Update Go AWS SDK to the latest version

vendor/github.com/aws/aws-sdk-go/service/cloudfront/cloudfrontiface/interface.go

@@ -116,10 +116,6 @@ type CloudFrontAPI interface {
 	DeletePublicKeyWithContext(aws.Context, *cloudfront.DeletePublicKeyInput, ...request.Option) (*cloudfront.DeletePublicKeyOutput, error)
 	DeletePublicKeyRequest(*cloudfront.DeletePublicKeyInput) (*request.Request, *cloudfront.DeletePublicKeyOutput)
 
-	DeleteServiceLinkedRole(*cloudfront.DeleteServiceLinkedRoleInput) (*cloudfront.DeleteServiceLinkedRoleOutput, error)
-	DeleteServiceLinkedRoleWithContext(aws.Context, *cloudfront.DeleteServiceLinkedRoleInput, ...request.Option) (*cloudfront.DeleteServiceLinkedRoleOutput, error)
-	DeleteServiceLinkedRoleRequest(*cloudfront.DeleteServiceLinkedRoleInput) (*request.Request, *cloudfront.DeleteServiceLinkedRoleOutput)
-
 	DeleteStreamingDistribution(*cloudfront.DeleteStreamingDistributionInput) (*cloudfront.DeleteStreamingDistributionOutput, error)
 	DeleteStreamingDistributionWithContext(aws.Context, *cloudfront.DeleteStreamingDistributionInput, ...request.Option) (*cloudfront.DeleteStreamingDistributionOutput, error)
 	DeleteStreamingDistributionRequest(*cloudfront.DeleteStreamingDistributionInput) (*request.Request, *cloudfront.DeleteStreamingDistributionOutput)

vendor/github.com/aws/aws-sdk-go/service/cloudfront/doc.go

@@ -8,7 +8,7 @@
 // errors. For detailed information about CloudFront features, see the Amazon
 // CloudFront Developer Guide.
 //
-// See https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-10-30 for more information on this service.
+// See https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2019-03-26 for more information on this service.
 //
 // See cloudfront package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/cloudfront/

vendor/github.com/aws/aws-sdk-go/service/cloudfront/errors.go

@@ -12,10 +12,14 @@ const (
 
 	// ErrCodeBatchTooLarge for service response error code
 	// "BatchTooLarge".
+	//
+	// Invalidation batch specified is too large.
 	ErrCodeBatchTooLarge = "BatchTooLarge"
 
 	// ErrCodeCNAMEAlreadyExists for service response error code
 	// "CNAMEAlreadyExists".
+	//
+	// The CNAME specified is already defined for CloudFront.
 	ErrCodeCNAMEAlreadyExists = "CNAMEAlreadyExists"
 
 	// ErrCodeCannotChangeImmutablePublicKeyFields for service response error code
@@ -33,6 +37,9 @@ const (
 
 	// ErrCodeDistributionNotDisabled for service response error code
 	// "DistributionNotDisabled".
+	//
+	// The specified CloudFront distribution is not disabled. You must disable the
+	// distribution before you can delete it.
 	ErrCodeDistributionNotDisabled = "DistributionNotDisabled"
 
 	// ErrCodeFieldLevelEncryptionConfigAlreadyExists for service response error code
@@ -98,6 +105,8 @@ const (
 
 	// ErrCodeInvalidErrorCode for service response error code
 	// "InvalidErrorCode".
+	//
+	// An invalid error code was specified.
 	ErrCodeInvalidErrorCode = "InvalidErrorCode"
 
 	// ErrCodeInvalidForwardCookies for service response error code
@@ -111,10 +120,14 @@ const (
 
 	// ErrCodeInvalidGeoRestrictionParameter for service response error code
 	// "InvalidGeoRestrictionParameter".
+	//
+	// The specified geo restriction parameter is not valid.
 	ErrCodeInvalidGeoRestrictionParameter = "InvalidGeoRestrictionParameter"
 
 	// ErrCodeInvalidHeadersForS3Origin for service response error code
 	// "InvalidHeadersForS3Origin".
+	//
+	// The headers specified are not valid for an Amazon S3 origin.
 	ErrCodeInvalidHeadersForS3Origin = "InvalidHeadersForS3Origin"
 
 	// ErrCodeInvalidIfMatchVersion for service response error code
@@ -131,10 +144,14 @@ const (
 
 	// ErrCodeInvalidLocationCode for service response error code
 	// "InvalidLocationCode".
+	//
+	// The location code specified is not valid.
 	ErrCodeInvalidLocationCode = "InvalidLocationCode"
 
 	// ErrCodeInvalidMinimumProtocolVersion for service response error code
 	// "InvalidMinimumProtocolVersion".
+	//
+	// The minimum protocol version specified is not valid.
 	ErrCodeInvalidMinimumProtocolVersion = "InvalidMinimumProtocolVersion"
 
 	// ErrCodeInvalidOrigin for service response error code
@@ -152,10 +169,14 @@ const (
 
 	// ErrCodeInvalidOriginKeepaliveTimeout for service response error code
 	// "InvalidOriginKeepaliveTimeout".
+	//
+	// The keep alive timeout specified for the origin is not valid.
 	ErrCodeInvalidOriginKeepaliveTimeout = "InvalidOriginKeepaliveTimeout"
 
 	// ErrCodeInvalidOriginReadTimeout for service response error code
 	// "InvalidOriginReadTimeout".
+	//
+	// The read timeout specified for the origin is not valid.
 	ErrCodeInvalidOriginReadTimeout = "InvalidOriginReadTimeout"
 
 	// ErrCodeInvalidProtocolSettings for service response error code
@@ -167,6 +188,8 @@ const (
 
 	// ErrCodeInvalidQueryStringParameters for service response error code
 	// "InvalidQueryStringParameters".
+	//
+	// Query string parameters specified in the response body are not valid.
 	ErrCodeInvalidQueryStringParameters = "InvalidQueryStringParameters"
 
 	// ErrCodeInvalidRelativePath for service response error code
@@ -186,22 +209,32 @@ const (
 
 	// ErrCodeInvalidResponseCode for service response error code
 	// "InvalidResponseCode".
+	//
+	// A response code specified in the response body is not valid.
 	ErrCodeInvalidResponseCode = "InvalidResponseCode"
 
 	// ErrCodeInvalidTTLOrder for service response error code
 	// "InvalidTTLOrder".
+	//
+	// TTL order specified in the response body is not valid.
 	ErrCodeInvalidTTLOrder = "InvalidTTLOrder"
 
 	// ErrCodeInvalidTagging for service response error code
 	// "InvalidTagging".
+	//
+	// Tagging specified in the response body is not valid.
 	ErrCodeInvalidTagging = "InvalidTagging"
 
 	// ErrCodeInvalidViewerCertificate for service response error code
 	// "InvalidViewerCertificate".
+	//
+	// A viewer certificate specified in the response body is not valid.
 	ErrCodeInvalidViewerCertificate = "InvalidViewerCertificate"
 
 	// ErrCodeInvalidWebACLId for service response error code
 	// "InvalidWebACLId".
+	//
+	// A web ACL id specified in the response body is not valid.
 	ErrCodeInvalidWebACLId = "InvalidWebACLId"
 
 	// ErrCodeMissingBody for service response error code
@@ -255,6 +288,8 @@ const (
 
 	// ErrCodeNoSuchResource for service response error code
 	// "NoSuchResource".
+	//
+	// A resource that was specified is not valid.
 	ErrCodeNoSuchResource = "NoSuchResource"
 
 	// ErrCodeNoSuchStreamingDistribution for service response error code
@@ -264,17 +299,19 @@ const (
 	ErrCodeNoSuchStreamingDistribution = "NoSuchStreamingDistribution"
 
 	// ErrCodeOriginAccessIdentityAlreadyExists for service response error code
-	// "OriginAccessIdentityAlreadyExists".
+	// "CloudFrontOriginAccessIdentityAlreadyExists".
 	//
 	// If the CallerReference is a value you already sent in a previous request
 	// to create an identity but the content of the CloudFrontOriginAccessIdentityConfig
 	// is different from the original request, CloudFront returns a CloudFrontOriginAccessIdentityAlreadyExists
 	// error.
-	ErrCodeOriginAccessIdentityAlreadyExists = "OriginAccessIdentityAlreadyExists"
+	ErrCodeOriginAccessIdentityAlreadyExists = "CloudFrontOriginAccessIdentityAlreadyExists"
 
 	// ErrCodeOriginAccessIdentityInUse for service response error code
-	// "OriginAccessIdentityInUse".
-	ErrCodeOriginAccessIdentityInUse = "OriginAccessIdentityInUse"
+	// "CloudFrontOriginAccessIdentityInUse".
+	//
+	// The Origin Access Identity specified is already in use.
+	ErrCodeOriginAccessIdentityInUse = "CloudFrontOriginAccessIdentityInUse"
 
 	// ErrCodePreconditionFailed for service response error code
 	// "PreconditionFailed".
@@ -301,16 +338,18 @@ const (
 	// No profile specified for the field-level encryption query argument.
 	ErrCodeQueryArgProfileEmpty = "QueryArgProfileEmpty"
 
-	// ErrCodeResourceInUse for service response error code
-	// "ResourceInUse".
-	ErrCodeResourceInUse = "ResourceInUse"
-
 	// ErrCodeStreamingDistributionAlreadyExists for service response error code
 	// "StreamingDistributionAlreadyExists".
+	//
+	// The caller reference you attempted to create the streaming distribution with
+	// is associated with another distribution
 	ErrCodeStreamingDistributionAlreadyExists = "StreamingDistributionAlreadyExists"
 
 	// ErrCodeStreamingDistributionNotDisabled for service response error code
 	// "StreamingDistributionNotDisabled".
+	//
+	// The specified CloudFront distribution is not disabled. You must disable the
+	// distribution before you can delete it.
 	ErrCodeStreamingDistributionNotDisabled = "StreamingDistributionNotDisabled"
 
 	// ErrCodeTooManyCacheBehaviors for service response error code
@@ -409,6 +448,8 @@ const (
 
 	// ErrCodeTooManyHeadersInForwardedValues for service response error code
 	// "TooManyHeadersInForwardedValues".
+	//
+	// Your request contains too many headers in forwarded values.
 	ErrCodeTooManyHeadersInForwardedValues = "TooManyHeadersInForwardedValues"
 
 	// ErrCodeTooManyInvalidationsInProgress for service response error code
@@ -427,8 +468,17 @@ const (
 
 	// ErrCodeTooManyOriginCustomHeaders for service response error code
 	// "TooManyOriginCustomHeaders".
+	//
+	// Your request contains too many origin custom headers.
 	ErrCodeTooManyOriginCustomHeaders = "TooManyOriginCustomHeaders"
 
+	// ErrCodeTooManyOriginGroupsPerDistribution for service response error code
+	// "TooManyOriginGroupsPerDistribution".
+	//
+	// Processing your request would cause you to exceed the maximum number of origin
+	// groups allowed.
+	ErrCodeTooManyOriginGroupsPerDistribution = "TooManyOriginGroupsPerDistribution"
+
 	// ErrCodeTooManyOrigins for service response error code
 	// "TooManyOrigins".
 	//
@@ -444,10 +494,14 @@ const (
 
 	// ErrCodeTooManyQueryStringParameters for service response error code
 	// "TooManyQueryStringParameters".
+	//
+	// Your request contains too many query string parameters.
 	ErrCodeTooManyQueryStringParameters = "TooManyQueryStringParameters"
 
 	// ErrCodeTooManyStreamingDistributionCNAMEs for service response error code
 	// "TooManyStreamingDistributionCNAMEs".
+	//
+	// Your request contains more CNAMEs than are allowed per distribution.
 	ErrCodeTooManyStreamingDistributionCNAMEs = "TooManyStreamingDistributionCNAMEs"
 
 	// ErrCodeTooManyStreamingDistributions for service response error code

vendor/github.com/aws/aws-sdk-go/service/cloudfront/integ_test.go

@@ -0,0 +1,60 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// +build go1.10,integration
+
+package cloudfront_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/awstesting/integration"
+	"github.com/aws/aws-sdk-go/service/cloudfront"
+)
+
+var _ aws.Config
+var _ awserr.Error
+var _ request.Request
+
+func TestInteg_00_ListCloudFrontOriginAccessIdentities(t *testing.T) {
+	ctx, cancelFn := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancelFn()
+
+	sess := integration.SessionWithDefaultRegion("us-east-1")
+	svc := cloudfront.New(sess)
+	params := &cloudfront.ListCloudFrontOriginAccessIdentitiesInput{
+		MaxItems: aws.Int64(1),
+	}
+	_, err := svc.ListCloudFrontOriginAccessIdentitiesWithContext(ctx, params)
+	if err != nil {
+		t.Errorf("expect no error, got %v", err)
+	}
+}
+func TestInteg_01_GetDistribution(t *testing.T) {
+	ctx, cancelFn := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancelFn()
+
+	sess := integration.SessionWithDefaultRegion("us-east-1")
+	svc := cloudfront.New(sess)
+	params := &cloudfront.GetDistributionInput{
+		Id: aws.String("fake-id"),
+	}
+	_, err := svc.GetDistributionWithContext(ctx, params)
+	if err == nil {
+		t.Fatalf("expect request to fail")
+	}
+	aerr, ok := err.(awserr.RequestFailure)
+	if !ok {
+		t.Fatalf("expect awserr, was %T", err)
+	}
+	if len(aerr.Code()) == 0 {
+		t.Errorf("expect non-empty error code")
+	}
+	if v := aerr.Code(); v == request.ErrCodeSerialization {
+		t.Errorf("expect API error code got serialization failure")
+	}
+}

vendor/github.com/aws/aws-sdk-go/service/cloudfront/service.go

@@ -29,8 +29,9 @@ var initRequest func(*request.Request)
 
 // Service information constants
 const (
-	ServiceName = "cloudfront" // Service endpoint prefix API calls made to.
-	EndpointsID = ServiceName  // Service ID for Regions and Endpoints metadata.
+	ServiceName = "cloudfront" // Name of service.
+	EndpointsID = ServiceName  // ID to lookup a service endpoint with.
+	ServiceID   = "CloudFront" // ServiceID is a unique identifer of a specific service.
 )
 
 // New creates a new instance of the CloudFront client with a session.
@@ -55,10 +56,11 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 			cfg,
 			metadata.ClientInfo{
 				ServiceName:   ServiceName,
+				ServiceID:     ServiceID,
 				SigningName:   signingName,
 				SigningRegion: signingRegion,
 				Endpoint:      endpoint,
-				APIVersion:    "2017-10-30",
+				APIVersion:    "2019-03-26",
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go

@@ -32,6 +32,19 @@ func (t AWSEpochTime) MarshalJSON() ([]byte, error) {
 	return []byte(fmt.Sprintf(`{"AWS:EpochTime":%d}`, t.UTC().Unix())), nil
 }
 
+// UnmarshalJSON unserializes AWS Profile epoch time.
+func (t *AWSEpochTime) UnmarshalJSON(data []byte) error {
+	var epochTime struct {
+		Sec int64 `json:"AWS:EpochTime"`
+	}
+	err := json.Unmarshal(data, &epochTime)
+	if err != nil {
+		return err
+	}
+	t.Time = time.Unix(epochTime.Sec, 0).UTC()
+	return nil
+}
+
 // An IPAddress wraps an IPAddress source IP providing JSON serialization information
 type IPAddress struct {
 	SourceIP string `json:"AWS:SourceIp"`
@@ -169,11 +182,10 @@ func NewCannedPolicy(resource string, expires time.Time) *Policy {
 
 // encodePolicy encodes the Policy as JSON and also base 64 encodes it.
 func encodePolicy(p *Policy) (b64Policy, jsonPolicy []byte, err error) {
-	jsonPolicy, err = json.Marshal(p)
+	jsonPolicy, err = encodePolicyJSON(p)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to encode policy, %s", err.Error())
 	}
-
 	// Remove leading and trailing white space, JSON encoding will note include
 	// whitespace within the encoding.
 	jsonPolicy = bytes.TrimSpace(jsonPolicy)

vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go

@@ -0,0 +1,14 @@
+// +build !go1.7
+
+package sign
+
+import (
+	"bytes"
+	"encoding/json"
+)
+
+func encodePolicyJSON(p *Policy) ([]byte, error) {
+	src, err := json.Marshal(p)
+	// Convert \u0026 back to &
+	return bytes.Replace(src, []byte("\\u0026"), []byte("&"), -1), err
+}

vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go

@@ -0,0 +1,16 @@
+// +build go1.7
+
+package sign
+
+import (
+	"bytes"
+	"encoding/json"
+)
+
+func encodePolicyJSON(p *Policy) ([]byte, error) {
+	buffer := &bytes.Buffer{}
+	encoder := json.NewEncoder(buffer)
+	encoder.SetEscapeHTML(false)
+	err := encoder.Encode(p)
+	return buffer.Bytes(), err
+}

vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_test.go

@@ -6,6 +6,7 @@ import (
 	"crypto/rsa"
 	"crypto/sha1"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"math/rand"
 	"strings"
@@ -27,11 +28,31 @@ func TestEpochTimeMarshal(t *testing.T) {
 	}
 }
 
+func TestEpochTimeUnmarshal(t *testing.T) {
+	now := time.Now().Round(time.Second)
+	data := fmt.Sprintf(`{"AWS:EpochTime":%d}`, now.Unix())
+	var v AWSEpochTime
+	err := json.Unmarshal([]byte(data), &v)
+	if err != nil {
+		t.Fatalf("Unexpected error, %#v", err)
+	}
+
+	expected := now.UTC()
+	if v.Time != expected {
+		t.Errorf("Expected unmarshaled time to match, expect: %s, actual: %s",
+			expected, v.Time)
+	}
+}
+
 var testCreateResource = []struct {
 	scheme, u string
 	expect    string
 	errPrefix string
 }{
+	{
+		"https", "https://example.com/a?b=1&c=2",
+		"https://example.com/a?b=1&c=2", "",
+	},
 	{
 		"https", "https://example.com/a?b=1",
 		"https://example.com/a?b=1", "",
@@ -44,6 +65,10 @@ var testCreateResource = []struct {
 		"rtmp", "https://example.com/a?b=1",
 		"a?b=1", "",
 	},
+	{
+		"rtmp", "https://example.com/a?b=1&c=2",
+		"a?b=1&c=2", "",
+	},
 	{
 		"ftp", "ftp://example.com/a?b=1",
 		"", "invalid URL scheme",
@@ -75,10 +100,11 @@ func TestCreateResource(t *testing.T) {
 
 var testTime = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
 
-const expectedJSONPolicy = `{"Statement":[{"Resource":"https://example.com/a","Condition":{"DateLessThan":{"AWS:EpochTime":1257894000}}}]}`
-const expectedB64Policy = `eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9hIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk0MDAwfX19XX0=`
-
 func TestEncodePolicy(t *testing.T) {
+	const (
+		expectedJSONPolicy = `{"Statement":[{"Resource":"https://example.com/a","Condition":{"DateLessThan":{"AWS:EpochTime":1257894000}}}]}`
+		expectedB64Policy  = `eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9hIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk0MDAwfX19XX0=`
+	)
 	p := NewCannedPolicy("https://example.com/a", testTime)
 
 	b64Policy, jsonPolicy, err := encodePolicy(p)
@@ -95,6 +121,27 @@ func TestEncodePolicy(t *testing.T) {
 	}
 }
 
+func TestEncodePolicyWithQueryParams(t *testing.T) {
+	const (
+		expectedJSONPolicy = `{"Statement":[{"Resource":"https://example.com/a?b=1&c=2","Condition":{"DateLessThan":{"AWS:EpochTime":1257894000}}}]}`
+		expectedB64Policy  = `eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9hP2I9MSZjPTIiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTQwMDB9fX1dfQ==`
+	)
+	p := NewCannedPolicy("https://example.com/a?b=1&c=2", testTime)
+
+	b64Policy, jsonPolicy, err := encodePolicy(p)
+	if err != nil {
+		t.Fatalf("Unexpected error, %#v", err)
+	}
+
+	if string(jsonPolicy) != expectedJSONPolicy {
+		t.Errorf("Expected json encoding to match, \nexpect: %s\nactual: %s\n", expectedJSONPolicy, jsonPolicy)
+	}
+
+	if string(b64Policy) != expectedB64Policy {
+		t.Errorf("Expected b64 encoding to match, \nexpect: %s\nactual: %s\n", expectedB64Policy, b64Policy)
+	}
+}
+
 func TestSignEncodedPolicy(t *testing.T) {
 	p := NewCannedPolicy("https://example.com/a", testTime)
 	_, jsonPolicy, err := encodePolicy(p)

vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie_example_test.go

@@ -3,9 +3,10 @@ package sign
 import (
 	"fmt"
 	"io"
-	"math/rand"
 	"net/http"
 	"time"
+
+	"github.com/aws/aws-sdk-go/awstesting/mock"
 )
 
 func examplePEMReader() io.Reader {
@@ -18,19 +19,9 @@ func examplePEMReader() io.Reader {
 }
 
 func ExampleCookieSigner_Sign() {
-	origRandReader := randReader
-	randReader = newRandomReader(rand.New(rand.NewSource(1)))
-	defer func() {
-		randReader = origRandReader
-	}()
-
 	// Load your private key so it can be used by the CookieSigner
 	// To load private key from file use `sign.LoadPEMPrivKeyFile`.
-	privKey, err := LoadPEMPrivKey(examplePEMReader())
-	if err != nil {
-		fmt.Println("failed to load private key", err)
-		return
-	}
+	privKey := mock.RSAPrivateKey
 
 	cookieSigner := NewCookieSigner("keyID", privKey)
 
@@ -45,17 +36,11 @@ func ExampleCookieSigner_Sign() {
 	// Output:
 	// Cookies:
 	// CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL2V4YW1wbGUuY29tL3NvbWVwYXRoLyoiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTU4MDB9fX1dfQ__, , , false
-	// CloudFront-Signature: o~jvj~CFkvGZB~yYED3elicKZag-CRijy8yD2E5yF1s7VNV7kNeQWC7MDtEcBQ8-eh7Xgjh0wMPQdAVdh09gBObd-hXDpKUyh8YKxogj~oloV~8KOvqE5xzWiKcqjdfJjmT5iEqIui~H1ExYjyKjgir79npmlyYkaJS5s62EQa8_, , , false
+	// CloudFront-Signature: Gx67J8t1VanOFWN84BQlpN064aGCicJv916esnPr9Rdb2RKEzl7VoDOsh9Uez7SY5blWATkN5F3xNicTpOupdN-ywrTf5zCTLz5RmvLrIyEDS3Y1knTGoWvp6nnIb9FOuI1rSyBaJ8VKuNVQGmvqzXGXsnipgSBPjpkL6Ja3dBXeKIbUeaLKQBZrtMWv9nS5VyG4nOP-CRcTgQ5DA3-h~WP2ZzhONb6yoYXeOSvBu8HBl0IZI27InLpxiKlkWUchNncnkZ32Md0CwLLrA4wxFl0fYsxxg6Us2XBYRGmudugJHgkkopem9Cc4eOiDGMABcJGAuZprVXT0WuOBYJngTA__, , , false
 	// CloudFront-Key-Pair-Id: keyID, , , false
 }
 
 func ExampleCookieSigner_SignWithPolicy() {
-	origRandReader := randReader
-	randReader = newRandomReader(rand.New(rand.NewSource(1)))
-	defer func() {
-		randReader = origRandReader
-	}()
-
 	// Sign cookie to be valid for 30 minutes from now, expires one hour
 	// from now, and restricted to the 192.0.2.0/24 IP address range.
 	// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html
@@ -80,11 +65,7 @@ func ExampleCookieSigner_SignWithPolicy() {
 
 	// Load your private key so it can be used by the CookieSigner
 	// To load private key from file use `sign.LoadPEMPrivKeyFile`.
-	privKey, err := LoadPEMPrivKey(examplePEMReader())
-	if err != nil {
-		fmt.Println("failed to load private key", err)
-		return
-	}
+	privKey := mock.RSAPrivateKey
 
 	// Key ID that represents the key pair associated with the private key
 	keyID := "privateKeyID"
@@ -104,24 +85,12 @@ func ExampleCookieSigner_SignWithPolicy() {
 	// Output:
 	// Cookies:
 	// CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL3N1Yi5jbG91ZGZyb250LmNvbSIsIkNvbmRpdGlvbiI6eyJJcEFkZHJlc3MiOnsiQVdTOlNvdXJjZUlwIjoiMTkyLjAuMi4wLzI0In0sIkRhdGVHcmVhdGVyVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk1ODAwfSwiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTc2MDB9fX1dfQ__, , , false
-	// CloudFront-Signature: JaWdcbr98colrDAhOpkyxqCZev2IAxURu1RKKo1wS~sI5XdNXWYbZJs2FdpbJ475ZvmhZ1-r4ENUqBXAlRfPfOc21Hm4~24jRmPTO3512D4uuJHrPVxSfgeGuFeigfCGWAqyfYYH1DsFl5JQDpzetsNI3ZhGRkQb8V-oYFanddg_, , , false
+	// CloudFront-Signature: Ixn4bF1LLrLcB8XG-t5bZbIB0vfwSF2s4gkef~PcNBdx73MVvZD3v8DZ5GzcqNrybMiqdYJY5KqK6vTsf5JXDgwFFz-h98wdsbV-izcuonPdzMHp4Ay4qyXM6Ed5jB9dUWYGwMkA6rsWXpftfX8xmk4tG1LwFuJV6nAsx4cfpuKwo4vU2Hyr2-fkA7MZG8AHkpDdVUnjm1q-Re9HdG0nCq-2lnBAdOchBpJt37narOj-Zg6cbx~6rzQLVQd8XIv-Bn7VTc1tkBAJVtGOHb0q~PLzSRmtNGYTnpL0z~gp3tq8lhZc2HuvJW5-tZaYP9yufeIzk5bqsT6DT4iDuclKKw__, , , false
 	// CloudFront-Key-Pair-Id: privateKeyID, , , false
 }
 
 func ExampleCookieOptions() {
-	origRandReader := randReader
-	randReader = newRandomReader(rand.New(rand.NewSource(1)))
-	defer func() {
-		randReader = origRandReader
-	}()
-
-	// Load your private key so it can be used by the CookieSigner
-	// To load private key from file use `sign.LoadPEMPrivKeyFile`.
-	privKey, err := LoadPEMPrivKey(examplePEMReader())
-	if err != nil {
-		fmt.Println("failed to load private key", err)
-		return
-	}
+	privKey := mock.RSAPrivateKey
 
 	// Create the CookieSigner with options set. These options can be set
 	// directly with cookieSigner.Opts. These values can be overridden on
@@ -151,7 +120,7 @@ func ExampleCookieOptions() {
 	// Output:
 	// Cookies:
 	// CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cCo6Ly8qIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk1ODAwfX19XX0_, /mypath/, .cNameAssociatedWithMyDistribution.com, true
-	// CloudFront-Signature: Yco06vgowwvSYgTSY9XbXpBcTlUlqpyyYXgRhus3nfnC74A7oQ~fMBH0we-rGxvph8ZyHnTxC5ubbPKSzo3EHUm2IcQeEo4p6WCgZZMzCuLlkpeMKhMAkCqX7rmUfkXhTslBHe~ylcmaZqo-hdnOiWrXk2U974ZQbbt5cOjwQG0_, /mypath/, .cNameAssociatedWithMyDistribution.com, true
+	// CloudFront-Signature: DBXEcU6NoyAelecgEcr6mE1IHCqqlHdGwAC2X1dYn0QOLZ8Ar~oehlMub~hEh~UEMijR15ii-yUYf-3ML0b1SwWkh4rTa-SFURWDVuu~vW3cQzRZ4wQrgDR3DGJINrtGtEsDSzA6zdwtZsfvc1W9IRPn9rnVmwDdUurSrcp9M7CdcjkEw9Au~gULX7aUuW87DI5GI7jLo6emmBB1p4V~xAv8rDqOyxdhBzWKDTvl6ErIXnzHitgMclNZrkn-m27BhTQsJOs2R~gT2VrQw-IWX6NMD8r0TDH4DE2HQ8N7jZ0nf8gezbyFk-OhD1P9FUNb1PlwcZWfXtfgHQmM-BmrSQ__, /mypath/, .cNameAssociatedWithMyDistribution.com, true
 	// CloudFront-Key-Pair-Id: keyID, /mypath/, .cNameAssociatedWithMyDistribution.com, true
 }
 

vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url_test.go

@@ -1,11 +1,11 @@
 package sign
 
 import (
-	"crypto/rsa"
-	"math/rand"
 	"strings"
 	"testing"
 	"time"
+
+	"github.com/aws/aws-sdk-go/awstesting/mock"
 )
 
 var testSignTime = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
@@ -20,11 +20,15 @@ var testSignURL = []struct {
 }{
 	{
 		"http://example.com/a", NewCannedPolicy("http://example.com/a", testSignTime), time.Time{}, true, false,
-		"http://example.com/a?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL2V4YW1wbGUuY29tL2EiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTQwMDB9fX1dfQ__&Signature=Y6qvWOZNl99uNPMGprvrKXEmXpLWJ-xXKVHL~nmF0BR1jPb2XA2jor0MUYKBE4ViTkWZZ1dz46zSFMsEEfw~n6-SVYXZ2QHBBTkSAoxGtH6dH33Ph9pz~f9Wy7aYXq~9I-Ah0E6yC~BMiQuXe5qAOucuMPorKgPfC0dvLMw2EF0_&Key-Pair-Id=KeyID",
+		"http://example.com/a?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL2V4YW1wbGUuY29tL2EiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTQwMDB9fX1dfQ__&Signature=cMutWOvPMOPuh0KFDsOdbML~1fe0eEBC1hdMLGRbYr3mTRrVbKDdUXL6l3vlbE0Og3rTRS6mlaSORTwesN1srESH1pXFUyCVba8tWqNy1frEiL7jZLyzA1KndH0olfJDfgHXdw-Edtk0m8mqY~AnGIYGYDu659dWeP49jVeYn30XF9sYkRCdS5IezAkqh8TO9tTDNGS4Ic6DQue4agHUFLNv1VErTafUxlSBp8hlPCuMdtZLEBLr9UJVc3oWJI3zc1~9JgVTDjbXYV1-HgTn8qQsbAU2KcieUonIzTme2td-7c2FCC0EAbOF~6QXTHWcAiSB5nVmbxn-Mx-QMVsiLw__&Key-Pair-Id=KeyID",
+	},
+	{
+		"https://example.com/a?b=1&c=2", NewCannedPolicy("https://example.com/a?b=1&c=2", testSignTime), time.Time{}, true, false,
+		"https://example.com/a?b=1&c=2&Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9hP2I9MSZjPTIiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTQwMDB9fX1dfQ__&Signature=E6xB7RtIDvx8AxM1Wuup3ROYTQwBDW-qqcrb8lSUvtL78wenjh3P0YLXK-mFK0PSzdNtzI2ZIXja6Nh2yma0IVQiZMjn3wijvVsMy9fRXyusVXB1zYSfiInVr2uhqSb-ZCn1RD32ebyMD6IWn5Kss1fT4wefc8Q76J0Y4jprAvmLCtGnrW~quZdOg~KKmY-qK11ifNwv2ECADBxZeEx1PIDHdWuXYrCBJIwSl-bVscwQWDm2BzeYuHCaLuAVDuc62JJzc7nX3E1CA1VRHY~vegYjOV6zVxtp7aBV4RJUY4yfHNM4n640FXUPPwMacqE-lnNOfx704YVTl4tjzuvzuA__&Key-Pair-Id=KeyID",
 	},
 	{
 		"http://example.com/a", nil, testSignTime, false, false,
-		"http://example.com/a?Expires=1257894000&Signature=Y6qvWOZNl99uNPMGprvrKXEmXpLWJ-xXKVHL~nmF0BR1jPb2XA2jor0MUYKBE4ViTkWZZ1dz46zSFMsEEfw~n6-SVYXZ2QHBBTkSAoxGtH6dH33Ph9pz~f9Wy7aYXq~9I-Ah0E6yC~BMiQuXe5qAOucuMPorKgPfC0dvLMw2EF0_&Key-Pair-Id=KeyID",
+		"http://example.com/a?Expires=1257894000&Signature=cMutWOvPMOPuh0KFDsOdbML~1fe0eEBC1hdMLGRbYr3mTRrVbKDdUXL6l3vlbE0Og3rTRS6mlaSORTwesN1srESH1pXFUyCVba8tWqNy1frEiL7jZLyzA1KndH0olfJDfgHXdw-Edtk0m8mqY~AnGIYGYDu659dWeP49jVeYn30XF9sYkRCdS5IezAkqh8TO9tTDNGS4Ic6DQue4agHUFLNv1VErTafUxlSBp8hlPCuMdtZLEBLr9UJVc3oWJI3zc1~9JgVTDjbXYV1-HgTn8qQsbAU2KcieUonIzTme2td-7c2FCC0EAbOF~6QXTHWcAiSB5nVmbxn-Mx-QMVsiLw__&Key-Pair-Id=KeyID",
 	},
 	{
 		"http://example.com/Ƿ", nil, testSignTime, false, true,
@@ -40,27 +44,18 @@ var testSignURL = []struct {
 	},
 	{
 		"rtmp://example.com/a", nil, testSignTime, false, false,
-		"a?Expires=1257894000&Signature=Ds9NbpGwIcDKG1iZDyjfPXp0ZFYSIzfvGzJj-x28XlXfrarHrJbTOQj3bec~aAyb8NAqghBYRdKF9~RdjNrdyxyiequo-SCjFgFHnRNIk0FiqH0fVt2NO63f0X8-Kbur9cPtJoHR9Jzk0I1CQnECqhL6A0OgPhijTfKUITocmzA_&Key-Pair-Id=KeyID",
+		"a?Expires=1257894000&Signature=GIOIWRaT1u5~JyNhyvsbvLfu1eYjmObAHPpV3p7wNL3X-Vts9uj2JPW3bX-xZp4HD~deps5f-GpPkIE7RPq7VCOZMLdckC4V9bvSphmMYP~OVoHwPiRMHgVW8pt9lsODGMAKVcMK-h2WROOxgzwDhfcGJQ~afs~Cz04Cus9tKScLFTNYHbLxpN0VI-vJwOvDW0tavGKxOmLeMDLTgLZSh90MjgESMME8zssks8rXngWxDgV-bLySe1VYHOcC07BMb5RkPaO036gjHJnw5hXhUCug0rkKcSxwU1IsJnGpgTkf7dVo453L2sLeRzK8R-6z9O2Onv6ow-ZoHx7fVw8rww__&Key-Pair-Id=KeyID",
 	},
 	{
 		"rtmp://example.com/a", NewCannedPolicy("a", testSignTime), time.Time{}, true, false,
-		"a?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiYSIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTI1Nzg5NDAwMH19fV19&Signature=Ds9NbpGwIcDKG1iZDyjfPXp0ZFYSIzfvGzJj-x28XlXfrarHrJbTOQj3bec~aAyb8NAqghBYRdKF9~RdjNrdyxyiequo-SCjFgFHnRNIk0FiqH0fVt2NO63f0X8-Kbur9cPtJoHR9Jzk0I1CQnECqhL6A0OgPhijTfKUITocmzA_&Key-Pair-Id=KeyID",
+		"a?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiYSIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTI1Nzg5NDAwMH19fV19&Signature=GIOIWRaT1u5~JyNhyvsbvLfu1eYjmObAHPpV3p7wNL3X-Vts9uj2JPW3bX-xZp4HD~deps5f-GpPkIE7RPq7VCOZMLdckC4V9bvSphmMYP~OVoHwPiRMHgVW8pt9lsODGMAKVcMK-h2WROOxgzwDhfcGJQ~afs~Cz04Cus9tKScLFTNYHbLxpN0VI-vJwOvDW0tavGKxOmLeMDLTgLZSh90MjgESMME8zssks8rXngWxDgV-bLySe1VYHOcC07BMb5RkPaO036gjHJnw5hXhUCug0rkKcSxwU1IsJnGpgTkf7dVo453L2sLeRzK8R-6z9O2Onv6ow-ZoHx7fVw8rww__&Key-Pair-Id=KeyID",
 	},
 }
 
 // TODO Sign URL HTTP
 // TODO Sign URL RMTP
 func TestSignURL(t *testing.T) {
-	origRandReader := randReader
-	randReader = newRandomReader(rand.New(rand.NewSource(1)))
-	defer func() {
-		randReader = origRandReader
-	}()
-
-	privKey, err := rsa.GenerateKey(randReader, 1024)
-	if err != nil {
-		t.Fatalf("Unexpected priv key error, %#v", err)
-	}
+	privKey := mock.RSAPrivateKey
 
 	s := NewURLSigner("KeyID", privKey)
 
@@ -103,6 +98,10 @@ var testBuildSignedURL = []struct {
 		"https://example.com/a?b=1", "KeyID", NewCannedPolicy("", testSignTime), true, []byte("b64Policy"), []byte("b64Sig"),
 		"https://example.com/a?b=1&Policy=b64Policy&Signature=b64Sig&Key-Pair-Id=KeyID",
 	},
+	{
+		"https://example.com/a?b=1&c=2", "KeyID", NewCannedPolicy("", testSignTime), true, []byte("b64Policy"), []byte("b64Sig"),
+		"https://example.com/a?b=1&c=2&Policy=b64Policy&Signature=b64Sig&Key-Pair-Id=KeyID",
+	},
 	{
 		"https://example.com/a", "KeyID", NewCannedPolicy("", testSignTime), true, []byte("b64Policy"), []byte("b64Sig"),
 		"https://example.com/a?Policy=b64Policy&Signature=b64Sig&Key-Pair-Id=KeyID",

vendor/github.com/aws/aws-sdk-go/service/cloudfront/waiters.go

@@ -28,7 +28,7 @@ func (c *CloudFront) WaitUntilDistributionDeployed(input *GetDistributionInput)
 func (c *CloudFront) WaitUntilDistributionDeployedWithContext(ctx aws.Context, input *GetDistributionInput, opts ...request.WaiterOption) error {
 	w := request.Waiter{
 		Name:        "WaitUntilDistributionDeployed",
-		MaxAttempts: 25,
+		MaxAttempts: 35,
 		Delay:       request.ConstantWaiterDelay(60 * time.Second),
 		Acceptors: []request.WaiterAcceptor{
 			{