chore(deps): bump github.com/aws/aws-sdk-go from 1.44.24 to 1.44.253 (#2490)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.24 to 1.44.253.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.24...v1.44.253)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

go.mod

@@ -5,7 +5,7 @@ go 1.17
 require (
 	cloud.google.com/go/storage v1.29.0
 	github.com/Azure/azure-storage-blob-go v0.14.0
-	github.com/aws/aws-sdk-go v1.44.24
+	github.com/aws/aws-sdk-go v1.44.253
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
 	github.com/containerd/cgroups v1.1.0 // indirect

go.sum

@@ -766,8 +766,8 @@ github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN
 github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go v1.44.24 h1:3nOkwJBJLiGBmJKWp3z0utyXuBkxyGkRRwWjrTItJaY=
+github.com/aws/aws-sdk-go v1.44.253 h1:iqDd0okcH4ShfFexz2zzf4VmeDFf6NOMm07pHnEb8iY=
-github.com/aws/aws-sdk-go v1.44.24/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.253/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go-v2 v1.7.1/go.mod h1:L5LuPC1ZgDr2xQS7AmIec/Jlc7O/Y1u2KxJyNVab250=
 github.com/aws/aws-sdk-go-v2 v1.14.0/go.mod h1:ZA3Y8V0LrlWj63MQAnRHgKf/5QB//LSZCPNWlWrNGLU=
 github.com/aws/aws-sdk-go-v2 v1.16.3 h1:0W1TSJ7O6OzwuEvIXAtJGvOeQ0SGAhcpxPN2/NK5EhM=

vendor/github.com/aws/aws-sdk-go/aws/config.go

@@ -20,16 +20,16 @@ type RequestRetryer interface{}
 // A Config provides service configuration for service clients. By default,
 // all clients will use the defaults.DefaultConfig structure.
 //
-//     // Create Session with MaxRetries configuration to be shared by multiple
+//	// Create Session with MaxRetries configuration to be shared by multiple
-//     // service clients.
+//	// service clients.
-//     sess := session.Must(session.NewSession(&aws.Config{
+//	sess := session.Must(session.NewSession(&aws.Config{
-//         MaxRetries: aws.Int(3),
+//	    MaxRetries: aws.Int(3),
-//     }))
+//	}))
 //
-//     // Create S3 service client with a specific Region.
+//	// Create S3 service client with a specific Region.
-//     svc := s3.New(sess, &aws.Config{
+//	svc := s3.New(sess, &aws.Config{
-//         Region: aws.String("us-west-2"),
+//	    Region: aws.String("us-west-2"),
-//     })
+//	})
 type Config struct {
 	// Enables verbose error printing of all credential chain errors.
 	// Should be used when wanting to see all errors while attempting to
@@ -192,6 +192,23 @@ type Config struct {
 	//
 	EC2MetadataDisableTimeoutOverride *bool
 
+	// Set this to `false` to disable EC2Metadata client from falling back to IMDSv1.
+	// By default, EC2 role credentials will fall back to IMDSv1 as needed for backwards compatibility.
+	// You can disable this behavior by explicitly setting this flag to `false`. When false, the EC2Metadata
+	// client will return any errors encountered from attempting to fetch a token instead of silently
+	// using the insecure data flow of IMDSv1.
+	//
+	// Example:
+	//    sess := session.Must(session.NewSession(aws.NewConfig()
+	//       .WithEC2MetadataEnableFallback(false)))
+	//
+	//    svc := s3.New(sess)
+	//
+	// See [configuring IMDS] for more information.
+	//
+	// [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
+	EC2MetadataEnableFallback *bool
+
 	// Instructs the endpoint to be generated for a service client to
 	// be the dual stack endpoint. The dual stack endpoint will support
 	// both IPv4 and IPv6 addressing.
@@ -283,16 +300,16 @@ type Config struct {
 // NewConfig returns a new Config pointer that can be chained with builder
 // methods to set multiple configuration values inline without using pointers.
 //
-//     // Create Session with MaxRetries configuration to be shared by multiple
+//	// Create Session with MaxRetries configuration to be shared by multiple
-//     // service clients.
+//	// service clients.
-//     sess := session.Must(session.NewSession(aws.NewConfig().
+//	sess := session.Must(session.NewSession(aws.NewConfig().
-//         WithMaxRetries(3),
+//	    WithMaxRetries(3),
-//     ))
+//	))
 //
-//     // Create S3 service client with a specific Region.
+//	// Create S3 service client with a specific Region.
-//     svc := s3.New(sess, aws.NewConfig().
+//	svc := s3.New(sess, aws.NewConfig().
-//         WithRegion("us-west-2"),
+//	    WithRegion("us-west-2"),
-//     )
+//	)
 func NewConfig() *Config {
 	return &Config{}
 }
@@ -432,6 +449,13 @@ func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config {
 	return c
 }
 
+// WithEC2MetadataEnableFallback sets a config EC2MetadataEnableFallback value
+// returning a Config pointer for chaining.
+func (c *Config) WithEC2MetadataEnableFallback(v bool) *Config {
+	c.EC2MetadataEnableFallback = &v
+	return c
+}
+
 // WithSleepDelay overrides the function used to sleep while waiting for the
 // next retry. Defaults to time.Sleep.
 func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config {
@@ -576,6 +600,10 @@ func mergeInConfig(dst *Config, other *Config) {
 		dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride
 	}
 
+	if other.EC2MetadataEnableFallback != nil {
+		dst.EC2MetadataEnableFallback = other.EC2MetadataEnableFallback
+	}
+
 	if other.SleepDelay != nil {
 		dst.SleepDelay = other.SleepDelay
 	}

vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go

@@ -226,12 +226,24 @@ func NewCredentialsCommand(command *exec.Cmd, options ...func(*ProcessProvider))
 	return credentials.NewCredentials(p)
 }
 
-type credentialProcessResponse struct {
+// A CredentialProcessResponse is the AWS credentials format that must be
-	Version         int
+// returned when executing an external credential_process.
-	AccessKeyID     string `json:"AccessKeyId"`
+type CredentialProcessResponse struct {
+	// As of this writing, the Version key must be set to 1. This might
+	// increment over time as the structure evolves.
+	Version int
+
+	// The access key ID that identifies the temporary security credentials.
+	AccessKeyID string `json:"AccessKeyId"`
+
+	// The secret access key that can be used to sign requests.
 	SecretAccessKey string
-	SessionToken    string
+
-	Expiration      *time.Time
+	// The token that users must pass to the service API to use the temporary credentials.
+	SessionToken string
+
+	// The date on which the current credentials expire.
+	Expiration *time.Time
 }
 
 // Retrieve executes the 'credential_process' and returns the credentials.
@@ -242,7 +254,7 @@ func (p *ProcessProvider) Retrieve() (credentials.Value, error) {
 	}
 
 	// Serialize and validate response
-	resp := &credentialProcessResponse{}
+	resp := &CredentialProcessResponse{}
 	if err = json.Unmarshal(out, resp); err != nil {
 		return credentials.Value{ProviderName: ProviderName}, awserr.New(
 			ErrCodeProcessProviderParse,

vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go

@@ -57,13 +57,13 @@ type EC2Metadata struct {
 // New creates a new instance of the EC2Metadata client with a session.
 // This client is safe to use across multiple goroutines.
 //
-//
 // Example:
-//     // Create a EC2Metadata client from just a session.
-//     svc := ec2metadata.New(mySession)
 //
-//     // Create a EC2Metadata client with additional configuration
+//	// Create a EC2Metadata client from just a session.
-//     svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody))
+//	svc := ec2metadata.New(mySession)
+//
+//	// Create a EC2Metadata client with additional configuration
+//	svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2Metadata {
 	c := p.ClientConfig(ServiceName, cfgs...)
 	return NewClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)

vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go

@@ -1,6 +1,7 @@
 package ec2metadata
 
 import (
+	"fmt"
 	"net/http"
 	"sync/atomic"
 	"time"
@@ -33,11 +34,15 @@ func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider {
 	return &tokenProvider{client: c, configuredTTL: duration}
 }
 
+// check if fallback is enabled
+func (t *tokenProvider) fallbackEnabled() bool {
+	return t.client.Config.EC2MetadataEnableFallback == nil || *t.client.Config.EC2MetadataEnableFallback
+}
+
 // fetchTokenHandler fetches token for EC2Metadata service client by default.
 func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
-
 	// short-circuits to insecure data flow if tokenProvider is disabled.
-	if v := atomic.LoadUint32(&t.disabled); v == 1 {
+	if v := atomic.LoadUint32(&t.disabled); v == 1 && t.fallbackEnabled() {
 		return
 	}
 
@@ -49,23 +54,21 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
 	output, err := t.client.getToken(r.Context(), t.configuredTTL)
 
 	if err != nil {
+		// only attempt fallback to insecure data flow if IMDSv1 is enabled
+		if !t.fallbackEnabled() {
+			r.Error = awserr.New("EC2MetadataError", "failed to get IMDSv2 token and fallback to IMDSv1 is disabled", err)
+			return
+		}
 
-		// change the disabled flag on token provider to true,
+		// change the disabled flag on token provider to true and fallback
-		// when error is request timeout error.
 		if requestFailureError, ok := err.(awserr.RequestFailure); ok {
 			switch requestFailureError.StatusCode() {
 			case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
 				atomic.StoreUint32(&t.disabled, 1)
+				t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
 			case http.StatusBadRequest:
 				r.Error = requestFailureError
 			}
-
-			// Check if request timed out while waiting for response
-			if e, ok := requestFailureError.OrigErr().(awserr.Error); ok {
-				if e.Code() == request.ErrCodeRequestError {
-					atomic.StoreUint32(&t.disabled, 1)
-				}
-			}
 		}
 		return
 	}

vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go

@@ -31,12 +31,12 @@ func (d *DecodeModelOptions) Set(optFns ...func(*DecodeModelOptions)) {
 // allow you to get a list of the partitions in the order the endpoints
 // will be resolved in.
 //
-//    resolver, err := endpoints.DecodeModel(reader)
+//	resolver, err := endpoints.DecodeModel(reader)
 //
-//    partitions := resolver.(endpoints.EnumPartitions).Partitions()
+//	partitions := resolver.(endpoints.EnumPartitions).Partitions()
-//    for _, p := range partitions {
+//	for _, p := range partitions {
-//        // ... inspect partitions
+//	    // ... inspect partitions
-//    }
+//	}
 func DecodeModel(r io.Reader, optFns ...func(*DecodeModelOptions)) (Resolver, error) {
 	var opts DecodeModelOptions
 	opts.Set(optFns...)

vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go

@@ -9,7 +9,7 @@
 // AWS GovCloud (US) (aws-us-gov).
 // .
 //
-// Enumerating Regions and Endpoint Metadata
+// # Enumerating Regions and Endpoint Metadata
 //
 // Casting the Resolver returned by DefaultResolver to a EnumPartitions interface
 // will allow you to get access to the list of underlying Partitions with the
@@ -17,22 +17,22 @@
 // resolving to a single partition, or enumerate regions, services, and endpoints
 // in the partition.
 //
-//     resolver := endpoints.DefaultResolver()
+//	resolver := endpoints.DefaultResolver()
-//     partitions := resolver.(endpoints.EnumPartitions).Partitions()
+//	partitions := resolver.(endpoints.EnumPartitions).Partitions()
 //
-//     for _, p := range partitions {
+//	for _, p := range partitions {
-//         fmt.Println("Regions for", p.ID())
+//	    fmt.Println("Regions for", p.ID())
-//         for id, _ := range p.Regions() {
+//	    for id, _ := range p.Regions() {
-//             fmt.Println("*", id)
+//	        fmt.Println("*", id)
-//         }
+//	    }
 //
-//         fmt.Println("Services for", p.ID())
+//	    fmt.Println("Services for", p.ID())
-//         for id, _ := range p.Services() {
+//	    for id, _ := range p.Services() {
-//             fmt.Println("*", id)
+//	        fmt.Println("*", id)
-//         }
+//	    }
-//     }
+//	}
 //
-// Using Custom Endpoints
+// # Using Custom Endpoints
 //
 // The endpoints package also gives you the ability to use your own logic how
 // endpoints are resolved. This is a great way to define a custom endpoint
@@ -47,20 +47,19 @@
 // of Resolver.EndpointFor, converting it to a type that satisfies the
 // Resolver interface.
 //
+//	myCustomResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) {
+//	    if service == endpoints.S3ServiceID {
+//	        return endpoints.ResolvedEndpoint{
+//	            URL:           "s3.custom.endpoint.com",
+//	            SigningRegion: "custom-signing-region",
+//	        }, nil
+//	    }
 //
-//     myCustomResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) {
+//	    return endpoints.DefaultResolver().EndpointFor(service, region, optFns...)
-//         if service == endpoints.S3ServiceID {
+//	}
-//             return endpoints.ResolvedEndpoint{
-//                 URL:           "s3.custom.endpoint.com",
-//                 SigningRegion: "custom-signing-region",
-//             }, nil
-//         }
 //
-//         return endpoints.DefaultResolver().EndpointFor(service, region, optFns...)
+//	sess := session.Must(session.NewSession(&aws.Config{
-//     }
+//	    Region:           aws.String("us-west-2"),
-//
+//	    EndpointResolver: endpoints.ResolverFunc(myCustomResolver),
-//     sess := session.Must(session.NewSession(&aws.Config{
+//	}))
-//         Region:           aws.String("us-west-2"),
-//         EndpointResolver: endpoints.ResolverFunc(myCustomResolver),
-//     }))
 package endpoints

vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go

@@ -353,10 +353,12 @@ type EnumPartitions interface {
 // as the second parameter.
 //
 // This example shows how  to get the regions for DynamoDB in the AWS partition.
-//    rs, exists := endpoints.RegionsForService(endpoints.DefaultPartitions(), endpoints.AwsPartitionID, endpoints.DynamodbServiceID)
+//
+//	rs, exists := endpoints.RegionsForService(endpoints.DefaultPartitions(), endpoints.AwsPartitionID, endpoints.DynamodbServiceID)
 //
 // This is equivalent to using the partition directly.
-//    rs := endpoints.AwsPartition().Services()[endpoints.DynamodbServiceID].Regions()
+//
+//	rs := endpoints.AwsPartition().Services()[endpoints.DynamodbServiceID].Regions()
 func RegionsForService(ps []Partition, partitionID, serviceID string) (map[string]Region, bool) {
 	for _, p := range ps {
 		if p.ID() != partitionID {
@@ -423,8 +425,8 @@ func (p Partition) ID() string { return p.id }
 // of new regions and services expansions.
 //
 // Errors that can be returned.
-//   * UnknownServiceError
+//   - UnknownServiceError
-//   * UnknownEndpointError
+//   - UnknownEndpointError
 func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
 	return p.p.EndpointFor(service, region, opts...)
 }

vendor/github.com/aws/aws-sdk-go/aws/session/session.go

@@ -174,7 +174,6 @@ const (
 
 // Options provides the means to control how a Session is created and what
 // configuration values will be loaded.
-//
 type Options struct {
 	// Provides config values for the SDK to use when creating service clients
 	// and making API requests to services. Any value set in with this field
@@ -224,7 +223,7 @@ type Options struct {
 	// from stdin for the MFA token code.
 	//
 	// This field is only used if the shared configuration is enabled, and
-	// the config enables assume role wit MFA via the mfa_serial field.
+	// the config enables assume role with MFA via the mfa_serial field.
 	AssumeRoleTokenProvider func() (string, error)
 
 	// When the SDK's shared config is configured to assume a role this option
@@ -322,24 +321,24 @@ type Options struct {
 // credentials file. Enabling the Shared Config will also allow the Session
 // to be built with retrieving credentials with AssumeRole set in the config.
 //
-//     // Equivalent to session.New
+//	// Equivalent to session.New
-//     sess := session.Must(session.NewSessionWithOptions(session.Options{}))
+//	sess := session.Must(session.NewSessionWithOptions(session.Options{}))
 //
-//     // Specify profile to load for the session's config
+//	// Specify profile to load for the session's config
-//     sess := session.Must(session.NewSessionWithOptions(session.Options{
+//	sess := session.Must(session.NewSessionWithOptions(session.Options{
-//          Profile: "profile_name",
+//	     Profile: "profile_name",
-//     }))
+//	}))
 //
-//     // Specify profile for config and region for requests
+//	// Specify profile for config and region for requests
-//     sess := session.Must(session.NewSessionWithOptions(session.Options{
+//	sess := session.Must(session.NewSessionWithOptions(session.Options{
-//          Config: aws.Config{Region: aws.String("us-east-1")},
+//	     Config: aws.Config{Region: aws.String("us-east-1")},
-//          Profile: "profile_name",
+//	     Profile: "profile_name",
-//     }))
+//	}))
 //
-//     // Force enable Shared Config support
+//	// Force enable Shared Config support
-//     sess := session.Must(session.NewSessionWithOptions(session.Options{
+//	sess := session.Must(session.NewSessionWithOptions(session.Options{
-//         SharedConfigState: session.SharedConfigEnable,
+//	    SharedConfigState: session.SharedConfigEnable,
-//     }))
+//	}))
 func NewSessionWithOptions(opts Options) (*Session, error) {
 	var envCfg envConfig
 	var err error
@@ -375,7 +374,7 @@ func NewSessionWithOptions(opts Options) (*Session, error) {
 // This helper is intended to be used in variable initialization to load the
 // Session and configuration at startup. Such as:
 //
-//     var sess = session.Must(session.NewSession())
+//	var sess = session.Must(session.NewSession())
 func Must(sess *Session, err error) *Session {
 	if err != nil {
 		panic(err)
@@ -780,16 +779,6 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
 		cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
 	}
 
-	// Configure credentials if not already set by the user when creating the
-	// Session.
-	if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
-		creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts)
-		if err != nil {
-			return err
-		}
-		cfg.Credentials = creds
-	}
-
 	cfg.S3UseARNRegion = userCfg.S3UseARNRegion
 	if cfg.S3UseARNRegion == nil {
 		cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
@@ -812,6 +801,17 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
 		}
 	}
 
+	// Configure credentials if not already set by the user when creating the Session.
+	// Credentials are resolved last such that all _resolved_ config values are propagated to credential providers.
+	// ticket: P83606045
+	if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
+		creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts)
+		if err != nil {
+			return err
+		}
+		cfg.Credentials = creds
+	}
+
 	return nil
 }
 
@@ -845,8 +845,8 @@ func initHandlers(s *Session) {
 // and handlers. If any additional configs are provided they will be merged
 // on top of the Session's copied config.
 //
-//     // Create a copy of the current Session, configured for the us-west-2 region.
+//	// Create a copy of the current Session, configured for the us-west-2 region.
-//     sess.Copy(&aws.Config{Region: aws.String("us-west-2")})
+//	sess.Copy(&aws.Config{Region: aws.String("us-west-2")})
 func (s *Session) Copy(cfgs ...*aws.Config) *Session {
 	newSession := &Session{
 		Config:   s.Config.Copy(cfgs...),

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.44.24"
+const SDKVersion = "1.44.253"

vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go

@@ -1,9 +1,8 @@
 package shareddefaults
 
 import (
-	"os"
+	"os/user"
 	"path/filepath"
-	"runtime"
 )
 
 // SharedCredentialsFilename returns the SDK's default file path
@@ -31,10 +30,17 @@ func SharedConfigFilename() string {
 // UserHomeDir returns the home directory for the user the process is
 // running under.
 func UserHomeDir() string {
-	if runtime.GOOS == "windows" { // Windows
+	var home string
-		return os.Getenv("USERPROFILE")
+
+	home = userHomeDir()
+	if len(home) > 0 {
+		return home
 	}
 
-	// *nix
+	currUser, _ := user.Current()
-	return os.Getenv("HOME")
+	if currUser != nil {
+		home = currUser.HomeDir
+	}
+
+	return home
 }

vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go

@@ -0,0 +1,18 @@
+//go:build !go1.12
+// +build !go1.12
+
+package shareddefaults
+
+import (
+	"os"
+	"runtime"
+)
+
+func userHomeDir() string {
+	if runtime.GOOS == "windows" { // Windows
+		return os.Getenv("USERPROFILE")
+	}
+
+	// *nix
+	return os.Getenv("HOME")
+}

vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go

@@ -0,0 +1,13 @@
+//go:build go1.12
+// +build go1.12
+
+package shareddefaults
+
+import (
+	"os"
+)
+
+func userHomeDir() string {
+	home, _ := os.UserHomeDir()
+	return home
+}

vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go

@@ -4,7 +4,6 @@ package jsonutil
 import (
 	"bytes"
 	"encoding/base64"
-	"encoding/json"
 	"fmt"
 	"math"
 	"reflect"
@@ -16,6 +15,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
+const (
+	floatNaN    = "NaN"
+	floatInf    = "Infinity"
+	floatNegInf = "-Infinity"
+)
+
 var timeType = reflect.ValueOf(time.Time{}).Type()
 var byteSliceType = reflect.ValueOf([]byte{}).Type()
 
@@ -211,10 +216,16 @@ func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) erro
 		buf.Write(strconv.AppendInt(scratch[:0], value.Int(), 10))
 	case reflect.Float64:
 		f := value.Float()
-		if math.IsInf(f, 0) || math.IsNaN(f) {
+		switch {
-			return &json.UnsupportedValueError{Value: v, Str: strconv.FormatFloat(f, 'f', -1, 64)}
+		case math.IsNaN(f):
+			writeString(floatNaN, buf)
+		case math.IsInf(f, 1):
+			writeString(floatInf, buf)
+		case math.IsInf(f, -1):
+			writeString(floatNegInf, buf)
+		default:
+			buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64))
 		}
-		buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64))
 	default:
 		switch converted := value.Interface().(type) {
 		case time.Time:

vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go

@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"math"
 	"math/big"
 	"reflect"
 	"strings"
@@ -258,6 +259,18 @@ func (u unmarshaler) unmarshalScalar(value reflect.Value, data interface{}, tag
 				return err
 			}
 			value.Set(reflect.ValueOf(v))
+		case *float64:
+			// These are regular strings when parsed by encoding/json's unmarshaler.
+			switch {
+			case strings.EqualFold(d, floatNaN):
+				value.Set(reflect.ValueOf(aws.Float64(math.NaN())))
+			case strings.EqualFold(d, floatInf):
+				value.Set(reflect.ValueOf(aws.Float64(math.Inf(1))))
+			case strings.EqualFold(d, floatNegInf):
+				value.Set(reflect.ValueOf(aws.Float64(math.Inf(-1))))
+			default:
+				return fmt.Errorf("unknown JSON number value: %s", d)
+			}
 		default:
 			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
 		}

vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go

@@ -13,17 +13,46 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
 )
 
+const (
+	awsQueryError = "x-amzn-query-error"
+	// A valid header example - "x-amzn-query-error": "<QueryErrorCode>;<ErrorType>"
+	awsQueryErrorPartsCount = 2
+)
+
 // UnmarshalTypedError provides unmarshaling errors API response errors
 // for both typed and untyped errors.
 type UnmarshalTypedError struct {
-	exceptions map[string]func(protocol.ResponseMetadata) error
+	exceptions      map[string]func(protocol.ResponseMetadata) error
+	queryExceptions map[string]func(protocol.ResponseMetadata, string) error
 }
 
 // NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
 // set of exception names to the error unmarshalers
 func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
 	return &UnmarshalTypedError{
-		exceptions: exceptions,
+		exceptions:      exceptions,
+		queryExceptions: map[string]func(protocol.ResponseMetadata, string) error{},
+	}
+}
+
+// NewUnmarshalTypedErrorWithOptions works similar to NewUnmarshalTypedError applying options to the UnmarshalTypedError
+// before returning it
+func NewUnmarshalTypedErrorWithOptions(exceptions map[string]func(protocol.ResponseMetadata) error, optFns ...func(*UnmarshalTypedError)) *UnmarshalTypedError {
+	unmarshaledError := NewUnmarshalTypedError(exceptions)
+	for _, fn := range optFns {
+		fn(unmarshaledError)
+	}
+	return unmarshaledError
+}
+
+// WithQueryCompatibility is a helper function to construct a functional option for use with NewUnmarshalTypedErrorWithOptions.
+// The queryExceptions given act as an override for unmarshalling errors when query compatible error codes are found.
+// See also [awsQueryCompatible trait]
+//
+// [awsQueryCompatible trait]: https://smithy.io/2.0/aws/protocols/aws-query-protocol.html#aws-protocols-awsquerycompatible-trait
+func WithQueryCompatibility(queryExceptions map[string]func(protocol.ResponseMetadata, string) error) func(*UnmarshalTypedError) {
+	return func(typedError *UnmarshalTypedError) {
+		typedError.queryExceptions = queryExceptions
 	}
 }
 
@@ -50,18 +79,32 @@ func (u *UnmarshalTypedError) UnmarshalError(
 	code := codeParts[len(codeParts)-1]
 	msg := jsonErr.Message
 
+	queryCodeParts := queryCodeParts(resp, u)
+
 	if fn, ok := u.exceptions[code]; ok {
-		// If exception code is know, use associated constructor to get a value
+		// If query-compatible exceptions are found and query-error-header is found,
+		// then use associated constructor to get exception with query error code.
+		//
+		// If exception code is known, use associated constructor to get a value
 		// for the exception that the JSON body can be unmarshaled into.
-		v := fn(respMeta)
+		var v error
+		queryErrFn, queryExceptionsFound := u.queryExceptions[code]
+		if len(queryCodeParts) == awsQueryErrorPartsCount && queryExceptionsFound {
+			v = queryErrFn(respMeta, queryCodeParts[0])
+		} else {
+			v = fn(respMeta)
+		}
 		err := jsonutil.UnmarshalJSONCaseInsensitive(v, body)
 		if err != nil {
 			return nil, err
 		}
-
 		return v, nil
 	}
 
+	if len(queryCodeParts) == awsQueryErrorPartsCount && len(u.queryExceptions) > 0 {
+		code = queryCodeParts[0]
+	}
+
 	// fallback to unmodeled generic exceptions
 	return awserr.NewRequestFailure(
 		awserr.New(code, msg, nil),
@@ -70,6 +113,16 @@ func (u *UnmarshalTypedError) UnmarshalError(
 	), nil
 }
 
+// A valid header example - "x-amzn-query-error": "<QueryErrorCode>;<ErrorType>"
+func queryCodeParts(resp *http.Response, u *UnmarshalTypedError) []string {
+	queryCodeHeader := resp.Header.Get(awsQueryError)
+	var queryCodeParts []string
+	if queryCodeHeader != "" && len(u.queryExceptions) > 0 {
+		queryCodeParts = strings.Split(queryCodeHeader, ";")
+	}
+	return queryCodeParts
+}
+
 // UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc
 // protocol request errors
 var UnmarshalErrorHandler = request.NamedHandler{

vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go

@@ -3,6 +3,7 @@ package queryutil
 import (
 	"encoding/base64"
 	"fmt"
+	"math"
 	"net/url"
 	"reflect"
 	"sort"
@@ -13,6 +14,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
+const (
+	floatNaN    = "NaN"
+	floatInf    = "Infinity"
+	floatNegInf = "-Infinity"
+)
+
 // Parse parses an object i and fills a url.Values object. The isEC2 flag
 // indicates if this is the EC2 Query sub-protocol.
 func Parse(body url.Values, i interface{}, isEC2 bool) error {
@@ -228,9 +235,32 @@ func (q *queryParser) parseScalar(v url.Values, r reflect.Value, name string, ta
 	case int:
 		v.Set(name, strconv.Itoa(value))
 	case float64:
-		v.Set(name, strconv.FormatFloat(value, 'f', -1, 64))
+		var str string
+		switch {
+		case math.IsNaN(value):
+			str = floatNaN
+		case math.IsInf(value, 1):
+			str = floatInf
+		case math.IsInf(value, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(value, 'f', -1, 64)
+		}
+		v.Set(name, str)
 	case float32:
-		v.Set(name, strconv.FormatFloat(float64(value), 'f', -1, 32))
+		asFloat64 := float64(value)
+		var str string
+		switch {
+		case math.IsNaN(asFloat64):
+			str = floatNaN
+		case math.IsInf(asFloat64, 1):
+			str = floatInf
+		case math.IsInf(asFloat64, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(asFloat64, 'f', -1, 32)
+		}
+		v.Set(name, str)
 	case time.Time:
 		const ISO8601UTC = "2006-01-02T15:04:05Z"
 		format := tag.Get("timestampFormat")

vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go

@@ -3,6 +3,7 @@ package query
 import (
 	"encoding/xml"
 	"fmt"
+	"strings"
 
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
@@ -62,7 +63,7 @@ func UnmarshalError(r *request.Request) {
 	}
 
 	r.Error = awserr.NewRequestFailure(
-		awserr.New(respErr.Code, respErr.Message, nil),
+		awserr.New(strings.TrimSpace(respErr.Code), strings.TrimSpace(respErr.Message), nil),
 		r.HTTPResponse.StatusCode,
 		reqID,
 	)

vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go

@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"io"
+	"math"
 	"net/http"
 	"net/url"
 	"path"
@@ -20,6 +21,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
+const (
+	floatNaN    = "NaN"
+	floatInf    = "Infinity"
+	floatNegInf = "-Infinity"
+)
+
 // Whether the byte value can be sent without escaping in AWS URLs
 var noEscape [256]bool
 
@@ -302,7 +309,16 @@ func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error)
 	case int64:
 		str = strconv.FormatInt(value, 10)
 	case float64:
-		str = strconv.FormatFloat(value, 'f', -1, 64)
+		switch {
+		case math.IsNaN(value):
+			str = floatNaN
+		case math.IsInf(value, 1):
+			str = floatInf
+		case math.IsInf(value, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(value, 'f', -1, 64)
+		}
 	case time.Time:
 		format := tag.Get("timestampFormat")
 		if len(format) == 0 {

vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"math"
 	"net/http"
 	"reflect"
 	"strconv"
@@ -231,9 +232,20 @@ func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) erro
 		}
 		v.Set(reflect.ValueOf(&i))
 	case *float64:
-		f, err := strconv.ParseFloat(header, 64)
+		var f float64
-		if err != nil {
+		switch {
-			return err
+		case strings.EqualFold(header, floatNaN):
+			f = math.NaN()
+		case strings.EqualFold(header, floatInf):
+			f = math.Inf(1)
+		case strings.EqualFold(header, floatNegInf):
+			f = math.Inf(-1)
+		default:
+			var err error
+			f, err = strconv.ParseFloat(header, 64)
+			if err != nil {
+				return err
+			}
 		}
 		v.Set(reflect.ValueOf(&f))
 	case *time.Time:

vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go

@@ -45,7 +45,7 @@ func (u *UnmarshalTypedError) UnmarshalError(
 	msg := resp.Header.Get(errorMessageHeader)
 
 	body := resp.Body
-	if len(code) == 0 {
+	if len(code) == 0 || len(msg) == 0 {
 		// If unable to get code from HTTP headers have to parse JSON message
 		// to determine what kind of exception this will be.
 		var buf bytes.Buffer
@@ -57,7 +57,9 @@ func (u *UnmarshalTypedError) UnmarshalError(
 		}
 
 		body = ioutil.NopCloser(&buf)
-		code = jsonErr.Code
+		if len(code) == 0 {
+			code = jsonErr.Code
+		}
 		msg = jsonErr.Message
 	}
 

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go

@@ -5,6 +5,7 @@ import (
 	"encoding/base64"
 	"encoding/xml"
 	"fmt"
+	"math"
 	"reflect"
 	"sort"
 	"strconv"
@@ -14,6 +15,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol"
 )
 
+const (
+	floatNaN    = "NaN"
+	floatInf    = "Infinity"
+	floatNegInf = "-Infinity"
+)
+
 // BuildXML will serialize params into an xml.Encoder. Error will be returned
 // if the serialization of any of the params or nested values fails.
 func BuildXML(params interface{}, e *xml.Encoder) error {
@@ -275,6 +282,7 @@ func (b *xmlBuilder) buildMap(value reflect.Value, current *XMLNode, tag reflect
 // Error will be returned if the value type is unsupported.
 func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
 	var str string
+
 	switch converted := value.Interface().(type) {
 	case string:
 		str = converted
@@ -289,9 +297,29 @@ func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag refl
 	case int:
 		str = strconv.Itoa(converted)
 	case float64:
-		str = strconv.FormatFloat(converted, 'f', -1, 64)
+		switch {
+		case math.IsNaN(converted):
+			str = floatNaN
+		case math.IsInf(converted, 1):
+			str = floatInf
+		case math.IsInf(converted, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(converted, 'f', -1, 64)
+		}
 	case float32:
-		str = strconv.FormatFloat(float64(converted), 'f', -1, 32)
+		// The SDK doesn't render float32 values in types, only float64. This case would never be hit currently.
+		asFloat64 := float64(converted)
+		switch {
+		case math.IsNaN(asFloat64):
+			str = floatNaN
+		case math.IsInf(asFloat64, 1):
+			str = floatInf
+		case math.IsInf(asFloat64, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(asFloat64, 'f', -1, 32)
+		}
 	case time.Time:
 		format := tag.Get("timestampFormat")
 		if len(format) == 0 {

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go

@@ -6,6 +6,7 @@ import (
 	"encoding/xml"
 	"fmt"
 	"io"
+	"math"
 	"reflect"
 	"strconv"
 	"strings"
@@ -276,9 +277,20 @@ func parseScalar(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
 		}
 		r.Set(reflect.ValueOf(&v))
 	case *float64:
-		v, err := strconv.ParseFloat(node.Text, 64)
+		var v float64
-		if err != nil {
+		switch {
-			return err
+		case strings.EqualFold(node.Text, floatNaN):
+			v = math.NaN()
+		case strings.EqualFold(node.Text, floatInf):
+			v = math.Inf(1)
+		case strings.EqualFold(node.Text, floatNegInf):
+			v = math.Inf(-1)
+		default:
+			var err error
+			v, err = strconv.ParseFloat(node.Text, 64)
+			if err != nil {
+				return err
+			}
 		}
 		r.Set(reflect.ValueOf(&v))
 	case *time.Time:

vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go

@@ -39,11 +39,11 @@ func NormalizeBucketLocation(loc string) string {
 // See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
 // for more information on the values that can be returned.
 //
-//     req, result := svc.GetBucketLocationRequest(&s3.GetBucketLocationInput{
+//	req, result := svc.GetBucketLocationRequest(&s3.GetBucketLocationInput{
-//         Bucket: aws.String(bucket),
+//	    Bucket: aws.String(bucket),
-//     })
+//	})
-//     req.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
+//	req.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
-//     err := req.Send()
+//	err := req.Send()
 var NormalizeBucketLocationHandler = request.NamedHandler{
 	Name: "awssdk.s3.NormalizeBucketLocation",
 	Fn: func(req *request.Request) {
@@ -65,12 +65,12 @@ var NormalizeBucketLocationHandler = request.NamedHandler{
 // See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
 // for more information on the values that can be returned.
 //
-//     result, err := svc.GetBucketLocationWithContext(ctx,
+//	result, err := svc.GetBucketLocationWithContext(ctx,
-//         &s3.GetBucketLocationInput{
+//	    &s3.GetBucketLocationInput{
-//             Bucket: aws.String(bucket),
+//	        Bucket: aws.String(bucket),
-//         },
+//	    },
-//         s3.WithNormalizeBucketLocation,
+//	    s3.WithNormalizeBucketLocation,
-//     )
+//	)
 func WithNormalizeBucketLocation(r *request.Request) {
 	r.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
 }

vendor/github.com/aws/aws-sdk-go/service/s3/doc.go

@@ -8,7 +8,7 @@
 // See s3 package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact Amazon Simple Storage Service with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go

@@ -6,99 +6,99 @@
 // for optimizations if the Body satisfies that type. Once the Uploader instance
 // is created you can call Upload concurrently from multiple goroutines safely.
 //
-//   // The session the S3 Uploader will use
+//	// The session the S3 Uploader will use
-//   sess := session.Must(session.NewSession())
+//	sess := session.Must(session.NewSession())
 //
-//   // Create an uploader with the session and default options
+//	// Create an uploader with the session and default options
-//   uploader := s3manager.NewUploader(sess)
+//	uploader := s3manager.NewUploader(sess)
 //
-//   f, err  := os.Open(filename)
+//	f, err  := os.Open(filename)
-//   if err != nil {
+//	if err != nil {
-//       return fmt.Errorf("failed to open file %q, %v", filename, err)
+//	    return fmt.Errorf("failed to open file %q, %v", filename, err)
-//   }
+//	}
 //
-//   // Upload the file to S3.
+//	// Upload the file to S3.
-//   result, err := uploader.Upload(&s3manager.UploadInput{
+//	result, err := uploader.Upload(&s3manager.UploadInput{
-//       Bucket: aws.String(myBucket),
+//	    Bucket: aws.String(myBucket),
-//       Key:    aws.String(myString),
+//	    Key:    aws.String(myString),
-//       Body:   f,
+//	    Body:   f,
-//   })
+//	})
-//   if err != nil {
+//	if err != nil {
-//       return fmt.Errorf("failed to upload file, %v", err)
+//	    return fmt.Errorf("failed to upload file, %v", err)
-//   }
+//	}
-//   fmt.Printf("file uploaded to, %s\n", aws.StringValue(result.Location))
+//	fmt.Printf("file uploaded to, %s\n", aws.StringValue(result.Location))
 //
 // See the s3manager package's Uploader type documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Uploader
 //
-// Download Manager
+// # Download Manager
 //
 // The s3manager package's Downloader provides concurrently downloading of Objects
 // from S3. The Downloader will write S3 Object content with an io.WriterAt.
 // Once the Downloader instance is created you can call Download concurrently from
 // multiple goroutines safely.
 //
-//   // The session the S3 Downloader will use
+//	// The session the S3 Downloader will use
-//   sess := session.Must(session.NewSession())
+//	sess := session.Must(session.NewSession())
 //
-//   // Create a downloader with the session and default options
+//	// Create a downloader with the session and default options
-//   downloader := s3manager.NewDownloader(sess)
+//	downloader := s3manager.NewDownloader(sess)
 //
-//   // Create a file to write the S3 Object contents to.
+//	// Create a file to write the S3 Object contents to.
-//   f, err := os.Create(filename)
+//	f, err := os.Create(filename)
-//   if err != nil {
+//	if err != nil {
-//       return fmt.Errorf("failed to create file %q, %v", filename, err)
+//	    return fmt.Errorf("failed to create file %q, %v", filename, err)
-//   }
+//	}
 //
-//   // Write the contents of S3 Object to the file
+//	// Write the contents of S3 Object to the file
-//   n, err := downloader.Download(f, &s3.GetObjectInput{
+//	n, err := downloader.Download(f, &s3.GetObjectInput{
-//       Bucket: aws.String(myBucket),
+//	    Bucket: aws.String(myBucket),
-//       Key:    aws.String(myString),
+//	    Key:    aws.String(myString),
-//   })
+//	})
-//   if err != nil {
+//	if err != nil {
-//       return fmt.Errorf("failed to download file, %v", err)
+//	    return fmt.Errorf("failed to download file, %v", err)
-//   }
+//	}
-//   fmt.Printf("file downloaded, %d bytes\n", n)
+//	fmt.Printf("file downloaded, %d bytes\n", n)
 //
 // See the s3manager package's Downloader type documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Downloader
 //
-// Automatic URI cleaning
+// # Automatic URI cleaning
 //
 // Interacting with objects whose keys contain adjacent slashes (e.g. bucketname/foo//bar/objectname)
 // requires setting DisableRestProtocolURICleaning to true in the aws.Config struct
 // used by the service client.
 //
-//   svc := s3.New(sess, &aws.Config{
+//	svc := s3.New(sess, &aws.Config{
-//      	DisableRestProtocolURICleaning: aws.Bool(true),
+//	   	DisableRestProtocolURICleaning: aws.Bool(true),
-//   })
+//	})
-//   out, err := svc.GetObject(&s3.GetObjectInput {
+//	out, err := svc.GetObject(&s3.GetObjectInput {
-//      	Bucket: aws.String("bucketname"),
+//	   	Bucket: aws.String("bucketname"),
-//       	Key: aws.String("//foo//bar//moo"),
+//	    	Key: aws.String("//foo//bar//moo"),
-//   })
+//	})
 //
-// Get Bucket Region
+// # Get Bucket Region
 //
 // GetBucketRegion will attempt to get the region for a bucket using a region
 // hint to determine which AWS partition to perform the query on. Use this utility
 // to determine the region a bucket is in.
 //
-//   sess := session.Must(session.NewSession())
+//	sess := session.Must(session.NewSession())
 //
-//   bucket := "my-bucket"
+//	bucket := "my-bucket"
-//   region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2")
+//	region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2")
-//   if err != nil {
+//	if err != nil {
-//       if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" {
+//	    if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" {
-//            fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket)
+//	         fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket)
-//       }
+//	    }
-//       return err
+//	    return err
-//   }
+//	}
-//   fmt.Printf("Bucket %s is in %s region\n", bucket, region)
+//	fmt.Printf("Bucket %s is in %s region\n", bucket, region)
 //
 // See the s3manager package's GetBucketRegion function documentation for more information
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#GetBucketRegion
 //
-// S3 Crypto Client
+// # S3 Crypto Client
 //
 // The s3crypto package provides the tools to upload and download encrypted
 // content from S3. The Encryption and Decryption clients can be used concurrently
@@ -106,5 +106,4 @@
 //
 // See the s3crypto package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3crypto/
-//
 package s3

vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go

@@ -52,9 +52,8 @@ func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
 // outpost access-point resource.
 //
 // Supported Outpost AccessPoint ARN format:
-//	- ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
+//   - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
-//	- example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
+//   - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
-//
 func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.OutpostAccessPointARN, error) {
 	// outpost accesspoint arn is only valid if service is s3-outposts
 	if a.Service != "s3-outposts" {

vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go

@@ -37,7 +37,6 @@ type accessPointEndpointBuilder arn.AccessPointARN
 // - example : myaccesspoint-012345678901.s3-accesspoint.us-west-2.amazonaws.com
 //
 // Access Point Endpoint requests are signed using "s3" as signing name.
-//
 func (a accessPointEndpointBuilder) build(req *request.Request) error {
 	resolveService := arn.AccessPointARN(a).Service
 	resolveRegion := arn.AccessPointARN(a).Region
@@ -92,7 +91,6 @@ type s3ObjectLambdaAccessPointEndpointBuilder arn.S3ObjectLambdaAccessPointARN
 // - example : myaccesspoint-012345678901.s3-object-lambda.us-west-2.amazonaws.com
 //
 // Access Point Endpoint requests are signed using "s3-object-lambda" as signing name.
-//
 func (a s3ObjectLambdaAccessPointEndpointBuilder) build(req *request.Request) error {
 	resolveRegion := arn.S3ObjectLambdaAccessPointARN(a).Region
 
@@ -147,7 +145,6 @@ type outpostAccessPointEndpointBuilder arn.OutpostAccessPointARN
 // - example : myaccesspoint-012345678901.op-01234567890123456.s3-outposts.us-west-2.amazonaws.com
 //
 // Outpost AccessPoint Endpoint request are signed using "s3-outposts" as signing name.
-//
 func (o outpostAccessPointEndpointBuilder) build(req *request.Request) error {
 	resolveRegion := o.Region
 	resolveService := o.Service

vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go

@@ -25,5 +25,5 @@ func add100Continue(r *request.Request) {
 		return
 	}
 
-	r.HTTPRequest.Header.Set("Expect", "100-Continue")
+	r.HTTPRequest.Header.Set("Expect", "100-continue")
 }

vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go

@@ -23,37 +23,37 @@ import (
 // can be stubbed out for unit testing your code with the SDK without needing
 // to inject custom request handlers into the SDK's request pipeline.
 //
-//    // myFunc uses an SDK service client to make a request to
+//	// myFunc uses an SDK service client to make a request to
-//    // Amazon Simple Storage Service.
+//	// Amazon Simple Storage Service.
-//    func myFunc(svc s3iface.S3API) bool {
+//	func myFunc(svc s3iface.S3API) bool {
-//        // Make svc.AbortMultipartUpload request
+//	    // Make svc.AbortMultipartUpload request
-//    }
+//	}
 //
-//    func main() {
+//	func main() {
-//        sess := session.New()
+//	    sess := session.New()
-//        svc := s3.New(sess)
+//	    svc := s3.New(sess)
 //
-//        myFunc(svc)
+//	    myFunc(svc)
-//    }
+//	}
 //
 // In your _test.go file:
 //
-//    // Define a mock struct to be used in your unit tests of myFunc.
+//	// Define a mock struct to be used in your unit tests of myFunc.
-//    type mockS3Client struct {
+//	type mockS3Client struct {
-//        s3iface.S3API
+//	    s3iface.S3API
-//    }
+//	}
-//    func (m *mockS3Client) AbortMultipartUpload(input *s3.AbortMultipartUploadInput) (*s3.AbortMultipartUploadOutput, error) {
+//	func (m *mockS3Client) AbortMultipartUpload(input *s3.AbortMultipartUploadInput) (*s3.AbortMultipartUploadOutput, error) {
-//        // mock response/functionality
+//	    // mock response/functionality
-//    }
+//	}
 //
-//    func TestMyFunc(t *testing.T) {
+//	func TestMyFunc(t *testing.T) {
-//        // Setup Test
+//	    // Setup Test
-//        mockSvc := &mockS3Client{}
+//	    mockSvc := &mockS3Client{}
 //
-//        myfunc(mockSvc)
+//	    myfunc(mockSvc)
 //
-//        // Verify myFunc's functionality
+//	    // Verify myFunc's functionality
-//    }
+//	}
 //
 // It is important to note that this interface will have breaking changes
 // when the service model is updated and adds new API operations, paginators,

vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/batch.go

@@ -112,6 +112,7 @@ type BatchDeleteIterator interface {
 // iterate through a list of objects and delete the objects.
 //
 // Example:
+//
 //	iter := &s3manager.DeleteListIterator{
 //		Client: svc,
 //		Input: &s3.ListObjectsInput{
@@ -203,6 +204,7 @@ type BatchDelete struct {
 // objects.
 //
 // Example:
+//
 //	batcher := s3manager.NewBatchDeleteWithClient(client, size)
 //
 //	objects := []BatchDeleteObject{
@@ -236,6 +238,7 @@ func NewBatchDeleteWithClient(client s3iface.S3API, options ...func(*BatchDelete
 // objects.
 //
 // Example:
+//
 //	batcher := s3manager.NewBatchDelete(sess, size)
 //
 //	objects := []BatchDeleteObject{

vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/bucket_region.go

@@ -24,30 +24,30 @@ import (
 // For example to get the region of a bucket which exists in "eu-central-1"
 // you could provide a region hint of "us-west-2".
 //
-//    sess := session.Must(session.NewSession())
+//	sess := session.Must(session.NewSession())
 //
-//    bucket := "my-bucket"
+//	bucket := "my-bucket"
-//    region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2")
+//	region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2")
-//    if err != nil {
+//	if err != nil {
-//        if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" {
+//	    if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" {
-//             fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket)
+//	         fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket)
-//        }
+//	    }
-//        return err
+//	    return err
-//    }
+//	}
-//    fmt.Printf("Bucket %s is in %s region\n", bucket, region)
+//	fmt.Printf("Bucket %s is in %s region\n", bucket, region)
 //
 // By default the request will be made to the Amazon S3 endpoint using the Path
 // style addressing.
 //
-//    s3.us-west-2.amazonaws.com/bucketname
+//	s3.us-west-2.amazonaws.com/bucketname
 //
 // This is not compatible with Amazon S3's FIPS endpoints. To override this
 // behavior to use Virtual Host style addressing, provide a functional option
 // that will set the Request's Config.S3ForcePathStyle to aws.Bool(false).
 //
-//    region, err := s3manager.GetBucketRegion(ctx, sess, "bucketname", "us-west-2", func(r *request.Request) {
+//	region, err := s3manager.GetBucketRegion(ctx, sess, "bucketname", "us-west-2", func(r *request.Request) {
-//        r.S3ForcePathStyle = aws.Bool(false)
+//	    r.S3ForcePathStyle = aws.Bool(false)
-//    })
+//	})
 //
 // To configure the GetBucketRegion to make a request via the Amazon
 // S3 FIPS endpoints directly when a FIPS region name is not available, (e.g.
@@ -55,11 +55,11 @@ import (
 // utility is called with. The hint region will be ignored if an endpoint URL
 // is configured on the session or client.
 //
-//    sess, err := session.NewSession(&aws.Config{
+//	sess, err := session.NewSession(&aws.Config{
-//        Endpoint: aws.String("https://s3-fips.us-west-2.amazonaws.com"),
+//	    Endpoint: aws.String("https://s3-fips.us-west-2.amazonaws.com"),
-//    })
+//	})
 //
-//    region, err := s3manager.GetBucketRegion(context.Background(), sess, "bucketname", "")
+//	region, err := s3manager.GetBucketRegion(context.Background(), sess, "bucketname", "")
 func GetBucketRegion(ctx aws.Context, c client.ConfigProvider, bucket, regionHint string, opts ...request.Option) (string, error) {
 	var cfg aws.Config
 	if len(regionHint) != 0 {
@@ -78,15 +78,15 @@ const bucketRegionHeader = "X-Amz-Bucket-Region"
 // By default the request will be made to the Amazon S3 endpoint using the Path
 // style addressing.
 //
-//    s3.us-west-2.amazonaws.com/bucketname
+//	s3.us-west-2.amazonaws.com/bucketname
 //
 // This is not compatible with Amazon S3's FIPS endpoints. To override this
 // behavior to use Virtual Host style addressing, provide a functional option
 // that will set the Request's Config.S3ForcePathStyle to aws.Bool(false).
 //
-//    region, err := s3manager.GetBucketRegionWithClient(ctx, client, "bucketname", func(r *request.Request) {
+//	region, err := s3manager.GetBucketRegionWithClient(ctx, client, "bucketname", func(r *request.Request) {
-//        r.S3ForcePathStyle = aws.Bool(false)
+//	    r.S3ForcePathStyle = aws.Bool(false)
-//    })
+//	})
 //
 // To configure the GetBucketRegion to make a request via the Amazon
 // S3 FIPS endpoints directly when a FIPS region name is not available, (e.g.
@@ -94,11 +94,11 @@ const bucketRegionHeader = "X-Amz-Bucket-Region"
 // utility is called with. The hint region will be ignored if an endpoint URL
 // is configured on the session or client.
 //
-//    region, err := s3manager.GetBucketRegionWithClient(context.Background(),
+//	region, err := s3manager.GetBucketRegionWithClient(context.Background(),
-//    s3.New(sess, &aws.Config{
+//	s3.New(sess, &aws.Config{
-//        Endpoint: aws.String("https://s3-fips.us-west-2.amazonaws.com"),
+//	    Endpoint: aws.String("https://s3-fips.us-west-2.amazonaws.com"),
-//    }),
+//	}),
-//    "bucketname")
+//	"bucketname")
 //
 // See GetBucketRegion for more information.
 func GetBucketRegionWithClient(ctx aws.Context, svc s3iface.S3API, bucket string, opts ...request.Option) (string, error) {

vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/download.go

@@ -86,16 +86,17 @@ func WithDownloaderRequestOptions(opts ...request.Option) func(*Downloader) {
 // interface.
 //
 // Example:
-//     // The session the S3 Downloader will use
-//     sess := session.Must(session.NewSession())
 //
-//     // Create a downloader with the session and default options
+//	// The session the S3 Downloader will use
-//     downloader := s3manager.NewDownloader(sess)
+//	sess := session.Must(session.NewSession())
 //
-//     // Create a downloader with the session and custom options
+//	// Create a downloader with the session and default options
-//     downloader := s3manager.NewDownloader(sess, func(d *s3manager.Downloader) {
+//	downloader := s3manager.NewDownloader(sess)
-//          d.PartSize = 64 * 1024 * 1024 // 64MB per part
+//
-//     })
+//	// Create a downloader with the session and custom options
+//	downloader := s3manager.NewDownloader(sess, func(d *s3manager.Downloader) {
+//	     d.PartSize = 64 * 1024 * 1024 // 64MB per part
+//	})
 func NewDownloader(c client.ConfigProvider, options ...func(*Downloader)) *Downloader {
 	return newDownloader(s3.New(c), options...)
 }
@@ -120,19 +121,20 @@ func newDownloader(client s3iface.S3API, options ...func(*Downloader)) *Download
 // to make S3 API calls.
 //
 // Example:
-//     // The session the S3 Downloader will use
-//     sess := session.Must(session.NewSession())
 //
-//     // The S3 client the S3 Downloader will use
+//	// The session the S3 Downloader will use
-//     s3Svc := s3.New(sess)
+//	sess := session.Must(session.NewSession())
 //
-//     // Create a downloader with the s3 client and default options
+//	// The S3 client the S3 Downloader will use
-//     downloader := s3manager.NewDownloaderWithClient(s3Svc)
+//	s3Svc := s3.New(sess)
 //
-//     // Create a downloader with the s3 client and custom options
+//	// Create a downloader with the s3 client and default options
-//     downloader := s3manager.NewDownloaderWithClient(s3Svc, func(d *s3manager.Downloader) {
+//	downloader := s3manager.NewDownloaderWithClient(s3Svc)
-//          d.PartSize = 64 * 1024 * 1024 // 64MB per part
+//
-//     })
+//	// Create a downloader with the s3 client and custom options
+//	downloader := s3manager.NewDownloaderWithClient(s3Svc, func(d *s3manager.Downloader) {
+//	     d.PartSize = 64 * 1024 * 1024 // 64MB per part
+//	})
 func NewDownloaderWithClient(svc s3iface.S3API, options ...func(*Downloader)) *Downloader {
 	return newDownloader(svc, options...)
 }
@@ -223,6 +225,7 @@ func (d Downloader) DownloadWithContext(ctx aws.Context, w io.WriterAt, input *s
 // to the io.WriterAt specificed in the iterator.
 //
 // Example:
+//
 //	svc := s3manager.NewDownloader(session)
 //
 //	fooFile, err := os.Open("/tmp/foo.file")
@@ -464,7 +467,11 @@ func (d *downloader) tryDownloadChunk(in *s3.GetObjectInput, w io.Writer) (int64
 	}
 	d.setTotalBytes(resp) // Set total if not yet set.
 
-	n, err := io.Copy(w, resp.Body)
+	var src io.Reader = resp.Body
+	if d.cfg.BufferProvider != nil {
+		src = &suppressWriterAt{suppressed: src}
+	}
+	n, err := io.Copy(w, src)
 	resp.Body.Close()
 	if err != nil {
 		return n, &errReadingBody{err: err}

vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload.go

@@ -40,18 +40,17 @@ const DefaultUploadConcurrency = 5
 //
 // Example:
 //
-//     u := s3manager.NewUploader(opts)
+//	u := s3manager.NewUploader(opts)
-//     output, err := u.upload(input)
+//	output, err := u.upload(input)
-//     if err != nil {
+//	if err != nil {
-//         if multierr, ok := err.(s3manager.MultiUploadFailure); ok {
+//	    if multierr, ok := err.(s3manager.MultiUploadFailure); ok {
-//             // Process error and its associated uploadID
+//	        // Process error and its associated uploadID
-//             fmt.Println("Error:", multierr.Code(), multierr.Message(), multierr.UploadID())
+//	        fmt.Println("Error:", multierr.Code(), multierr.Message(), multierr.UploadID())
-//         } else {
+//	    } else {
-//             // Process error generically
+//	        // Process error generically
-//             fmt.Println("Error:", err.Error())
+//	        fmt.Println("Error:", err.Error())
-//         }
+//	    }
-//     }
+//	}
-//
 type MultiUploadFailure interface {
 	awserr.Error
 
@@ -77,7 +76,7 @@ type multiUploadError struct {
 
 // Error returns the string representation of the error.
 //
-// See apierr.BaseError ErrorWithExtra for output format
+// # See apierr.BaseError ErrorWithExtra for output format
 //
 // Satisfies the error interface.
 func (m multiUploadError) Error() string {
@@ -187,16 +186,17 @@ type Uploader struct {
 // satisfies the client.ConfigProvider interface.
 //
 // Example:
-//     // The session the S3 Uploader will use
-//     sess := session.Must(session.NewSession())
 //
-//     // Create an uploader with the session and default options
+//	// The session the S3 Uploader will use
-//     uploader := s3manager.NewUploader(sess)
+//	sess := session.Must(session.NewSession())
 //
-//     // Create an uploader with the session and custom options
+//	// Create an uploader with the session and default options
-//     uploader := s3manager.NewUploader(session, func(u *s3manager.Uploader) {
+//	uploader := s3manager.NewUploader(sess)
-//          u.PartSize = 64 * 1024 * 1024 // 64MB per part
+//
-//     })
+//	// Create an uploader with the session and custom options
+//	uploader := s3manager.NewUploader(session, func(u *s3manager.Uploader) {
+//	     u.PartSize = 64 * 1024 * 1024 // 64MB per part
+//	})
 func NewUploader(c client.ConfigProvider, options ...func(*Uploader)) *Uploader {
 	return newUploader(s3.New(c), options...)
 }
@@ -225,19 +225,20 @@ func newUploader(client s3iface.S3API, options ...func(*Uploader)) *Uploader {
 // a S3 service client to make S3 API calls.
 //
 // Example:
-//     // The session the S3 Uploader will use
-//     sess := session.Must(session.NewSession())
 //
-//     // S3 service client the Upload manager will use.
+//	// The session the S3 Uploader will use
-//     s3Svc := s3.New(sess)
+//	sess := session.Must(session.NewSession())
 //
-//     // Create an uploader with S3 client and default options
+//	// S3 service client the Upload manager will use.
-//     uploader := s3manager.NewUploaderWithClient(s3Svc)
+//	s3Svc := s3.New(sess)
 //
-//     // Create an uploader with S3 client and custom options
+//	// Create an uploader with S3 client and default options
-//     uploader := s3manager.NewUploaderWithClient(s3Svc, func(u *s3manager.Uploader) {
+//	uploader := s3manager.NewUploaderWithClient(s3Svc)
-//          u.PartSize = 64 * 1024 * 1024 // 64MB per part
+//
-//     })
+//	// Create an uploader with S3 client and custom options
+//	uploader := s3manager.NewUploaderWithClient(s3Svc, func(u *s3manager.Uploader) {
+//	     u.PartSize = 64 * 1024 * 1024 // 64MB per part
+//	})
 func NewUploaderWithClient(svc s3iface.S3API, options ...func(*Uploader)) *Uploader {
 	return newUploader(svc, options...)
 }
@@ -256,21 +257,22 @@ func NewUploaderWithClient(svc s3iface.S3API, options ...func(*Uploader)) *Uploa
 // It is safe to call this method concurrently across goroutines.
 //
 // Example:
-//     // Upload input parameters
-//     upParams := &s3manager.UploadInput{
-//         Bucket: &bucketName,
-//         Key:    &keyName,
-//         Body:   file,
-//     }
 //
-//     // Perform an upload.
+//	// Upload input parameters
-//     result, err := uploader.Upload(upParams)
+//	upParams := &s3manager.UploadInput{
+//	    Bucket: &bucketName,
+//	    Key:    &keyName,
+//	    Body:   file,
+//	}
 //
-//     // Perform upload with options different than the those in the Uploader.
+//	// Perform an upload.
-//     result, err := uploader.Upload(upParams, func(u *s3manager.Uploader) {
+//	result, err := uploader.Upload(upParams)
-//          u.PartSize = 10 * 1024 * 1024 // 10MB part size
+//
-//          u.LeavePartsOnError = true    // Don't delete the parts if the upload fails.
+//	// Perform upload with options different than the those in the Uploader.
-//     })
+//	result, err := uploader.Upload(upParams, func(u *s3manager.Uploader) {
+//	     u.PartSize = 10 * 1024 * 1024 // 10MB part size
+//	     u.LeavePartsOnError = true    // Don't delete the parts if the upload fails.
+//	})
 func (u Uploader) Upload(input *UploadInput, options ...func(*Uploader)) (*UploadOutput, error) {
 	return u.UploadWithContext(aws.BackgroundContext(), input, options...)
 }
@@ -310,6 +312,7 @@ func (u Uploader) UploadWithContext(ctx aws.Context, input *UploadInput, opts ..
 // allows for custom defined functionality.
 //
 // Example:
+//
 //	svc:= s3manager.NewUploader(sess)
 //
 //	objects := []BatchUploadObject{

vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/writer_read_from.go

@@ -73,3 +73,11 @@ func (p *PooledBufferedReadFromProvider) GetReadFrom(writer io.Writer) (r Writer
 	}
 	return r, cleanup
 }
+
+type suppressWriterAt struct {
+	suppressed io.Reader
+}
+
+func (s *suppressWriterAt) Read(p []byte) (n int, err error) {
+	return s.suppressed.Read(p)
+}

vendor/github.com/aws/aws-sdk-go/service/s3/service.go

@@ -39,13 +39,14 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a S3 client from just a session.
+//	mySession := session.Must(session.NewSession())
-//     svc := s3.New(mySession)
 //
-//     // Create a S3 client with additional configuration
+//	// Create a S3 client from just a session.
-//     svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	svc := s3.New(mySession)
+//
+//	// Create a S3 client with additional configuration
+//	svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *S3 {
 	c := p.ClientConfig(EndpointsID, cfgs...)
 	if c.SigningNameDerived || len(c.SigningName) == 0 {

vendor/github.com/aws/aws-sdk-go/service/sso/api.go

@@ -29,14 +29,13 @@ const opGetRoleCredentials = "GetRoleCredentials"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
+//	// Example sending a request using the GetRoleCredentialsRequest method.
+//	req, resp := client.GetRoleCredentialsRequest(params)
 //
-//    // Example sending a request using the GetRoleCredentialsRequest method.
+//	err := req.Send()
-//    req, resp := client.GetRoleCredentialsRequest(params)
+//	if err == nil { // resp is now filled
-//
+//	    fmt.Println(resp)
-//    err := req.Send()
+//	}
-//    if err == nil { // resp is now filled
-//        fmt.Println(resp)
-//    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
 func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput) {
@@ -69,20 +68,21 @@ func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *re
 // API operation GetRoleCredentials for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
-//   Indicates that a problem occurred with the input to the request. For example,
-//   a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
+//   - InvalidRequestException
-//   Indicates that the request is not authorized. This can happen due to an invalid
+//     Indicates that a problem occurred with the input to the request. For example,
-//   access token in the request.
+//     a required parameter might be missing or out of range.
 //
-//   * TooManyRequestsException
+//   - UnauthorizedException
-//   Indicates that the request is being made too frequently and is more than
+//     Indicates that the request is not authorized. This can happen due to an invalid
-//   what the server can handle.
+//     access token in the request.
 //
-//   * ResourceNotFoundException
+//   - TooManyRequestsException
-//   The specified resource doesn't exist.
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
 func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error) {
@@ -122,14 +122,13 @@ const opListAccountRoles = "ListAccountRoles"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
+//	// Example sending a request using the ListAccountRolesRequest method.
+//	req, resp := client.ListAccountRolesRequest(params)
 //
-//    // Example sending a request using the ListAccountRolesRequest method.
+//	err := req.Send()
-//    req, resp := client.ListAccountRolesRequest(params)
+//	if err == nil { // resp is now filled
-//
+//	    fmt.Println(resp)
-//    err := req.Send()
+//	}
-//    if err == nil { // resp is now filled
-//        fmt.Println(resp)
-//    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
 func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput) {
@@ -167,20 +166,21 @@ func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *reques
 // API operation ListAccountRoles for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
-//   Indicates that a problem occurred with the input to the request. For example,
-//   a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
+//   - InvalidRequestException
-//   Indicates that the request is not authorized. This can happen due to an invalid
+//     Indicates that a problem occurred with the input to the request. For example,
-//   access token in the request.
+//     a required parameter might be missing or out of range.
 //
-//   * TooManyRequestsException
+//   - UnauthorizedException
-//   Indicates that the request is being made too frequently and is more than
+//     Indicates that the request is not authorized. This can happen due to an invalid
-//   what the server can handle.
+//     access token in the request.
 //
-//   * ResourceNotFoundException
+//   - TooManyRequestsException
-//   The specified resource doesn't exist.
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
 func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error) {
@@ -212,15 +212,14 @@ func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRol
 //
 // Note: This operation can generate multiple requests to a service.
 //
-//    // Example iterating over at most 3 pages of a ListAccountRoles operation.
+//	// Example iterating over at most 3 pages of a ListAccountRoles operation.
-//    pageNum := 0
+//	pageNum := 0
-//    err := client.ListAccountRolesPages(params,
+//	err := client.ListAccountRolesPages(params,
-//        func(page *sso.ListAccountRolesOutput, lastPage bool) bool {
+//	    func(page *sso.ListAccountRolesOutput, lastPage bool) bool {
-//            pageNum++
+//	        pageNum++
-//            fmt.Println(page)
+//	        fmt.Println(page)
-//            return pageNum <= 3
+//	        return pageNum <= 3
-//        })
+//	    })
-//
 func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error {
 	return c.ListAccountRolesPagesWithContext(aws.BackgroundContext(), input, fn)
 }
@@ -272,14 +271,13 @@ const opListAccounts = "ListAccounts"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
+//	// Example sending a request using the ListAccountsRequest method.
+//	req, resp := client.ListAccountsRequest(params)
 //
-//    // Example sending a request using the ListAccountsRequest method.
+//	err := req.Send()
-//    req, resp := client.ListAccountsRequest(params)
+//	if err == nil { // resp is now filled
-//
+//	    fmt.Println(resp)
-//    err := req.Send()
+//	}
-//    if err == nil { // resp is now filled
-//        fmt.Println(resp)
-//    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
 func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
@@ -310,7 +308,8 @@ func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Reques
 // Lists all AWS accounts assigned to the user. These AWS accounts are assigned
 // by the administrator of the account. For more information, see Assign User
 // Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
-// in the AWS SSO User Guide. This operation returns a paginated response.
+// in the IAM Identity Center User Guide. This operation returns a paginated
+// response.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -320,20 +319,21 @@ func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Reques
 // API operation ListAccounts for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
-//   Indicates that a problem occurred with the input to the request. For example,
-//   a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
+//   - InvalidRequestException
-//   Indicates that the request is not authorized. This can happen due to an invalid
+//     Indicates that a problem occurred with the input to the request. For example,
-//   access token in the request.
+//     a required parameter might be missing or out of range.
 //
-//   * TooManyRequestsException
+//   - UnauthorizedException
-//   Indicates that the request is being made too frequently and is more than
+//     Indicates that the request is not authorized. This can happen due to an invalid
-//   what the server can handle.
+//     access token in the request.
 //
-//   * ResourceNotFoundException
+//   - TooManyRequestsException
-//   The specified resource doesn't exist.
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
 func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
@@ -365,15 +365,14 @@ func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput,
 //
 // Note: This operation can generate multiple requests to a service.
 //
-//    // Example iterating over at most 3 pages of a ListAccounts operation.
+//	// Example iterating over at most 3 pages of a ListAccounts operation.
-//    pageNum := 0
+//	pageNum := 0
-//    err := client.ListAccountsPages(params,
+//	err := client.ListAccountsPages(params,
-//        func(page *sso.ListAccountsOutput, lastPage bool) bool {
+//	    func(page *sso.ListAccountsOutput, lastPage bool) bool {
-//            pageNum++
+//	        pageNum++
-//            fmt.Println(page)
+//	        fmt.Println(page)
-//            return pageNum <= 3
+//	        return pageNum <= 3
-//        })
+//	    })
-//
 func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
 	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
 }
@@ -425,14 +424,13 @@ const opLogout = "Logout"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
+//	// Example sending a request using the LogoutRequest method.
+//	req, resp := client.LogoutRequest(params)
 //
-//    // Example sending a request using the LogoutRequest method.
+//	err := req.Send()
-//    req, resp := client.LogoutRequest(params)
+//	if err == nil { // resp is now filled
-//
+//	    fmt.Println(resp)
-//    err := req.Send()
+//	}
-//    if err == nil { // resp is now filled
-//        fmt.Println(resp)
-//    }
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
 func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput) {
@@ -455,7 +453,21 @@ func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *L
 
 // Logout API operation for AWS Single Sign-On.
 //
-// Removes the client- and server-side session that is associated with the user.
+// Removes the locally stored SSO tokens from the client-side cache and sends
+// an API call to the IAM Identity Center service to invalidate the corresponding
+// server-side IAM Identity Center sign in session.
+//
+// If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM
+// Identity Center sign in session is used to obtain an IAM session, as specified
+// in the corresponding IAM Identity Center permission set. More specifically,
+// IAM Identity Center assumes an IAM role in the target account on behalf of
+// the user, and the corresponding temporary AWS credentials are returned to
+// the client.
+//
+// After user logout, any existing IAM role sessions that were created by using
+// IAM Identity Center permission sets continue based on the duration configured
+// in the permission set. For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
+// in the IAM Identity Center User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -465,17 +477,18 @@ func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *L
 // API operation Logout for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
-//   Indicates that a problem occurred with the input to the request. For example,
-//   a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
+//   - InvalidRequestException
-//   Indicates that the request is not authorized. This can happen due to an invalid
+//     Indicates that a problem occurred with the input to the request. For example,
-//   access token in the request.
+//     a required parameter might be missing or out of range.
 //
-//   * TooManyRequestsException
+//   - UnauthorizedException
-//   Indicates that the request is being made too frequently and is more than
+//     Indicates that the request is not authorized. This can happen due to an invalid
-//   what the server can handle.
+//     access token in the request.
+//
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
 func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error) {
@@ -554,7 +567,7 @@ type GetRoleCredentialsInput struct {
 
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the IAM Identity Center OIDC API Reference Guide.
 	//
 	// AccessToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by GetRoleCredentialsInput's
@@ -730,7 +743,7 @@ type ListAccountRolesInput struct {
 
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the IAM Identity Center OIDC API Reference Guide.
 	//
 	// AccessToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by ListAccountRolesInput's
@@ -859,7 +872,7 @@ type ListAccountsInput struct {
 
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the IAM Identity Center OIDC API Reference Guide.
 	//
 	// AccessToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by ListAccountsInput's
@@ -974,7 +987,7 @@ type LogoutInput struct {
 
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the IAM Identity Center OIDC API Reference Guide.
 	//
 	// AccessToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by LogoutInput's

vendor/github.com/aws/aws-sdk-go/service/sso/doc.go

@@ -3,30 +3,31 @@
 // Package sso provides the client and types for making API
 // requests to AWS Single Sign-On.
 //
-// AWS Single Sign-On Portal is a web service that makes it easy for you to
+// AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web
-// assign user access to AWS SSO resources such as the user portal. Users can
+// service that makes it easy for you to assign user access to IAM Identity
-// get AWS account applications and roles assigned to them and get federated
+// Center resources such as the AWS access portal. Users can get AWS account
-// into the application.
+// applications and roles assigned to them and get federated into the application.
 //
-// For general information about AWS SSO, see What is AWS Single Sign-On? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
+// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
-// in the AWS SSO User Guide.
+// will continue to retain their original name for backward compatibility purposes.
+// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
 //
-// This API reference guide describes the AWS SSO Portal operations that you
+// This reference guide describes the IAM Identity Center Portal operations
-// can call programatically and includes detailed information on data types
+// that you can call programatically and includes detailed information on data
-// and errors.
+// types and errors.
 //
 // AWS provides SDKs that consist of libraries and sample code for various programming
 // languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs
-// provide a convenient way to create programmatic access to AWS SSO and other
+// provide a convenient way to create programmatic access to IAM Identity Center
-// AWS services. For more information about the AWS SDKs, including how to download
+// and other AWS services. For more information about the AWS SDKs, including
-// and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
+// how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service.
 //
 // See sso package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/sso/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact AWS Single Sign-On with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/sso/service.go

@@ -40,13 +40,14 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a SSO client from just a session.
+//	mySession := session.Must(session.NewSession())
-//     svc := sso.New(mySession)
 //
-//     // Create a SSO client with additional configuration
+//	// Create a SSO client from just a session.
-//     svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	svc := sso.New(mySession)
+//
+//	// Create a SSO client with additional configuration
+//	svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO {
 	c := p.ClientConfig(EndpointsID, cfgs...)
 	if c.SigningNameDerived || len(c.SigningName) == 0 {

vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go

@@ -23,37 +23,37 @@ import (
 // can be stubbed out for unit testing your code with the SDK without needing
 // to inject custom request handlers into the SDK's request pipeline.
 //
-//    // myFunc uses an SDK service client to make a request to
+//	// myFunc uses an SDK service client to make a request to
-//    // AWS Single Sign-On.
+//	// AWS Single Sign-On.
-//    func myFunc(svc ssoiface.SSOAPI) bool {
+//	func myFunc(svc ssoiface.SSOAPI) bool {
-//        // Make svc.GetRoleCredentials request
+//	    // Make svc.GetRoleCredentials request
-//    }
+//	}
 //
-//    func main() {
+//	func main() {
-//        sess := session.New()
+//	    sess := session.New()
-//        svc := sso.New(sess)
+//	    svc := sso.New(sess)
 //
-//        myFunc(svc)
+//	    myFunc(svc)
-//    }
+//	}
 //
 // In your _test.go file:
 //
-//    // Define a mock struct to be used in your unit tests of myFunc.
+//	// Define a mock struct to be used in your unit tests of myFunc.
-//    type mockSSOClient struct {
+//	type mockSSOClient struct {
-//        ssoiface.SSOAPI
+//	    ssoiface.SSOAPI
-//    }
+//	}
-//    func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) {
+//	func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) {
-//        // mock response/functionality
+//	    // mock response/functionality
-//    }
+//	}
 //
-//    func TestMyFunc(t *testing.T) {
+//	func TestMyFunc(t *testing.T) {
-//        // Setup Test
+//	    // Setup Test
-//        mockSvc := &mockSSOClient{}
+//	    mockSvc := &mockSSOClient{}
 //
-//        myfunc(mockSvc)
+//	    myfunc(mockSvc)
 //
-//        // Verify myFunc's functionality
+//	    // Verify myFunc's functionality
-//    }
+//	}
 //
 // It is important to note that this interface will have breaking changes
 // when the service model is updated and adds new API operations, paginators,

vendor/github.com/aws/aws-sdk-go/service/sts/doc.go

@@ -14,7 +14,7 @@
 // See sts package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/sts/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact AWS Security Token Service with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.

vendor/github.com/aws/aws-sdk-go/service/sts/service.go

@@ -39,13 +39,14 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
-//     mySession := session.Must(session.NewSession())
 //
-//     // Create a STS client from just a session.
+//	mySession := session.Must(session.NewSession())
-//     svc := sts.New(mySession)
 //
-//     // Create a STS client with additional configuration
+//	// Create a STS client from just a session.
-//     svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+//	svc := sts.New(mySession)
+//
+//	// Create a STS client with additional configuration
+//	svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
 	c := p.ClientConfig(EndpointsID, cfgs...)
 	if c.SigningNameDerived || len(c.SigningName) == 0 {

vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go

@@ -23,37 +23,37 @@ import (
 // can be stubbed out for unit testing your code with the SDK without needing
 // to inject custom request handlers into the SDK's request pipeline.
 //
-//    // myFunc uses an SDK service client to make a request to
+//	// myFunc uses an SDK service client to make a request to
-//    // AWS Security Token Service.
+//	// AWS Security Token Service.
-//    func myFunc(svc stsiface.STSAPI) bool {
+//	func myFunc(svc stsiface.STSAPI) bool {
-//        // Make svc.AssumeRole request
+//	    // Make svc.AssumeRole request
-//    }
+//	}
 //
-//    func main() {
+//	func main() {
-//        sess := session.New()
+//	    sess := session.New()
-//        svc := sts.New(sess)
+//	    svc := sts.New(sess)
 //
-//        myFunc(svc)
+//	    myFunc(svc)
-//    }
+//	}
 //
 // In your _test.go file:
 //
-//    // Define a mock struct to be used in your unit tests of myFunc.
+//	// Define a mock struct to be used in your unit tests of myFunc.
-//    type mockSTSClient struct {
+//	type mockSTSClient struct {
-//        stsiface.STSAPI
+//	    stsiface.STSAPI
-//    }
+//	}
-//    func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+//	func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
-//        // mock response/functionality
+//	    // mock response/functionality
-//    }
+//	}
 //
-//    func TestMyFunc(t *testing.T) {
+//	func TestMyFunc(t *testing.T) {
-//        // Setup Test
+//	    // Setup Test
-//        mockSvc := &mockSTSClient{}
+//	    mockSvc := &mockSTSClient{}
 //
-//        myfunc(mockSvc)
+//	    myfunc(mockSvc)
 //
-//        // Verify myFunc's functionality
+//	    // Verify myFunc's functionality
-//    }
+//	}
 //
 // It is important to note that this interface will have breaking changes
 // when the service model is updated and adds new API operations, paginators,

vendor/modules.txt

@@ -88,7 +88,7 @@ github.com/acomagu/bufpipe
 # github.com/agext/levenshtein v1.2.3
 ## explicit
 github.com/agext/levenshtein
-# github.com/aws/aws-sdk-go v1.44.24
+# github.com/aws/aws-sdk-go v1.44.253
 ## explicit; go 1.11
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/arn