-
Notifications
You must be signed in to change notification settings - Fork 606
/
api_op_UpdateTrail.go
279 lines (242 loc) · 11 KB
/
api_op_UpdateTrail.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
// Code generated by smithy-go-codegen DO NOT EDIT.
package cloudtrail
import (
"context"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// Updates trail settings that control what events you are logging, and how to
// handle log files. Changes to a trail do not require stopping the CloudTrail
// service. Use this action to designate an existing bucket for log delivery. If
// the existing bucket has previously been a target for CloudTrail log files, an
// IAM policy exists for the bucket. UpdateTrail must be called from the Region in
// which the trail was created; otherwise, an InvalidHomeRegionException is thrown.
func (c *Client) UpdateTrail(ctx context.Context, params *UpdateTrailInput, optFns ...func(*Options)) (*UpdateTrailOutput, error) {
if params == nil {
params = &UpdateTrailInput{}
}
result, metadata, err := c.invokeOperation(ctx, "UpdateTrail", params, optFns, c.addOperationUpdateTrailMiddlewares)
if err != nil {
return nil, err
}
out := result.(*UpdateTrailOutput)
out.ResultMetadata = metadata
return out, nil
}
// Specifies settings to update for the trail.
type UpdateTrailInput struct {
// Specifies the name of the trail or trail ARN. If Name is a trail name, the
// string must meet the following requirements:
// - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
// underscores (_), or dashes (-)
// - Start with a letter or number, and end with a letter or number
// - Be between 3 and 128 characters
// - Have no adjacent periods, underscores or dashes. Names like my-_namespace
// and my--namespace are not valid.
// - Not be in IP address format (for example, 192.168.5.4)
// If Name is a trail ARN, it must be in the following format.
// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
//
// This member is required.
Name *string
// Specifies a log group name using an Amazon Resource Name (ARN), a unique
// identifier that represents the log group to which CloudTrail logs are delivered.
// You must use a log group that exists in your account. Not required unless you
// specify CloudWatchLogsRoleArn . Only the management account can configure a
// CloudWatch Logs log group for an organization trail.
CloudWatchLogsLogGroupArn *string
// Specifies the role for the CloudWatch Logs endpoint to assume to write to a
// user's log group. You must use a role that exists in your account.
CloudWatchLogsRoleArn *string
// Specifies whether log file validation is enabled. The default is false. When
// you disable log file integrity validation, the chain of digest files is broken
// after one hour. CloudTrail does not create digest files for log files that were
// delivered during a period in which log file integrity validation was disabled.
// For example, if you enable log file integrity validation at noon on January 1,
// disable it at noon on January 2, and re-enable it at noon on January 10, digest
// files will not be created for the log files delivered from noon on January 2 to
// noon on January 10. The same applies whenever you stop CloudTrail logging or
// delete a trail.
EnableLogFileValidation *bool
// Specifies whether the trail is publishing events from global services such as
// IAM to the log files.
IncludeGlobalServiceEvents *bool
// Specifies whether the trail applies only to the current Region or to all
// Regions. The default is false. If the trail exists only in the current Region
// and this value is set to true, shadow trails (replications of the trail) will be
// created in the other Regions. If the trail exists in all Regions and this value
// is set to false, the trail will remain in the Region where it was created, and
// its shadow trails in other Regions will be deleted. As a best practice, consider
// using trails that log events in all Regions.
IsMultiRegionTrail *bool
// Specifies whether the trail is applied to all accounts in an organization in
// Organizations, or only for the current Amazon Web Services account. The default
// is false, and cannot be true unless the call is made on behalf of an Amazon Web
// Services account that is the management account for an organization in
// Organizations. If the trail is not an organization trail and this is set to true
// , the trail will be created in all Amazon Web Services accounts that belong to
// the organization. If the trail is an organization trail and this is set to false
// , the trail will remain in the current Amazon Web Services account but be
// deleted from all member accounts in the organization. Only the management
// account for the organization can convert an organization trail to a
// non-organization trail, or convert a non-organization trail to an organization
// trail.
IsOrganizationTrail *bool
// Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail.
// The value can be an alias name prefixed by "alias/", a fully specified ARN to an
// alias, a fully specified ARN to a key, or a globally unique identifier.
// CloudTrail also supports KMS multi-Region keys. For more information about
// multi-Region keys, see Using multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html)
// in the Key Management Service Developer Guide. Examples:
// - alias/MyAliasName
// - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
// - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
// - 12345678-1234-1234-1234-123456789012
KmsKeyId *string
// Specifies the name of the Amazon S3 bucket designated for publishing log files.
// See Amazon S3 Bucket Naming Requirements (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html)
// .
S3BucketName *string
// Specifies the Amazon S3 key prefix that comes after the name of the bucket you
// have designated for log file delivery. For more information, see Finding Your
// CloudTrail Log Files (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html)
// . The maximum length is 200 characters.
S3KeyPrefix *string
// Specifies the name of the Amazon SNS topic defined for notification of log file
// delivery. The maximum length is 256 characters.
SnsTopicName *string
noSmithyDocumentSerde
}
// Returns the objects or data listed below if successful. Otherwise, returns an
// error.
type UpdateTrailOutput struct {
// Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail
// logs are delivered.
CloudWatchLogsLogGroupArn *string
// Specifies the role for the CloudWatch Logs endpoint to assume to write to a
// user's log group.
CloudWatchLogsRoleArn *string
// Specifies whether the trail is publishing events from global services such as
// IAM to the log files.
IncludeGlobalServiceEvents *bool
// Specifies whether the trail exists in one Region or in all Regions.
IsMultiRegionTrail *bool
// Specifies whether the trail is an organization trail.
IsOrganizationTrail *bool
// Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The
// value is a fully specified ARN to a KMS key in the following format.
// arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
KmsKeyId *string
// Specifies whether log file integrity validation is enabled.
LogFileValidationEnabled *bool
// Specifies the name of the trail.
Name *string
// Specifies the name of the Amazon S3 bucket designated for publishing log files.
S3BucketName *string
// Specifies the Amazon S3 key prefix that comes after the name of the bucket you
// have designated for log file delivery. For more information, see Finding Your
// IAM Log Files (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html)
// .
S3KeyPrefix *string
// Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
// notifications when log files are delivered. The following is the format of a
// topic ARN. arn:aws:sns:us-east-2:123456789012:MyTopic
SnsTopicARN *string
// This field is no longer in use. Use SnsTopicARN .
//
// Deprecated: This member has been deprecated.
SnsTopicName *string
// Specifies the ARN of the trail that was updated. The following is the format of
// a trail ARN. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
TrailARN *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationUpdateTrailMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsjson11_serializeOpUpdateTrail{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpUpdateTrail{}, middleware.After)
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "UpdateTrail"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpUpdateTrailValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opUpdateTrail(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opUpdateTrail(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
OperationName: "UpdateTrail",
}
}