[Vendor] Update Batch 2020-11 (#13746)

* github.com/alecthomas/chroma v0.8.1 -> v0.8.2

Changelog: https://github.com/alecthomas/chroma/releases/tag/v0.8.2

* github.com/blevesearch/bleve v1.0.12 -> v1.0.13

Changelog: https://github.com/blevesearch/bleve/releases/tag/v1.0.13

* github.com/editorconfig/editorconfig-core-go v2.3.8 -> v2.3.9

Changelog: https://github.com/editorconfig/editorconfig-core-go/releases/tag/v2.3.9

* github.com/klauspost/compress v1.11.2 -> v1.11.3

Changelog: https://github.com/klauspost/compress/releases/tag/v1.11.3

* github.com/minio/minio-go v7.0.5 -> v7.0.6

Changelog: https://github.com/minio/minio-go/releases/tag/v7.0.6

Co-authored-by: Lauris BH <lauris@nix.lv>

vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go

@@ -144,7 +144,7 @@ func closeResponse(resp *http.Response) {
 func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssumeRoleOptions) (AssumeRoleResponse, error) {
 	v := url.Values{}
 	v.Set("Action", "AssumeRole")
-	v.Set("Version", "2011-06-15")
+	v.Set("Version", STSVersion)
 	if opts.RoleARN != "" {
 		v.Set("RoleArn", opts.RoleARN)
 	}

vendor/github.com/minio/minio-go/v7/pkg/credentials/credentials.go

@@ -22,6 +22,9 @@ import (
 	"time"
 )
 
+// STSVersion sts version string
+const STSVersion = "2011-06-15"
+
 // A Value is the AWS credentials value for individual credential fields.
 type Value struct {
 	// AWS Access key ID

vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go

@@ -48,7 +48,7 @@ type IAM struct {
 	Client *http.Client
 
 	// Custom endpoint to fetch IAM role credentials.
-	endpoint string
+	Endpoint string
 }
 
 // IAM Roles for Amazon EC2
@@ -62,13 +62,12 @@ const (
 
 // NewIAM returns a pointer to a new Credentials object wrapping the IAM.
 func NewIAM(endpoint string) *Credentials {
-	p := &IAM{
+	return New(&IAM{
 		Client: &http.Client{
 			Transport: http.DefaultTransport,
 		},
-		endpoint: endpoint,
-	}
-	return New(p)
+		Endpoint: endpoint,
+	})
 }
 
 // Retrieve retrieves credentials from the EC2 service.
@@ -78,7 +77,7 @@ func (m *IAM) Retrieve() (Value, error) {
 	var roleCreds ec2RoleCredRespBody
 	var err error
 
-	endpoint := m.endpoint
+	endpoint := m.Endpoint
 	switch {
 	case len(os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")) > 0:
 		if len(endpoint) == 0 {
@@ -90,11 +89,9 @@ func (m *IAM) Retrieve() (Value, error) {
 		}
 
 		creds := &STSWebIdentity{
-			Client:          m.Client,
-			stsEndpoint:     endpoint,
-			roleARN:         os.Getenv("AWS_ROLE_ARN"),
-			roleSessionName: os.Getenv("AWS_ROLE_SESSION_NAME"),
-			getWebIDTokenExpiry: func() (*WebIdentityToken, error) {
+			Client:      m.Client,
+			STSEndpoint: endpoint,
+			GetWebIDTokenExpiry: func() (*WebIdentityToken, error) {
 				token, err := ioutil.ReadFile(os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE"))
 				if err != nil {
 					return nil, err
@@ -102,6 +99,8 @@ func (m *IAM) Retrieve() (Value, error) {
 
 				return &WebIdentityToken{Token: string(token)}, nil
 			},
+			roleARN:         os.Getenv("AWS_ROLE_ARN"),
+			roleSessionName: os.Getenv("AWS_ROLE_SESSION_NAME"),
 		}
 
 		stsWebIdentityCreds, err := creds.Retrieve()
@@ -121,7 +120,6 @@ func (m *IAM) Retrieve() (Value, error) {
 	case len(os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI")) > 0:
 		if len(endpoint) == 0 {
 			endpoint = os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI")
-
 			var ok bool
 			if ok, err = isLoopback(endpoint); !ok {
 				if err == nil {

vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_client_grants.go

@@ -73,7 +73,7 @@ type STSClientGrants struct {
 	Client *http.Client
 
 	// MinIO endpoint to fetch STS credentials.
-	stsEndpoint string
+	STSEndpoint string
 
 	// getClientGrantsTokenExpiry function to retrieve tokens
 	// from IDP This function should return two values one is
@@ -81,7 +81,7 @@ type STSClientGrants struct {
 	// and second return value is the expiry associated with
 	// this token. This is a customer provided function and
 	// is mandatory.
-	getClientGrantsTokenExpiry func() (*ClientGrantsToken, error)
+	GetClientGrantsTokenExpiry func() (*ClientGrantsToken, error)
 }
 
 // NewSTSClientGrants returns a pointer to a new
@@ -97,8 +97,8 @@ func NewSTSClientGrants(stsEndpoint string, getClientGrantsTokenExpiry func() (*
 		Client: &http.Client{
 			Transport: http.DefaultTransport,
 		},
-		stsEndpoint:                stsEndpoint,
-		getClientGrantsTokenExpiry: getClientGrantsTokenExpiry,
+		STSEndpoint:                stsEndpoint,
+		GetClientGrantsTokenExpiry: getClientGrantsTokenExpiry,
 	}), nil
 }
 
@@ -114,7 +114,7 @@ func getClientGrantsCredentials(clnt *http.Client, endpoint string,
 	v.Set("Action", "AssumeRoleWithClientGrants")
 	v.Set("Token", accessToken.Token)
 	v.Set("DurationSeconds", fmt.Sprintf("%d", accessToken.Expiry))
-	v.Set("Version", "2011-06-15")
+	v.Set("Version", STSVersion)
 
 	u, err := url.Parse(endpoint)
 	if err != nil {
@@ -145,7 +145,7 @@ func getClientGrantsCredentials(clnt *http.Client, endpoint string,
 // Retrieve retrieves credentials from the MinIO service.
 // Error will be returned if the request fails.
 func (m *STSClientGrants) Retrieve() (Value, error) {
-	a, err := getClientGrantsCredentials(m.Client, m.stsEndpoint, m.getClientGrantsTokenExpiry)
+	a, err := getClientGrantsCredentials(m.Client, m.STSEndpoint, m.GetClientGrantsTokenExpiry)
 	if err != nil {
 		return Value{}, err
 	}

vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go

@@ -52,36 +52,41 @@ type LDAPIdentityResult struct {
 type LDAPIdentity struct {
 	Expiry
 
-	stsEndpoint string
+	// Required http Client to use when connecting to MinIO STS service.
+	Client *http.Client
 
-	ldapUsername, ldapPassword string
+	// Exported STS endpoint to fetch STS credentials.
+	STSEndpoint string
+
+	// LDAP username/password used to fetch LDAP STS credentials.
+	LDAPUsername, LDAPPassword string
 }
 
 // NewLDAPIdentity returns new credentials object that uses LDAP
 // Identity.
 func NewLDAPIdentity(stsEndpoint, ldapUsername, ldapPassword string) (*Credentials, error) {
 	return New(&LDAPIdentity{
-		stsEndpoint:  stsEndpoint,
-		ldapUsername: ldapUsername,
-		ldapPassword: ldapPassword,
+		Client:       &http.Client{Transport: http.DefaultTransport},
+		STSEndpoint:  stsEndpoint,
+		LDAPUsername: ldapUsername,
+		LDAPPassword: ldapPassword,
 	}), nil
 }
 
 // Retrieve gets the credential by calling the MinIO STS API for
 // LDAP on the configured stsEndpoint.
 func (k *LDAPIdentity) Retrieve() (value Value, err error) {
-	u, kerr := url.Parse(k.stsEndpoint)
+	u, kerr := url.Parse(k.STSEndpoint)
 	if kerr != nil {
 		err = kerr
 		return
 	}
 
-	clnt := &http.Client{Transport: http.DefaultTransport}
 	v := url.Values{}
 	v.Set("Action", "AssumeRoleWithLDAPIdentity")
-	v.Set("Version", "2011-06-15")
-	v.Set("LDAPUsername", k.ldapUsername)
-	v.Set("LDAPPassword", k.ldapPassword)
+	v.Set("Version", STSVersion)
+	v.Set("LDAPUsername", k.LDAPUsername)
+	v.Set("LDAPPassword", k.LDAPPassword)
 
 	u.RawQuery = v.Encode()
 
@@ -91,7 +96,7 @@ func (k *LDAPIdentity) Retrieve() (value Value, err error) {
 		return
 	}
 
-	resp, kerr := clnt.Do(req)
+	resp, kerr := k.Client.Do(req)
 	if kerr != nil {
 		err = kerr
 		return

vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go

@@ -66,16 +66,16 @@ type STSWebIdentity struct {
 	// Required http Client to use when connecting to MinIO STS service.
 	Client *http.Client
 
-	// MinIO endpoint to fetch STS credentials.
-	stsEndpoint string
+	// Exported STS endpoint to fetch STS credentials.
+	STSEndpoint string
 
-	// getWebIDTokenExpiry function which returns ID tokens
-	// from IDP. This function should return two values one
-	// is ID token which is a self contained ID token (JWT)
+	// Exported GetWebIDTokenExpiry function which returns ID
+	// tokens from IDP. This function should return two values
+	// one is ID token which is a self contained ID token (JWT)
 	// and second return value is the expiry associated with
 	// this token.
 	// This is a customer provided function and is mandatory.
-	getWebIDTokenExpiry func() (*WebIdentityToken, error)
+	GetWebIDTokenExpiry func() (*WebIdentityToken, error)
 
 	// roleARN is the Amazon Resource Name (ARN) of the role that the caller is
 	// assuming.
@@ -98,8 +98,8 @@ func NewSTSWebIdentity(stsEndpoint string, getWebIDTokenExpiry func() (*WebIdent
 		Client: &http.Client{
 			Transport: http.DefaultTransport,
 		},
-		stsEndpoint:         stsEndpoint,
-		getWebIDTokenExpiry: getWebIDTokenExpiry,
+		STSEndpoint:         stsEndpoint,
+		GetWebIDTokenExpiry: getWebIDTokenExpiry,
 	}), nil
 }
 
@@ -124,7 +124,7 @@ func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSession
 	if idToken.Expiry > 0 {
 		v.Set("DurationSeconds", fmt.Sprintf("%d", idToken.Expiry))
 	}
-	v.Set("Version", "2011-06-15")
+	v.Set("Version", STSVersion)
 
 	u, err := url.Parse(endpoint)
 	if err != nil {
@@ -159,7 +159,7 @@ func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSession
 // Retrieve retrieves credentials from the MinIO service.
 // Error will be returned if the request fails.
 func (m *STSWebIdentity) Retrieve() (Value, error) {
-	a, err := getWebIdentityCredentials(m.Client, m.stsEndpoint, m.roleARN, m.roleSessionName, m.getWebIDTokenExpiry)
+	a, err := getWebIdentityCredentials(m.Client, m.STSEndpoint, m.roleARN, m.roleSessionName, m.GetWebIDTokenExpiry)
 	if err != nil {
 		return Value{}, err
 	}

vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go

@@ -146,7 +146,7 @@ type Filter struct {
 	XMLName xml.Name `xml:"Filter" json:"-"`
 	And     And      `xml:"And,omitempty" json:"And,omitempty"`
 	Prefix  string   `xml:"Prefix,omitempty" json:"Prefix,omitempty"`
-	Tag     Tag      `xml:"Tag,omitempty" json:"-"`
+	Tag     Tag      `xml:"Tag,omitempty" json:"Tag,omitempty"`
 }
 
 // MarshalXML - produces the xml representation of the Filter struct

vendor/github.com/minio/minio-go/v7/pkg/notification/notification.go

@@ -43,6 +43,8 @@ const (
 	ObjectRemovedDelete                            = "s3:ObjectRemoved:Delete"
 	ObjectRemovedDeleteMarkerCreated               = "s3:ObjectRemoved:DeleteMarkerCreated"
 	ObjectReducedRedundancyLostObject              = "s3:ReducedRedundancyLostObject"
+	BucketCreatedAll                               = "s3:BucketCreated:*"
+	BucketRemovedAll                               = "s3:BucketRemoved:*"
 )
 
 // FilterRule - child of S3Key, a tag in the notification xml which

vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go

@@ -46,21 +46,23 @@ const (
 
 // Options represents options to set a replication configuration rule
 type Options struct {
-	Op           OptionType
-	ID           string
-	Prefix       string
-	RuleStatus   string
-	Priority     string
-	TagString    string
-	StorageClass string
-	RoleArn      string
-	DestBucket   string
-	IsTagSet     bool
-	IsSCSet      bool
+	Op                     OptionType
+	ID                     string
+	Prefix                 string
+	RuleStatus             string
+	Priority               string
+	TagString              string
+	StorageClass           string
+	RoleArn                string
+	DestBucket             string
+	IsTagSet               bool
+	IsSCSet                bool
+	ReplicateDeletes       string // replicate versioned deletes
+	ReplicateDeleteMarkers string // replicate soft deletes
 }
 
 // Tags returns a slice of tags for a rule
-func (opts Options) Tags() []Tag {
+func (opts Options) Tags() ([]Tag, error) {
 	var tagList []Tag
 	tagTokens := strings.Split(opts.TagString, "&")
 	for _, tok := range tagTokens {
@@ -68,12 +70,15 @@ func (opts Options) Tags() []Tag {
 			break
 		}
 		kv := strings.SplitN(tok, "=", 2)
+		if len(kv) != 2 {
+			return []Tag{}, fmt.Errorf("Tags should be entered as comma separated k=v pairs")
+		}
 		tagList = append(tagList, Tag{
 			Key:   kv[0],
 			Value: kv[1],
 		})
 	}
-	return tagList
+	return tagList, nil
 }
 
 // Config - replication configuration specified in
@@ -110,9 +115,12 @@ func (c *Config) AddRule(opts Options) error {
 		return fmt.Errorf("Rule state should be either [enable|disable]")
 	}
 
-	tags := opts.Tags()
+	tags, err := opts.Tags()
+	if err != nil {
+		return err
+	}
 	andVal := And{
-		Tags: opts.Tags(),
+		Tags: tags,
 	}
 	filter := Filter{Prefix: opts.Prefix}
 	// only a single tag is set.
@@ -152,6 +160,30 @@ func (c *Config) AddRule(opts Options) error {
 			return fmt.Errorf("destination bucket needs to be in Arn format")
 		}
 	}
+	dmStatus := Disabled
+	if opts.ReplicateDeleteMarkers != "" {
+		switch opts.ReplicateDeleteMarkers {
+		case "enable":
+			dmStatus = Enabled
+		case "disable":
+			dmStatus = Disabled
+		default:
+			return fmt.Errorf("ReplicateDeleteMarkers should be either enable|disable")
+		}
+	}
+
+	vDeleteStatus := Disabled
+	if opts.ReplicateDeletes != "" {
+		switch opts.ReplicateDeletes {
+		case "enable":
+			vDeleteStatus = Enabled
+		case "disable":
+			vDeleteStatus = Disabled
+		default:
+			return fmt.Errorf("ReplicateDeletes should be either enable|disable")
+		}
+	}
+
 	newRule := Rule{
 		ID:       opts.ID,
 		Priority: priority,
@@ -161,7 +193,8 @@ func (c *Config) AddRule(opts Options) error {
 			Bucket:       destBucket,
 			StorageClass: opts.StorageClass,
 		},
-		DeleteMarkerReplication: DeleteMarkerReplication{Status: Disabled},
+		DeleteMarkerReplication: DeleteMarkerReplication{Status: dmStatus},
+		DeleteReplication:       DeleteReplication{Status: vDeleteStatus},
 	}
 
 	// validate rule after overlaying priority for pre-existing rule being disabled.
@@ -211,8 +244,12 @@ func (c *Config) EditRule(opts Options) error {
 		if len(newRule.Filter.And.Tags) != 0 {
 			tags = newRule.Filter.And.Tags
 		}
+		var err error
 		if opts.IsTagSet {
-			tags = opts.Tags()
+			tags, err = opts.Tags()
+			if err != nil {
+				return err
+			}
 		}
 		andVal := And{
 			Tags: tags,
@@ -244,6 +281,30 @@ func (c *Config) EditRule(opts Options) error {
 			return fmt.Errorf("Rule state should be either [enable|disable]")
 		}
 	}
+	// set DeleteMarkerReplication rule status for edit option
+	if opts.ReplicateDeleteMarkers != "" {
+		switch opts.ReplicateDeleteMarkers {
+		case "enable":
+			newRule.DeleteMarkerReplication.Status = Enabled
+		case "disable":
+			newRule.DeleteMarkerReplication.Status = Disabled
+		default:
+			return fmt.Errorf("ReplicateDeleteMarkers state should be either [enable|disable]")
+		}
+	}
+
+	// set DeleteReplication rule status for edit option. This is a MinIO specific
+	// option to replicate versioned deletes
+	if opts.ReplicateDeletes != "" {
+		switch opts.ReplicateDeletes {
+		case "enable":
+			newRule.DeleteReplication.Status = Enabled
+		case "disable":
+			newRule.DeleteReplication.Status = Disabled
+		default:
+			return fmt.Errorf("ReplicateDeletes state should be either [enable|disable]")
+		}
+	}
 
 	if opts.IsSCSet {
 		newRule.Destination.StorageClass = opts.StorageClass
@@ -314,6 +375,7 @@ type Rule struct {
 	Status                  Status                  `xml:"Status"`
 	Priority                int                     `xml:"Priority"`
 	DeleteMarkerReplication DeleteMarkerReplication `xml:"DeleteMarkerReplication"`
+	DeleteReplication       DeleteReplication       `xml:"DeleteReplication"`
 	Destination             Destination             `xml:"Destination"`
 	Filter                  Filter                  `xml:"Filter" json:"Filter"`
 }
@@ -470,7 +532,7 @@ type Destination struct {
 type And struct {
 	XMLName xml.Name `xml:"And,omitempty" json:"-"`
 	Prefix  string   `xml:"Prefix,omitempty" json:"Prefix,omitempty"`
-	Tags    []Tag    `xml:"Tags,omitempty" json:"Tags,omitempty"`
+	Tags    []Tag    `xml:"Tag,omitempty" json:"Tag,omitempty"`
 }
 
 // isEmpty returns true if Tags field is null
@@ -496,3 +558,14 @@ type DeleteMarkerReplication struct {
 func (d DeleteMarkerReplication) IsEmpty() bool {
 	return len(d.Status) == 0
 }
+
+// DeleteReplication - whether versioned deletes are replicated - this
+// is a MinIO specific extension
+type DeleteReplication struct {
+	Status Status `xml:"Status" json:"Status"` // should be set to "Disabled" by default
+}
+
+// IsEmpty returns true if DeleteReplication is not set
+func (d DeleteReplication) IsEmpty() bool {
+	return len(d.Status) == 0
+}

vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go

@@ -286,15 +286,15 @@ func EncodePath(pathName string) string {
 	if reservedObjectNames.MatchString(pathName) {
 		return pathName
 	}
-	var encodedPathname string
+	var encodedPathname strings.Builder
 	for _, s := range pathName {
 		if 'A' <= s && s <= 'Z' || 'a' <= s && s <= 'z' || '0' <= s && s <= '9' { // §2.3 Unreserved characters (mark)
-			encodedPathname = encodedPathname + string(s)
+			encodedPathname.WriteRune(s)
 			continue
 		}
 		switch s {
 		case '-', '_', '.', '~', '/': // §2.3 Unreserved characters (mark)
-			encodedPathname = encodedPathname + string(s)
+			encodedPathname.WriteRune(s)
 			continue
 		default:
 			len := utf8.RuneLen(s)
@@ -306,11 +306,11 @@ func EncodePath(pathName string) string {
 			utf8.EncodeRune(u, s)
 			for _, r := range u {
 				hex := hex.EncodeToString([]byte{r})
-				encodedPathname = encodedPathname + "%" + strings.ToUpper(hex)
+				encodedPathname.WriteString("%" + strings.ToUpper(hex))
 			}
 		}
 	}
-	return encodedPathname
+	return encodedPathname.String()
 }
 
 // We support '.' with bucket names but we fallback to using path