[chore]: Bump github.com/minio/minio-go/v7 from 7.0.67 to 7.0.69 (#2748)

vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go

@@ -237,6 +237,7 @@ func (m *STSAssumeRole) Retrieve() (Value, error) {
 		AccessKeyID:     a.Result.Credentials.AccessKey,
 		SecretAccessKey: a.Result.Credentials.SecretKey,
 		SessionToken:    a.Result.Credentials.SessionToken,
+		Expiration:      a.Result.Credentials.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

vendor/github.com/minio/minio-go/v7/pkg/credentials/credentials.go

@@ -30,17 +30,20 @@ const (
 	defaultExpiryWindow = 0.8
 )
 
-// A Value is the AWS credentials value for individual credential fields.
+// A Value is the S3 credentials value for individual credential fields.
 type Value struct {
-	// AWS Access key ID
+	// S3 Access key ID
 	AccessKeyID string
 
-	// AWS Secret Access Key
+	// S3 Secret Access Key
 	SecretAccessKey string
 
-	// AWS Session Token
+	// S3 Session Token
 	SessionToken string
 
+	// Expiration of this credentials - null means no expiration associated
+	Expiration time.Time
+
 	// Signature Type.
 	SignerType SignatureType
 }

vendor/github.com/minio/minio-go/v7/pkg/credentials/file_aws_credentials.go

@@ -129,6 +129,7 @@ func (p *FileAWSCredentials) Retrieve() (Value, error) {
 			AccessKeyID:     externalProcessCredentials.AccessKeyID,
 			SecretAccessKey: externalProcessCredentials.SecretAccessKey,
 			SessionToken:    externalProcessCredentials.SessionToken,
+			Expiration:      externalProcessCredentials.Expiration,
 			SignerType:      SignatureV4,
 		}, nil
 	}

vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go

@@ -61,6 +61,7 @@ type IAM struct {
 	// Support for container authorization token https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html
 	Container struct {
 		AuthorizationToken     string
+		AuthorizationTokenFile string
 		CredentialsFullURI     string
 		CredentialsRelativeURI string
 	}
@@ -105,6 +106,11 @@ func (m *IAM) Retrieve() (Value, error) {
 		token = m.Container.AuthorizationToken
 	}
 
+	tokenFile := os.Getenv("AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE")
+	if tokenFile == "" {
+		tokenFile = m.Container.AuthorizationToken
+	}
+
 	relativeURI := os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")
 	if relativeURI == "" {
 		relativeURI = m.Container.CredentialsRelativeURI
@@ -181,6 +187,10 @@ func (m *IAM) Retrieve() (Value, error) {
 
 		roleCreds, err = getEcsTaskCredentials(m.Client, endpoint, token)
 
+	case tokenFile != "" && fullURI != "":
+		endpoint = fullURI
+		roleCreds, err = getEKSPodIdentityCredentials(m.Client, endpoint, tokenFile)
+
 	case fullURI != "":
 		if len(endpoint) == 0 {
 			endpoint = fullURI
@@ -209,6 +219,7 @@ func (m *IAM) Retrieve() (Value, error) {
 		AccessKeyID:     roleCreds.AccessKeyID,
 		SecretAccessKey: roleCreds.SecretAccessKey,
 		SessionToken:    roleCreds.Token,
+		Expiration:      roleCreds.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }
@@ -304,6 +315,18 @@ func getEcsTaskCredentials(client *http.Client, endpoint, token string) (ec2Role
 	return respCreds, nil
 }
 
+func getEKSPodIdentityCredentials(client *http.Client, endpoint string, tokenFile string) (ec2RoleCredRespBody, error) {
+	if tokenFile != "" {
+		bytes, err := os.ReadFile(tokenFile)
+		if err != nil {
+			return ec2RoleCredRespBody{}, fmt.Errorf("getEKSPodIdentityCredentials: failed to read token file:%s", err)
+		}
+		token := string(bytes)
+		return getEcsTaskCredentials(client, endpoint, token)
+	}
+	return ec2RoleCredRespBody{}, fmt.Errorf("getEKSPodIdentityCredentials: no tokenFile found")
+}
+
 func fetchIMDSToken(client *http.Client, endpoint string) (string, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 	defer cancel()

vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_client_grants.go

@@ -177,6 +177,7 @@ func (m *STSClientGrants) Retrieve() (Value, error) {
 		AccessKeyID:     a.Result.Credentials.AccessKey,
 		SecretAccessKey: a.Result.Credentials.SecretKey,
 		SessionToken:    a.Result.Credentials.SessionToken,
+		Expiration:      a.Result.Credentials.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go

@@ -113,6 +113,7 @@ func (c *CustomTokenIdentity) Retrieve() (value Value, err error) {
 		AccessKeyID:     cr.AccessKey,
 		SecretAccessKey: cr.SecretKey,
 		SessionToken:    cr.SessionToken,
+		Expiration:      cr.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go

@@ -184,6 +184,7 @@ func (k *LDAPIdentity) Retrieve() (value Value, err error) {
 		AccessKeyID:     cr.AccessKey,
 		SecretAccessKey: cr.SecretKey,
 		SessionToken:    cr.SessionToken,
+		Expiration:      cr.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go

@@ -188,6 +188,7 @@ func (i *STSCertificateIdentity) Retrieve() (Value, error) {
 		AccessKeyID:     response.Result.Credentials.AccessKey,
 		SecretAccessKey: response.Result.Credentials.SecretKey,
 		SessionToken:    response.Result.Credentials.SessionToken,
+		Expiration:      response.Result.Credentials.Expiration,
 		SignerType:      SignatureDefault,
 	}, nil
 }

vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go

@@ -195,6 +195,7 @@ func (m *STSWebIdentity) Retrieve() (Value, error) {
 		AccessKeyID:     a.Result.Credentials.AccessKey,
 		SecretAccessKey: a.Result.Credentials.SecretKey,
 		SessionToken:    a.Result.Credentials.SessionToken,
+		Expiration:      a.Result.Credentials.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }