,8 +22266,8 @@ type GetServiceLastAccessedDetailsOutput struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when the generated report job was completed or failed. // - // This field is null if the job is still in progress, as indicated by a JobStatus - // value of IN_PROGRESS. + // This field is null if the job is still in progress, as indicated by a job + // status value of IN_PROGRESS. // // JobCompletionDate is a required field JobCompletionDate *time.Time `type:"timestamp" required:"true"` @@ -21792,6 +22473,9 @@ type GetServiceLastAccessedDetailsWithEntitiesOutput struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when the generated report job was completed or failed. // + // This field is null if the job is still in progress, as indicated by a job + // status value of IN_PROGRESS. + // // JobCompletionDate is a required field JobCompletionDate *time.Time `type:"timestamp" required:"true"` @@ -26271,11 +26955,12 @@ func (s *OpenIDConnectProviderListEntry) SetArn(v string) *OpenIDConnectProvider return s } -// Contains information about AWS Organizations's effect on a policy simulation. +// Contains information about the effect that Organizations has on a policy +// simulation. type OrganizationsDecisionDetail struct { _ struct{} `type:"structure"` - // Specifies whether the simulated operation is allowed by the AWS Organizations + // Specifies whether the simulated operation is allowed by the Organizations // service control policies that impact the simulated user's account. AllowedByOrganizations *bool `type:"boolean"` } @@ -26914,7 +27599,9 @@ type PutGroupPolicyInput struct { // The name of the group to associate the policy with. // - // ®ex-name;. + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@-. // // GroupName is a required field GroupName *string `min:"1" type:"string" required:"true"` @@ -28201,7 +28888,7 @@ func (s *RoleDetail) SetTags(v []*Tag) *RoleDetail { type RoleUsageType struct { _ struct{} `type:"structure"` - // The name of the region where the service-linked role is being used. + // The name of the Region where the service-linked role is being used. Region *string `min:"1" type:"string"` // The name of the resource that is using the service-linked role. @@ -28599,10 +29286,10 @@ type ServiceLastAccessed struct { // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` - // The total number of authenticated entities that have attempted to access - // the service. + // The total number of authenticated principals (root user, IAM users, or IAM + // roles) that have attempted to access the service. // - // This field is null if no IAM entities attempted to access the service within + // This field is null if no principals attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). TotalAuthenticatedEntities *int64 `type:"integer"` } @@ -29379,7 +30066,7 @@ type SimulatePrincipalPolicyInput struct { CallerArn *string `min:"1" type:"string"` // A list of context keys and corresponding values for the simulation to use. - // Whenever a context key is evaluated in one of the simulated IAM permission + // Whenever a context key is evaluated in one of the simulated IAM permissions // policies, the corresponding value is supplied. ContextEntries []*ContextEntry `type:"list"` @@ -31837,7 +32524,7 @@ type User struct { // * A password exists but has not been used since IAM started tracking this // information on October 20, 2014. // - // A null valuedoes not mean that the user never had a password. Also, if the + // A null value does not mean that the user never had a password. Also, if the // user does not currently have a password, but had one in the past, then this // field contains the date and time the most recent password was used. // @@ -32334,6 +33021,20 @@ const ( PolicyTypeManaged = "MANAGED" ) +const ( + // SortKeyTypeServiceNamespaceAscending is a sortKeyType enum value + SortKeyTypeServiceNamespaceAscending = "SERVICE_NAMESPACE_ASCENDING" + + // SortKeyTypeServiceNamespaceDescending is a sortKeyType enum value + SortKeyTypeServiceNamespaceDescending = "SERVICE_NAMESPACE_DESCENDING" + + // SortKeyTypeLastAuthenticatedTimeAscending is a sortKeyType enum value + SortKeyTypeLastAuthenticatedTimeAscending = "LAST_AUTHENTICATED_TIME_ASCENDING" + + // SortKeyTypeLastAuthenticatedTimeDescending is a sortKeyType enum value + SortKeyTypeLastAuthenticatedTimeDescending = "LAST_AUTHENTICATED_TIME_DESCENDING" +) + const ( // StatusTypeActive is a statusType enum value StatusTypeActive = "Active" diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go index 403317b87f44..30a85b3b44de 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go @@ -162,6 +162,13 @@ const ( // to the service-linked role for that service. ErrCodePolicyNotAttachableException = "PolicyNotAttachable" + // ErrCodeReportGenerationLimitExceededException for service response error code + // "ReportGenerationLimitExceeded". + // + // The request failed because the maximum number of concurrent requests for + // this account are already running. + ErrCodeReportGenerationLimitExceededException = "ReportGenerationLimitExceeded" + // ErrCodeServiceFailureException for service response error code // "ServiceFailure". // diff --git a/vendor/modules.txt b/vendor/modules.txt index 05d12d278db0..a1c73b0e3f16 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -79,7 +79,7 @@ github.com/apparentlymart/go-textseg/textseg github.com/armon/circbuf # github.com/armon/go-radix v1.0.0 github.com/armon/go-radix -# github.com/aws/aws-sdk-go v1.20.4 +# github.com/aws/aws-sdk-go v1.20.10 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/service/dynamodb From fd8aca539e492351d99a0f06404e91c0c2a87ad0 Mon Sep 17 00:00:00 2001 From: ajayk Date: Thu, 11 Jul 2019 17:52:31 -0700 Subject: [PATCH 2/2] update to aws-sdk-go-v1.20.19 --- go.mod | 2 +- go.sum | 4 +- .../github.com/aws/aws-sdk-go/aws/csm/doc.go | 65 ++++++++++----- .../aws/aws-sdk-go/aws/csm/enable.go | 34 ++++++-- .../aws/aws-sdk-go/aws/csm/reporter.go | 25 +++--- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 81 ++++++++++++++++++- .../aws/aws-sdk-go/aws/request/request.go | 12 ++- .../aws/aws-sdk-go/aws/session/credentials.go | 14 ++-- .../aws/aws-sdk-go/aws/session/env_config.go | 5 ++ .../aws/aws-sdk-go/aws/session/session.go | 33 ++++++-- .../aws-sdk-go/aws/session/shared_config.go | 8 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/s3/api.go | 66 +++++++++++++++ vendor/modules.txt | 2 +- 14 files changed, 289 insertions(+), 64 deletions(-) diff --git a/go.mod b/go.mod index 6be3f6ff8781..7c9ae021dce6 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect github.com/armon/go-radix v1.0.0 // indirect - github.com/aws/aws-sdk-go v1.20.10 + github.com/aws/aws-sdk-go v1.20.19 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect github.com/blang/semver v3.5.1+incompatible github.com/boltdb/bolt v1.3.1 // indirect diff --git a/go.sum b/go.sum index c516b3f15bf3..e92051ea3d83 100644 --- a/go.sum +++ b/go.sum @@ -57,8 +57,8 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.16.36 h1:POeH34ZME++pr7GBGh+ZO6Y5kOwSMQpqp5BGUgooJ6k= github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.20.10 h1:wrwdNYb9Xe1ahNEEXl0M/O/g/dmonWag1TFAKVNQulM= -github.com/aws/aws-sdk-go v1.20.10/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.20.19 h1:RQDLGGlcffQzAceEXGdMu+uGGPGhNu+vNG3BrUZAMPI= +github.com/aws/aws-sdk-go v1.20.19/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go index 152d785b362b..25a66d1dda22 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go @@ -1,30 +1,61 @@ -// Package csm provides Client Side Monitoring (CSM) which enables sending metrics -// via UDP connection. Using the Start function will enable the reporting of -// metrics on a given port. If Start is called, with different parameters, again, -// a panic will occur. +// Package csm provides the Client Side Monitoring (CSM) client which enables +// sending metrics via UDP connection to the CSM agent. This package provides +// control options, and configuration for the CSM client. The client can be +// controlled manually, or automatically via the SDK's Session configuration. // -// Pause can be called to pause any metrics publishing on a given port. Sessions -// that have had their handlers modified via InjectHandlers may still be used. -// However, the handlers will act as a no-op meaning no metrics will be published. +// Enabling CSM client via SDK's Session configuration +// +// The CSM client can be enabled automatically via SDK's Session configuration. +// The SDK's session configuration enables the CSM client if the AWS_CSM_PORT +// environment variable is set to a non-empty value. +// +// The configuration options for the CSM client via the SDK's session +// configuration are: +// +// * AWS_CSM_PORT= +// The port number the CSM agent will receive metrics on. +// +// * AWS_CSM_HOST= +// The hostname, or IP address the CSM agent will receive metrics on. +// Without port number. +// +// Manually enabling the CSM client +// +// The CSM client can be started, paused, and resumed manually. The Start +// function will enable the CSM client to publish metrics to the CSM agent. It +// is safe to call Start concurrently, but if Start is called additional times +// with different ClientID or address it will panic. // -// Example: // r, err := csm.Start("clientID", ":31000") // if err != nil { // panic(fmt.Errorf("failed starting CSM: %v", err)) // } // +// When controlling the CSM client manually, you must also inject its request +// handlers into the SDK's Session configuration for the SDK's API clients to +// publish metrics. +// // sess, err := session.NewSession(&aws.Config{}) // if err != nil { // panic(fmt.Errorf("failed loading session: %v", err)) // } // +// // Add CSM client's metric publishing request handlers to the SDK's +// // Session Configuration. // r.InjectHandlers(&sess.Handlers) // -// client := s3.New(sess) -// resp, err := client.GetObject(&s3.GetObjectInput{ -// Bucket: aws.String("bucket"), -// Key: aws.String("key"), -// }) +// Controlling CSM client +// +// Once the CSM client has been enabled the Get function will return a Reporter +// value that you can use to pause and resume the metrics published to the CSM +// agent. If Get function is called before the reporter is enabled with the +// Start function or via SDK's Session configuration nil will be returned. +// +// The Pause method can be called to stop the CSM client publishing metrics to +// the CSM agent. The Continue method will resume metric publishing. +// +// // Get the CSM client Reporter. +// r := csm.Get() // // // Will pause monitoring // r.Pause() @@ -35,12 +66,4 @@ // // // Resume monitoring // r.Continue() -// -// Start returns a Reporter that is used to enable or disable monitoring. If -// access to the Reporter is required later, calling Get will return the Reporter -// singleton. -// -// Example: -// r := csm.Get() -// r.Continue() package csm diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go index 2f0c6eac9a80..4b19e2800e3c 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go @@ -2,6 +2,7 @@ package csm import ( "fmt" + "strings" "sync" ) @@ -9,19 +10,40 @@ var ( lock sync.Mutex ) -// Client side metric handler names const ( - APICallMetricHandlerName = "awscsm.SendAPICallMetric" - APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric" + // DefaultPort is used when no port is specified. + DefaultPort = "31000" + + // DefaultHost is the host that will be used when none is specified. + DefaultHost = "127.0.0.1" ) -// Start will start the a long running go routine to capture +// AddressWithDefaults returns a CSM address built from the host and port +// values. If the host or port is not set, default values will be used +// instead. If host is "localhost" it will be replaced with "127.0.0.1". +func AddressWithDefaults(host, port string) string { + if len(host) == 0 || strings.EqualFold(host, "localhost") { + host = DefaultHost + } + + if len(port) == 0 { + port = DefaultPort + } + + // Only IP6 host can contain a colon + if strings.Contains(host, ":") { + return "[" + host + "]:" + port + } + + return host + ":" + port +} + +// Start will start a long running go routine to capture // client side metrics. Calling start multiple time will only // start the metric listener once and will panic if a different // client ID or port is passed in. // -// Example: -// r, err := csm.Start("clientID", "127.0.0.1:8094") +// r, err := csm.Start("clientID", "127.0.0.1:31000") // if err != nil { // panic(fmt.Errorf("expected no error, but received %v", err)) // } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go index d9aa5b062a40..0d3684914d60 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go @@ -10,11 +10,6 @@ import ( "github.com/aws/aws-sdk-go/aws/request" ) -const ( - // DefaultPort is used when no port is specified - DefaultPort = "31000" -) - // Reporter will gather metrics of API requests made and // send those metrics to the CSM endpoint. type Reporter struct { @@ -190,8 +185,9 @@ func (rep *Reporter) start() { } } -// Pause will pause the metric channel preventing any new metrics from -// being added. +// Pause will pause the metric channel preventing any new metrics from being +// added. It is safe to call concurrently with other calls to Pause, but if +// called concurently with Continue can lead to unexpected state. func (rep *Reporter) Pause() { lock.Lock() defer lock.Unlock() @@ -203,8 +199,9 @@ func (rep *Reporter) Pause() { rep.close() } -// Continue will reopen the metric channel and allow for monitoring -// to be resumed. +// Continue will reopen the metric channel and allow for monitoring to be +// resumed. It is safe to call concurrently with other calls to Continue, but +// if called concurently with Pause can lead to unexpected state. func (rep *Reporter) Continue() { lock.Lock() defer lock.Unlock() @@ -219,10 +216,18 @@ func (rep *Reporter) Continue() { rep.metricsCh.Continue() } +// Client side metric handler names +const ( + APICallMetricHandlerName = "awscsm.SendAPICallMetric" + APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric" +) + // InjectHandlers will will enable client side metrics and inject the proper // handlers to handle how metrics are sent. // -// Example: +// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers +// multiple times may lead to unexpected behavior, (e.g. duplicate metrics). +// // // Start must be called in order to inject the correct handlers // r, err := csm.Start("clientID", "127.0.0.1:8094") // if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 6a988a4aada4..371dfa6ff6e5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -478,6 +478,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "us-east-1": endpoint{}, @@ -536,17 +537,24 @@ var awsPartition = partition{ "backup": service{ Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, "batch": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1556,6 +1564,7 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, @@ -1618,9 +1627,11 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -1634,10 +1645,15 @@ var awsPartition = partition{ }, Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, + "us-east-2": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -1714,6 +1730,7 @@ var awsPartition = partition{ "ap-south-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "us-east-1": endpoint{}, @@ -1734,11 +1751,16 @@ var awsPartition = partition{ "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -1877,6 +1899,7 @@ var awsPartition = partition{ "license-manager": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2175,6 +2198,12 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + "eu-north-1": endpoint{ + Hostname: "rds.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, "eu-west-1": endpoint{ Hostname: "rds.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ @@ -2312,6 +2341,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -2938,6 +2968,7 @@ var awsPartition = partition{ "sms": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -3242,9 +3273,15 @@ var awsPartition = partition{ }, }, "support": service{ + PartitionEndpoint: "aws-global", Endpoints: endpoints{ - "aws-global": endpoint{}, + "aws-global": endpoint{ + Hostname: "support.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, }, }, "swf": service{ @@ -3692,6 +3729,15 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "greengrass": service{ + IsRegionalized: boxedTrue, + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + }, + }, "iam": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -3736,6 +3782,13 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "license-manager": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "logs": service{ Endpoints: endpoints{ @@ -3887,9 +3940,15 @@ var awscnPartition = partition{ }, }, "support": service{ + PartitionEndpoint: "aws-cn-global", Endpoints: endpoints{ - "aws-cn-global": endpoint{}, + "aws-cn-global": endpoint{ + Hostname: "support.cn-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, }, }, "swf": service{ @@ -4052,6 +4111,7 @@ var awsusgovPartition = partition{ "codebuild": service{ Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -4234,6 +4294,7 @@ var awsusgovPartition = partition{ "firehose": service{ Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -4248,6 +4309,16 @@ var awsusgovPartition = partition{ }, "glue": service{ + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, + "greengrass": service{ + IsRegionalized: boxedTrue, + Defaults: endpoint{ + Protocols: []string{"https"}, + }, Endpoints: endpoints{ "us-gov-west-1": endpoint{}, }, @@ -4374,6 +4445,12 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "ram": service{ + + Endpoints: endpoints{ + "us-gov-west-1": endpoint{}, + }, + }, "rds": service{ Endpoints: endpoints{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go index 0c46b7d2c31f..2f0c4a90efd5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go @@ -4,6 +4,7 @@ import ( "bytes" "fmt" "io" + "net" "net/http" "net/url" "reflect" @@ -484,7 +485,7 @@ func (r *Request) Send() error { if err := r.sendRequest(); err == nil { return nil - } else if !shouldRetryCancel(r.Error) { + } else if !shouldRetryError(r.Error) { return err } else { r.Handlers.Retry.Run(r) @@ -576,13 +577,13 @@ type temporary interface { Temporary() bool } -func shouldRetryCancel(origErr error) bool { +func shouldRetryError(origErr error) bool { switch err := origErr.(type) { case awserr.Error: if err.Code() == CanceledErrorCode { return false } - return shouldRetryCancel(err.OrigErr()) + return shouldRetryError(err.OrigErr()) case *url.Error: if strings.Contains(err.Error(), "connection refused") { // Refused connections should be retried as the service may not yet @@ -592,8 +593,11 @@ func shouldRetryCancel(origErr error) bool { } // *url.Error only implements Temporary after golang 1.6 but since // url.Error only wraps the error: - return shouldRetryCancel(err.Err) + return shouldRetryError(err.Err) case temporary: + if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" { + return true + } // If the error is temporary, we want to allow continuation of the // retry process return err.Temporary() || isErrConnectionReset(origErr) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go index 0c9dcf7c890c..9fd663681735 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go @@ -64,11 +64,15 @@ func resolveCredsFromProfile(cfg *aws.Config, ), nil } else if len(sharedCfg.CredentialProcess) > 0 { - // Credential Process credentials from Shared Config/Credentials file. - return processcreds.NewCredentials( - sharedCfg.CredentialProcess, - ), nil - + // Get credentials from CredentialProcess + cred := processcreds.NewCredentials(sharedCfg.CredentialProcess) + // if RoleARN is provided, so the obtained cred from the Credential Process to assume the role using RoleARN + if len(sharedCfg.AssumeRole.RoleARN) > 0 { + cfgCp := *cfg + cfgCp.Credentials = cred + return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts) + } + return cred, nil } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 { // Assume IAM Role with specific credential source. return resolveCredsFromSource(cfg, envCfg, sharedCfg, handlers, sessOpts) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index e3959b959ef9..cdb42497e76f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -102,6 +102,7 @@ type envConfig struct { CSMEnabled bool CSMPort string CSMClientID string + CSMHost string enableEndpointDiscovery string // Enables endpoint discovery via environment variables. @@ -114,6 +115,9 @@ var ( csmEnabledEnvKey = []string{ "AWS_CSM_ENABLED", } + csmHostEnvKey = []string{ + "AWS_CSM_HOST", + } csmPortEnvKey = []string{ "AWS_CSM_PORT", } @@ -184,6 +188,7 @@ func envConfigLoad(enableSharedConfig bool) envConfig { // CSM environment variables setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey) + setFromEnvVal(&cfg.CSMHost, csmHostEnvKey) setFromEnvVal(&cfg.CSMPort, csmPortEnvKey) setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey) cfg.CSMEnabled = len(cfg.csmEnabled) > 0 diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 84b01f0e785a..5da98abe750d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -3,6 +3,7 @@ package session import ( "crypto/tls" "crypto/x509" + "fmt" "io" "io/ioutil" "net/http" @@ -104,7 +105,15 @@ func New(cfgs ...*aws.Config) *Session { s := deprecatedNewSession(cfgs...) if envCfg.CSMEnabled { - enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger) + err := enableCSM(&s.Handlers, envCfg.CSMClientID, + envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger) + if err != nil { + err = fmt.Errorf("failed to enable CSM, %v", err) + s.Config.Logger.Log("ERROR:", err.Error()) + s.Handlers.Validate.PushBack(func(r *request.Request) { + r.Error = err + }) + } } return s @@ -338,17 +347,21 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session { return s } -func enableCSM(handlers *request.Handlers, clientID string, port string, logger aws.Logger) { - logger.Log("Enabling CSM") - if len(port) == 0 { - port = csm.DefaultPort +func enableCSM(handlers *request.Handlers, + clientID, host, port string, + logger aws.Logger, +) error { + if logger != nil { + logger.Log("Enabling CSM") } - r, err := csm.Start(clientID, "127.0.0.1:"+port) + r, err := csm.Start(clientID, csm.AddressWithDefaults(host, port)) if err != nil { - return + return err } r.InjectHandlers(handlers) + + return nil } func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) { @@ -395,7 +408,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, initHandlers(s) if envCfg.CSMEnabled { - enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger) + err := enableCSM(&s.Handlers, envCfg.CSMClientID, + envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger) + if err != nil { + return nil, err + } } // Setup HTTP client with custom cert bundle if enabled diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index e0102363ddd5..324927f56aaf 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -5,7 +5,6 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/internal/ini" ) @@ -167,7 +166,8 @@ func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedC } if cfg.AssumeRole.SourceProfile == origProfile || len(assumeRoleSrc.AssumeRole.SourceProfile) == 0 { - if len(assumeRoleSrc.AssumeRole.CredentialSource) == 0 && len(assumeRoleSrc.Creds.AccessKeyID) == 0 { + //Check if at least either Credential Source, static creds, or credential process is set to retain credentials. + if len(assumeRoleSrc.AssumeRole.CredentialSource) == 0 && len(assumeRoleSrc.Creds.AccessKeyID) == 0 && len(assumeRoleSrc.CredentialProcess) == 0 { return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN} } } @@ -226,7 +226,9 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e roleArn := section.String(roleArnKey) srcProfile := section.String(sourceProfileKey) credentialSource := section.String(credentialSourceKey) - hasSource := len(srcProfile) > 0 || len(credentialSource) > 0 + credentialProcess := section.String(credentialProcessKey) + //Has source to make sure the Assume Role has at least either srcProfile, credential Source, or credential Process. + hasSource := len(srcProfile) > 0 || len(credentialSource) > 0 || len(credentialProcess) > 0 if len(roleArn) > 0 && hasSource { cfg.AssumeRole = assumeRoleConfig{ RoleARN: roleArn, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 00efe6b9f217..e5e93a8bb640 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.20.10" +const SDKVersion = "1.20.19" diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index d91b0f353501..139c27d14c1c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -8516,6 +8516,11 @@ type CopyObjectInput struct { // key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // Specifies the AWS KMS Encryption Context to use for object encryption. The + // value of this header is a base64-encoded UTF-8 string holding JSON with the + // encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT // requests for an object protected by AWS KMS will fail if not made via SSL // or using SigV4. Documentation on configuring any of the officially supported @@ -8780,6 +8785,12 @@ func (s *CopyObjectInput) SetSSECustomerKeyMD5(v string) *CopyObjectInput { return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *CopyObjectInput) SetSSEKMSEncryptionContext(v string) *CopyObjectInput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput { s.SSEKMSKeyId = &v @@ -8840,6 +8851,11 @@ type CopyObjectOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // If present, specifies the AWS KMS Encryption Context to use for object encryption. + // The value of this header is a base64-encoded UTF-8 string holding JSON with + // the encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // If present, specifies the ID of the AWS Key Management Service (KMS) master // encryption key that was used for the object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` @@ -8898,6 +8914,12 @@ func (s *CopyObjectOutput) SetSSECustomerKeyMD5(v string) *CopyObjectOutput { return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *CopyObjectOutput) SetSSEKMSEncryptionContext(v string) *CopyObjectOutput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput { s.SSEKMSKeyId = &v @@ -9220,6 +9242,11 @@ type CreateMultipartUploadInput struct { // key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // Specifies the AWS KMS Encryption Context to use for object encryption. The + // value of this header is a base64-encoded UTF-8 string holding JSON with the + // encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT // requests for an object protected by AWS KMS will fail if not made via SSL // or using SigV4. Documentation on configuring any of the officially supported @@ -9414,6 +9441,12 @@ func (s *CreateMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CreateMulti return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *CreateMultipartUploadInput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadInput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput { s.SSEKMSKeyId = &v @@ -9474,6 +9507,11 @@ type CreateMultipartUploadOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // If present, specifies the AWS KMS Encryption Context to use for object encryption. + // The value of this header is a base64-encoded UTF-8 string holding JSON with + // the encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // If present, specifies the ID of the AWS Key Management Service (KMS) master // encryption key that was used for the object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` @@ -9545,6 +9583,12 @@ func (s *CreateMultipartUploadOutput) SetSSECustomerKeyMD5(v string) *CreateMult return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *CreateMultipartUploadOutput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadOutput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput { s.SSEKMSKeyId = &v @@ -20372,6 +20416,11 @@ type PutObjectInput struct { // key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // Specifies the AWS KMS Encryption Context to use for object encryption. The + // value of this header is a base64-encoded UTF-8 string holding JSON with the + // encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT // requests for an object protected by AWS KMS will fail if not made via SSL // or using SigV4. Documentation on configuring any of the officially supported @@ -20585,6 +20634,12 @@ func (s *PutObjectInput) SetSSECustomerKeyMD5(v string) *PutObjectInput { return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *PutObjectInput) SetSSEKMSEncryptionContext(v string) *PutObjectInput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput { s.SSEKMSKeyId = &v @@ -20861,6 +20916,11 @@ type PutObjectOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // If present, specifies the AWS KMS Encryption Context to use for object encryption. + // The value of this header is a base64-encoded UTF-8 string holding JSON with + // the encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // If present, specifies the ID of the AWS Key Management Service (KMS) master // encryption key that was used for the object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` @@ -20913,6 +20973,12 @@ func (s *PutObjectOutput) SetSSECustomerKeyMD5(v string) *PutObjectOutput { return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *PutObjectOutput) SetSSEKMSEncryptionContext(v string) *PutObjectOutput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput { s.SSEKMSKeyId = &v diff --git a/vendor/modules.txt b/vendor/modules.txt index a1c73b0e3f16..cd8b6ff17a3a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -79,7 +79,7 @@ github.com/apparentlymart/go-textseg/textseg github.com/armon/circbuf # github.com/armon/go-radix v1.0.0 github.com/armon/go-radix -# github.com/aws/aws-sdk-go v1.20.10 +# github.com/aws/aws-sdk-go v1.20.19 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/service/dynamodb