diff --git a/go.mod b/go.mod index 2d808f294..dba4f0e22 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( github.com/jackc/pgx/v5 v5.5.1 github.com/microcosm-cc/bluemonday v1.0.26 github.com/miekg/dns v1.1.57 - github.com/minio/minio-go/v7 v7.0.65 + github.com/minio/minio-go/v7 v7.0.66 github.com/mitchellh/mapstructure v1.5.0 github.com/oklog/ulid v1.3.1 github.com/prometheus/client_golang v1.17.0 @@ -132,8 +132,8 @@ require ( github.com/jinzhu/inflection v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect - github.com/klauspost/compress v1.17.2 // indirect - github.com/klauspost/cpuid/v2 v2.2.5 // indirect + github.com/klauspost/compress v1.17.4 // indirect + github.com/klauspost/cpuid/v2 v2.2.6 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mattn/go-isatty v0.0.19 // indirect diff --git a/go.sum b/go.sum index 007e9780b..31f5e05d2 100644 --- a/go.sum +++ b/go.sum @@ -365,12 +365,12 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:C github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4= -github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= +github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= -github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= +github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -403,8 +403,8 @@ github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= -github.com/minio/minio-go/v7 v7.0.65 h1:sOlB8T3nQK+TApTpuN3k4WD5KasvZIE3vVFzyyCa0go= -github.com/minio/minio-go/v7 v7.0.65/go.mod h1:R4WVUR6ZTedlCcGwZRauLMIKjgyaWxhs4Mqi/OMPmEc= +github.com/minio/minio-go/v7 v7.0.66 h1:bnTOXOHjOqv/gcMuiVbN9o2ngRItvqE774dG9nq0Dzw= +github.com/minio/minio-go/v7 v7.0.66/go.mod h1:DHAgmyQEGdW3Cif0UooKOyrT3Vxs82zNdV6tkKhRtbs= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4= diff --git a/vendor/github.com/klauspost/compress/gzip/gunzip.go b/vendor/github.com/klauspost/compress/gzip/gunzip.go index dc2362a63..00a0a2c38 100644 --- a/vendor/github.com/klauspost/compress/gzip/gunzip.go +++ b/vendor/github.com/klauspost/compress/gzip/gunzip.go @@ -238,6 +238,11 @@ func (z *Reader) readHeader() (hdr Header, err error) { } } + // Reserved FLG bits must be zero. + if flg>>5 != 0 { + return hdr, ErrHeader + } + z.digest = 0 if z.decompressor == nil { z.decompressor = flate.NewReader(z.r) diff --git a/vendor/github.com/klauspost/cpuid/v2/README.md b/vendor/github.com/klauspost/cpuid/v2/README.md index accd7abaf..30f8d2963 100644 --- a/vendor/github.com/klauspost/cpuid/v2/README.md +++ b/vendor/github.com/klauspost/cpuid/v2/README.md @@ -9,10 +9,7 @@ You can access the CPU information by accessing the shared CPU variable of the c Package home: https://github.com/klauspost/cpuid [![PkgGoDev](https://pkg.go.dev/badge/github.com/klauspost/cpuid)](https://pkg.go.dev/github.com/klauspost/cpuid/v2) -[![Build Status][3]][4] - -[3]: https://travis-ci.org/klauspost/cpuid.svg?branch=master -[4]: https://travis-ci.org/klauspost/cpuid +[![Go](https://github.com/klauspost/cpuid/actions/workflows/go.yml/badge.svg)](https://github.com/klauspost/cpuid/actions/workflows/go.yml) ## installing @@ -285,7 +282,12 @@ Exit Code 1 | AMXINT8 | Tile computational operations on 8-bit integers | | AMXFP16 | Tile computational operations on FP16 numbers | | AMXTILE | Tile architecture | +| APX_F | Intel APX | | AVX | AVX functions | +| AVX10 | If set the Intel AVX10 Converged Vector ISA is supported | +| AVX10_128 | If set indicates that AVX10 128-bit vector support is present | +| AVX10_256 | If set indicates that AVX10 256-bit vector support is present | +| AVX10_512 | If set indicates that AVX10 512-bit vector support is present | | AVX2 | AVX2 functions | | AVX512BF16 | AVX-512 BFLOAT16 Instructions | | AVX512BITALG | AVX-512 Bit Algorithms | @@ -365,6 +367,8 @@ Exit Code 1 | IDPRED_CTRL | IPRED_DIS | | INT_WBINVD | WBINVD/WBNOINVD are interruptible. | | INVLPGB | NVLPGB and TLBSYNC instruction supported | +| KEYLOCKER | Key locker | +| KEYLOCKERW | Key locker wide | | LAHF | LAHF/SAHF in long mode | | LAM | If set, CPU supports Linear Address Masking | | LBRVIRT | LBR virtualization | @@ -380,7 +384,7 @@ Exit Code 1 | MOVDIRI | Move Doubleword as Direct Store | | MOVSB_ZL | Fast Zero-Length MOVSB | | MPX | Intel MPX (Memory Protection Extensions) | -| MOVU | MOVU SSE instructions are more efficient and should be preferred to SSE MOVL/MOVH. MOVUPS is more efficient than MOVLPS/MOVHPS. MOVUPD is more efficient than MOVLPD/MOVHPD | +| MOVU | MOVU SSE instructions are more efficient and should be preferred to SSE MOVL/MOVH. MOVUPS is more efficient than MOVLPS/MOVHPS. MOVUPD is more efficient than MOVLPD/MOVHPD | | MSRIRC | Instruction Retired Counter MSR available | | MSRLIST | Read/Write List of Model Specific Registers | | MSR_PAGEFLUSH | Page Flush MSR available | diff --git a/vendor/github.com/klauspost/cpuid/v2/cpuid.go b/vendor/github.com/klauspost/cpuid/v2/cpuid.go index d015c744e..15b760337 100644 --- a/vendor/github.com/klauspost/cpuid/v2/cpuid.go +++ b/vendor/github.com/klauspost/cpuid/v2/cpuid.go @@ -76,7 +76,12 @@ const ( AMXFP16 // Tile computational operations on FP16 numbers AMXINT8 // Tile computational operations on 8-bit integers AMXTILE // Tile architecture + APX_F // Intel APX AVX // AVX functions + AVX10 // If set the Intel AVX10 Converged Vector ISA is supported + AVX10_128 // If set indicates that AVX10 128-bit vector support is present + AVX10_256 // If set indicates that AVX10 256-bit vector support is present + AVX10_512 // If set indicates that AVX10 512-bit vector support is present AVX2 // AVX2 functions AVX512BF16 // AVX-512 BFLOAT16 Instructions AVX512BITALG // AVX-512 Bit Algorithms @@ -156,6 +161,8 @@ const ( IDPRED_CTRL // IPRED_DIS INT_WBINVD // WBINVD/WBNOINVD are interruptible. INVLPGB // NVLPGB and TLBSYNC instruction supported + KEYLOCKER // Key locker + KEYLOCKERW // Key locker wide LAHF // LAHF/SAHF in long mode LAM // If set, CPU supports Linear Address Masking LBRVIRT // LBR virtualization @@ -302,9 +309,10 @@ type CPUInfo struct { L2 int // L2 Cache (per core or shared). Will be -1 if undetected L3 int // L3 Cache (per core, per ccx or shared). Will be -1 if undetected } - SGX SGXSupport - maxFunc uint32 - maxExFunc uint32 + SGX SGXSupport + AVX10Level uint8 + maxFunc uint32 + maxExFunc uint32 } var cpuid func(op uint32) (eax, ebx, ecx, edx uint32) @@ -1165,6 +1173,7 @@ func support() flagSet { fs.setIf(ecx&(1<<10) != 0, VPCLMULQDQ) fs.setIf(ecx&(1<<13) != 0, TME) fs.setIf(ecx&(1<<25) != 0, CLDEMOTE) + fs.setIf(ecx&(1<<23) != 0, KEYLOCKER) fs.setIf(ecx&(1<<27) != 0, MOVDIRI) fs.setIf(ecx&(1<<28) != 0, MOVDIR64B) fs.setIf(ecx&(1<<29) != 0, ENQCMD) @@ -1202,6 +1211,8 @@ func support() flagSet { fs.setIf(edx1&(1<<4) != 0, AVXVNNIINT8) fs.setIf(edx1&(1<<5) != 0, AVXNECONVERT) fs.setIf(edx1&(1<<14) != 0, PREFETCHI) + fs.setIf(edx1&(1<<19) != 0, AVX10) + fs.setIf(edx1&(1<<21) != 0, APX_F) // Only detect AVX-512 features if XGETBV is supported if c&((1<<26)|(1<<27)) == (1<<26)|(1<<27) { @@ -1252,6 +1263,19 @@ func support() flagSet { fs.setIf(edx&(1<<4) != 0, BHI_CTRL) fs.setIf(edx&(1<<5) != 0, MCDT_NO) + // Add keylocker features. + if fs.inSet(KEYLOCKER) && mfi >= 0x19 { + _, ebx, _, _ := cpuidex(0x19, 0) + fs.setIf(ebx&5 == 5, KEYLOCKERW) // Bit 0 and 2 (1+4) + } + + // Add AVX10 features. + if fs.inSet(AVX10) && mfi >= 0x24 { + _, ebx, _, _ := cpuidex(0x24, 0) + fs.setIf(ebx&(1<<16) != 0, AVX10_128) + fs.setIf(ebx&(1<<17) != 0, AVX10_256) + fs.setIf(ebx&(1<<18) != 0, AVX10_512) + } } // Processor Extended State Enumeration Sub-leaf (EAX = 0DH, ECX = 1) @@ -1394,6 +1418,20 @@ func support() flagSet { fs.setIf((a>>24)&1 == 1, VMSA_REGPROT) } + if mfi >= 0x20 { + // Microsoft has decided to purposefully hide the information + // of the guest TEE when VMs are being created using Hyper-V. + // + // This leads us to check for the Hyper-V cpuid features + // (0x4000000C), and then for the `ebx` value set. + // + // For Intel TDX, `ebx` is set as `0xbe3`, being 3 the part + // we're mostly interested about,according to: + // https://github.com/torvalds/linux/blob/d2f51b3516dade79269ff45eae2a7668ae711b25/arch/x86/include/asm/hyperv-tlfs.h#L169-L174 + _, ebx, _, _ := cpuid(0x4000000C) + fs.setIf(ebx == 0xbe3, TDX_GUEST) + } + if mfi >= 0x21 { // Intel Trusted Domain Extensions Guests have their own cpuid leaf (0x21). _, ebx, ecx, edx := cpuid(0x21) @@ -1404,6 +1442,14 @@ func support() flagSet { return fs } +func (c *CPUInfo) supportAVX10() uint8 { + if c.maxFunc >= 0x24 && c.featureSet.inSet(AVX10) { + _, ebx, _, _ := cpuidex(0x24, 0) + return uint8(ebx) + } + return 0 +} + func valAsString(values ...uint32) []byte { r := make([]byte, 4*len(values)) for i, v := range values { diff --git a/vendor/github.com/klauspost/cpuid/v2/detect_x86.go b/vendor/github.com/klauspost/cpuid/v2/detect_x86.go index c946824ec..c7dfa125d 100644 --- a/vendor/github.com/klauspost/cpuid/v2/detect_x86.go +++ b/vendor/github.com/klauspost/cpuid/v2/detect_x86.go @@ -31,6 +31,7 @@ func addInfo(c *CPUInfo, safe bool) { c.LogicalCores = logicalCores() c.PhysicalCores = physicalCores() c.VendorID, c.VendorString = vendorID() + c.AVX10Level = c.supportAVX10() c.cacheSize() c.frequencies() } diff --git a/vendor/github.com/klauspost/cpuid/v2/featureid_string.go b/vendor/github.com/klauspost/cpuid/v2/featureid_string.go index 024c706af..43bd05f51 100644 --- a/vendor/github.com/klauspost/cpuid/v2/featureid_string.go +++ b/vendor/github.com/klauspost/cpuid/v2/featureid_string.go @@ -16,210 +16,217 @@ func _() { _ = x[AMXFP16-6] _ = x[AMXINT8-7] _ = x[AMXTILE-8] - _ = x[AVX-9] - _ = x[AVX2-10] - _ = x[AVX512BF16-11] - _ = x[AVX512BITALG-12] - _ = x[AVX512BW-13] - _ = x[AVX512CD-14] - _ = x[AVX512DQ-15] - _ = x[AVX512ER-16] - _ = x[AVX512F-17] - _ = x[AVX512FP16-18] - _ = x[AVX512IFMA-19] - _ = x[AVX512PF-20] - _ = x[AVX512VBMI-21] - _ = x[AVX512VBMI2-22] - _ = x[AVX512VL-23] - _ = x[AVX512VNNI-24] - _ = x[AVX512VP2INTERSECT-25] - _ = x[AVX512VPOPCNTDQ-26] - _ = x[AVXIFMA-27] - _ = x[AVXNECONVERT-28] - _ = x[AVXSLOW-29] - _ = x[AVXVNNI-30] - _ = x[AVXVNNIINT8-31] - _ = x[BHI_CTRL-32] - _ = x[BMI1-33] - _ = x[BMI2-34] - _ = x[CETIBT-35] - _ = x[CETSS-36] - _ = x[CLDEMOTE-37] - _ = x[CLMUL-38] - _ = x[CLZERO-39] - _ = x[CMOV-40] - _ = x[CMPCCXADD-41] - _ = x[CMPSB_SCADBS_SHORT-42] - _ = x[CMPXCHG8-43] - _ = x[CPBOOST-44] - _ = x[CPPC-45] - _ = x[CX16-46] - _ = x[EFER_LMSLE_UNS-47] - _ = x[ENQCMD-48] - _ = x[ERMS-49] - _ = x[F16C-50] - _ = x[FLUSH_L1D-51] - _ = x[FMA3-52] - _ = x[FMA4-53] - _ = x[FP128-54] - _ = x[FP256-55] - _ = x[FSRM-56] - _ = x[FXSR-57] - _ = x[FXSROPT-58] - _ = x[GFNI-59] - _ = x[HLE-60] - _ = x[HRESET-61] - _ = x[HTT-62] - _ = x[HWA-63] - _ = x[HYBRID_CPU-64] - _ = x[HYPERVISOR-65] - _ = x[IA32_ARCH_CAP-66] - _ = x[IA32_CORE_CAP-67] - _ = x[IBPB-68] - _ = x[IBRS-69] - _ = x[IBRS_PREFERRED-70] - _ = x[IBRS_PROVIDES_SMP-71] - _ = x[IBS-72] - _ = x[IBSBRNTRGT-73] - _ = x[IBSFETCHSAM-74] - _ = x[IBSFFV-75] - _ = x[IBSOPCNT-76] - _ = x[IBSOPCNTEXT-77] - _ = x[IBSOPSAM-78] - _ = x[IBSRDWROPCNT-79] - _ = x[IBSRIPINVALIDCHK-80] - _ = x[IBS_FETCH_CTLX-81] - _ = x[IBS_OPDATA4-82] - _ = x[IBS_OPFUSE-83] - _ = x[IBS_PREVENTHOST-84] - _ = x[IBS_ZEN4-85] - _ = x[IDPRED_CTRL-86] - _ = x[INT_WBINVD-87] - _ = x[INVLPGB-88] - _ = x[LAHF-89] - _ = x[LAM-90] - _ = x[LBRVIRT-91] - _ = x[LZCNT-92] - _ = x[MCAOVERFLOW-93] - _ = x[MCDT_NO-94] - _ = x[MCOMMIT-95] - _ = x[MD_CLEAR-96] - _ = x[MMX-97] - _ = x[MMXEXT-98] - _ = x[MOVBE-99] - _ = x[MOVDIR64B-100] - _ = x[MOVDIRI-101] - _ = x[MOVSB_ZL-102] - _ = x[MOVU-103] - _ = x[MPX-104] - _ = x[MSRIRC-105] - _ = x[MSRLIST-106] - _ = x[MSR_PAGEFLUSH-107] - _ = x[NRIPS-108] - _ = x[NX-109] - _ = x[OSXSAVE-110] - _ = x[PCONFIG-111] - _ = x[POPCNT-112] - _ = x[PPIN-113] - _ = x[PREFETCHI-114] - _ = x[PSFD-115] - _ = x[RDPRU-116] - _ = x[RDRAND-117] - _ = x[RDSEED-118] - _ = x[RDTSCP-119] - _ = x[RRSBA_CTRL-120] - _ = x[RTM-121] - _ = x[RTM_ALWAYS_ABORT-122] - _ = x[SERIALIZE-123] - _ = x[SEV-124] - _ = x[SEV_64BIT-125] - _ = x[SEV_ALTERNATIVE-126] - _ = x[SEV_DEBUGSWAP-127] - _ = x[SEV_ES-128] - _ = x[SEV_RESTRICTED-129] - _ = x[SEV_SNP-130] - _ = x[SGX-131] - _ = x[SGXLC-132] - _ = x[SHA-133] - _ = x[SME-134] - _ = x[SME_COHERENT-135] - _ = x[SPEC_CTRL_SSBD-136] - _ = x[SRBDS_CTRL-137] - _ = x[SSE-138] - _ = x[SSE2-139] - _ = x[SSE3-140] - _ = x[SSE4-141] - _ = x[SSE42-142] - _ = x[SSE4A-143] - _ = x[SSSE3-144] - _ = x[STIBP-145] - _ = x[STIBP_ALWAYSON-146] - _ = x[STOSB_SHORT-147] - _ = x[SUCCOR-148] - _ = x[SVM-149] - _ = x[SVMDA-150] - _ = x[SVMFBASID-151] - _ = x[SVML-152] - _ = x[SVMNP-153] - _ = x[SVMPF-154] - _ = x[SVMPFT-155] - _ = x[SYSCALL-156] - _ = x[SYSEE-157] - _ = x[TBM-158] - _ = x[TDX_GUEST-159] - _ = x[TLB_FLUSH_NESTED-160] - _ = x[TME-161] - _ = x[TOPEXT-162] - _ = x[TSCRATEMSR-163] - _ = x[TSXLDTRK-164] - _ = x[VAES-165] - _ = x[VMCBCLEAN-166] - _ = x[VMPL-167] - _ = x[VMSA_REGPROT-168] - _ = x[VMX-169] - _ = x[VPCLMULQDQ-170] - _ = x[VTE-171] - _ = x[WAITPKG-172] - _ = x[WBNOINVD-173] - _ = x[WRMSRNS-174] - _ = x[X87-175] - _ = x[XGETBV1-176] - _ = x[XOP-177] - _ = x[XSAVE-178] - _ = x[XSAVEC-179] - _ = x[XSAVEOPT-180] - _ = x[XSAVES-181] - _ = x[AESARM-182] - _ = x[ARMCPUID-183] - _ = x[ASIMD-184] - _ = x[ASIMDDP-185] - _ = x[ASIMDHP-186] - _ = x[ASIMDRDM-187] - _ = x[ATOMICS-188] - _ = x[CRC32-189] - _ = x[DCPOP-190] - _ = x[EVTSTRM-191] - _ = x[FCMA-192] - _ = x[FP-193] - _ = x[FPHP-194] - _ = x[GPA-195] - _ = x[JSCVT-196] - _ = x[LRCPC-197] - _ = x[PMULL-198] - _ = x[SHA1-199] - _ = x[SHA2-200] - _ = x[SHA3-201] - _ = x[SHA512-202] - _ = x[SM3-203] - _ = x[SM4-204] - _ = x[SVE-205] - _ = x[lastID-206] + _ = x[APX_F-9] + _ = x[AVX-10] + _ = x[AVX10-11] + _ = x[AVX10_128-12] + _ = x[AVX10_256-13] + _ = x[AVX10_512-14] + _ = x[AVX2-15] + _ = x[AVX512BF16-16] + _ = x[AVX512BITALG-17] + _ = x[AVX512BW-18] + _ = x[AVX512CD-19] + _ = x[AVX512DQ-20] + _ = x[AVX512ER-21] + _ = x[AVX512F-22] + _ = x[AVX512FP16-23] + _ = x[AVX512IFMA-24] + _ = x[AVX512PF-25] + _ = x[AVX512VBMI-26] + _ = x[AVX512VBMI2-27] + _ = x[AVX512VL-28] + _ = x[AVX512VNNI-29] + _ = x[AVX512VP2INTERSECT-30] + _ = x[AVX512VPOPCNTDQ-31] + _ = x[AVXIFMA-32] + _ = x[AVXNECONVERT-33] + _ = x[AVXSLOW-34] + _ = x[AVXVNNI-35] + _ = x[AVXVNNIINT8-36] + _ = x[BHI_CTRL-37] + _ = x[BMI1-38] + _ = x[BMI2-39] + _ = x[CETIBT-40] + _ = x[CETSS-41] + _ = x[CLDEMOTE-42] + _ = x[CLMUL-43] + _ = x[CLZERO-44] + _ = x[CMOV-45] + _ = x[CMPCCXADD-46] + _ = x[CMPSB_SCADBS_SHORT-47] + _ = x[CMPXCHG8-48] + _ = x[CPBOOST-49] + _ = x[CPPC-50] + _ = x[CX16-51] + _ = x[EFER_LMSLE_UNS-52] + _ = x[ENQCMD-53] + _ = x[ERMS-54] + _ = x[F16C-55] + _ = x[FLUSH_L1D-56] + _ = x[FMA3-57] + _ = x[FMA4-58] + _ = x[FP128-59] + _ = x[FP256-60] + _ = x[FSRM-61] + _ = x[FXSR-62] + _ = x[FXSROPT-63] + _ = x[GFNI-64] + _ = x[HLE-65] + _ = x[HRESET-66] + _ = x[HTT-67] + _ = x[HWA-68] + _ = x[HYBRID_CPU-69] + _ = x[HYPERVISOR-70] + _ = x[IA32_ARCH_CAP-71] + _ = x[IA32_CORE_CAP-72] + _ = x[IBPB-73] + _ = x[IBRS-74] + _ = x[IBRS_PREFERRED-75] + _ = x[IBRS_PROVIDES_SMP-76] + _ = x[IBS-77] + _ = x[IBSBRNTRGT-78] + _ = x[IBSFETCHSAM-79] + _ = x[IBSFFV-80] + _ = x[IBSOPCNT-81] + _ = x[IBSOPCNTEXT-82] + _ = x[IBSOPSAM-83] + _ = x[IBSRDWROPCNT-84] + _ = x[IBSRIPINVALIDCHK-85] + _ = x[IBS_FETCH_CTLX-86] + _ = x[IBS_OPDATA4-87] + _ = x[IBS_OPFUSE-88] + _ = x[IBS_PREVENTHOST-89] + _ = x[IBS_ZEN4-90] + _ = x[IDPRED_CTRL-91] + _ = x[INT_WBINVD-92] + _ = x[INVLPGB-93] + _ = x[KEYLOCKER-94] + _ = x[KEYLOCKERW-95] + _ = x[LAHF-96] + _ = x[LAM-97] + _ = x[LBRVIRT-98] + _ = x[LZCNT-99] + _ = x[MCAOVERFLOW-100] + _ = x[MCDT_NO-101] + _ = x[MCOMMIT-102] + _ = x[MD_CLEAR-103] + _ = x[MMX-104] + _ = x[MMXEXT-105] + _ = x[MOVBE-106] + _ = x[MOVDIR64B-107] + _ = x[MOVDIRI-108] + _ = x[MOVSB_ZL-109] + _ = x[MOVU-110] + _ = x[MPX-111] + _ = x[MSRIRC-112] + _ = x[MSRLIST-113] + _ = x[MSR_PAGEFLUSH-114] + _ = x[NRIPS-115] + _ = x[NX-116] + _ = x[OSXSAVE-117] + _ = x[PCONFIG-118] + _ = x[POPCNT-119] + _ = x[PPIN-120] + _ = x[PREFETCHI-121] + _ = x[PSFD-122] + _ = x[RDPRU-123] + _ = x[RDRAND-124] + _ = x[RDSEED-125] + _ = x[RDTSCP-126] + _ = x[RRSBA_CTRL-127] + _ = x[RTM-128] + _ = x[RTM_ALWAYS_ABORT-129] + _ = x[SERIALIZE-130] + _ = x[SEV-131] + _ = x[SEV_64BIT-132] + _ = x[SEV_ALTERNATIVE-133] + _ = x[SEV_DEBUGSWAP-134] + _ = x[SEV_ES-135] + _ = x[SEV_RESTRICTED-136] + _ = x[SEV_SNP-137] + _ = x[SGX-138] + _ = x[SGXLC-139] + _ = x[SHA-140] + _ = x[SME-141] + _ = x[SME_COHERENT-142] + _ = x[SPEC_CTRL_SSBD-143] + _ = x[SRBDS_CTRL-144] + _ = x[SSE-145] + _ = x[SSE2-146] + _ = x[SSE3-147] + _ = x[SSE4-148] + _ = x[SSE42-149] + _ = x[SSE4A-150] + _ = x[SSSE3-151] + _ = x[STIBP-152] + _ = x[STIBP_ALWAYSON-153] + _ = x[STOSB_SHORT-154] + _ = x[SUCCOR-155] + _ = x[SVM-156] + _ = x[SVMDA-157] + _ = x[SVMFBASID-158] + _ = x[SVML-159] + _ = x[SVMNP-160] + _ = x[SVMPF-161] + _ = x[SVMPFT-162] + _ = x[SYSCALL-163] + _ = x[SYSEE-164] + _ = x[TBM-165] + _ = x[TDX_GUEST-166] + _ = x[TLB_FLUSH_NESTED-167] + _ = x[TME-168] + _ = x[TOPEXT-169] + _ = x[TSCRATEMSR-170] + _ = x[TSXLDTRK-171] + _ = x[VAES-172] + _ = x[VMCBCLEAN-173] + _ = x[VMPL-174] + _ = x[VMSA_REGPROT-175] + _ = x[VMX-176] + _ = x[VPCLMULQDQ-177] + _ = x[VTE-178] + _ = x[WAITPKG-179] + _ = x[WBNOINVD-180] + _ = x[WRMSRNS-181] + _ = x[X87-182] + _ = x[XGETBV1-183] + _ = x[XOP-184] + _ = x[XSAVE-185] + _ = x[XSAVEC-186] + _ = x[XSAVEOPT-187] + _ = x[XSAVES-188] + _ = x[AESARM-189] + _ = x[ARMCPUID-190] + _ = x[ASIMD-191] + _ = x[ASIMDDP-192] + _ = x[ASIMDHP-193] + _ = x[ASIMDRDM-194] + _ = x[ATOMICS-195] + _ = x[CRC32-196] + _ = x[DCPOP-197] + _ = x[EVTSTRM-198] + _ = x[FCMA-199] + _ = x[FP-200] + _ = x[FPHP-201] + _ = x[GPA-202] + _ = x[JSCVT-203] + _ = x[LRCPC-204] + _ = x[PMULL-205] + _ = x[SHA1-206] + _ = x[SHA2-207] + _ = x[SHA3-208] + _ = x[SHA512-209] + _ = x[SM3-210] + _ = x[SM4-211] + _ = x[SVE-212] + _ = x[lastID-213] _ = x[firstID-0] } -const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXTILEAVXAVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFPFPHPGPAJSCVTLRCPCPMULLSHA1SHA2SHA3SHA512SM3SM4SVElastID" +const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXTILEAPX_FAVXAVX10AVX10_128AVX10_256AVX10_512AVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBKEYLOCKERKEYLOCKERWLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFPFPHPGPAJSCVTLRCPCPMULLSHA1SHA2SHA3SHA512SM3SM4SVElastID" -var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 62, 65, 69, 79, 91, 99, 107, 115, 123, 130, 140, 150, 158, 168, 179, 187, 197, 215, 230, 237, 249, 256, 263, 274, 282, 286, 290, 296, 301, 309, 314, 320, 324, 333, 351, 359, 366, 370, 374, 388, 394, 398, 402, 411, 415, 419, 424, 429, 433, 437, 444, 448, 451, 457, 460, 463, 473, 483, 496, 509, 513, 517, 531, 548, 551, 561, 572, 578, 586, 597, 605, 617, 633, 647, 658, 668, 683, 691, 702, 712, 719, 723, 726, 733, 738, 749, 756, 763, 771, 774, 780, 785, 794, 801, 809, 813, 816, 822, 829, 842, 847, 849, 856, 863, 869, 873, 882, 886, 891, 897, 903, 909, 919, 922, 938, 947, 950, 959, 974, 987, 993, 1007, 1014, 1017, 1022, 1025, 1028, 1040, 1054, 1064, 1067, 1071, 1075, 1079, 1084, 1089, 1094, 1099, 1113, 1124, 1130, 1133, 1138, 1147, 1151, 1156, 1161, 1167, 1174, 1179, 1182, 1191, 1207, 1210, 1216, 1226, 1234, 1238, 1247, 1251, 1263, 1266, 1276, 1279, 1286, 1294, 1301, 1304, 1311, 1314, 1319, 1325, 1333, 1339, 1345, 1353, 1358, 1365, 1372, 1380, 1387, 1392, 1397, 1404, 1408, 1410, 1414, 1417, 1422, 1427, 1432, 1436, 1440, 1444, 1450, 1453, 1456, 1459, 1465} +var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 62, 67, 70, 75, 84, 93, 102, 106, 116, 128, 136, 144, 152, 160, 167, 177, 187, 195, 205, 216, 224, 234, 252, 267, 274, 286, 293, 300, 311, 319, 323, 327, 333, 338, 346, 351, 357, 361, 370, 388, 396, 403, 407, 411, 425, 431, 435, 439, 448, 452, 456, 461, 466, 470, 474, 481, 485, 488, 494, 497, 500, 510, 520, 533, 546, 550, 554, 568, 585, 588, 598, 609, 615, 623, 634, 642, 654, 670, 684, 695, 705, 720, 728, 739, 749, 756, 765, 775, 779, 782, 789, 794, 805, 812, 819, 827, 830, 836, 841, 850, 857, 865, 869, 872, 878, 885, 898, 903, 905, 912, 919, 925, 929, 938, 942, 947, 953, 959, 965, 975, 978, 994, 1003, 1006, 1015, 1030, 1043, 1049, 1063, 1070, 1073, 1078, 1081, 1084, 1096, 1110, 1120, 1123, 1127, 1131, 1135, 1140, 1145, 1150, 1155, 1169, 1180, 1186, 1189, 1194, 1203, 1207, 1212, 1217, 1223, 1230, 1235, 1238, 1247, 1263, 1266, 1272, 1282, 1290, 1294, 1303, 1307, 1319, 1322, 1332, 1335, 1342, 1350, 1357, 1360, 1367, 1370, 1375, 1381, 1389, 1395, 1401, 1409, 1414, 1421, 1428, 1436, 1443, 1448, 1453, 1460, 1464, 1466, 1470, 1473, 1478, 1483, 1488, 1492, 1496, 1500, 1506, 1509, 1512, 1515, 1521} func (i FeatureID) String() string { if i < 0 || i >= FeatureID(len(_FeatureID_index)-1) { diff --git a/vendor/github.com/minio/minio-go/v7/api-get-options.go b/vendor/github.com/minio/minio-go/v7/api-get-options.go index bb86a5994..a0216e201 100644 --- a/vendor/github.com/minio/minio-go/v7/api-get-options.go +++ b/vendor/github.com/minio/minio-go/v7/api-get-options.go @@ -87,10 +87,10 @@ func (o *GetObjectOptions) Set(key, value string) { } // SetReqParam - set request query string parameter -// supported key: see supportedQueryValues. +// supported key: see supportedQueryValues and allowedCustomQueryPrefix. // If an unsupported key is passed in, it will be ignored and nothing will be done. func (o *GetObjectOptions) SetReqParam(key, value string) { - if !isStandardQueryValue(key) { + if !isCustomQueryValue(key) && !isStandardQueryValue(key) { // do nothing return } @@ -101,10 +101,10 @@ func (o *GetObjectOptions) SetReqParam(key, value string) { } // AddReqParam - add request query string parameter -// supported key: see supportedQueryValues. +// supported key: see supportedQueryValues and allowedCustomQueryPrefix. // If an unsupported key is passed in, it will be ignored and nothing will be done. func (o *GetObjectOptions) AddReqParam(key, value string) { - if !isStandardQueryValue(key) { + if !isCustomQueryValue(key) && !isStandardQueryValue(key) { // do nothing return } diff --git a/vendor/github.com/minio/minio-go/v7/api-object-tagging.go b/vendor/github.com/minio/minio-go/v7/api-object-tagging.go index 305c36de8..6623e262a 100644 --- a/vendor/github.com/minio/minio-go/v7/api-object-tagging.go +++ b/vendor/github.com/minio/minio-go/v7/api-object-tagging.go @@ -32,6 +32,12 @@ import ( // to update tag(s) of a specific object version type PutObjectTaggingOptions struct { VersionID string + Internal AdvancedObjectTaggingOptions +} + +// AdvancedObjectTaggingOptions for internal use by MinIO server - not intended for client use. +type AdvancedObjectTaggingOptions struct { + ReplicationProxyRequest string } // PutObjectTagging replaces or creates object tag(s) and can target @@ -50,7 +56,10 @@ func (c *Client) PutObjectTagging(ctx context.Context, bucketName, objectName st if opts.VersionID != "" { urlValues.Set("versionId", opts.VersionID) } - + headers := make(http.Header, 0) + if opts.Internal.ReplicationProxyRequest != "" { + headers.Set(minIOBucketReplicationProxyRequest, opts.Internal.ReplicationProxyRequest) + } reqBytes, err := xml.Marshal(otags) if err != nil { return err @@ -63,6 +72,7 @@ func (c *Client) PutObjectTagging(ctx context.Context, bucketName, objectName st contentBody: bytes.NewReader(reqBytes), contentLength: int64(len(reqBytes)), contentMD5Base64: sumMD5Base64(reqBytes), + customHeader: headers, } // Execute PUT to set a object tagging. @@ -83,6 +93,7 @@ func (c *Client) PutObjectTagging(ctx context.Context, bucketName, objectName st // to fetch the tagging key/value pairs type GetObjectTaggingOptions struct { VersionID string + Internal AdvancedObjectTaggingOptions } // GetObjectTagging fetches object tag(s) with options to target @@ -96,12 +107,16 @@ func (c *Client) GetObjectTagging(ctx context.Context, bucketName, objectName st if opts.VersionID != "" { urlValues.Set("versionId", opts.VersionID) } - + headers := make(http.Header, 0) + if opts.Internal.ReplicationProxyRequest != "" { + headers.Set(minIOBucketReplicationProxyRequest, opts.Internal.ReplicationProxyRequest) + } // Execute GET on object to get object tag(s) resp, err := c.executeMethod(ctx, http.MethodGet, requestMetadata{ - bucketName: bucketName, - objectName: objectName, - queryValues: urlValues, + bucketName: bucketName, + objectName: objectName, + queryValues: urlValues, + customHeader: headers, }) defer closeResponse(resp) @@ -121,6 +136,7 @@ func (c *Client) GetObjectTagging(ctx context.Context, bucketName, objectName st // RemoveObjectTaggingOptions holds the version id of the object to remove type RemoveObjectTaggingOptions struct { VersionID string + Internal AdvancedObjectTaggingOptions } // RemoveObjectTagging removes object tag(s) with options to control a specific object @@ -134,12 +150,16 @@ func (c *Client) RemoveObjectTagging(ctx context.Context, bucketName, objectName if opts.VersionID != "" { urlValues.Set("versionId", opts.VersionID) } - + headers := make(http.Header, 0) + if opts.Internal.ReplicationProxyRequest != "" { + headers.Set(minIOBucketReplicationProxyRequest, opts.Internal.ReplicationProxyRequest) + } // Execute DELETE on object to remove object tag(s) resp, err := c.executeMethod(ctx, http.MethodDelete, requestMetadata{ - bucketName: bucketName, - objectName: objectName, - queryValues: urlValues, + bucketName: bucketName, + objectName: objectName, + queryValues: urlValues, + customHeader: headers, }) defer closeResponse(resp) diff --git a/vendor/github.com/minio/minio-go/v7/api.go b/vendor/github.com/minio/minio-go/v7/api.go index 88a9eacc3..f8a9b34cb 100644 --- a/vendor/github.com/minio/minio-go/v7/api.go +++ b/vendor/github.com/minio/minio-go/v7/api.go @@ -127,7 +127,7 @@ type Options struct { // Global constants. const ( libraryName = "minio-go" - libraryVersion = "v7.0.65" + libraryVersion = "v7.0.66" ) // User Agent should always following the below style. diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go index 0c9536deb..c5153c4ca 100644 --- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go +++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go @@ -54,19 +54,36 @@ type IAM struct { // Custom endpoint to fetch IAM role credentials. Endpoint string + + // Region configurable custom region for STS + Region string + + // Support for container authorization token https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html + Container struct { + AuthorizationToken string + CredentialsFullURI string + CredentialsRelativeURI string + } + + // EKS based k8s RBAC authorization - https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html + EKSIdentity struct { + TokenFile string + RoleARN string + RoleSessionName string + } } // IAM Roles for Amazon EC2 // http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html const ( - defaultIAMRoleEndpoint = "http://169.254.169.254" - defaultECSRoleEndpoint = "http://169.254.170.2" - defaultSTSRoleEndpoint = "https://sts.amazonaws.com" - defaultIAMSecurityCredsPath = "/latest/meta-data/iam/security-credentials/" - tokenRequestTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds" - tokenPath = "/latest/api/token" - tokenTTL = "21600" - tokenRequestHeader = "X-aws-ec2-metadata-token" + DefaultIAMRoleEndpoint = "http://169.254.169.254" + DefaultECSRoleEndpoint = "http://169.254.170.2" + DefaultSTSRoleEndpoint = "https://sts.amazonaws.com" + DefaultIAMSecurityCredsPath = "/latest/meta-data/iam/security-credentials/" + TokenRequestTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds" + TokenPath = "/latest/api/token" + TokenTTL = "21600" + TokenRequestHeader = "X-aws-ec2-metadata-token" ) // NewIAM returns a pointer to a new Credentials object wrapping the IAM. @@ -84,21 +101,55 @@ func NewIAM(endpoint string) *Credentials { // the desired func (m *IAM) Retrieve() (Value, error) { token := os.Getenv("AWS_CONTAINER_AUTHORIZATION_TOKEN") + if token == "" { + token = m.Container.AuthorizationToken + } + + relativeURI := os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI") + if relativeURI == "" { + relativeURI = m.Container.CredentialsRelativeURI + } + + fullURI := os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI") + if fullURI == "" { + fullURI = m.Container.CredentialsFullURI + } + + identityFile := os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE") + if identityFile == "" { + identityFile = m.EKSIdentity.TokenFile + } + + roleArn := os.Getenv("AWS_ROLE_ARN") + if roleArn == "" { + roleArn = m.EKSIdentity.RoleARN + } + + roleSessionName := os.Getenv("AWS_ROLE_SESSION_NAME") + if roleSessionName == "" { + roleSessionName = m.EKSIdentity.RoleSessionName + } + + region := os.Getenv("AWS_REGION") + if region == "" { + region = m.Region + } + var roleCreds ec2RoleCredRespBody var err error endpoint := m.Endpoint switch { - case len(os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")) > 0: + case identityFile != "": if len(endpoint) == 0 { - if len(os.Getenv("AWS_REGION")) > 0 { - if strings.HasPrefix(os.Getenv("AWS_REGION"), "cn-") { - endpoint = "https://sts." + os.Getenv("AWS_REGION") + ".amazonaws.com.cn" + if region != "" { + if strings.HasPrefix(region, "cn-") { + endpoint = "https://sts." + region + ".amazonaws.com.cn" } else { - endpoint = "https://sts." + os.Getenv("AWS_REGION") + ".amazonaws.com" + endpoint = "https://sts." + region + ".amazonaws.com" } } else { - endpoint = defaultSTSRoleEndpoint + endpoint = DefaultSTSRoleEndpoint } } @@ -106,15 +157,15 @@ func (m *IAM) Retrieve() (Value, error) { Client: m.Client, STSEndpoint: endpoint, GetWebIDTokenExpiry: func() (*WebIdentityToken, error) { - token, err := os.ReadFile(os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")) + token, err := os.ReadFile(identityFile) if err != nil { return nil, err } return &WebIdentityToken{Token: string(token)}, nil }, - RoleARN: os.Getenv("AWS_ROLE_ARN"), - roleSessionName: os.Getenv("AWS_ROLE_SESSION_NAME"), + RoleARN: roleArn, + roleSessionName: roleSessionName, } stsWebIdentityCreds, err := creds.Retrieve() @@ -123,17 +174,16 @@ func (m *IAM) Retrieve() (Value, error) { } return stsWebIdentityCreds, err - case len(os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")) > 0: + case relativeURI != "": if len(endpoint) == 0 { - endpoint = fmt.Sprintf("%s%s", defaultECSRoleEndpoint, - os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")) + endpoint = fmt.Sprintf("%s%s", DefaultECSRoleEndpoint, relativeURI) } roleCreds, err = getEcsTaskCredentials(m.Client, endpoint, token) - case len(os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI")) > 0: + case fullURI != "": if len(endpoint) == 0 { - endpoint = os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI") + endpoint = fullURI var ok bool if ok, err = isLoopback(endpoint); !ok { if err == nil { @@ -189,7 +239,7 @@ func getIAMRoleURL(endpoint string) (*url.URL, error) { if err != nil { return nil, err } - u.Path = defaultIAMSecurityCredsPath + u.Path = DefaultIAMSecurityCredsPath return u, nil } @@ -203,7 +253,7 @@ func listRoleNames(client *http.Client, u *url.URL, token string) ([]string, err return nil, err } if token != "" { - req.Header.Add(tokenRequestHeader, token) + req.Header.Add(TokenRequestHeader, token) } resp, err := client.Do(req) if err != nil { @@ -258,11 +308,11 @@ func fetchIMDSToken(client *http.Client, endpoint string) (string, error) { ctx, cancel := context.WithTimeout(context.Background(), time.Second) defer cancel() - req, err := http.NewRequestWithContext(ctx, http.MethodPut, endpoint+tokenPath, nil) + req, err := http.NewRequestWithContext(ctx, http.MethodPut, endpoint+TokenPath, nil) if err != nil { return "", err } - req.Header.Add(tokenRequestTTLHeader, tokenTTL) + req.Header.Add(TokenRequestTTLHeader, TokenTTL) resp, err := client.Do(req) if err != nil { return "", err @@ -285,7 +335,7 @@ func fetchIMDSToken(client *http.Client, endpoint string) (string, error) { // reading the response an error will be returned. func getCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody, error) { if endpoint == "" { - endpoint = defaultIAMRoleEndpoint + endpoint = DefaultIAMRoleEndpoint } // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html @@ -332,7 +382,7 @@ func getCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody, return ec2RoleCredRespBody{}, err } if token != "" { - req.Header.Add(tokenRequestHeader, token) + req.Header.Add(TokenRequestHeader, token) } resp, err := client.Do(req) diff --git a/vendor/github.com/minio/minio-go/v7/utils.go b/vendor/github.com/minio/minio-go/v7/utils.go index 6a93561ea..e39eba028 100644 --- a/vendor/github.com/minio/minio-go/v7/utils.go +++ b/vendor/github.com/minio/minio-go/v7/utils.go @@ -528,6 +528,14 @@ func isStandardQueryValue(qsKey string) bool { return supportedQueryValues[qsKey] } +// Per documentation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html#LogFormatCustom, the +// set of query params starting with "x-" are ignored by S3. +const allowedCustomQueryPrefix = "x-" + +func isCustomQueryValue(qsKey string) bool { + return strings.HasPrefix(qsKey, allowedCustomQueryPrefix) +} + var ( md5Pool = sync.Pool{New: func() interface{} { return md5.New() }} sha256Pool = sync.Pool{New: func() interface{} { return sha256.New() }} diff --git a/vendor/modules.txt b/vendor/modules.txt index c6c7ec5a3..4f7b1eae4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -350,14 +350,14 @@ github.com/json-iterator/go # github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 ## explicit github.com/kballard/go-shellquote -# github.com/klauspost/compress v1.17.2 -## explicit; go 1.18 +# github.com/klauspost/compress v1.17.4 +## explicit; go 1.19 github.com/klauspost/compress/flate github.com/klauspost/compress/gzip github.com/klauspost/compress/s2 github.com/klauspost/compress/snappy github.com/klauspost/compress/zlib -# github.com/klauspost/cpuid/v2 v2.2.5 +# github.com/klauspost/cpuid/v2 v2.2.6 ## explicit; go 1.15 github.com/klauspost/cpuid/v2 # github.com/leodido/go-urn v1.2.4 @@ -382,7 +382,7 @@ github.com/miekg/dns # github.com/minio/md5-simd v1.1.2 ## explicit; go 1.14 github.com/minio/md5-simd -# github.com/minio/minio-go/v7 v7.0.65 +# github.com/minio/minio-go/v7 v7.0.66 ## explicit; go 1.17 github.com/minio/minio-go/v7 github.com/minio/minio-go/v7/pkg/credentials