[chore]: Bump github.com/minio/minio-go/v7 from 7.0.65 to 7.0.66 (#2467)

Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.65 to 7.0.66. - [Release notes](https://github.com/minio/minio-go/releases) - [Commits](https://github.com/minio/minio-go/compare/v7.0.65...v7.0.66) --- updated-dependencies: - dependency-name: github.com/minio/minio-go/v7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
2025-06-05 21:59:39 +02:00 · 2024-01-03 10:34:54 +00:00
parent 31481fad35
commit 0cb1dd493c
13 changed files with 404 additions and 263 deletions
--- a/vendor/github.com/minio/minio-go/v7/api-get-options.go
+++ b/vendor/github.com/minio/minio-go/v7/api-get-options.go
@ -87,10 +87,10 @@ func (o *GetObjectOptions) Set(key, value string) {
 }

 // SetReqParam - set request query string parameter
-// supported key: see supportedQueryValues.
+// supported key: see supportedQueryValues and allowedCustomQueryPrefix.
 // If an unsupported key is passed in, it will be ignored and nothing will be done.
 func (o *GetObjectOptions) SetReqParam(key, value string) {
-	if !isStandardQueryValue(key) {
+	if !isCustomQueryValue(key) && !isStandardQueryValue(key) {
 		// do nothing
 		return
 	}
@ -101,10 +101,10 @@ func (o *GetObjectOptions) SetReqParam(key, value string) {
 }

 // AddReqParam - add request query string parameter
-// supported key: see supportedQueryValues.
+// supported key: see supportedQueryValues and allowedCustomQueryPrefix.
 // If an unsupported key is passed in, it will be ignored and nothing will be done.
 func (o *GetObjectOptions) AddReqParam(key, value string) {
-	if !isStandardQueryValue(key) {
+	if !isCustomQueryValue(key) && !isStandardQueryValue(key) {
 		// do nothing
 		return
 	}
--- a/vendor/github.com/minio/minio-go/v7/api-object-tagging.go
+++ b/vendor/github.com/minio/minio-go/v7/api-object-tagging.go
@ -32,6 +32,12 @@ import (
 // to update tag(s) of a specific object version
 type PutObjectTaggingOptions struct {
 	VersionID string
+	Internal  AdvancedObjectTaggingOptions
+}
+
+// AdvancedObjectTaggingOptions for internal use by MinIO server - not intended for client use.
+type AdvancedObjectTaggingOptions struct {
+	ReplicationProxyRequest string
 }

 // PutObjectTagging replaces or creates object tag(s) and can target
@ -50,7 +56,10 @@ func (c *Client) PutObjectTagging(ctx context.Context, bucketName, objectName st
 	if opts.VersionID != "" {
 		urlValues.Set("versionId", opts.VersionID)
 	}
-
+	headers := make(http.Header, 0)
+	if opts.Internal.ReplicationProxyRequest != "" {
+		headers.Set(minIOBucketReplicationProxyRequest, opts.Internal.ReplicationProxyRequest)
+	}
 	reqBytes, err := xml.Marshal(otags)
 	if err != nil {
 		return err
@ -63,6 +72,7 @@ func (c *Client) PutObjectTagging(ctx context.Context, bucketName, objectName st
 		contentBody:      bytes.NewReader(reqBytes),
 		contentLength:    int64(len(reqBytes)),
 		contentMD5Base64: sumMD5Base64(reqBytes),
+		customHeader:     headers,
 	}

 	// Execute PUT to set a object tagging.
@ -83,6 +93,7 @@ func (c *Client) PutObjectTagging(ctx context.Context, bucketName, objectName st
 // to fetch the tagging key/value pairs
 type GetObjectTaggingOptions struct {
 	VersionID string
+	Internal  AdvancedObjectTaggingOptions
 }

 // GetObjectTagging fetches object tag(s) with options to target
@ -96,12 +107,16 @@ func (c *Client) GetObjectTagging(ctx context.Context, bucketName, objectName st
 	if opts.VersionID != "" {
 		urlValues.Set("versionId", opts.VersionID)
 	}
-
+	headers := make(http.Header, 0)
+	if opts.Internal.ReplicationProxyRequest != "" {
+		headers.Set(minIOBucketReplicationProxyRequest, opts.Internal.ReplicationProxyRequest)
+	}
 	// Execute GET on object to get object tag(s)
 	resp, err := c.executeMethod(ctx, http.MethodGet, requestMetadata{
-		bucketName:  bucketName,
-		objectName:  objectName,
-		queryValues: urlValues,
+		bucketName:   bucketName,
+		objectName:   objectName,
+		queryValues:  urlValues,
+		customHeader: headers,
 	})

 	defer closeResponse(resp)
@ -121,6 +136,7 @@ func (c *Client) GetObjectTagging(ctx context.Context, bucketName, objectName st
 // RemoveObjectTaggingOptions holds the version id of the object to remove
 type RemoveObjectTaggingOptions struct {
 	VersionID string
+	Internal  AdvancedObjectTaggingOptions
 }

 // RemoveObjectTagging removes object tag(s) with options to control a specific object
@ -134,12 +150,16 @@ func (c *Client) RemoveObjectTagging(ctx context.Context, bucketName, objectName
 	if opts.VersionID != "" {
 		urlValues.Set("versionId", opts.VersionID)
 	}
-
+	headers := make(http.Header, 0)
+	if opts.Internal.ReplicationProxyRequest != "" {
+		headers.Set(minIOBucketReplicationProxyRequest, opts.Internal.ReplicationProxyRequest)
+	}
 	// Execute DELETE on object to remove object tag(s)
 	resp, err := c.executeMethod(ctx, http.MethodDelete, requestMetadata{
-		bucketName:  bucketName,
-		objectName:  objectName,
-		queryValues: urlValues,
+		bucketName:   bucketName,
+		objectName:   objectName,
+		queryValues:  urlValues,
+		customHeader: headers,
 	})

 	defer closeResponse(resp)
--- a/vendor/github.com/minio/minio-go/v7/api.go
+++ b/vendor/github.com/minio/minio-go/v7/api.go
@ -127,7 +127,7 @@ type Options struct {
 // Global constants.
 const (
 	libraryName    = "minio-go"
-	libraryVersion = "v7.0.65"
+	libraryVersion = "v7.0.66"
 )

 // User Agent should always following the below style.
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
@ -54,19 +54,36 @@ type IAM struct {

 	// Custom endpoint to fetch IAM role credentials.
 	Endpoint string
+
+	// Region configurable custom region for STS
+	Region string
+
+	// Support for container authorization token https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html
+	Container struct {
+		AuthorizationToken     string
+		CredentialsFullURI     string
+		CredentialsRelativeURI string
+	}
+
+	// EKS based k8s RBAC authorization - https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html
+	EKSIdentity struct {
+		TokenFile       string
+		RoleARN         string
+		RoleSessionName string
+	}
 }

 // IAM Roles for Amazon EC2
 // http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
 const (
-	defaultIAMRoleEndpoint      = "http://169.254.169.254"
-	defaultECSRoleEndpoint      = "http://169.254.170.2"
-	defaultSTSRoleEndpoint      = "https://sts.amazonaws.com"
-	defaultIAMSecurityCredsPath = "/latest/meta-data/iam/security-credentials/"
-	tokenRequestTTLHeader       = "X-aws-ec2-metadata-token-ttl-seconds"
-	tokenPath                   = "/latest/api/token"
-	tokenTTL                    = "21600"
-	tokenRequestHeader          = "X-aws-ec2-metadata-token"
+	DefaultIAMRoleEndpoint      = "http://169.254.169.254"
+	DefaultECSRoleEndpoint      = "http://169.254.170.2"
+	DefaultSTSRoleEndpoint      = "https://sts.amazonaws.com"
+	DefaultIAMSecurityCredsPath = "/latest/meta-data/iam/security-credentials/"
+	TokenRequestTTLHeader       = "X-aws-ec2-metadata-token-ttl-seconds"
+	TokenPath                   = "/latest/api/token"
+	TokenTTL                    = "21600"
+	TokenRequestHeader          = "X-aws-ec2-metadata-token"
 )

 // NewIAM returns a pointer to a new Credentials object wrapping the IAM.
@ -84,21 +101,55 @@ func NewIAM(endpoint string) *Credentials {
 // the desired
 func (m *IAM) Retrieve() (Value, error) {
 	token := os.Getenv("AWS_CONTAINER_AUTHORIZATION_TOKEN")
+	if token == "" {
+		token = m.Container.AuthorizationToken
+	}
+
+	relativeURI := os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")
+	if relativeURI == "" {
+		relativeURI = m.Container.CredentialsRelativeURI
+	}
+
+	fullURI := os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI")
+	if fullURI == "" {
+		fullURI = m.Container.CredentialsFullURI
+	}
+
+	identityFile := os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
+	if identityFile == "" {
+		identityFile = m.EKSIdentity.TokenFile
+	}
+
+	roleArn := os.Getenv("AWS_ROLE_ARN")
+	if roleArn == "" {
+		roleArn = m.EKSIdentity.RoleARN
+	}
+
+	roleSessionName := os.Getenv("AWS_ROLE_SESSION_NAME")
+	if roleSessionName == "" {
+		roleSessionName = m.EKSIdentity.RoleSessionName
+	}
+
+	region := os.Getenv("AWS_REGION")
+	if region == "" {
+		region = m.Region
+	}
+
 	var roleCreds ec2RoleCredRespBody
 	var err error

 	endpoint := m.Endpoint
 	switch {
-	case len(os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")) > 0:
+	case identityFile != "":
 		if len(endpoint) == 0 {
-			if len(os.Getenv("AWS_REGION")) > 0 {
-				if strings.HasPrefix(os.Getenv("AWS_REGION"), "cn-") {
-					endpoint = "https://sts." + os.Getenv("AWS_REGION") + ".amazonaws.com.cn"
+			if region != "" {
+				if strings.HasPrefix(region, "cn-") {
+					endpoint = "https://sts." + region + ".amazonaws.com.cn"
 				} else {
-					endpoint = "https://sts." + os.Getenv("AWS_REGION") + ".amazonaws.com"
+					endpoint = "https://sts." + region + ".amazonaws.com"
 				}
 			} else {
-				endpoint = defaultSTSRoleEndpoint
+				endpoint = DefaultSTSRoleEndpoint
 			}
 		}

@ -106,15 +157,15 @@ func (m *IAM) Retrieve() (Value, error) {
 			Client:      m.Client,
 			STSEndpoint: endpoint,
 			GetWebIDTokenExpiry: func() (*WebIdentityToken, error) {
-				token, err := os.ReadFile(os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE"))
+				token, err := os.ReadFile(identityFile)
 				if err != nil {
 					return nil, err
 				}

 				return &WebIdentityToken{Token: string(token)}, nil
 			},
-			RoleARN:         os.Getenv("AWS_ROLE_ARN"),
-			roleSessionName: os.Getenv("AWS_ROLE_SESSION_NAME"),
+			RoleARN:         roleArn,
+			roleSessionName: roleSessionName,
 		}

 		stsWebIdentityCreds, err := creds.Retrieve()
@ -123,17 +174,16 @@ func (m *IAM) Retrieve() (Value, error) {
 		}
 		return stsWebIdentityCreds, err

-	case len(os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")) > 0:
+	case relativeURI != "":
 		if len(endpoint) == 0 {
-			endpoint = fmt.Sprintf("%s%s", defaultECSRoleEndpoint,
-				os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"))
+			endpoint = fmt.Sprintf("%s%s", DefaultECSRoleEndpoint, relativeURI)
 		}

 		roleCreds, err = getEcsTaskCredentials(m.Client, endpoint, token)

-	case len(os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI")) > 0:
+	case fullURI != "":
 		if len(endpoint) == 0 {
-			endpoint = os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI")
+			endpoint = fullURI
 			var ok bool
 			if ok, err = isLoopback(endpoint); !ok {
 				if err == nil {
@ -189,7 +239,7 @@ func getIAMRoleURL(endpoint string) (*url.URL, error) {
 	if err != nil {
 		return nil, err
 	}
-	u.Path = defaultIAMSecurityCredsPath
+	u.Path = DefaultIAMSecurityCredsPath
 	return u, nil
 }

@ -203,7 +253,7 @@ func listRoleNames(client *http.Client, u *url.URL, token string) ([]string, err
 		return nil, err
 	}
 	if token != "" {
-		req.Header.Add(tokenRequestHeader, token)
+		req.Header.Add(TokenRequestHeader, token)
 	}
 	resp, err := client.Do(req)
 	if err != nil {
@ -258,11 +308,11 @@ func fetchIMDSToken(client *http.Client, endpoint string) (string, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 	defer cancel()

-	req, err := http.NewRequestWithContext(ctx, http.MethodPut, endpoint+tokenPath, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPut, endpoint+TokenPath, nil)
 	if err != nil {
 		return "", err
 	}
-	req.Header.Add(tokenRequestTTLHeader, tokenTTL)
+	req.Header.Add(TokenRequestTTLHeader, TokenTTL)
 	resp, err := client.Do(req)
 	if err != nil {
 		return "", err
@ -285,7 +335,7 @@ func fetchIMDSToken(client *http.Client, endpoint string) (string, error) {
 // reading the response an error will be returned.
 func getCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody, error) {
 	if endpoint == "" {
-		endpoint = defaultIAMRoleEndpoint
+		endpoint = DefaultIAMRoleEndpoint
 	}

 	// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
@ -332,7 +382,7 @@ func getCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody,
 		return ec2RoleCredRespBody{}, err
 	}
 	if token != "" {
-		req.Header.Add(tokenRequestHeader, token)
+		req.Header.Add(TokenRequestHeader, token)
 	}

 	resp, err := client.Do(req)
--- a/vendor/github.com/minio/minio-go/v7/utils.go
+++ b/vendor/github.com/minio/minio-go/v7/utils.go
@ -528,6 +528,14 @@ func isStandardQueryValue(qsKey string) bool {
 	return supportedQueryValues[qsKey]
 }

+// Per documentation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html#LogFormatCustom, the
+// set of query params starting with "x-" are ignored by S3.
+const allowedCustomQueryPrefix = "x-"
+
+func isCustomQueryValue(qsKey string) bool {
+	return strings.HasPrefix(qsKey, allowedCustomQueryPrefix)
+}
+
 var (
 	md5Pool    = sync.Pool{New: func() interface{} { return md5.New() }}
 	sha256Pool = sync.Pool{New: func() interface{} { return sha256.New() }}