diff --git a/go.mod b/go.mod index 6b548584..a85116e9 100644 --- a/go.mod +++ b/go.mod @@ -7,8 +7,8 @@ require ( github.com/aws/aws-sdk-go-v2 v1.41.3 github.com/aws/aws-sdk-go-v2/config v1.32.11 github.com/aws/aws-sdk-go-v2/credentials v1.19.11 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.6 - github.com/aws/aws-sdk-go-v2/service/s3 v1.96.4 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.7 + github.com/aws/aws-sdk-go-v2/service/s3 v1.97.0 github.com/aws/smithy-go v1.24.2 github.com/blang/semver/v4 v4.0.0 github.com/coreos/go-oidc/v3 v3.17.0 diff --git a/go.sum b/go.sum index 88309b88..28e01bef 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/aws/aws-sdk-go-v2/credentials v1.19.11 h1:NdV8cwCcAXrCWyxArt58BrvZJ9p github.com/aws/aws-sdk-go-v2/credentials v1.19.11/go.mod h1:30yY2zqkMPdrvxBqzI9xQCM+WrlrZKSOpSJEsylVU+8= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.19 h1:INUvJxmhdEbVulJYHI061k4TVuS3jzzthNvjqvVvTKM= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.19/go.mod h1:FpZN2QISLdEBWkayloda+sZjVJL+e9Gl0k1SyTgcswU= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.6 h1:xuOfOJR0SPBrHhzAXZ5c+8i1KyJ+aUVJ2cl8DT16qH4= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.6/go.mod h1:rUVOV4y5upo55JxPss99p9FaN9BvqUjFgE/N54tvLuE= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.7 h1:U1bRnGCibeRlgswAtU0OjsIy+3yQZGBJQoRvTz2m47k= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.7/go.mod h1:o468HQR7wpjYUtIHLk7hMnk+1wya63m32Z4DnGqQJe0= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 h1:/sECfyq2JTifMI2JPyZ4bdRN77zJmr6SrS1eL3augIA= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19/go.mod h1:dMf8A5oAqr9/oxOfLkC/c2LU/uMcALP0Rgn2BD5LWn0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 h1:AWeJMk33GTBf6J20XJe6qZoRSJo0WfUhsMdUKhoODXE= @@ -79,8 +79,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 h1:X1Tow7su github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19/go.mod h1:/rARO8psX+4sfjUQXp5LLifjUt8DuATZ31WptNJTyQA= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.19 h1:JnQeStZvPHFHeyky/7LbMlyQjUa+jIBj36OlWm0pzIk= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.19/go.mod h1:HGyasyHvYdFQeJhvDHfH7HXkHh57htcJGKDZ+7z+I24= -github.com/aws/aws-sdk-go-v2/service/s3 v1.96.4 h1:4ExZyubQ6LQQVuF2Qp9OsfEvsTdAWh5Gfwf6PgIdLdk= -github.com/aws/aws-sdk-go-v2/service/s3 v1.96.4/go.mod h1:NF3JcMGOiARAss1ld3WGORCw71+4ExDD2cbbdKS5PpA= +github.com/aws/aws-sdk-go-v2/service/s3 v1.97.0 h1:zyKY4OxzUImu+DigelJI9o49QQv8CjREs5E1CywjtIA= +github.com/aws/aws-sdk-go-v2/service/s3 v1.97.0/go.mod h1:NF3JcMGOiARAss1ld3WGORCw71+4ExDD2cbbdKS5PpA= github.com/aws/aws-sdk-go-v2/service/signin v1.0.7 h1:Y2cAXlClHsXkkOvWZFXATr34b0hxxloeQu/pAZz2row= github.com/aws/aws-sdk-go-v2/service/signin v1.0.7/go.mod h1:idzZ7gmDeqeNrSPkdbtMp9qWMgcBwykA7P7Rzh5DXVU= github.com/aws/aws-sdk-go-v2/service/sso v1.30.12 h1:iSsvB9EtQ09YrsmIc44Heqlx5ByGErqhPK1ZQLppias= diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md index 0727c5ce..ce38b5b4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.22.7 (2026-03-12) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.22.6 (2026-03-05) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go index b178c841..0a8d363a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go @@ -3,4 +3,4 @@ package manager // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.22.6" +const goModuleVersion = "1.22.7" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md index 3017d723..f4bf051a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.97.0 (2026-03-12) + +* **Feature**: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. + # v1.96.4 (2026-03-05) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go index b50e49e3..02b5d6bc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go @@ -90,9 +90,11 @@ import ( // // - If the source object that you want to copy is in a directory bucket, you // must have the s3express:CreateSession permission in the Action element of a -// policy to read the object. By default, the session is in the ReadWrite mode. -// If you want to restrict the access, you can explicitly set the -// s3express:SessionMode condition key to ReadOnly on the copy source bucket. +// policy to read the object. If no session mode is specified, the session will be +// created with the maximum allowable privilege, attempting ReadWrite first, then +// ReadOnly if ReadWrite is not permitted. If you want to explicitly restrict the +// access to be read-only, you can set the s3express:SessionMode condition key to +// ReadOnly on the copy source bucket. // // - If the copy destination is a directory bucket, you must have the // s3express:CreateSession permission in the Action element of a policy to write diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go index a889220a..2b87aa3a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go @@ -25,6 +25,18 @@ import ( // There are two types of buckets: general purpose buckets and directory buckets. // For more information about these bucket types, see [Creating, configuring, and working with Amazon S3 buckets]in the Amazon S3 User Guide. // +// General purpose buckets exist in a global namespace, which means that each +// bucket name must be unique across all Amazon Web Services accounts in all the +// Amazon Web Services Regions within a partition. A partition is a grouping of +// Regions. Amazon Web Services currently has four partitions: aws (Standard +// Regions), aws-cn (China Regions), aws-us-gov (Amazon Web Services GovCloud +// (US)), and aws-eusc (European Sovereign Cloud). When you create a general +// purpose bucket, you can choose to create a bucket in the shared global namespace +// or you can choose to create a bucket in your account regional namespace. Your +// account regional namespace is a subdivision of the global namespace that only +// your account can create buckets in. For more information on account regional +// namespaces, see [Namespaces for general purpose buckets]. +// // - General purpose buckets - If you send your CreateBucket request to the // s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. So // the signature calculations in Signature Version 4 must use us-east-1 as the @@ -120,6 +132,7 @@ import ( // [Creating, configuring, and working with Amazon S3 buckets]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html // [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [PutObject]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html +// [Namespaces for general purpose buckets]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/gpbucketnamespaces.html // [DeleteBucket]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html // [CreateBucket]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html // [Virtual hosting of buckets]: https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html @@ -173,6 +186,27 @@ type CreateBucketInput struct { // This functionality is not supported for directory buckets. ACL types.BucketCannedACL + // Specifies the namespace where you want to create your general purpose bucket. + // When you create a general purpose bucket, you can choose to create a bucket in + // the shared global namespace or you can choose to create a bucket in your account + // regional namespace. Your account regional namespace is a subdivision of the + // global namespace that only your account can create buckets in. For more + // information on bucket namespaces, see [Namespaces for general purpose buckets]. + // + // General purpose buckets in your account regional namespace must follow a + // specific naming convention. These buckets consist of a bucket name prefix that + // you create, and a suffix that contains your 12-digit Amazon Web Services Account + // ID, the Amazon Web Services Region code, and ends with -an . Bucket names must + // follow the format bucket-name-prefix-accountId-region-an (for example, + // amzn-s3-demo-bucket-111122223333-us-west-2-an ). For information about bucket + // naming restrictions, see [Account regional namespace naming rules]in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + // + // [Account regional namespace naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#account-regional-naming-rules + // [Namespaces for general purpose buckets]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/gpbucketnamespaces.html + BucketNamespace types.BucketNamespace + // The configuration information for the bucket. CreateBucketConfiguration *types.CreateBucketConfiguration diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go index 3b9f1a5e..ea4f7006 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go @@ -234,11 +234,15 @@ type CreateSessionInput struct { ServerSideEncryption types.ServerSideEncryption // Specifies the mode of the session that will be created, either ReadWrite or - // ReadOnly . By default, a ReadWrite session is created. A ReadWrite session is - // capable of executing all the Zonal endpoint API operations on a directory - // bucket. A ReadOnly session is constrained to execute the following Zonal - // endpoint API operations: GetObject , HeadObject , ListObjectsV2 , - // GetObjectAttributes , ListParts , and ListMultipartUploads . + // ReadOnly . If no session mode is specified, the default behavior attempts to + // create a session with the maximum allowable privilege. It will first attempt to + // create a ReadWrite session, and if that is not allowed by permissions, it will + // attempt to create a ReadOnly session. If neither session type is allowed, the + // request will return an Access Denied error. A ReadWrite session is capable of + // executing all the Zonal endpoint API operations on a directory bucket. A + // ReadOnly session is constrained to execute the following Zonal endpoint API + // operations: GetObject , HeadObject , ListObjectsV2 , GetObjectAttributes , + // ListParts , and ListMultipartUploads . SessionMode types.SessionMode noSmithyDocumentSerde diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go index d46c4a13..8745e236 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go @@ -19,9 +19,6 @@ import ( // (ABAC) is not enabled for the bucket. When you [enable ABAC for a general purpose bucket], you can no longer use this // operation for that bucket and must use [UntagResource]instead. // -// if ABAC is not enabled for the bucket. When you [enable ABAC for a general purpose bucket], you can no longer use this -// operation for that bucket and must use [UntagResource]instead. -// // To use this operation, you must have permission to perform the // s3:PutBucketTagging action. By default, the bucket owner has this permission and // can grant this permission to others. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go index c5bb22aa..88833379 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go @@ -18,9 +18,6 @@ import ( // // Returns the tag set associated with the general purpose bucket. // -// if ABAC is not enabled for the bucket. When you [enable ABAC for a general purpose bucket], you can no longer use this -// operation for that bucket and must use [ListTagsForResource]instead. -// // To use this operation, you must have permission to perform the // s3:GetBucketTagging action. By default, the bucket owner has this permission and // can grant this permission to others. @@ -42,9 +39,7 @@ import ( // URL encode this value to my%20%20file.txt . // // [PutBucketTagging]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html -// [enable ABAC for a general purpose bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html // [DeleteBucketTagging]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html -// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListTagsForResource.html func (c *Client) GetBucketTagging(ctx context.Context, params *GetBucketTaggingInput, optFns ...func(*Options)) (*GetBucketTaggingOutput, error) { if params == nil { params = &GetBucketTaggingInput{} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go index 29e413e1..587b66e8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go @@ -52,9 +52,11 @@ import ( // information about permissions, see [Managing access permissions to your Amazon S3 resources]in the Amazon S3 User Guide. // // - Directory bucket permissions - You must have the s3express:CreateSession -// permission in the Action element of a policy. By default, the session is in -// the ReadWrite mode. If you want to restrict the access, you can explicitly set -// the s3express:SessionMode condition key to ReadOnly on the bucket. +// permission in the Action element of a policy. If no session mode is specified, +// the session will be created with the maximum allowable privilege, attempting +// ReadWrite first, then ReadOnly if ReadWrite is not permitted. If you want to +// explicitly restrict the access to be read-only, you can set the +// s3express:SessionMode condition key to ReadOnly on the bucket. // // For more information about example bucket policies, see [Example bucket policies for S3 Express One Zone]and [Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone]in the Amazon S3 // diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go index f6a7126e..ff94b912 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go @@ -84,9 +84,11 @@ import ( // // - If the source object that you want to copy is in a directory bucket, you // must have the s3express:CreateSession permission in the Action element of a -// policy to read the object. By default, the session is in the ReadWrite mode. -// If you want to restrict the access, you can explicitly set the -// s3express:SessionMode condition key to ReadOnly on the copy source bucket. +// policy to read the object. If no session mode is specified, the session will be +// created with the maximum allowable privilege, attempting ReadWrite first, then +// ReadOnly if ReadWrite is not permitted. If you want to explicitly restrict the +// access to be read-only, you can set the s3express:SessionMode condition key to +// ReadOnly on the copy source bucket. // // - If the copy destination is a directory bucket, you must have the // s3express:CreateSession permission in the Action element of a policy to write diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go index 070ece6c..f2ddc1f3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go @@ -3,4 +3,4 @@ package s3 // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.96.4" +const goModuleVersion = "1.97.0" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go index 4730b7a1..4a350051 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go @@ -644,6 +644,11 @@ func awsRestxml_serializeOpHttpBindingsCreateBucketInput(v *CreateBucketInput, e encoder.SetHeader(locationName).String(string(v.ACL)) } + if len(v.BucketNamespace) > 0 { + locationName := "X-Amz-Bucket-Namespace" + encoder.SetHeader(locationName).String(string(v.BucketNamespace)) + } + if v.GrantFullControl != nil { locationName := "X-Amz-Grant-Full-Control" encoder.SetHeader(locationName).String(*v.GrantFullControl) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go index 1a4d118f..0aa362e8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go @@ -201,6 +201,25 @@ func (BucketLogsPermission) Values() []BucketLogsPermission { } } +type BucketNamespace string + +// Enum values for BucketNamespace +const ( + BucketNamespaceAccountRegional BucketNamespace = "account-regional" + BucketNamespaceGlobal BucketNamespace = "global" +) + +// Values returns all known values for BucketNamespace. Note that this can be +// expanded in the future, and so it is only as up to date as the client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (BucketNamespace) Values() []BucketNamespace { + return []BucketNamespace{ + "account-regional", + "global", + } +} + type BucketType string // Enum values for BucketType diff --git a/vendor/modules.txt b/vendor/modules.txt index b9bebde4..aed5a47e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -64,7 +64,7 @@ github.com/aws/aws-sdk-go-v2/credentials/stscreds ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/feature/ec2/imds github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config -# github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.6 +# github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.7 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/feature/s3/manager # github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 @@ -95,7 +95,7 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url github.com/aws/aws-sdk-go-v2/service/internal/s3shared github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config -# github.com/aws/aws-sdk-go-v2/service/s3 v1.96.4 +# github.com/aws/aws-sdk-go-v2/service/s3 v1.97.0 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/s3 github.com/aws/aws-sdk-go-v2/service/s3/internal/arn