vendor: github.com/aws/aws-sdk-go-v2/credentials v1.13.16

full diff: https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.12.17...credentials/v1.13.16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor.mod

@@ -18,8 +18,8 @@ require (
 	github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91
 	github.com/aws/aws-sdk-go-v2 v1.17.6
 	github.com/aws/aws-sdk-go-v2/config v1.17.4
-	github.com/aws/aws-sdk-go-v2/credentials v1.12.17
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.14
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.16
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.24
 	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.15.17
 	github.com/aws/smithy-go v1.13.5
 	github.com/bsphere/le_go v0.0.0-20200109081728-fc06dab2caa8
@@ -112,13 +112,13 @@ require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.20 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.21 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.11.20 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.16.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.1.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect

vendor.sum

@@ -208,26 +208,34 @@ github.com/aws/aws-sdk-go-v2 v1.17.6 h1:Y773UK7OBqhzi5VDXMi1zVGsoj+CVHs2eaC2bDsL
 github.com/aws/aws-sdk-go-v2 v1.17.6/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.17.4 h1:9HY1wbShqObySCHP2Z07blfrSWVX+nVxCZmUuLZKcG8=
 github.com/aws/aws-sdk-go-v2/config v1.17.4/go.mod h1:ul+ru+huVpfduF9XRmGUq82T8T3K+nIFQuF6F+L+548=
-github.com/aws/aws-sdk-go-v2/credentials v1.12.17 h1:htUjIJOQcvIUR0jC4eLkdis1DfaLL4EUbIKUFqh2WFA=
 github.com/aws/aws-sdk-go-v2/credentials v1.12.17/go.mod h1:jd1mvJulXY7ccHvcSiJceYhv06yWIIRkJnwWEA4IX+g=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.14 h1:NZwZFtxXGOEIiCd8jWN55lexakug543CaO68bTpoLwg=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.16 h1:GgToSxaENX/1zXIGNFfiVk4hxryYJ5Vt4Mh8XLAL7Lc=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.16/go.mod h1:KP7aFJhfwPFgx9aoVYL2nYHjya5WBD98CWaadpgmnpY=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.14/go.mod h1:5CU57SyF5jZLSIw4OOll0PG83ThXwNdkRFOc0EltD/0=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.20 h1:Rk8eqZSdFovt8Id+O+i2qT0c3CY13DPn2SfGOEVlxNs=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.24 h1:5qyqXASrX2zy5cTnoHHa4N2c3Lc94GH7gjnBP3GwKdU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.24/go.mod h1:neYVaeKr5eT7BzwULuG2YbLhzWZ22lpjKdCybR7AXrQ=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.20/go.mod h1:gdZ5gRUaxThXIZyZQ8MTtgYBk2jbHgp05BO3GcD9Cwc=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.14 h1:6Yxuq9yrkoLYab5JXqJnto9tdRuIcYVdR+eiKjsJYWU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 h1:y+8n9AGDjikyXoMBTRaHHHSaFEB8267ykmvyPodJfys=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30/go.mod h1:LUBAO3zNXQjoONBKn/kR1y0Q4cj/D02Ts0uHYjcCQLM=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.14/go.mod h1:GEV9jaDPIgayiU+uevxwozcvUOjc+P4aHE2BeSjm2vE=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 h1:r+Kv+SEJquhAZXaJ7G4u44cIwXV3f8K+N482NNAzJZA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24/go.mod h1:gAuCezX/gob6BSMbItsSlMb6WZGV7K2+fWOvk8xBSto=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.21 h1:lpwSbLKYTuABo6SyUoC25xAmfO3/TehGS2SmD1EtOL0=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.21/go.mod h1:Q0pktZjvRZk77TBto6yAvUAi7fcse1bdcMctBDVGgBw=
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.15.17 h1:cDudPvUMS1LzoXgwhAVqUoaOK3PY7oCSL4pGmQmxlSk=
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.15.17/go.mod h1:60NdwPCecURV9rIq6Hg8U4kOsKsz1aXvAAYNKlhG9+E=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.14 h1:c5hJNN2DkK1gAytcKp7LkiKNDJeevFSboPezEHAM4Ro=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.14/go.mod h1:8qOLjqMzY/S1kh3myDXA1yxK5eD4uN8aOJgKpgvc4OM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.11.20 h1:3raP0UC9rvRyY4/cc4o4F3jTrNo94AYiarNUGNnq6dU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 h1:c5qGfdbCHav6viBwiyDns3OXqhqAbGjfIB4uVu2ayhk=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24/go.mod h1:HMA4FZG6fyib+NDo5bpIxX1EhYjrAOveZJY2YR0xrNE=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.20/go.mod h1:hPsROgDdgY/NQ1gPt7VJWG0GjSnalDC0DkkMfGEw2gc=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.2 h1:/SYpdjjAtraymql+/r719OgjxezdanAQiLb/NMxDb04=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.5 h1:bdKIX6SVF3nc3xJFw6Nf0igzS6Ff/louGq8Z6VP/3Hs=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.5/go.mod h1:vuWiaDB30M/QTC+lI3Wj6S/zb7tpUK2MSYgy3Guh2L0=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.2/go.mod h1:5cxfDYtY2mDOlmesy4yycb6lwyy1U/iAUOHKhQLKw/E=
-github.com/aws/aws-sdk-go-v2/service/sts v1.16.16 h1:otZvq9r+xjPL7qU/luX2QdBamiN+oSZURRi4sAKymO8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5 h1:xLPZMyuZ4GuqRCIec/zWuIhRFPXh2UOJdLXBSi64ZWQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5/go.mod h1:QjxpHmCwAg0ESGtPQnLIVp7SedTOBMYy+Slr3IfMKeI=
 github.com/aws/aws-sdk-go-v2/service/sts v1.16.16/go.mod h1:Y9iBgT1w2vHtYzJEkwD6FqILjDSsvbxcW/+wIYxyse4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 h1:rIFn5J3yDoeuKCE9sESXqM5POTAhOP1du3bv/qTL+tE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.6/go.mod h1:48WJ9l3dwP0GSHWGc5sFGGlCkuA82Mc2xnw+T6Q8aDw=
 github.com/aws/smithy-go v1.13.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md

@@ -1,3 +1,101 @@
+# v1.13.16 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.15 (2023-02-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.14 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.13 (2023-02-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.12 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.11 (2023-02-01)
+
+* No change notes available for this release.
+
+# v1.13.10 (2023-01-25)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.9 (2023-01-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.8 (2023-01-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.7 (2022-12-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.6 (2022-12-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.5 (2022-12-15)
+
+* **Bug Fix**: Unify logic between shared config and in finding home directory
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.4 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.3 (2022-11-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.2 (2022-11-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.1 (2022-11-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.0 (2022-11-11)
+
+* **Announcement**: When using the SSOTokenProvider, a previous implementation incorrectly compensated for invalid SSOTokenProvider configurations in the shared profile. This has been fixed via PR #1903 and tracked in issue #1846
+* **Feature**: Adds token refresh support (via SSOTokenProvider) when using the SSOCredentialProvider
+
+# v1.12.24 (2022-11-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.23 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.22 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.21 (2022-09-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.20 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.19 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.18 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.12.17 (2022-08-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/doc.go

@@ -11,7 +11,7 @@
 // # Loading credentials with the SDK's AWS Config
 //
 // The EC2 Instance role credentials provider will automatically be the resolved
-// credential provider int he credential chain if no other credential provider is
+// credential provider in the credential chain if no other credential provider is
 // resolved first.
 //
 // To explicitly instruct the SDK's credentials resolving to use the EC2 Instance

vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go

@@ -3,4 +3,4 @@
 package credentials
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.12.17"
+const goModuleVersion = "1.13.16"

vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go

@@ -149,12 +149,24 @@ func NewProviderCommand(builder NewCommandBuilder, options ...func(*Options)) *P
 	return p
 }
 
-type credentialProcessResponse struct {
-	Version         int
-	AccessKeyID     string `json:"AccessKeyId"`
+// A CredentialProcessResponse is the AWS credentials format that must be
+// returned when executing an external credential_process.
+type CredentialProcessResponse struct {
+	// As of this writing, the Version key must be set to 1. This might
+	// increment over time as the structure evolves.
+	Version int
+
+	// The access key ID that identifies the temporary security credentials.
+	AccessKeyID string `json:"AccessKeyId"`
+
+	// The secret access key that can be used to sign requests.
 	SecretAccessKey string
-	SessionToken    string
-	Expiration      *time.Time
+
+	// The token that users must pass to the service API to use the temporary credentials.
+	SessionToken string
+
+	// The date on which the current credentials expire.
+	Expiration *time.Time
 }
 
 // Retrieve executes the credential process command and returns the
@@ -166,7 +178,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
 	}
 
 	// Serialize and validate response
-	resp := &credentialProcessResponse{}
+	resp := &CredentialProcessResponse{}
 	if err = json.Unmarshal(out, resp); err != nil {
 		return aws.Credentials{Source: ProviderName}, &ProviderError{
 			Err: fmt.Errorf("parse failed of process output: %s, error: %w", out, err),

vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go

@@ -13,9 +13,10 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
+	"github.com/aws/aws-sdk-go-v2/internal/shareddefaults"
 )
 
-var osUserHomeDur = os.UserHomeDir
+var osUserHomeDur = shareddefaults.UserHomeDir
 
 // StandardCachedTokenFilepath returns the filepath for the cached SSO token file, or
 // error if unable get derive the path. Key that will be used to compute a SHA1
@@ -25,13 +26,12 @@ var osUserHomeDur = os.UserHomeDir
 //
 //	~/.aws/sso/cache/<sha1-hex-encoded-key>.json
 func StandardCachedTokenFilepath(key string) (string, error) {
-	homeDir, err := osUserHomeDur()
-	if err != nil {
-		return "", fmt.Errorf("unable to get USER's home directory for cached token, %w", err)
+	homeDir := osUserHomeDur()
+	if len(homeDir) == 0 {
+		return "", fmt.Errorf("unable to get USER's home directory for cached token")
 	}
-
 	hash := sha1.New()
-	if _, err = hash.Write([]byte(key)); err != nil {
+	if _, err := hash.Write([]byte(key)); err != nil {
 		return "", fmt.Errorf("unable to compute cached token filepath key SHA1 hash, %w", err)
 	}
 

vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go

@@ -45,6 +45,10 @@ type Options struct {
 	// If custom cached token filepath is used, the Provider's startUrl
 	// parameter will be ignored.
 	CachedTokenFilepath string
+
+	// Used by the SSOCredentialProvider if a token configuration
+	// profile is used in the shared config
+	SSOTokenProvider *SSOTokenProvider
 }
 
 // Provider is an AWS credential provider that retrieves temporary AWS
@@ -78,27 +82,39 @@ func New(client GetRoleCredentialsAPIClient, accountID, roleName, startURL strin
 
 // Retrieve retrieves temporary AWS credentials from the configured Amazon
 // Single Sign-On (AWS SSO) user portal by exchanging the accessToken present
-// in ~/.aws/sso/cache.
+// in ~/.aws/sso/cache. However, if a token provider configuration exists
+// in the shared config, then we ought to use the token provider rather then
+// direct access on the cached token.
 func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
-	if p.cachedTokenFilepath == "" {
-		cachedTokenFilepath, err := StandardCachedTokenFilepath(p.options.StartURL)
+	var accessToken *string
+	if p.options.SSOTokenProvider != nil {
+		token, err := p.options.SSOTokenProvider.RetrieveBearerToken(ctx)
 		if err != nil {
-			return aws.Credentials{}, &InvalidTokenError{Err: err}
+			return aws.Credentials{}, err
+		}
+		accessToken = &token.Value
+	} else {
+		if p.cachedTokenFilepath == "" {
+			cachedTokenFilepath, err := StandardCachedTokenFilepath(p.options.StartURL)
+			if err != nil {
+				return aws.Credentials{}, &InvalidTokenError{Err: err}
+			}
+			p.cachedTokenFilepath = cachedTokenFilepath
 		}
-		p.cachedTokenFilepath = cachedTokenFilepath
-	}
 
-	tokenFile, err := loadCachedToken(p.cachedTokenFilepath)
-	if err != nil {
-		return aws.Credentials{}, &InvalidTokenError{Err: err}
-	}
+		tokenFile, err := loadCachedToken(p.cachedTokenFilepath)
+		if err != nil {
+			return aws.Credentials{}, &InvalidTokenError{Err: err}
+		}
 
-	if tokenFile.ExpiresAt == nil || sdk.NowTime().After(time.Time(*tokenFile.ExpiresAt)) {
-		return aws.Credentials{}, &InvalidTokenError{}
+		if tokenFile.ExpiresAt == nil || sdk.NowTime().After(time.Time(*tokenFile.ExpiresAt)) {
+			return aws.Credentials{}, &InvalidTokenError{}
+		}
+		accessToken = &tokenFile.AccessToken
 	}
 
 	output, err := p.options.Client.GetRoleCredentials(ctx, &sso.GetRoleCredentialsInput{
-		AccessToken: &tokenFile.AccessToken,
+		AccessToken: accessToken,
 		AccountId:   &p.options.AccountID,
 		RoleName:    &p.options.RoleName,
 	})

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md

@@ -1,3 +1,44 @@
+# v1.12.24 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.23 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.22 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.21 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.20 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.19 (2022-10-24)
+
+* **Bug Fix**: Fixes an issue that prevented logging of the API request or responses when the respective log modes were enabled.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.18 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.17 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.16 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.15 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.12.14 (2022-08-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go

@@ -106,8 +106,10 @@ func New(options Options, optFns ...func(*Options)) *Client {
 // or adding custom middleware behavior.
 func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 	opts := Options{
-		APIOptions: append([]func(*middleware.Stack) error{}, cfg.APIOptions...),
-		HTTPClient: cfg.HTTPClient,
+		APIOptions:    append([]func(*middleware.Stack) error{}, cfg.APIOptions...),
+		HTTPClient:    cfg.HTTPClient,
+		ClientLogMode: cfg.ClientLogMode,
+		Logger:        cfg.Logger,
 	}
 
 	if cfg.Retryer != nil {

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go

@@ -3,4 +3,4 @@
 package imds
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.12.14"
+const goModuleVersion = "1.12.24"

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go

@@ -86,6 +86,21 @@ func addRequestMiddleware(stack *middleware.Stack,
 		return err
 	}
 
+	err = stack.Deserialize.Add(&smithyhttp.RequestResponseLogger{
+		LogRequest:          options.ClientLogMode.IsRequest(),
+		LogRequestWithBody:  options.ClientLogMode.IsRequestWithBody(),
+		LogResponse:         options.ClientLogMode.IsResponse(),
+		LogResponseWithBody: options.ClientLogMode.IsResponseWithBody(),
+	}, middleware.After)
+	if err != nil {
+		return err
+	}
+
+	err = addSetLoggerMiddleware(stack, options)
+	if err != nil {
+		return err
+	}
+
 	// Retry support
 	return retry.AddRetryMiddlewares(stack, retry.AddRetryMiddlewaresOptions{
 		Retryer:          options.Retryer,
@@ -93,6 +108,10 @@ func addRequestMiddleware(stack *middleware.Stack,
 	})
 }
 
+func addSetLoggerMiddleware(stack *middleware.Stack, o Options) error {
+	return middleware.AddSetLoggerMiddleware(stack, o.Logger)
+}
+
 type serializeRequest struct {
 	GetPath func(interface{}) (string, error)
 	Method  string

vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md

@@ -1,3 +1,43 @@
+# v1.1.30 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.29 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.28 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.27 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.26 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.25 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.24 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.23 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.22 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.21 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.1.20 (2022-08-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go

@@ -3,4 +3,4 @@
 package configsources
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.1.20"
+const goModuleVersion = "1.1.30"

vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md

@@ -1,3 +1,43 @@
+# v2.4.24 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.23 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.22 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.21 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.20 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.19 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.18 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.17 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.16 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.15 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v2.4.14 (2022-08-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go

@@ -3,4 +3,4 @@
 package endpoints
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "2.4.14"
+const goModuleVersion = "2.4.24"

vendor/github.com/aws/aws-sdk-go-v2/internal/shareddefaults/shared_config.go

@@ -0,0 +1,47 @@
+package shareddefaults
+
+import (
+	"os"
+	"os/user"
+	"path/filepath"
+)
+
+// SharedCredentialsFilename returns the SDK's default file path
+// for the shared credentials file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/credentials
+//   - Windows: %USERPROFILE%\.aws\credentials
+func SharedCredentialsFilename() string {
+	return filepath.Join(UserHomeDir(), ".aws", "credentials")
+}
+
+// SharedConfigFilename returns the SDK's default file path for
+// the shared config file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/config
+//   - Windows: %USERPROFILE%\.aws\config
+func SharedConfigFilename() string {
+	return filepath.Join(UserHomeDir(), ".aws", "config")
+}
+
+// UserHomeDir returns the home directory for the user the process is
+// running under.
+func UserHomeDir() string {
+	// Ignore errors since we only care about Windows and *nix.
+	home, _ := os.UserHomeDir()
+
+	if len(home) > 0 {
+		return home
+	}
+
+	currUser, _ := user.Current()
+	if currUser != nil {
+		home = currUser.HomeDir
+	}
+
+	return home
+}

vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md

@@ -1,3 +1,43 @@
+# v1.9.24 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.23 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.22 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.21 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.20 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.19 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.18 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.17 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.16 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.15 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.9.14 (2022-08-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go

@@ -3,4 +3,4 @@
 package presignedurl
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.9.14"
+const goModuleVersion = "1.9.24"

vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md

@@ -1,3 +1,60 @@
+# v1.12.5 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.4 (2023-02-22)
+
+* **Bug Fix**: Prevent nil pointer dereference when retrieving error codes.
+
+# v1.12.3 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.2 (2023-02-15)
+
+* **Announcement**: When receiving an error response in restJson-based services, an incorrect error type may have been returned based on the content of the response. This has been fixed via PR #2012 tracked in issue #1910.
+* **Bug Fix**: Correct error type parsing for restJson services.
+
+# v1.12.1 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.0 (2023-01-05)
+
+* **Feature**: Add `ErrorCodeOverride` field to all error structs (aws/smithy-go#401).
+
+# v1.11.28 (2022-12-20)
+
+* No change notes available for this release.
+
+# v1.11.27 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.26 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.25 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.24 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.23 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.22 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.21 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.11.20 (2022-08-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go

@@ -86,9 +86,9 @@ func awsRestjson1_deserializeOpErrorGetRoleCredentials(response *smithyhttp.Resp
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -97,7 +97,7 @@ func awsRestjson1_deserializeOpErrorGetRoleCredentials(response *smithyhttp.Resp
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -109,8 +109,8 @@ func awsRestjson1_deserializeOpErrorGetRoleCredentials(response *smithyhttp.Resp
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -242,9 +242,9 @@ func awsRestjson1_deserializeOpErrorListAccountRoles(response *smithyhttp.Respon
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -253,7 +253,7 @@ func awsRestjson1_deserializeOpErrorListAccountRoles(response *smithyhttp.Respon
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -265,8 +265,8 @@ func awsRestjson1_deserializeOpErrorListAccountRoles(response *smithyhttp.Respon
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -407,9 +407,9 @@ func awsRestjson1_deserializeOpErrorListAccounts(response *smithyhttp.Response,
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -418,7 +418,7 @@ func awsRestjson1_deserializeOpErrorListAccounts(response *smithyhttp.Response,
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -430,8 +430,8 @@ func awsRestjson1_deserializeOpErrorListAccounts(response *smithyhttp.Response,
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -550,9 +550,9 @@ func awsRestjson1_deserializeOpErrorLogout(response *smithyhttp.Response, metada
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -561,7 +561,7 @@ func awsRestjson1_deserializeOpErrorLogout(response *smithyhttp.Response, metada
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -573,8 +573,8 @@ func awsRestjson1_deserializeOpErrorLogout(response *smithyhttp.Response, metada
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message

vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go

@@ -3,4 +3,4 @@
 package sso
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.11.20"
+const goModuleVersion = "1.12.5"

vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go

@@ -135,6 +135,14 @@ var defaultPartitions = endpoints.Partitions{
 		RegionRegex:    partitionRegexp.Aws,
 		IsRegionalized: true,
 		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "af-south-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.af-south-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "af-south-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "ap-east-1",
 			}: endpoints.Endpoint{
@@ -191,6 +199,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "ap-southeast-2",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "ap-southeast-3",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.ap-southeast-3.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "ap-southeast-3",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "ca-central-1",
 			}: endpoints.Endpoint{
@@ -279,6 +295,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "us-east-2",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "us-west-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.us-west-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "us-west-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "us-west-2",
 			}: endpoints.Endpoint{

vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/errors.go

@@ -12,6 +12,8 @@ import (
 type InvalidRequestException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -24,13 +26,20 @@ func (e *InvalidRequestException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidRequestException) ErrorCode() string             { return "InvalidRequestException" }
+func (e *InvalidRequestException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidRequestException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidRequestException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified resource doesn't exist.
 type ResourceNotFoundException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -43,7 +52,12 @@ func (e *ResourceNotFoundException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ResourceNotFoundException) ErrorCode() string             { return "ResourceNotFoundException" }
+func (e *ResourceNotFoundException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ResourceNotFoundException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that the request is being made too frequently and is more than what
@@ -51,6 +65,8 @@ func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault { return smit
 type TooManyRequestsException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -63,7 +79,12 @@ func (e *TooManyRequestsException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *TooManyRequestsException) ErrorCode() string             { return "TooManyRequestsException" }
+func (e *TooManyRequestsException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "TooManyRequestsException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *TooManyRequestsException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that the request is not authorized. This can happen due to an invalid
@@ -71,6 +92,8 @@ func (e *TooManyRequestsException) ErrorFault() smithy.ErrorFault { return smith
 type UnauthorizedException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -83,5 +106,10 @@ func (e *UnauthorizedException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *UnauthorizedException) ErrorCode() string             { return "UnauthorizedException" }
+func (e *UnauthorizedException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "UnauthorizedException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *UnauthorizedException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md

@@ -1,3 +1,64 @@
+# v1.14.5 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.4 (2023-02-22)
+
+* **Bug Fix**: Prevent nil pointer dereference when retrieving error codes.
+
+# v1.14.3 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.2 (2023-02-15)
+
+* **Announcement**: When receiving an error response in restJson-based services, an incorrect error type may have been returned based on the content of the response. This has been fixed via PR #2012 tracked in issue #1910.
+* **Bug Fix**: Correct error type parsing for restJson services.
+
+# v1.14.1 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.0 (2023-01-05)
+
+* **Feature**: Add `ErrorCodeOverride` field to all error structs (aws/smithy-go#401).
+
+# v1.13.11 (2022-12-19)
+
+* No change notes available for this release.
+
+# v1.13.10 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.9 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.8 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.7 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.6 (2022-09-30)
+
+* **Documentation**: Documentation updates for the IAM Identity Center OIDC CLI Reference.
+
+# v1.13.5 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.4 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.3 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.2 (2022-08-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go

@@ -41,8 +41,10 @@ type CreateTokenInput struct {
 	// This member is required.
 	ClientSecret *string
 
-	// Supports grant types for authorization code, refresh token, and device code
-	// request.
+	// Supports grant types for the authorization code, refresh token, and device code
+	// request. For device code requests, specify the following value:
+	// urn:ietf:params:oauth:grant-type:device_code  For information about how to
+	// obtain the device code, see the StartDeviceAuthorization topic.
 	//
 	// This member is required.
 	GrantType *string
@@ -60,8 +62,13 @@ type CreateTokenInput struct {
 	// authorize the service to send the request to this location.
 	RedirectUri *string
 
+	// Currently, refreshToken is not yet implemented and is not supported. For more
+	// information about the features and limitations of the current IAM Identity
+	// Center OIDC implementation, see Considerations for Using this Guide in the IAM
+	// Identity Center OIDC API Reference
+	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
 	// The token used to obtain an access token in the event that the access token is
-	// invalid or expired. This token is not issued by the service.
+	// invalid or expired.
 	RefreshToken *string
 
 	// The list of scopes that is defined by the client. Upon authorization, this list
@@ -73,15 +80,25 @@ type CreateTokenInput struct {
 
 type CreateTokenOutput struct {
 
-	// An opaque token to access AWS SSO resources assigned to a user.
+	// An opaque token to access IAM Identity Center resources assigned to a user.
 	AccessToken *string
 
 	// Indicates the time in seconds when an access token will expire.
 	ExpiresIn int32
 
+	// Currently, idToken is not yet implemented and is not supported. For more
+	// information about the features and limitations of the current IAM Identity
+	// Center OIDC implementation, see Considerations for Using this Guide in the IAM
+	// Identity Center OIDC API Reference
+	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
 	// The identifier of the user that associated with the access token, if present.
 	IdToken *string
 
+	// Currently, refreshToken is not yet implemented and is not supported. For more
+	// information about the features and limitations of the current IAM Identity
+	// Center OIDC implementation, see Considerations for Using this Guide in the IAM
+	// Identity Center OIDC API Reference
+	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
 	// A token that, if present, can be used to refresh a previously issued access
 	// token that might have expired.
 	RefreshToken *string

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go

@@ -9,8 +9,8 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Registers a client with AWS SSO. This allows clients to initiate device
-// authorization. The output should be persisted for reuse through many
+// Registers a client with IAM Identity Center. This allows clients to initiate
+// device authorization. The output should be persisted for reuse through many
 // authentication requests.
 func (c *Client) RegisterClient(ctx context.Context, params *RegisterClientInput, optFns ...func(*Options)) (*RegisterClientOutput, error) {
 	if params == nil {

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go

@@ -28,9 +28,9 @@ func (c *Client) StartDeviceAuthorization(ctx context.Context, params *StartDevi
 
 type StartDeviceAuthorizationInput struct {
 
-	// The unique identifier string for the client that is registered with AWS SSO.
-	// This value should come from the persisted result of the RegisterClient API
-	// operation.
+	// The unique identifier string for the client that is registered with IAM Identity
+	// Center. This value should come from the persisted result of the RegisterClient
+	// API operation.
 	//
 	// This member is required.
 	ClientId *string
@@ -41,10 +41,10 @@ type StartDeviceAuthorizationInput struct {
 	// This member is required.
 	ClientSecret *string
 
-	// The URL for the AWS SSO user portal. For more information, see Using the User
-	// Portal
+	// The URL for the AWS access portal. For more information, see Using the AWS
+	// access portal
 	// (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
-	// in the AWS Single Sign-On User Guide.
+	// in the IAM Identity Center User Guide.
 	//
 	// This member is required.
 	StartUrl *string

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go

@@ -85,9 +85,9 @@ func awsRestjson1_deserializeOpErrorCreateToken(response *smithyhttp.Response, m
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -96,7 +96,7 @@ func awsRestjson1_deserializeOpErrorCreateToken(response *smithyhttp.Response, m
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -108,8 +108,8 @@ func awsRestjson1_deserializeOpErrorCreateToken(response *smithyhttp.Response, m
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -306,9 +306,9 @@ func awsRestjson1_deserializeOpErrorRegisterClient(response *smithyhttp.Response
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -317,7 +317,7 @@ func awsRestjson1_deserializeOpErrorRegisterClient(response *smithyhttp.Response
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -329,8 +329,8 @@ func awsRestjson1_deserializeOpErrorRegisterClient(response *smithyhttp.Response
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -519,9 +519,9 @@ func awsRestjson1_deserializeOpErrorStartDeviceAuthorization(response *smithyhtt
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -530,7 +530,7 @@ func awsRestjson1_deserializeOpErrorStartDeviceAuthorization(response *smithyhtt
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -542,8 +542,8 @@ func awsRestjson1_deserializeOpErrorStartDeviceAuthorization(response *smithyhtt
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go

@@ -3,20 +3,44 @@
 // Package ssooidc provides the API client, operations, and parameter types for AWS
 // SSO OIDC.
 //
-// AWS Single Sign-On (SSO) OpenID Connect (OIDC) is a web service that enables a
-// client (such as AWS CLI or a native application) to register with AWS SSO. The
-// service also enables the client to fetch the user’s access token upon successful
-// authentication and authorization with AWS SSO. This service conforms with the
-// OAuth 2.0 based implementation of the device authorization grant standard
-// (https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628)). For
-// general information about AWS SSO, see What is AWS Single Sign-On?
+// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect (OIDC)
+// is a web service that enables a client (such as AWS CLI or a native application)
+// to register with IAM Identity Center. The service also enables the client to
+// fetch the user’s access token upon successful authentication and authorization
+// with IAM Identity Center. Although AWS Single Sign-On was renamed, the sso and
+// identitystore API namespaces will continue to retain their original name for
+// backward compatibility purposes. For more information, see IAM Identity Center
+// rename
+// (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
+// Considerations for Using This Guide Before you begin using this guide, we
+// recommend that you first review the following important information about how
+// the IAM Identity Center OIDC service works.
+//
+// * The IAM Identity Center OIDC
+// service currently implements only the portions of the OAuth 2.0 Device
+// Authorization Grant standard (https://tools.ietf.org/html/rfc8628
+// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
+// sign-on authentication with the AWS CLI. Support for other OIDC flows frequently
+// needed for native applications, such as Authorization Code Flow (+ PKCE), will
+// be addressed in future releases.
+//
+// * The service emits only OIDC access tokens,
+// such that obtaining a new token (For example, token refresh) requires explicit
+// user re-authentication.
+//
+// * The access tokens provided by this service grant
+// access to all AWS account entitlements assigned to an IAM Identity Center user,
+// not just a particular application.
+//
+// * The documentation in this guide does not
+// describe the mechanism to convert the access token into AWS Auth (“sigv4”)
+// credentials for use with IAM-protected AWS service endpoints. For more
+// information, see GetRoleCredentials
+// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
+// in the IAM Identity Center Portal API Reference Guide.
+//
+// For general information
+// about IAM Identity Center, see What is IAM Identity Center?
 // (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the
-// AWS SSO User Guide. This API reference guide describes the AWS SSO OIDC
-// operations that you can call programatically and includes detailed information
-// on data types and errors. AWS provides SDKs that consist of libraries and sample
-// code for various programming languages and platforms such as Java, Ruby, .Net,
-// iOS, and Android. The SDKs provide a convenient way to create programmatic
-// access to AWS SSO and other AWS services. For more information about the AWS
-// SDKs, including how to download and install them, see Tools for Amazon Web
-// Services (http://aws.amazon.com/tools/).
+// IAM Identity Center User Guide.
 package ssooidc

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go

@@ -3,4 +3,4 @@
 package ssooidc
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.2"
+const goModuleVersion = "1.14.5"

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go

@@ -135,6 +135,14 @@ var defaultPartitions = endpoints.Partitions{
 		RegionRegex:    partitionRegexp.Aws,
 		IsRegionalized: true,
 		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "af-south-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.af-south-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "af-south-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "ap-east-1",
 			}: endpoints.Endpoint{
@@ -191,6 +199,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "ap-southeast-2",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "ap-southeast-3",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.ap-southeast-3.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "ap-southeast-3",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "ca-central-1",
 			}: endpoints.Endpoint{
@@ -279,6 +295,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "us-east-2",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "us-west-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.us-west-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "us-west-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "us-west-2",
 			}: endpoints.Endpoint{

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go

@@ -11,6 +11,8 @@ import (
 type AccessDeniedException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -26,7 +28,12 @@ func (e *AccessDeniedException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *AccessDeniedException) ErrorCode() string             { return "AccessDeniedException" }
+func (e *AccessDeniedException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "AccessDeniedException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that a request to authorize a client with an access user session token
@@ -34,6 +41,8 @@ func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault { return smithy.F
 type AuthorizationPendingException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -49,7 +58,12 @@ func (e *AuthorizationPendingException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *AuthorizationPendingException) ErrorCode() string             { return "AuthorizationPendingException" }
+func (e *AuthorizationPendingException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "AuthorizationPendingException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *AuthorizationPendingException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that the token issued by the service is expired and is no longer
@@ -57,6 +71,8 @@ func (e *AuthorizationPendingException) ErrorFault() smithy.ErrorFault { return
 type ExpiredTokenException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -72,7 +88,12 @@ func (e *ExpiredTokenException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ExpiredTokenException) ErrorCode() string             { return "ExpiredTokenException" }
+func (e *ExpiredTokenException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ExpiredTokenException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ExpiredTokenException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that an error from the service occurred while trying to process a
@@ -80,6 +101,8 @@ func (e *ExpiredTokenException) ErrorFault() smithy.ErrorFault { return smithy.F
 type InternalServerException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -95,7 +118,12 @@ func (e *InternalServerException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InternalServerException) ErrorCode() string             { return "InternalServerException" }
+func (e *InternalServerException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InternalServerException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InternalServerException) ErrorFault() smithy.ErrorFault { return smithy.FaultServer }
 
 // Indicates that the clientId or clientSecret in the request is invalid. For
@@ -104,6 +132,8 @@ func (e *InternalServerException) ErrorFault() smithy.ErrorFault { return smithy
 type InvalidClientException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -119,7 +149,12 @@ func (e *InvalidClientException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidClientException) ErrorCode() string             { return "InvalidClientException" }
+func (e *InvalidClientException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidClientException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidClientException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that the client information sent in the request during registration is
@@ -127,6 +162,8 @@ func (e *InvalidClientException) ErrorFault() smithy.ErrorFault { return smithy.
 type InvalidClientMetadataException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -142,7 +179,12 @@ func (e *InvalidClientMetadataException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidClientMetadataException) ErrorCode() string             { return "InvalidClientMetadataException" }
+func (e *InvalidClientMetadataException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidClientMetadataException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidClientMetadataException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that a request contains an invalid grant. This can occur if a client
@@ -150,6 +192,8 @@ func (e *InvalidClientMetadataException) ErrorFault() smithy.ErrorFault { return
 type InvalidGrantException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -165,7 +209,12 @@ func (e *InvalidGrantException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidGrantException) ErrorCode() string             { return "InvalidGrantException" }
+func (e *InvalidGrantException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidGrantException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidGrantException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that something is wrong with the input to the request. For example, a
@@ -173,6 +222,8 @@ func (e *InvalidGrantException) ErrorFault() smithy.ErrorFault { return smithy.F
 type InvalidRequestException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -188,13 +239,20 @@ func (e *InvalidRequestException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidRequestException) ErrorCode() string             { return "InvalidRequestException" }
+func (e *InvalidRequestException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidRequestException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidRequestException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that the scope provided in the request is invalid.
 type InvalidScopeException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -210,7 +268,12 @@ func (e *InvalidScopeException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidScopeException) ErrorCode() string             { return "InvalidScopeException" }
+func (e *InvalidScopeException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidScopeException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidScopeException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that the client is making the request too frequently and is more than
@@ -218,6 +281,8 @@ func (e *InvalidScopeException) ErrorFault() smithy.ErrorFault { return smithy.F
 type SlowDownException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -233,7 +298,12 @@ func (e *SlowDownException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *SlowDownException) ErrorCode() string             { return "SlowDownException" }
+func (e *SlowDownException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "SlowDownException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *SlowDownException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that the client is not currently authorized to make the request. This
@@ -241,6 +311,8 @@ func (e *SlowDownException) ErrorFault() smithy.ErrorFault { return smithy.Fault
 type UnauthorizedClientException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -256,13 +328,20 @@ func (e *UnauthorizedClientException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *UnauthorizedClientException) ErrorCode() string             { return "UnauthorizedClientException" }
+func (e *UnauthorizedClientException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "UnauthorizedClientException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *UnauthorizedClientException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that the grant type in the request is not supported by the service.
 type UnsupportedGrantTypeException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	Error_            *string
 	Error_description *string
 
@@ -278,5 +357,10 @@ func (e *UnsupportedGrantTypeException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *UnsupportedGrantTypeException) ErrorCode() string             { return "UnsupportedGrantTypeException" }
+func (e *UnsupportedGrantTypeException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "UnsupportedGrantTypeException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *UnsupportedGrantTypeException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }

vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md

@@ -1,3 +1,77 @@
+# v1.18.6 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.5 (2023-02-22)
+
+* **Bug Fix**: Prevent nil pointer dereference when retrieving error codes.
+
+# v1.18.4 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.3 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade smithy to 1.27.2 and correct empty query list serialization.
+
+# v1.18.2 (2023-01-25)
+
+* **Documentation**: Doc only change to update wording in a key topic
+
+# v1.18.1 (2023-01-23)
+
+* No change notes available for this release.
+
+# v1.18.0 (2023-01-05)
+
+* **Feature**: Add `ErrorCodeOverride` field to all error structs (aws/smithy-go#401).
+
+# v1.17.7 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.6 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.5 (2022-11-22)
+
+* No change notes available for this release.
+
+# v1.17.4 (2022-11-17)
+
+* **Documentation**: Documentation updates for AWS Security Token Service.
+
+# v1.17.3 (2022-11-16)
+
+* No change notes available for this release.
+
+# v1.17.2 (2022-11-10)
+
+* No change notes available for this release.
+
+# v1.17.1 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.0 (2022-10-21)
+
+* **Feature**: Add presign functionality for sts:AssumeRole operation
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.19 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.18 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.17 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.16.16 (2022-08-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go

@@ -12,12 +12,11 @@ import (
 )
 
 // Returns a set of temporary security credentials that you can use to access
-// Amazon Web Services resources that you might not normally have access to. These
-// temporary credentials consist of an access key ID, a secret access key, and a
-// security token. Typically, you use AssumeRole within your account or for
-// cross-account access. For a comparison of AssumeRole with other API operations
-// that produce temporary credentials, see Requesting Temporary Security
-// Credentials
+// Amazon Web Services resources. These temporary credentials consist of an access
+// key ID, a secret access key, and a security token. Typically, you use AssumeRole
+// within your account or for cross-account access. For a comparison of AssumeRole
+// with other API operations that produce temporary credentials, see Requesting
+// Temporary Security Credentials
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
 // and Comparing the Amazon Web Services STS API operations
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
@@ -28,16 +27,16 @@ import (
 // inline or managed session policies
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
-// inline session policy. You can also specify up to 10 managed policies to use as
-// managed session policies. The plaintext that you use for both inline and managed
-// session policies can't exceed 2,048 characters. Passing policies to this
-// operation returns new temporary credentials. The resulting session's permissions
-// are the intersection of the role's identity-based policy and the session
-// policies. You can use the role's temporary credentials in subsequent Amazon Web
-// Services API calls to access resources in the account that owns the role. You
-// cannot use session policies to grant more permissions than those allowed by the
-// identity-based policy of the role that is being assumed. For more information,
-// see Session Policies
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that you
+// use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's
+// identity-based policy and the session policies. You can use the role's temporary
+// credentials in subsequent Amazon Web Services API calls to access resources in
+// the account that owns the role. You cannot use session policies to grant more
+// permissions than those allowed by the identity-based policy of the role that is
+// being assumed. For more information, see Session Policies
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide. When you create a role, you create two policies: A role
 // trust policy that specifies who can assume the role and a permissions policy
@@ -189,11 +188,11 @@ type AssumeRoleInput struct {
 	// be any ASCII character from the space character to the end of the valid
 	// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
 	// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
-	// Services conversion compresses the passed session policies and session tags into
-	// a packed binary format that has a separate limit. Your request can fail for this
-	// limit even if your plaintext meets the other requirements. The PackedPolicySize
-	// response element indicates by percentage how close the policies and tags for
-	// your request are to the upper size limit.
+	// Services conversion compresses the passed inline session policy, managed policy
+	// ARNs, and session tags into a packed binary format that has a separate limit.
+	// Your request can fail for this limit even if your plaintext meets the other
+	// requirements. The PackedPolicySize response element indicates by percentage how
+	// close the policies and tags for your request are to the upper size limit.
 	Policy *string
 
 	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@@ -204,18 +203,18 @@ type AssumeRoleInput struct {
 	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
 	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
 	// the Amazon Web Services General Reference. An Amazon Web Services conversion
-	// compresses the passed session policies and session tags into a packed binary
-	// format that has a separate limit. Your request can fail for this limit even if
-	// your plaintext meets the other requirements. The PackedPolicySize response
-	// element indicates by percentage how close the policies and tags for your request
-	// are to the upper size limit. Passing policies to this operation returns new
-	// temporary credentials. The resulting session's permissions are the intersection
-	// of the role's identity-based policy and the session policies. You can use the
-	// role's temporary credentials in subsequent Amazon Web Services API calls to
-	// access resources in the account that owns the role. You cannot use session
-	// policies to grant more permissions than those allowed by the identity-based
-	// policy of the role that is being assumed. For more information, see Session
-	// Policies
+	// compresses the passed inline session policy, managed policy ARNs, and session
+	// tags into a packed binary format that has a separate limit. Your request can
+	// fail for this limit even if your plaintext meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit. Passing policies to this
+	// operation returns new temporary credentials. The resulting session's permissions
+	// are the intersection of the role's identity-based policy and the session
+	// policies. You can use the role's temporary credentials in subsequent Amazon Web
+	// Services API calls to access resources in the account that owns the role. You
+	// cannot use session policies to grant more permissions than those allowed by the
+	// identity-based policy of the role that is being assumed. For more information,
+	// see Session Policies
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	PolicyArns []types.PolicyDescriptorType
@@ -257,22 +256,23 @@ type AssumeRoleInput struct {
 	// Character Limits
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 	// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
-	// session policies and session tags into a packed binary format that has a
-	// separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates by
-	// percentage how close the policies and tags for your request are to the upper
-	// size limit. You can pass a session tag with the same key as a tag that is
-	// already attached to the role. When you do, session tags override a role tag with
-	// the same key. Tag key–value pairs are not case sensitive, but case is preserved.
-	// This means that you cannot have separate Department and department tag keys.
-	// Assume that the role has the Department=Marketing tag and you pass the
-	// department=engineering session tag. Department and department are not saved as
-	// separate tags, and the session tag passed in the request takes precedence over
-	// the role tag. Additionally, if you used temporary credentials to perform this
-	// operation, the new session inherits any transitive session tags from the calling
-	// session. If you pass a session tag with the same key as an inherited tag, the
-	// operation fails. To view the inherited tags for a session, see the CloudTrail
-	// logs. For more information, see Viewing Session Tags in CloudTrail
+	// inline session policy, managed policy ARNs, and session tags into a packed
+	// binary format that has a separate limit. Your request can fail for this limit
+	// even if your plaintext meets the other requirements. The PackedPolicySize
+	// response element indicates by percentage how close the policies and tags for
+	// your request are to the upper size limit. You can pass a session tag with the
+	// same key as a tag that is already attached to the role. When you do, session
+	// tags override a role tag with the same key. Tag key–value pairs are not case
+	// sensitive, but case is preserved. This means that you cannot have separate
+	// Department and department tag keys. Assume that the role has the
+	// Department=Marketing tag and you pass the department=engineering session tag.
+	// Department and department are not saved as separate tags, and the session tag
+	// passed in the request takes precedence over the role tag. Additionally, if you
+	// used temporary credentials to perform this operation, the new session inherits
+	// any transitive session tags from the calling session. If you pass a session tag
+	// with the same key as an inherited tag, the operation fails. To view the
+	// inherited tags for a session, see the CloudTrail logs. For more information, see
+	// Viewing Session Tags in CloudTrail
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
 	// in the IAM User Guide.
 	Tags []types.Tag
@@ -415,3 +415,27 @@ func newServiceMetadataMiddleware_opAssumeRole(region string) *awsmiddleware.Reg
 		OperationName: "AssumeRole",
 	}
 }
+
+// PresignAssumeRole is used to generate a presigned HTTP Request which contains
+// presigned URL, signed headers and HTTP method used.
+func (c *PresignClient) PresignAssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*PresignOptions)) (*v4.PresignedHTTPRequest, error) {
+	if params == nil {
+		params = &AssumeRoleInput{}
+	}
+	options := c.options.copy()
+	for _, fn := range optFns {
+		fn(&options)
+	}
+	clientOptFns := append(options.ClientOptions, withNopHTTPClientAPIOption)
+
+	result, _, err := c.client.invokeOperation(ctx, "AssumeRole", params, clientOptFns,
+		c.client.addOperationAssumeRoleMiddlewares,
+		presignConverter(options).convertToPresignMiddleware,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	out := result.(*v4.PresignedHTTPRequest)
+	return out, nil
+}

vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go

@@ -53,16 +53,16 @@ import (
 // pass inline or managed session policies
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
-// inline session policy. You can also specify up to 10 managed policies to use as
-// managed session policies. The plaintext that you use for both inline and managed
-// session policies can't exceed 2,048 characters. Passing policies to this
-// operation returns new temporary credentials. The resulting session's permissions
-// are the intersection of the role's identity-based policy and the session
-// policies. You can use the role's temporary credentials in subsequent Amazon Web
-// Services API calls to access resources in the account that owns the role. You
-// cannot use session policies to grant more permissions than those allowed by the
-// identity-based policy of the role that is being assumed. For more information,
-// see Session Policies
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that you
+// use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's
+// identity-based policy and the session policies. You can use the role's temporary
+// credentials in subsequent Amazon Web Services API calls to access resources in
+// the account that owns the role. You cannot use session policies to grant more
+// permissions than those allowed by the identity-based policy of the role that is
+// being assumed. For more information, see Session Policies
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
 // Amazon Web Services security credentials. The identity of the caller is
@@ -82,16 +82,16 @@ import (
 // these and additional limits, see IAM and STS Character Limits
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 // in the IAM User Guide. An Amazon Web Services conversion compresses the passed
-// session policies and session tags into a packed binary format that has a
-// separate limit. Your request can fail for this limit even if your plaintext
-// meets the other requirements. The PackedPolicySize response element indicates by
-// percentage how close the policies and tags for your request are to the upper
-// size limit. You can pass a session tag with the same key as a tag that is
-// attached to the role. When you do, session tags override the role's tags with
-// the same key. An administrator must grant you the permissions necessary to pass
-// session tags. The administrator can also create granular permissions to allow
-// you to pass only specific session tags. For more information, see Tutorial:
-// Using Tags for Attribute-Based Access Control
+// inline session policy, managed policy ARNs, and session tags into a packed
+// binary format that has a separate limit. Your request can fail for this limit
+// even if your plaintext meets the other requirements. The PackedPolicySize
+// response element indicates by percentage how close the policies and tags for
+// your request are to the upper size limit. You can pass a session tag with the
+// same key as a tag that is attached to the role. When you do, session tags
+// override the role's tags with the same key. An administrator must grant you the
+// permissions necessary to pass session tags. The administrator can also create
+// granular permissions to allow you to pass only specific session tags. For more
+// information, see Tutorial: Using Tags for Attribute-Based Access Control
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
 // in the IAM User Guide. You can set the session tags as transitive. Transitive
 // tags persist during role chaining. For more information, see Chaining Roles with
@@ -194,11 +194,11 @@ type AssumeRoleWithSAMLInput struct {
 	// be any ASCII character from the space character to the end of the valid
 	// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
 	// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
-	// Services conversion compresses the passed session policies and session tags into
-	// a packed binary format that has a separate limit. Your request can fail for this
-	// limit even if your plaintext meets the other requirements. The PackedPolicySize
-	// response element indicates by percentage how close the policies and tags for
-	// your request are to the upper size limit.
+	// Services conversion compresses the passed inline session policy, managed policy
+	// ARNs, and session tags into a packed binary format that has a separate limit.
+	// Your request can fail for this limit even if your plaintext meets the other
+	// requirements. The PackedPolicySize response element indicates by percentage how
+	// close the policies and tags for your request are to the upper size limit.
 	Policy *string
 
 	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@@ -209,18 +209,18 @@ type AssumeRoleWithSAMLInput struct {
 	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
 	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
 	// the Amazon Web Services General Reference. An Amazon Web Services conversion
-	// compresses the passed session policies and session tags into a packed binary
-	// format that has a separate limit. Your request can fail for this limit even if
-	// your plaintext meets the other requirements. The PackedPolicySize response
-	// element indicates by percentage how close the policies and tags for your request
-	// are to the upper size limit. Passing policies to this operation returns new
-	// temporary credentials. The resulting session's permissions are the intersection
-	// of the role's identity-based policy and the session policies. You can use the
-	// role's temporary credentials in subsequent Amazon Web Services API calls to
-	// access resources in the account that owns the role. You cannot use session
-	// policies to grant more permissions than those allowed by the identity-based
-	// policy of the role that is being assumed. For more information, see Session
-	// Policies
+	// compresses the passed inline session policy, managed policy ARNs, and session
+	// tags into a packed binary format that has a separate limit. Your request can
+	// fail for this limit even if your plaintext meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit. Passing policies to this
+	// operation returns new temporary credentials. The resulting session's permissions
+	// are the intersection of the role's identity-based policy and the session
+	// policies. You can use the role's temporary credentials in subsequent Amazon Web
+	// Services API calls to access resources in the account that owns the role. You
+	// cannot use session policies to grant more permissions than those allowed by the
+	// identity-based policy of the role that is being assumed. For more information,
+	// see Session Policies
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	PolicyArns []types.PolicyDescriptorType

vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go

@@ -63,16 +63,16 @@ import (
 // inline or managed session policies
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
-// inline session policy. You can also specify up to 10 managed policies to use as
-// managed session policies. The plaintext that you use for both inline and managed
-// session policies can't exceed 2,048 characters. Passing policies to this
-// operation returns new temporary credentials. The resulting session's permissions
-// are the intersection of the role's identity-based policy and the session
-// policies. You can use the role's temporary credentials in subsequent Amazon Web
-// Services API calls to access resources in the account that owns the role. You
-// cannot use session policies to grant more permissions than those allowed by the
-// identity-based policy of the role that is being assumed. For more information,
-// see Session Policies
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that you
+// use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's
+// identity-based policy and the session policies. You can use the role's temporary
+// credentials in subsequent Amazon Web Services API calls to access resources in
+// the account that owns the role. You cannot use session policies to grant more
+// permissions than those allowed by the identity-based policy of the role that is
+// being assumed. For more information, see Session Policies
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
 // attributes into your web identity token as session tags. Each session tag
@@ -84,16 +84,16 @@ import (
 // these and additional limits, see IAM and STS Character Limits
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 // in the IAM User Guide. An Amazon Web Services conversion compresses the passed
-// session policies and session tags into a packed binary format that has a
-// separate limit. Your request can fail for this limit even if your plaintext
-// meets the other requirements. The PackedPolicySize response element indicates by
-// percentage how close the policies and tags for your request are to the upper
-// size limit. You can pass a session tag with the same key as a tag that is
-// attached to the role. When you do, the session tag overrides the role tag with
-// the same key. An administrator must grant you the permissions necessary to pass
-// session tags. The administrator can also create granular permissions to allow
-// you to pass only specific session tags. For more information, see Tutorial:
-// Using Tags for Attribute-Based Access Control
+// inline session policy, managed policy ARNs, and session tags into a packed
+// binary format that has a separate limit. Your request can fail for this limit
+// even if your plaintext meets the other requirements. The PackedPolicySize
+// response element indicates by percentage how close the policies and tags for
+// your request are to the upper size limit. You can pass a session tag with the
+// same key as a tag that is attached to the role. When you do, the session tag
+// overrides the role tag with the same key. An administrator must grant you the
+// permissions necessary to pass session tags. The administrator can also create
+// granular permissions to allow you to pass only specific session tags. For more
+// information, see Tutorial: Using Tags for Attribute-Based Access Control
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
 // in the IAM User Guide. You can set the session tags as transitive. Transitive
 // tags persist during role chaining. For more information, see Chaining Roles with
@@ -215,11 +215,11 @@ type AssumeRoleWithWebIdentityInput struct {
 	// be any ASCII character from the space character to the end of the valid
 	// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
 	// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
-	// Services conversion compresses the passed session policies and session tags into
-	// a packed binary format that has a separate limit. Your request can fail for this
-	// limit even if your plaintext meets the other requirements. The PackedPolicySize
-	// response element indicates by percentage how close the policies and tags for
-	// your request are to the upper size limit.
+	// Services conversion compresses the passed inline session policy, managed policy
+	// ARNs, and session tags into a packed binary format that has a separate limit.
+	// Your request can fail for this limit even if your plaintext meets the other
+	// requirements. The PackedPolicySize response element indicates by percentage how
+	// close the policies and tags for your request are to the upper size limit.
 	Policy *string
 
 	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@@ -230,18 +230,18 @@ type AssumeRoleWithWebIdentityInput struct {
 	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
 	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
 	// the Amazon Web Services General Reference. An Amazon Web Services conversion
-	// compresses the passed session policies and session tags into a packed binary
-	// format that has a separate limit. Your request can fail for this limit even if
-	// your plaintext meets the other requirements. The PackedPolicySize response
-	// element indicates by percentage how close the policies and tags for your request
-	// are to the upper size limit. Passing policies to this operation returns new
-	// temporary credentials. The resulting session's permissions are the intersection
-	// of the role's identity-based policy and the session policies. You can use the
-	// role's temporary credentials in subsequent Amazon Web Services API calls to
-	// access resources in the account that owns the role. You cannot use session
-	// policies to grant more permissions than those allowed by the identity-based
-	// policy of the role that is being assumed. For more information, see Session
-	// Policies
+	// compresses the passed inline session policy, managed policy ARNs, and session
+	// tags into a packed binary format that has a separate limit. Your request can
+	// fail for this limit even if your plaintext meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit. Passing policies to this
+	// operation returns new temporary credentials. The resulting session's permissions
+	// are the intersection of the role's identity-based policy and the session
+	// policies. You can use the role's temporary credentials in subsequent Amazon Web
+	// Services API calls to access resources in the account that owns the role. You
+	// cannot use session policies to grant more permissions than those allowed by the
+	// identity-based policy of the role that is being assumed. For more information,
+	// see Session Policies
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	PolicyArns []types.PolicyDescriptorType

vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go

@@ -43,28 +43,29 @@ import (
 // Temporary credentials obtained by using the Amazon Web Services account root
 // user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions
 // You can use the temporary credentials created by GetFederationToken in any
-// Amazon Web Services service except the following:
+// Amazon Web Services service with the following exceptions:
 //
-// * You cannot call any IAM
-// operations using the CLI or the Amazon Web Services API.
+// * You cannot call
+// any IAM operations using the CLI or the Amazon Web Services API. This limitation
+// does not apply to console sessions.
 //
-// * You cannot call any
-// STS operations except GetCallerIdentity.
+// * You cannot call any STS operations except
+// GetCallerIdentity.
 //
-// You must pass an inline or managed
-// session policy
+// You can use temporary credentials for single sign-on (SSO)
+// to the console. You must pass an inline or managed session policy
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
-// inline session policy. You can also specify up to 10 managed policies to use as
-// managed session policies. The plaintext that you use for both inline and managed
-// session policies can't exceed 2,048 characters. Though the session policy
-// parameters are optional, if you do not pass a policy, then the resulting
-// federated user session has no permissions. When you pass session policies, the
-// session permissions are the intersection of the IAM user policies and the
-// session policies that you pass. This gives you a way to further restrict the
-// permissions for a federated user. You cannot use session policies to grant more
-// permissions than those that are defined in the permissions policy of the IAM
-// user. For more information, see Session Policies
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that you
+// use for both inline and managed session policies can't exceed 2,048 characters.
+// Though the session policy parameters are optional, if you do not pass a policy,
+// then the resulting federated user session has no permissions. When you pass
+// session policies, the session permissions are the intersection of the IAM user
+// policies and the session policies that you pass. This gives you a way to further
+// restrict the permissions for a federated user. You cannot use session policies
+// to grant more permissions than those that are defined in the permissions policy
+// of the IAM user. For more information, see Session Policies
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide. For information about using GetFederationToken to create
 // temporary security credentials, see GetFederationToken—Federation Through a
@@ -135,15 +136,15 @@ type GetFederationTokenInput struct {
 	// You must pass an inline or managed session policy
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// to this operation. You can pass a single JSON policy document to use as an
-	// inline session policy. You can also specify up to 10 managed policies to use as
-	// managed session policies. This parameter is optional. However, if you do not
-	// pass any session policies, then the resulting federated user session has no
-	// permissions. When you pass session policies, the session permissions are the
-	// intersection of the IAM user policies and the session policies that you pass.
-	// This gives you a way to further restrict the permissions for a federated user.
-	// You cannot use session policies to grant more permissions than those that are
-	// defined in the permissions policy of the IAM user. For more information, see
-	// Session Policies
+	// inline session policy. You can also specify up to 10 managed policy Amazon
+	// Resource Names (ARNs) to use as managed session policies. This parameter is
+	// optional. However, if you do not pass any session policies, then the resulting
+	// federated user session has no permissions. When you pass session policies, the
+	// session permissions are the intersection of the IAM user policies and the
+	// session policies that you pass. This gives you a way to further restrict the
+	// permissions for a federated user. You cannot use session policies to grant more
+	// permissions than those that are defined in the permissions policy of the IAM
+	// user. For more information, see Session Policies
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide. The resulting credentials can be used to access a
 	// resource that has a resource-based policy. If that policy specifically
@@ -155,11 +156,11 @@ type GetFederationTokenInput struct {
 	// from the space character to the end of the valid character list (\u0020 through
 	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
 	// return (\u000D) characters. An Amazon Web Services conversion compresses the
-	// passed session policies and session tags into a packed binary format that has a
-	// separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates by
-	// percentage how close the policies and tags for your request are to the upper
-	// size limit.
+	// passed inline session policy, managed policy ARNs, and session tags into a
+	// packed binary format that has a separate limit. Your request can fail for this
+	// limit even if your plaintext meets the other requirements. The PackedPolicySize
+	// response element indicates by percentage how close the policies and tags for
+	// your request are to the upper size limit.
 	Policy *string
 
 	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@@ -168,11 +169,11 @@ type GetFederationTokenInput struct {
 	// managed session policy
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// to this operation. You can pass a single JSON policy document to use as an
-	// inline session policy. You can also specify up to 10 managed policies to use as
-	// managed session policies. The plaintext that you use for both inline and managed
-	// session policies can't exceed 2,048 characters. You can provide up to 10 managed
-	// policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs)
-	// and Amazon Web Services Service Namespaces
+	// inline session policy. You can also specify up to 10 managed policy Amazon
+	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
+	// use for both inline and managed session policies can't exceed 2,048 characters.
+	// You can provide up to 10 managed policy ARNs. For more information about ARNs,
+	// see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
 	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
 	// the Amazon Web Services General Reference. This parameter is optional. However,
 	// if you do not pass any session policies, then the resulting federated user
@@ -188,11 +189,12 @@ type GetFederationTokenInput struct {
 	// references the federated user session in the Principal element of the policy,
 	// the session has the permissions allowed by the policy. These permissions are
 	// granted in addition to the permissions that are granted by the session policies.
-	// An Amazon Web Services conversion compresses the passed session policies and
-	// session tags into a packed binary format that has a separate limit. Your request
-	// can fail for this limit even if your plaintext meets the other requirements. The
-	// PackedPolicySize response element indicates by percentage how close the policies
-	// and tags for your request are to the upper size limit.
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has a
+	// separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates by
+	// percentage how close the policies and tags for your request are to the upper
+	// size limit.
 	PolicyArns []types.PolicyDescriptorType
 
 	// A list of session tags. Each session tag consists of a key name and an
@@ -205,15 +207,15 @@ type GetFederationTokenInput struct {
 	// Character Limits
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 	// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
-	// session policies and session tags into a packed binary format that has a
-	// separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates by
-	// percentage how close the policies and tags for your request are to the upper
-	// size limit. You can pass a session tag with the same key as a tag that is
-	// already attached to the user you are federating. When you do, session tags
-	// override a user tag with the same key. Tag key–value pairs are not case
-	// sensitive, but case is preserved. This means that you cannot have separate
-	// Department and department tag keys. Assume that the role has the
+	// inline session policy, managed policy ARNs, and session tags into a packed
+	// binary format that has a separate limit. Your request can fail for this limit
+	// even if your plaintext meets the other requirements. The PackedPolicySize
+	// response element indicates by percentage how close the policies and tags for
+	// your request are to the upper size limit. You can pass a session tag with the
+	// same key as a tag that is already attached to the user you are federating. When
+	// you do, session tags override a user tag with the same key. Tag key–value pairs
+	// are not case sensitive, but case is preserved. This means that you cannot have
+	// separate Department and department tag keys. Assume that the role has the
 	// Department=Marketing tag and you pass the department=engineering session tag.
 	// Department and department are not saved as separate tags, and the session tag
 	// passed in the request takes precedence over the role tag.

vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go

@@ -3,4 +3,4 @@
 package sts
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.16.16"
+const goModuleVersion = "1.18.6"

vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go

@@ -153,6 +153,9 @@ var defaultPartitions = endpoints.Partitions{
 			endpoints.EndpointKey{
 				Region: "ap-south-1",
 			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region: "ap-south-2",
+			}: endpoints.Endpoint{},
 			endpoints.EndpointKey{
 				Region: "ap-southeast-1",
 			}: endpoints.Endpoint{},
@@ -162,6 +165,9 @@ var defaultPartitions = endpoints.Partitions{
 			endpoints.EndpointKey{
 				Region: "ap-southeast-3",
 			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region: "ap-southeast-4",
+			}: endpoints.Endpoint{},
 			endpoints.EndpointKey{
 				Region: "aws-global",
 			}: endpoints.Endpoint{
@@ -176,12 +182,18 @@ var defaultPartitions = endpoints.Partitions{
 			endpoints.EndpointKey{
 				Region: "eu-central-1",
 			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region: "eu-central-2",
+			}: endpoints.Endpoint{},
 			endpoints.EndpointKey{
 				Region: "eu-north-1",
 			}: endpoints.Endpoint{},
 			endpoints.EndpointKey{
 				Region: "eu-south-1",
 			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region: "eu-south-2",
+			}: endpoints.Endpoint{},
 			endpoints.EndpointKey{
 				Region: "eu-west-1",
 			}: endpoints.Endpoint{},

vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go

@@ -523,9 +523,6 @@ func (m *awsAwsquery_serializeOpGetSessionToken) HandleSerialize(ctx context.Con
 	return next.HandleSerialize(ctx, in)
 }
 func awsAwsquery_serializeDocumentPolicyDescriptorListType(v []types.PolicyDescriptorType, value query.Value) error {
-	if len(v) == 0 {
-		return nil
-	}
 	array := value.Array("member")
 
 	for i := range v {
@@ -567,9 +564,6 @@ func awsAwsquery_serializeDocumentTag(v *types.Tag, value query.Value) error {
 }
 
 func awsAwsquery_serializeDocumentTagKeyListType(v []string, value query.Value) error {
-	if len(v) == 0 {
-		return nil
-	}
 	array := value.Array("member")
 
 	for i := range v {
@@ -580,9 +574,6 @@ func awsAwsquery_serializeDocumentTagKeyListType(v []string, value query.Value)
 }
 
 func awsAwsquery_serializeDocumentTagListType(v []types.Tag, value query.Value) error {
-	if len(v) == 0 {
-		return nil
-	}
 	array := value.Array("member")
 
 	for i := range v {

vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go

@@ -12,6 +12,8 @@ import (
 type ExpiredTokenException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -24,7 +26,12 @@ func (e *ExpiredTokenException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ExpiredTokenException) ErrorCode() string             { return "ExpiredTokenException" }
+func (e *ExpiredTokenException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ExpiredTokenException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ExpiredTokenException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The request could not be fulfilled because the identity provider (IDP) that was
@@ -35,6 +42,8 @@ func (e *ExpiredTokenException) ErrorFault() smithy.ErrorFault { return smithy.F
 type IDPCommunicationErrorException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -47,7 +56,12 @@ func (e *IDPCommunicationErrorException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *IDPCommunicationErrorException) ErrorCode() string             { return "IDPCommunicationError" }
+func (e *IDPCommunicationErrorException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "IDPCommunicationError"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *IDPCommunicationErrorException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The identity provider (IdP) reported that authentication failed. This might be
@@ -57,6 +71,8 @@ func (e *IDPCommunicationErrorException) ErrorFault() smithy.ErrorFault { return
 type IDPRejectedClaimException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -69,7 +85,12 @@ func (e *IDPRejectedClaimException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *IDPRejectedClaimException) ErrorCode() string             { return "IDPRejectedClaim" }
+func (e *IDPRejectedClaimException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "IDPRejectedClaim"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *IDPRejectedClaimException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The error returned if the message passed to DecodeAuthorizationMessage was
@@ -78,6 +99,8 @@ func (e *IDPRejectedClaimException) ErrorFault() smithy.ErrorFault { return smit
 type InvalidAuthorizationMessageException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -91,7 +114,10 @@ func (e *InvalidAuthorizationMessageException) ErrorMessage() string {
 	return *e.Message
 }
 func (e *InvalidAuthorizationMessageException) ErrorCode() string {
-	return "InvalidAuthorizationMessageException"
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidAuthorizationMessageException"
+	}
+	return *e.ErrorCodeOverride
 }
 func (e *InvalidAuthorizationMessageException) ErrorFault() smithy.ErrorFault {
 	return smithy.FaultClient
@@ -103,6 +129,8 @@ func (e *InvalidAuthorizationMessageException) ErrorFault() smithy.ErrorFault {
 type InvalidIdentityTokenException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -115,7 +143,12 @@ func (e *InvalidIdentityTokenException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidIdentityTokenException) ErrorCode() string             { return "InvalidIdentityToken" }
+func (e *InvalidIdentityTokenException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidIdentityToken"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidIdentityTokenException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The request was rejected because the policy document was malformed. The error
@@ -123,6 +156,8 @@ func (e *InvalidIdentityTokenException) ErrorFault() smithy.ErrorFault { return
 type MalformedPolicyDocumentException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -135,7 +170,12 @@ func (e *MalformedPolicyDocumentException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *MalformedPolicyDocumentException) ErrorCode() string             { return "MalformedPolicyDocument" }
+func (e *MalformedPolicyDocumentException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "MalformedPolicyDocument"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The request was rejected because the total packed size of the session policies
@@ -153,6 +193,8 @@ func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault { retu
 type PackedPolicyTooLargeException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -165,7 +207,12 @@ func (e *PackedPolicyTooLargeException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *PackedPolicyTooLargeException) ErrorCode() string             { return "PackedPolicyTooLarge" }
+func (e *PackedPolicyTooLargeException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "PackedPolicyTooLarge"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // STS is not activated in the requested region for the account that is being asked
@@ -177,6 +224,8 @@ func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return
 type RegionDisabledException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -189,5 +238,10 @@ func (e *RegionDisabledException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *RegionDisabledException) ErrorCode() string             { return "RegionDisabledException" }
+func (e *RegionDisabledException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "RegionDisabledException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *RegionDisabledException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }

vendor/modules.txt

@@ -100,13 +100,14 @@ github.com/aws/aws-sdk-go-v2/aws/transport/http
 github.com/aws/aws-sdk-go-v2/internal/rand
 github.com/aws/aws-sdk-go-v2/internal/sdk
 github.com/aws/aws-sdk-go-v2/internal/sdkio
+github.com/aws/aws-sdk-go-v2/internal/shareddefaults
 github.com/aws/aws-sdk-go-v2/internal/strings
 github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
 github.com/aws/aws-sdk-go-v2/internal/timeconv
 # github.com/aws/aws-sdk-go-v2/config v1.17.4
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/config
-# github.com/aws/aws-sdk-go-v2/credentials v1.12.17
+# github.com/aws/aws-sdk-go-v2/credentials v1.13.16
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/credentials
 github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds
@@ -115,14 +116,14 @@ github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client
 github.com/aws/aws-sdk-go-v2/credentials/processcreds
 github.com/aws/aws-sdk-go-v2/credentials/ssocreds
 github.com/aws/aws-sdk-go-v2/credentials/stscreds
-# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.14
+# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.24
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config
-# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.20
+# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/configsources
-# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.14
+# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
 # github.com/aws/aws-sdk-go-v2/internal/ini v1.3.21
@@ -133,20 +134,20 @@ github.com/aws/aws-sdk-go-v2/internal/ini
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types
-# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.14
+# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
-# github.com/aws/aws-sdk-go-v2/service/sso v1.11.20
+# github.com/aws/aws-sdk-go-v2/service/sso v1.12.5
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sso
 github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sso/types
-# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.2
+# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ssooidc
 github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ssooidc/types
-# github.com/aws/aws-sdk-go-v2/service/sts v1.16.16
+# github.com/aws/aws-sdk-go-v2/service/sts v1.18.6
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sts
 github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints