From 80e381c8e137422398e9e1948b557256be01909e Mon Sep 17 00:00:00 2001 From: AWS SDK for Go v2 automation user Date: Tue, 16 Jan 2024 19:16:49 +0000 Subject: [PATCH] Regenerated Clients --- .../46aa29e654b142a3a5226c750736f1be.json | 8 + .../77265c9f3b73468fb5e9721bf4f4471e.json | 8 + .../86a96f7e54f8440595d7a3a3711ec8ce.json | 8 + .../902251d446f24389a2fe49ed39e41132.json | 8 + .../cc38a6c35e214e189301b2553e7f0ea9.json | 8 + .../d4c19fb05463479ab6f32e19cc10d5d1.json | 8 + .../da83738594dd4f98ae440b2da2113033.json | 8 + .../ec4602f234394e6f831e4918b0d08393.json | 8 + service/iot/types/enums.go | 14 +- .../api_op_ListSignalCatalogNodes.go | 3 + service/iotfleetwise/deserializers.go | 5 + service/iotfleetwise/serializers.go | 5 + service/iotfleetwise/types/enums.go | 26 +++ service/iotfleetwise/types/types.go | 6 +- ...GetSensitiveDataOccurrencesAvailability.go | 20 +- .../api_op_UpdateRevealConfiguration.go | 4 +- service/macie2/types/enums.go | 18 +- service/macie2/types/types.go | 72 ++++---- .../paymentcryptography/api_op_ExportKey.go | 114 +++++++----- .../api_op_GetParametersForImport.go | 26 +-- .../paymentcryptography/api_op_ImportKey.go | 79 ++++---- service/paymentcryptography/serializers.go | 68 +++++++ service/paymentcryptography/types/enums.go | 22 +++ service/paymentcryptography/types/types.go | 84 ++++++++- .../types/types_exported_test.go | 8 + service/paymentcryptography/validators.go | 56 ++++++ service/personalize/api_op_CreateCampaign.go | 32 ++-- service/personalize/api_op_CreateSolution.go | 10 +- service/personalize/types/types.go | 12 +- .../api_op_GetPersonalizedRanking.go | 2 +- .../api_op_GetRecommendations.go | 4 +- service/rekognition/api_op_AssociateFaces.go | 6 +- .../rekognition/api_op_DetectCustomLabels.go | 36 ++-- .../api_op_DetectModerationLabels.go | 4 + service/rekognition/deserializers.go | 171 ++++++++++++++++++ service/rekognition/doc.go | 3 + service/rekognition/types/types.go | 29 +++ service/securityhub/doc.go | 71 ++++++-- service/securityhub/types/types.go | 13 +- .../ssooidc/internal/endpoints/endpoints.go | 8 + 40 files changed, 877 insertions(+), 218 deletions(-) create mode 100644 .changelog/46aa29e654b142a3a5226c750736f1be.json create mode 100644 .changelog/77265c9f3b73468fb5e9721bf4f4471e.json create mode 100644 .changelog/86a96f7e54f8440595d7a3a3711ec8ce.json create mode 100644 .changelog/902251d446f24389a2fe49ed39e41132.json create mode 100644 .changelog/cc38a6c35e214e189301b2553e7f0ea9.json create mode 100644 .changelog/d4c19fb05463479ab6f32e19cc10d5d1.json create mode 100644 .changelog/da83738594dd4f98ae440b2da2113033.json create mode 100644 .changelog/ec4602f234394e6f831e4918b0d08393.json diff --git a/.changelog/46aa29e654b142a3a5226c750736f1be.json b/.changelog/46aa29e654b142a3a5226c750736f1be.json new file mode 100644 index 00000000000..5e1da4e1892 --- /dev/null +++ b/.changelog/46aa29e654b142a3a5226c750736f1be.json @@ -0,0 +1,8 @@ +{ + "id": "46aa29e6-54b1-42a3-a522-6c750736f1be", + "type": "feature", + "description": "This release adds ContentType and TaxonomyLevel attributes to DetectModerationLabels and GetMediaAnalysisJob API responses.", + "modules": [ + "service/rekognition" + ] +} \ No newline at end of file diff --git a/.changelog/77265c9f3b73468fb5e9721bf4f4471e.json b/.changelog/77265c9f3b73468fb5e9721bf4f4471e.json new file mode 100644 index 00000000000..0c862b089d0 --- /dev/null +++ b/.changelog/77265c9f3b73468fb5e9721bf4f4471e.json @@ -0,0 +1,8 @@ +{ + "id": "77265c9f-3b73-468f-b5e9-721bf4f4471e", + "type": "documentation", + "description": "Documentation updates for Amazon Personalize.", + "modules": [ + "service/personalize" + ] +} \ No newline at end of file diff --git a/.changelog/86a96f7e54f8440595d7a3a3711ec8ce.json b/.changelog/86a96f7e54f8440595d7a3a3711ec8ce.json new file mode 100644 index 00000000000..48cd4ab52cc --- /dev/null +++ b/.changelog/86a96f7e54f8440595d7a3a3711ec8ce.json @@ -0,0 +1,8 @@ +{ + "id": "86a96f7e-54f8-4405-95d7-a3a3711ec8ce", + "type": "feature", + "description": "Provide an additional option for key exchange using RSA wrap/unwrap in addition to tr-34/tr-31 in ImportKey and ExportKey operations. Added new key usage (type) TR31_M1_ISO_9797_1_MAC_KEY, for use with Generate/VerifyMac dataplane operations with ISO9797 Algorithm 1 MAC calculations.", + "modules": [ + "service/paymentcryptography" + ] +} \ No newline at end of file diff --git a/.changelog/902251d446f24389a2fe49ed39e41132.json b/.changelog/902251d446f24389a2fe49ed39e41132.json new file mode 100644 index 00000000000..79f27200788 --- /dev/null +++ b/.changelog/902251d446f24389a2fe49ed39e41132.json @@ -0,0 +1,8 @@ +{ + "id": "902251d4-46f2-4389-a2fe-49ed39e41132", + "type": "documentation", + "description": "Documentation updates for AWS Security Hub", + "modules": [ + "service/securityhub" + ] +} \ No newline at end of file diff --git a/.changelog/cc38a6c35e214e189301b2553e7f0ea9.json b/.changelog/cc38a6c35e214e189301b2553e7f0ea9.json new file mode 100644 index 00000000000..d390fb6c9fa --- /dev/null +++ b/.changelog/cc38a6c35e214e189301b2553e7f0ea9.json @@ -0,0 +1,8 @@ +{ + "id": "cc38a6c3-5e21-4e18-9301-b2553e7f0ea9", + "type": "documentation", + "description": "Documentation updates for Amazon Personalize", + "modules": [ + "service/personalizeruntime" + ] +} \ No newline at end of file diff --git a/.changelog/d4c19fb05463479ab6f32e19cc10d5d1.json b/.changelog/d4c19fb05463479ab6f32e19cc10d5d1.json new file mode 100644 index 00000000000..d73b2a8e239 --- /dev/null +++ b/.changelog/d4c19fb05463479ab6f32e19cc10d5d1.json @@ -0,0 +1,8 @@ +{ + "id": "d4c19fb0-5463-479a-b6f3-2e19cc10d5d1", + "type": "feature", + "description": "This release adds support for analyzing Amazon S3 objects that are encrypted using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). It also adds support for reporting DSSE-KMS details in statistics and metadata about encryption settings for S3 buckets and objects.", + "modules": [ + "service/macie2" + ] +} \ No newline at end of file diff --git a/.changelog/da83738594dd4f98ae440b2da2113033.json b/.changelog/da83738594dd4f98ae440b2da2113033.json new file mode 100644 index 00000000000..113968bad45 --- /dev/null +++ b/.changelog/da83738594dd4f98ae440b2da2113033.json @@ -0,0 +1,8 @@ +{ + "id": "da837385-94dd-4f98-ae44-0b2da2113033", + "type": "feature", + "description": "Updated APIs: SignalNodeType query parameter has been added to ListSignalCatalogNodesRequest and ListVehiclesResponse has been extended with attributes field.", + "modules": [ + "service/iotfleetwise" + ] +} \ No newline at end of file diff --git a/.changelog/ec4602f234394e6f831e4918b0d08393.json b/.changelog/ec4602f234394e6f831e4918b0d08393.json new file mode 100644 index 00000000000..f8dd814910e --- /dev/null +++ b/.changelog/ec4602f234394e6f831e4918b0d08393.json @@ -0,0 +1,8 @@ +{ + "id": "ec4602f2-3439-4e6f-831e-4918b0d08393", + "type": "feature", + "description": "Revert release of LogTargetTypes", + "modules": [ + "service/iot" + ] +} \ No newline at end of file diff --git a/service/iot/types/enums.go b/service/iot/types/enums.go index ced46a38a5a..6b99df94409 100644 --- a/service/iot/types/enums.go +++ b/service/iot/types/enums.go @@ -1056,13 +1056,11 @@ type LogTargetType string // Enum values for LogTargetType const ( - LogTargetTypeDefault LogTargetType = "DEFAULT" - LogTargetTypeThingGroup LogTargetType = "THING_GROUP" - LogTargetTypeClientId LogTargetType = "CLIENT_ID" - LogTargetTypeSourceIp LogTargetType = "SOURCE_IP" - LogTargetTypePrincipalId LogTargetType = "PRINCIPAL_ID" - LogTargetTypeEventType LogTargetType = "EVENT_TYPE" - LogTargetTypeDeviceDefender LogTargetType = "DEVICE_DEFENDER" + LogTargetTypeDefault LogTargetType = "DEFAULT" + LogTargetTypeThingGroup LogTargetType = "THING_GROUP" + LogTargetTypeClientId LogTargetType = "CLIENT_ID" + LogTargetTypeSourceIp LogTargetType = "SOURCE_IP" + LogTargetTypePrincipalId LogTargetType = "PRINCIPAL_ID" ) // Values returns all known values for LogTargetType. Note that this can be @@ -1075,8 +1073,6 @@ func (LogTargetType) Values() []LogTargetType { "CLIENT_ID", "SOURCE_IP", "PRINCIPAL_ID", - "EVENT_TYPE", - "DEVICE_DEFENDER", } } diff --git a/service/iotfleetwise/api_op_ListSignalCatalogNodes.go b/service/iotfleetwise/api_op_ListSignalCatalogNodes.go index 8a53e9ba666..1ba790168ac 100644 --- a/service/iotfleetwise/api_op_ListSignalCatalogNodes.go +++ b/service/iotfleetwise/api_op_ListSignalCatalogNodes.go @@ -47,6 +47,9 @@ type ListSignalCatalogNodesInput struct { // returned, the response does not contain a pagination token value. NextToken *string + // The type of node in the signal catalog. + SignalNodeType types.SignalNodeType + noSmithyDocumentSerde } diff --git a/service/iotfleetwise/deserializers.go b/service/iotfleetwise/deserializers.go index 5d7c71cdc46..ca6d631106c 100644 --- a/service/iotfleetwise/deserializers.go +++ b/service/iotfleetwise/deserializers.go @@ -12130,6 +12130,11 @@ func awsAwsjson10_deserializeDocumentVehicleSummary(v **types.VehicleSummary, va sv.Arn = ptr.String(jtv) } + case "attributes": + if err := awsAwsjson10_deserializeDocumentAttributesMap(&sv.Attributes, value); err != nil { + return err + } + case "creationTime": if value != nil { switch jtv := value.(type) { diff --git a/service/iotfleetwise/serializers.go b/service/iotfleetwise/serializers.go index 64a4e797ffe..af79f349b45 100644 --- a/service/iotfleetwise/serializers.go +++ b/service/iotfleetwise/serializers.go @@ -5124,6 +5124,11 @@ func awsAwsjson10_serializeOpDocumentListSignalCatalogNodesInput(v *ListSignalCa ok.String(*v.NextToken) } + if len(v.SignalNodeType) > 0 { + ok := object.Key("signalNodeType") + ok.String(string(v.SignalNodeType)) + } + return nil } diff --git a/service/iotfleetwise/types/enums.go b/service/iotfleetwise/types/enums.go index de88bb0e020..11266739922 100644 --- a/service/iotfleetwise/types/enums.go +++ b/service/iotfleetwise/types/enums.go @@ -423,6 +423,32 @@ func (SignalDecoderType) Values() []SignalDecoderType { } } +type SignalNodeType string + +// Enum values for SignalNodeType +const ( + SignalNodeTypeSensor SignalNodeType = "SENSOR" + SignalNodeTypeActuator SignalNodeType = "ACTUATOR" + SignalNodeTypeAttribute SignalNodeType = "ATTRIBUTE" + SignalNodeTypeBranch SignalNodeType = "BRANCH" + SignalNodeTypeCustomStruct SignalNodeType = "CUSTOM_STRUCT" + SignalNodeTypeCustomProperty SignalNodeType = "CUSTOM_PROPERTY" +) + +// Values returns all known values for SignalNodeType. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (SignalNodeType) Values() []SignalNodeType { + return []SignalNodeType{ + "SENSOR", + "ACTUATOR", + "ATTRIBUTE", + "BRANCH", + "CUSTOM_STRUCT", + "CUSTOM_PROPERTY", + } +} + type SpoolingMode string // Enum values for SpoolingMode diff --git a/service/iotfleetwise/types/types.go b/service/iotfleetwise/types/types.go index 40367835807..69017e0665b 100644 --- a/service/iotfleetwise/types/types.go +++ b/service/iotfleetwise/types/types.go @@ -307,7 +307,7 @@ func (*CollectionSchemeMemberTimeBasedCollectionScheme) isCollectionScheme() {} type ConditionBasedCollectionScheme struct { // The logical expression used to recognize what data to collect. For example, - // $variable.Vehicle.OutsideAirTemperature >= 105.0 . + // $variable.`Vehicle.OutsideAirTemperature` >= 105.0 . // // This member is required. Expression *string @@ -1476,6 +1476,10 @@ type VehicleSummary struct { // This member is required. VehicleName *string + // Static information about a vehicle in a key-value pair. For example: + // "engineType" : "1.3 L R2" + Attributes map[string]string + noSmithyDocumentSerde } diff --git a/service/macie2/api_op_GetSensitiveDataOccurrencesAvailability.go b/service/macie2/api_op_GetSensitiveDataOccurrencesAvailability.go index ee9379380a1..79ab028b793 100644 --- a/service/macie2/api_op_GetSensitiveDataOccurrencesAvailability.go +++ b/service/macie2/api_op_GetSensitiveDataOccurrencesAvailability.go @@ -54,18 +54,18 @@ type GetSensitiveDataOccurrencesAvailabilityOutput struct { // object by using Macie. // - INVALID_CLASSIFICATION_RESULT - There isn't a corresponding sensitive data // discovery result for the finding. Or the corresponding sensitive data discovery - // result isn't available, is malformed or corrupted, or uses an unsupported - // storage format. Macie can't verify the location of the sensitive data to - // retrieve. + // result isn't available in the current Amazon Web Services Region, is malformed + // or corrupted, or uses an unsupported storage format. Macie can't verify the + // location of the sensitive data to retrieve. // - INVALID_RESULT_SIGNATURE - The corresponding sensitive data discovery // result is stored in an S3 object that wasn't signed by Macie. Macie can't verify // the integrity and authenticity of the sensitive data discovery result. // Therefore, Macie can't verify the location of the sensitive data to retrieve. - // - MEMBER_ROLE_TOO_PERMISSIVE - The affected member account is configured to - // retrieve occurrences of sensitive data by using an IAM role whose trust or - // permissions policy doesn't meet Macie requirements for restricting access to the - // role. Or the role's trust policy doesn't specify the correct external ID. Macie - // can't assume the role to retrieve the sensitive data. + // - MEMBER_ROLE_TOO_PERMISSIVE - The trust or permissions policy for the IAM + // role in the affected member account doesn't meet Macie requirements for + // restricting access to the role. Or the role's trust policy doesn't specify the + // correct external ID for your organization. Macie can't assume the role to + // retrieve the sensitive data. // - MISSING_GET_MEMBER_PERMISSION - You're not allowed to retrieve information // about the association between your account and the affected account. Macie can't // determine whether you’re allowed to access the affected S3 object as the @@ -74,8 +74,8 @@ type GetSensitiveDataOccurrencesAvailabilityOutput struct { // exceeds the size quota for retrieving occurrences of sensitive data from this // type of file. // - OBJECT_UNAVAILABLE - The affected S3 object isn't available. The object was - // renamed, moved, or deleted. Or the object was changed after Macie created the - // finding. + // renamed, moved, deleted, or changed after Macie created the finding. Or the + // object is encrypted with an KMS key that's currently disabled. // - RESULT_NOT_SIGNED - The corresponding sensitive data discovery result is // stored in an S3 object that hasn't been signed. Macie can't verify the integrity // and authenticity of the sensitive data discovery result. Therefore, Macie can't diff --git a/service/macie2/api_op_UpdateRevealConfiguration.go b/service/macie2/api_op_UpdateRevealConfiguration.go index e39f60eef97..bb44f3f14de 100644 --- a/service/macie2/api_op_UpdateRevealConfiguration.go +++ b/service/macie2/api_op_UpdateRevealConfiguration.go @@ -37,7 +37,7 @@ type UpdateRevealConfigurationInput struct { // This member is required. Configuration *types.RevealConfiguration - // The access method and settings to use to retrieve the sensitive data. + // The access method and settings to use when retrieving the sensitive data. RetrievalConfiguration *types.UpdateRetrievalConfiguration noSmithyDocumentSerde @@ -49,7 +49,7 @@ type UpdateRevealConfigurationOutput struct { // configuration for the Amazon Macie account. Configuration *types.RevealConfiguration - // The access method and settings to use to retrieve the sensitive data. + // The access method and settings to use when retrieving the sensitive data. RetrievalConfiguration *types.RetrievalConfiguration // Metadata pertaining to the operation's result. diff --git a/service/macie2/types/enums.go b/service/macie2/types/enums.go index a524537379c..1245faa1b3d 100644 --- a/service/macie2/types/enums.go +++ b/service/macie2/types/enums.go @@ -250,10 +250,11 @@ type EncryptionType string // Enum values for EncryptionType const ( - EncryptionTypeNone EncryptionType = "NONE" - EncryptionTypeAes256 EncryptionType = "AES256" - EncryptionTypeAwsKms EncryptionType = "aws:kms" - EncryptionTypeUnknown EncryptionType = "UNKNOWN" + EncryptionTypeNone EncryptionType = "NONE" + EncryptionTypeAes256 EncryptionType = "AES256" + EncryptionTypeAwsKms EncryptionType = "aws:kms" + EncryptionTypeUnknown EncryptionType = "UNKNOWN" + EncryptionTypeAwsKmsDsse EncryptionType = "aws:kms:dsse" ) // Values returns all known values for EncryptionType. Note that this can be @@ -265,6 +266,7 @@ func (EncryptionType) Values() []EncryptionType { "AES256", "aws:kms", "UNKNOWN", + "aws:kms:dsse", } } @@ -1022,9 +1024,10 @@ type Type string // Enum values for Type const ( - TypeNone Type = "NONE" - TypeAes256 Type = "AES256" - TypeAwsKms Type = "aws:kms" + TypeNone Type = "NONE" + TypeAes256 Type = "AES256" + TypeAwsKms Type = "aws:kms" + TypeAwsKmsDsse Type = "aws:kms:dsse" ) // Values returns all known values for Type. Note that this can be expanded in the @@ -1035,6 +1038,7 @@ func (Type) Values() []Type { "NONE", "AES256", "aws:kms", + "aws:kms:dsse", } } diff --git a/service/macie2/types/types.go b/service/macie2/types/types.go index f69ba530690..69adf7ddc87 100644 --- a/service/macie2/types/types.go +++ b/service/macie2/types/types.go @@ -307,9 +307,9 @@ type BucketCountByEffectivePermission struct { type BucketCountByEncryptionType struct { // The total number of buckets whose default encryption settings are configured to - // encrypt new objects with an Amazon Web Services managed KMS key or a customer - // managed KMS key. By default, these buckets encrypt new objects automatically - // using SSE-KMS encryption. + // encrypt new objects with an KMS key, either an Amazon Web Services managed key + // or a customer managed key. By default, these buckets encrypt new objects + // automatically using DSSE-KMS or SSE-KMS encryption. KmsManaged *int64 // The total number of buckets whose default encryption settings are configured to @@ -660,11 +660,14 @@ type BucketServerSideEncryption struct { // The server-side encryption algorithm that's used by default to encrypt objects // that are added to the bucket. Possible values are: - // - AES256 - New objects are encrypted with an Amazon S3 managed key. They use - // SSE-S3 encryption. - // - aws:kms - New objects are encrypted with an KMS key (kmsMasterKeyId), - // either an Amazon Web Services managed key or a customer managed key. They use - // SSE-KMS encryption. + // - AES256 - New objects use SSE-S3 encryption. They're encrypted with an + // Amazon S3 managed key. + // - aws:kms - New objects use SSE-KMS encryption. They're encrypted with an KMS + // key (kmsMasterKeyId), either an Amazon Web Services managed key or a customer + // managed key. + // - aws:kms:dsse - New objects use DSSE-KMS encryption. They're encrypted with + // an KMS key (kmsMasterKeyId), either an Amazon Web Services managed key or a + // customer managed key. // - NONE - The bucket's default encryption settings don't specify server-side // encryption behavior for new objects. Type Type @@ -1863,17 +1866,18 @@ type MonthlySchedule struct { // aren't encrypted. type ObjectCountByEncryptionType struct { - // The total number of objects that are encrypted with a customer-provided key. - // The objects use customer-provided server-side encryption (SSE-C). + // The total number of objects that are encrypted with customer-provided keys. The + // objects use server-side encryption with customer-provided keys (SSE-C). CustomerManaged *int64 - // The total number of objects that are encrypted with an KMS key, either an - // Amazon Web Services managed key or a customer managed key. The objects use KMS - // encryption (SSE-KMS). + // The total number of objects that are encrypted with KMS keys, either Amazon Web + // Services managed keys or customer managed keys. The objects use dual-layer + // server-side encryption or server-side encryption with KMS keys (DSSE-KMS or + // SSE-KMS). KmsManaged *int64 - // The total number of objects that are encrypted with an Amazon S3 managed key. - // The objects use Amazon S3 managed encryption (SSE-S3). + // The total number of objects that are encrypted with Amazon S3 managed keys. The + // objects use server-side encryption with Amazon S3 managed keys (SSE-S3). S3Managed *int64 // The total number of objects that use client-side encryption or aren't encrypted. @@ -2150,7 +2154,7 @@ type ResourceStatistics struct { // retrieve occurrences of sensitive data reported by findings. type RetrievalConfiguration struct { - // The access method that's used when retrieving sensitive data from affected S3 + // The access method that's used to retrieve sensitive data from affected S3 // objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the // affected Amazon Web Services account and delegates access to Amazon Macie // (roleName); and, CALLER_CREDENTIALS, use the credentials of the IAM user who @@ -2160,11 +2164,13 @@ type RetrievalConfiguration struct { RetrievalMode RetrievalMode // The external ID to specify in the trust policy for the IAM role to assume when - // retrieving sensitive data from affected S3 objects (roleName). The trust policy - // must include an sts:ExternalId condition that requires this ID. This ID is a - // unique alphanumeric string that Amazon Macie generates automatically after you - // configure it to assume a role. This value is null if the value for retrievalMode - // is CALLER_CREDENTIALS. + // retrieving sensitive data from affected S3 objects (roleName). This value is + // null if the value for retrievalMode is CALLER_CREDENTIALS. This ID is a unique + // alphanumeric string that Amazon Macie generates automatically after you + // configure it to assume an IAM role. For a Macie administrator to retrieve + // sensitive data from an affected S3 object for a member account, the trust policy + // for the role in the member account must include an sts:ExternalId condition that + // requires this ID. ExternalId *string // The name of the IAM role that is in the affected Amazon Web Services account @@ -2183,11 +2189,16 @@ type RetrievalConfiguration struct { // key. Otherwise, an error occurs. type RevealConfiguration struct { - // The status of the configuration for the Amazon Macie account. In a request, - // valid values are: ENABLED, enable the configuration for the account; and, - // DISABLED, disable the configuration for the account. In a response, possible - // values are: ENABLED, the configuration is currently enabled for the account; - // and, DISABLED, the configuration is currently disabled for the account. + // The status of the configuration for the Amazon Macie account. In a response, + // possible values are: ENABLED, the configuration is currently enabled for the + // account; and, DISABLED, the configuration is currently disabled for the account. + // In a request, valid values are: ENABLED, enable the configuration for the + // account; and, DISABLED, disable the configuration for the account. If you + // disable the configuration, you also permanently delete current settings that + // specify how to access affected S3 objects. If your current access method is + // ASSUME_ROLE, Macie also deletes the external ID and role name currently + // specified for the configuration. These settings can't be recovered after they're + // deleted. // // This member is required. Status RevealStatus @@ -3079,11 +3090,10 @@ type UnprocessedAccount struct { // Specifies the access method and settings to use when retrieving occurrences of // sensitive data reported by findings. If your request specifies an Identity and -// Access Management (IAM) role to assume when retrieving the sensitive data, -// Amazon Macie verifies that the role exists and the attached policies are -// configured correctly. If there's an issue, Macie returns an error. For -// information about addressing the issue, see Retrieving sensitive data samples -// with findings (https://docs.aws.amazon.com/macie/latest/user/findings-retrieve-sd.html) +// Access Management (IAM) role to assume, Amazon Macie verifies that the role +// exists and the attached policies are configured correctly. If there's an issue, +// Macie returns an error. For information about addressing the issue, see +// Configuration options and requirements for retrieving sensitive data samples (https://docs.aws.amazon.com/macie/latest/user/findings-retrieve-sd-options.html) // in the Amazon Macie User Guide. type UpdateRetrievalConfiguration struct { diff --git a/service/paymentcryptography/api_op_ExportKey.go b/service/paymentcryptography/api_op_ExportKey.go index 4fc19d95915..3f65aec3e12 100644 --- a/service/paymentcryptography/api_op_ExportKey.go +++ b/service/paymentcryptography/api_op_ExportKey.go @@ -21,43 +21,46 @@ import ( // operations outside of Amazon Web Services Payment Cryptography For symmetric key // exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm // in accordance with PCI PIN guidelines. And for asymmetric key exchange, Amazon -// Web Services Payment Cryptography supports ANSI X9 TR-34 norm . Asymmetric key -// exchange methods are typically used to establish bi-directional trust between -// the two parties exhanging keys and are used for initial key exchange such as Key -// Encryption Key (KEK). After which you can export working keys using symmetric -// method to perform various cryptographic operations within Amazon Web Services -// Payment Cryptography. The TR-34 norm is intended for exchanging 3DES keys only -// and keys are imported in a WrappedKeyBlock format. Key attributes (such as -// KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the -// key block. You can also use ExportKey functionality to generate and export an -// IPEK (Initial Pin Encryption Key) from Amazon Web Services Payment Cryptography -// using either TR-31 or TR-34 export key exchange. IPEK is generated from BDK -// (Base Derivation Key) and ExportDukptInitialKey attribute KSN ( KeySerialNumber -// ). The generated IPEK does not persist within Amazon Web Services Payment -// Cryptography and has to be re-generated each time during export. To export KEK -// or IPEK using TR-34 Using this operation, you can export initial key using TR-34 -// asymmetric key exchange. You can only export KEK generated within Amazon Web -// Services Payment Cryptography. In TR-34 terminology, the sending party of the -// key is called Key Distribution Host (KDH) and the receiving party of the key is -// called Key Receiving Device (KRD). During key export process, KDH is Amazon Web -// Services Payment Cryptography which initiates key export and KRD is the user -// receiving the key. To initiate TR-34 key export, the KRD must obtain an export -// token by calling GetParametersForExport . This operation also generates a key -// pair for the purpose of key export, signs the key and returns back the signing -// public key certificate (also known as KDH signing certificate) and root -// certificate chain. The KDH uses the private key to sign the the export payload -// and the signing public key certificate is provided to KRD to verify the -// signature. The KRD can import the root certificate into its Hardware Security -// Module (HSM), as required. The export token and the associated KDH signing -// certificate expires after 7 days. Next the KRD generates a key pair for the the -// purpose of encrypting the KDH key and provides the public key cerificate (also -// known as KRD wrapping certificate) back to KDH. The KRD will also import the -// root cerificate chain into Amazon Web Services Payment Cryptography by calling -// ImportKey for RootCertificatePublicKey . The KDH, Amazon Web Services Payment -// Cryptography, will use the KRD wrapping cerificate to encrypt (wrap) the key -// under export and signs it with signing private key to generate a TR-34 -// WrappedKeyBlock. For more information on TR-34 key export, see section -// Exporting symmetric keys (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-export.html) +// Web Services Payment Cryptography supports ANSI X9 TR-34 norm and RSA wrap and +// unwrap key exchange mechanism. Asymmetric key exchange methods are typically +// used to establish bi-directional trust between the two parties exhanging keys +// and are used for initial key exchange such as Key Encryption Key (KEK). After +// which you can export working keys using symmetric method to perform various +// cryptographic operations within Amazon Web Services Payment Cryptography. The +// TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a +// WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm, +// KeyModesOfUse, Exportability) are contained within the key block. With RSA wrap +// and unwrap, you can exchange both 3DES and AES-128 keys. The keys are imported +// in a WrappedKeyCryptogram format and you will need to specify the key attributes +// during import. You can also use ExportKey functionality to generate and export +// an IPEK (Initial Pin Encryption Key) from Amazon Web Services Payment +// Cryptography using either TR-31 or TR-34 export key exchange. IPEK is generated +// from BDK (Base Derivation Key) and ExportDukptInitialKey attribute KSN ( +// KeySerialNumber ). The generated IPEK does not persist within Amazon Web +// Services Payment Cryptography and has to be re-generated each time during +// export. To export initial keys (KEK) or IPEK using TR-34 Using this operation, +// you can export initial key using TR-34 asymmetric key exchange. You can only +// export KEK generated within Amazon Web Services Payment Cryptography. In TR-34 +// terminology, the sending party of the key is called Key Distribution Host (KDH) +// and the receiving party of the key is called Key Receiving Device (KRD). During +// key export process, KDH is Amazon Web Services Payment Cryptography which +// initiates key export and KRD is the user receiving the key. To initiate TR-34 +// key export, the KRD must obtain an export token by calling +// GetParametersForExport . This operation also generates a key pair for the +// purpose of key export, signs the key and returns back the signing public key +// certificate (also known as KDH signing certificate) and root certificate chain. +// The KDH uses the private key to sign the the export payload and the signing +// public key certificate is provided to KRD to verify the signature. The KRD can +// import the root certificate into its Hardware Security Module (HSM), as +// required. The export token and the associated KDH signing certificate expires +// after 7 days. Next the KRD generates a key pair for the the purpose of +// encrypting the KDH key and provides the public key cerificate (also known as KRD +// wrapping certificate) back to KDH. The KRD will also import the root cerificate +// chain into Amazon Web Services Payment Cryptography by calling ImportKey for +// RootCertificatePublicKey . The KDH, Amazon Web Services Payment Cryptography, +// will use the KRD wrapping cerificate to encrypt (wrap) the key under export and +// signs it with signing private key to generate a TR-34 WrappedKeyBlock. For more +// information on TR-34 key export, see section Exporting symmetric keys (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-export.html) // in the Amazon Web Services Payment Cryptography User Guide. Set the following // parameters: // - ExportAttributes : Specify export attributes in case of IPEK export. This @@ -75,11 +78,30 @@ import ( // Amazon Web Services Payment Cryptography. // // When this operation is successful, Amazon Web Services Payment Cryptography -// returns the KEK or IPEK as a TR-34 WrappedKeyBlock. To export WK (Working Key) -// or IPEK using TR-31 Using this operation, you can export working keys or IPEK -// using TR-31 symmetric key exchange. In TR-31, you must use an initial key such -// as KEK to encrypt or wrap the key under export. To establish a KEK, you can use -// CreateKey or ImportKey . Set the following parameters: +// returns the KEK or IPEK as a TR-34 WrappedKeyBlock. To export initial keys (KEK) +// or IPEK using RSA Wrap and Unwrap Using this operation, you can export initial +// key using asymmetric RSA wrap and unwrap key exchange method. To initiate +// export, generate an asymmetric key pair on the receiving HSM and obtain the +// public key certificate in PEM format (base64 encoded) for the purpose of +// wrapping and the root certifiate chain. Import the root certificate into Amazon +// Web Services Payment Cryptography by calling ImportKey for +// RootCertificatePublicKey . Next call ExportKey and set the following +// parameters: +// - CertificateAuthorityPublicKeyIdentifier : The KeyARN of the certificate +// chain that signed wrapping key certificate. +// - KeyMaterial : Set to KeyCryptogram . +// - WrappingKeyCertificate : The public key certificate in PEM format (base64 +// encoded) obtained by the receiving HSM and signed by the root certificate +// (CertificateAuthorityPublicKeyIdentifier) imported into Amazon Web Services +// Payment Cryptography. The receiving HSM uses its private key component to unwrap +// the WrappedKeyCryptogram. +// +// When this operation is successful, Amazon Web Services Payment Cryptography +// returns the WrappedKeyCryptogram. To export working keys or IPEK using TR-31 +// Using this operation, you can export working keys or IPEK using TR-31 symmetric +// key exchange. In TR-31, you must use an initial key such as KEK to encrypt or +// wrap the key under export. To establish a KEK, you can use CreateKey or +// ImportKey . Set the following parameters: // - ExportAttributes : Specify export attributes in case of IPEK export. This // parameter is optional for KEK export. // - ExportKeyIdentifier : The KeyARN of the KEK or BDK (in case of IPEK) under @@ -87,9 +109,9 @@ import ( // - KeyMaterial : Use Tr31KeyBlock parameters. // // When this operation is successful, Amazon Web Services Payment Cryptography -// returns the WK or IPEK as a TR-31 WrappedKeyBlock. Cross-account use: This -// operation can't be used across different Amazon Web Services accounts. Related -// operations: +// returns the working key or IPEK as a TR-31 WrappedKeyBlock. Cross-account use: +// This operation can't be used across different Amazon Web Services accounts. +// Related operations: // - GetParametersForExport // - ImportKey func (c *Client) ExportKey(ctx context.Context, params *ExportKeyInput, optFns ...func(*Options)) (*ExportKeyOutput, error) { @@ -130,7 +152,7 @@ type ExportKeyInput struct { type ExportKeyOutput struct { // The key material under export as a TR-34 WrappedKeyBlock or a TR-31 - // WrappedKeyBlock. + // WrappedKeyBlock. or a RSA WrappedKeyCryptogram. WrappedKey *types.WrappedKey // Metadata pertaining to the operation's result. diff --git a/service/paymentcryptography/api_op_GetParametersForImport.go b/service/paymentcryptography/api_op_GetParametersForImport.go index 047c80d0b60..b822eba02ee 100644 --- a/service/paymentcryptography/api_op_GetParametersForImport.go +++ b/service/paymentcryptography/api_op_GetParametersForImport.go @@ -14,12 +14,13 @@ import ( ) // Gets the import token and the wrapping key certificate in PEM format (base64 -// encoded) to initiate a TR-34 WrappedKeyBlock. The wrapping key certificate wraps -// the key under import. The import token and wrapping key certificate must be in -// place and operational before calling ImportKey . The import token expires in 7 -// days. You can use the same import token to import multiple keys into your -// service account. Cross-account use: This operation can't be used across -// different Amazon Web Services accounts. Related operations: +// encoded) to initiate a TR-34 WrappedKeyBlock or a RSA WrappedKeyCryptogram +// import into Amazon Web Services Payment Cryptography. The wrapping key +// certificate wraps the key under import. The import token and wrapping key +// certificate must be in place and operational before calling ImportKey . The +// import token expires in 7 days. You can use the same import token to import +// multiple keys into your service account. Cross-account use: This operation can't +// be used across different Amazon Web Services accounts. Related operations: // - GetParametersForExport // - ImportKey func (c *Client) GetParametersForImport(ctx context.Context, params *GetParametersForImportInput, optFns ...func(*Options)) (*GetParametersForImportOutput, error) { @@ -40,15 +41,17 @@ func (c *Client) GetParametersForImport(ctx context.Context, params *GetParamete type GetParametersForImportInput struct { // The method to use for key material import. Import token is only required for - // TR-34 WrappedKeyBlock ( TR34_KEY_BLOCK ). Import token is not required for - // TR-31, root public key cerificate or trusted public key certificate. + // TR-34 WrappedKeyBlock ( TR34_KEY_BLOCK ) and RSA WrappedKeyCryptogram ( + // KEY_CRYPTOGRAM ). Import token is not required for TR-31, root public key + // cerificate or trusted public key certificate. // // This member is required. KeyMaterialType types.KeyMaterialType // The wrapping key algorithm to generate a wrapping key certificate. This - // certificate wraps the key under import. At this time, RSA_2048 , RSA_3072 , - // RSA_4096 are the only allowed algorithms for TR-34 WrappedKeyBlock import. + // certificate wraps the key under import. At this time, RSA_2048 is the allowed + // algorithm for TR-34 WrappedKeyBlock import. Additionally, RSA_2048 , RSA_3072 , + // RSA_4096 are the allowed algorithms for RSA WrappedKeyCryptogram import. // // This member is required. WrappingKeyAlgorithm types.KeyAlgorithm @@ -70,7 +73,8 @@ type GetParametersForImportOutput struct { // This member is required. ParametersValidUntilTimestamp *time.Time - // The algorithm of the wrapping key for use within TR-34 WrappedKeyBlock. + // The algorithm of the wrapping key for use within TR-34 WrappedKeyBlock or RSA + // WrappedKeyCryptogram. // // This member is required. WrappingKeyAlgorithm types.KeyAlgorithm diff --git a/service/paymentcryptography/api_op_ImportKey.go b/service/paymentcryptography/api_op_ImportKey.go index 8482dce7016..bb3ff137a12 100644 --- a/service/paymentcryptography/api_op_ImportKey.go +++ b/service/paymentcryptography/api_op_ImportKey.go @@ -20,15 +20,18 @@ import ( // mechanisms. For symmetric key exchange, Amazon Web Services Payment Cryptography // uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for // asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI -// X9 TR-34 norm . Asymmetric key exchange methods are typically used to establish -// bi-directional trust between the two parties exhanging keys and are used for -// initial key exchange such as Key Encryption Key (KEK) or Zone Master Key (ZMK). -// After which you can import working keys using symmetric method to perform -// various cryptographic operations within Amazon Web Services Payment -// Cryptography. The TR-34 norm is intended for exchanging 3DES keys only and keys -// are imported in a WrappedKeyBlock format. Key attributes (such as KeyUsage, -// KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block. -// You can also import a root public key certificate, used to sign other public key +// X9 TR-34 norm and RSA wrap and unwrap key exchange mechanisms. Asymmetric key +// exchange methods are typically used to establish bi-directional trust between +// the two parties exhanging keys and are used for initial key exchange such as Key +// Encryption Key (KEK) or Zone Master Key (ZMK). After which you can import +// working keys using symmetric method to perform various cryptographic operations +// within Amazon Web Services Payment Cryptography. The TR-34 norm is intended for +// exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key +// attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are +// contained within the key block. With RSA wrap and unwrap, you can exchange both +// 3DES and AES-128 keys. The keys are imported in a WrappedKeyCryptogram format +// and you will need to specify the key attributes during import. You can also +// import a root public key certificate, used to sign other public key // certificates, or a trusted public key certificate under an already established // root public key certificate. To import a public root key certificate You can // also import a root public key certificate, used to sign other public key @@ -58,24 +61,25 @@ import ( // - PublicKeyCertificate : The trusted public key certificate in PEM format // (base64 encoded) under import. // -// To import KEK or ZMK using TR-34 Using this operation, you can import initial -// key using TR-34 asymmetric key exchange. In TR-34 terminology, the sending party -// of the key is called Key Distribution Host (KDH) and the receiving party of the -// key is called Key Receiving Device (KRD). During the key import process, KDH is -// the user who initiates the key import and KRD is Amazon Web Services Payment -// Cryptography who receives the key. To initiate TR-34 key import, the KDH must -// obtain an import token by calling GetParametersForImport . This operation -// generates an encryption keypair for the purpose of key import, signs the key and -// returns back the wrapping key certificate (also known as KRD wrapping -// certificate) and the root certificate chain. The KDH must trust and install the -// KRD wrapping certificate on its HSM and use it to encrypt (wrap) the KDH key -// during TR-34 WrappedKeyBlock generation. The import token and associated KRD -// wrapping certificate expires after 7 days. Next the KDH generates a key pair for -// the purpose of signing the encrypted KDH key and provides the public certificate -// of the signing key to Amazon Web Services Payment Cryptography. The KDH will -// also need to import the root certificate chain of the KDH signing certificate by -// calling ImportKey for RootCertificatePublicKey . For more information on TR-34 -// key import, see section Importing symmetric keys (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-import.html) +// To import initial keys (KEK or ZMK or similar) using TR-34 Using this +// operation, you can import initial key using TR-34 asymmetric key exchange. In +// TR-34 terminology, the sending party of the key is called Key Distribution Host +// (KDH) and the receiving party of the key is called Key Receiving Device (KRD). +// During the key import process, KDH is the user who initiates the key import and +// KRD is Amazon Web Services Payment Cryptography who receives the key. To +// initiate TR-34 key import, the KDH must obtain an import token by calling +// GetParametersForImport . This operation generates an encryption keypair for the +// purpose of key import, signs the key and returns back the wrapping key +// certificate (also known as KRD wrapping certificate) and the root certificate +// chain. The KDH must trust and install the KRD wrapping certificate on its HSM +// and use it to encrypt (wrap) the KDH key during TR-34 WrappedKeyBlock +// generation. The import token and associated KRD wrapping certificate expires +// after 7 days. Next the KDH generates a key pair for the purpose of signing the +// encrypted KDH key and provides the public certificate of the signing key to +// Amazon Web Services Payment Cryptography. The KDH will also need to import the +// root certificate chain of the KDH signing certificate by calling ImportKey for +// RootCertificatePublicKey . For more information on TR-34 key import, see section +// Importing symmetric keys (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-import.html) // in the Amazon Web Services Payment Cryptography User Guide. Set the following // parameters: // - KeyMaterial : Use Tr34KeyBlock parameters. @@ -92,11 +96,22 @@ import ( // (CertificateAuthorityPublicKeyIdentifier) imported in Amazon Web Services // Payment Cryptography. // -// To import WK (Working Key) using TR-31 Amazon Web Services Payment Cryptography -// uses TR-31 symmetric key exchange norm to import working keys. A KEK must be -// established within Amazon Web Services Payment Cryptography by using TR-34 key -// import or by using CreateKey . To initiate a TR-31 key import, set the following -// parameters: +// To import initial keys (KEK or ZMK or similar) using RSA Wrap and Unwrap Using +// this operation, you can import initial key using asymmetric RSA wrap and unwrap +// key exchange method. To initiate import, call GetParametersForImport with +// KeyMaterial set to KEY_CRYPTOGRAM to generate an import token. This operation +// also generates an encryption keypair for the purpose of key import, signs the +// key and returns back the wrapping key certificate in PEM format (base64 encoded) +// and its root certificate chain. The import token and associated KRD wrapping +// certificate expires after 7 days. You must trust and install the wrapping +// certificate and its certificate chain on the sending HSM and use it to wrap the +// key under export for WrappedKeyCryptogram generation. Next call ImportKey with +// KeyMaterial set to KEY_CRYPTOGRAM and provide the ImportToken and KeyAttributes +// for the key under import. To import working keys using TR-31 Amazon Web Services +// Payment Cryptography uses TR-31 symmetric key exchange norm to import working +// keys. A KEK must be established within Amazon Web Services Payment Cryptography +// by using TR-34 key import or by using CreateKey . To initiate a TR-31 key +// import, set the following parameters: // - KeyMaterial : Use Tr31KeyBlock parameters. // - WrappedKeyBlock : The TR-31 wrapped key material. It contains the key under // import, encrypted using KEK. The TR-31 key block is typically generated by a HSM diff --git a/service/paymentcryptography/serializers.go b/service/paymentcryptography/serializers.go index 3a5c0e79fbf..7bda5e92bb5 100644 --- a/service/paymentcryptography/serializers.go +++ b/service/paymentcryptography/serializers.go @@ -1145,11 +1145,39 @@ func awsAwsjson10_serializeDocumentExportDukptInitialKey(v *types.ExportDukptIni return nil } +func awsAwsjson10_serializeDocumentExportKeyCryptogram(v *types.ExportKeyCryptogram, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.CertificateAuthorityPublicKeyIdentifier != nil { + ok := object.Key("CertificateAuthorityPublicKeyIdentifier") + ok.String(*v.CertificateAuthorityPublicKeyIdentifier) + } + + if v.WrappingKeyCertificate != nil { + ok := object.Key("WrappingKeyCertificate") + ok.String(*v.WrappingKeyCertificate) + } + + if len(v.WrappingSpec) > 0 { + ok := object.Key("WrappingSpec") + ok.String(string(v.WrappingSpec)) + } + + return nil +} + func awsAwsjson10_serializeDocumentExportKeyMaterial(v types.ExportKeyMaterial, value smithyjson.Value) error { object := value.Object() defer object.Close() switch uv := v.(type) { + case *types.ExportKeyMaterialMemberKeyCryptogram: + av := object.Key("KeyCryptogram") + if err := awsAwsjson10_serializeDocumentExportKeyCryptogram(&uv.Value, av); err != nil { + return err + } + case *types.ExportKeyMaterialMemberTr31KeyBlock: av := object.Key("Tr31KeyBlock") if err := awsAwsjson10_serializeDocumentExportTr31KeyBlock(&uv.Value, av); err != nil { @@ -1213,11 +1241,51 @@ func awsAwsjson10_serializeDocumentExportTr34KeyBlock(v *types.ExportTr34KeyBloc return nil } +func awsAwsjson10_serializeDocumentImportKeyCryptogram(v *types.ImportKeyCryptogram, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.Exportable != nil { + ok := object.Key("Exportable") + ok.Boolean(*v.Exportable) + } + + if v.ImportToken != nil { + ok := object.Key("ImportToken") + ok.String(*v.ImportToken) + } + + if v.KeyAttributes != nil { + ok := object.Key("KeyAttributes") + if err := awsAwsjson10_serializeDocumentKeyAttributes(v.KeyAttributes, ok); err != nil { + return err + } + } + + if v.WrappedKeyCryptogram != nil { + ok := object.Key("WrappedKeyCryptogram") + ok.String(*v.WrappedKeyCryptogram) + } + + if len(v.WrappingSpec) > 0 { + ok := object.Key("WrappingSpec") + ok.String(string(v.WrappingSpec)) + } + + return nil +} + func awsAwsjson10_serializeDocumentImportKeyMaterial(v types.ImportKeyMaterial, value smithyjson.Value) error { object := value.Object() defer object.Close() switch uv := v.(type) { + case *types.ImportKeyMaterialMemberKeyCryptogram: + av := object.Key("KeyCryptogram") + if err := awsAwsjson10_serializeDocumentImportKeyCryptogram(&uv.Value, av); err != nil { + return err + } + case *types.ImportKeyMaterialMemberRootCertificatePublicKey: av := object.Key("RootCertificatePublicKey") if err := awsAwsjson10_serializeDocumentRootCertificatePublicKey(&uv.Value, av); err != nil { diff --git a/service/paymentcryptography/types/enums.go b/service/paymentcryptography/types/enums.go index ef016b25228..09b8d2e646c 100644 --- a/service/paymentcryptography/types/enums.go +++ b/service/paymentcryptography/types/enums.go @@ -80,6 +80,7 @@ const ( KeyMaterialTypeTr31KeyBlock KeyMaterialType = "TR31_KEY_BLOCK" KeyMaterialTypeRootPublicKeyCertificate KeyMaterialType = "ROOT_PUBLIC_KEY_CERTIFICATE" KeyMaterialTypeTrustedPublicKeyCertificate KeyMaterialType = "TRUSTED_PUBLIC_KEY_CERTIFICATE" + KeyMaterialTypeKeyCryptogram KeyMaterialType = "KEY_CRYPTOGRAM" ) // Values returns all known values for KeyMaterialType. Note that this can be @@ -91,6 +92,7 @@ func (KeyMaterialType) Values() []KeyMaterialType { "TR31_KEY_BLOCK", "ROOT_PUBLIC_KEY_CERTIFICATE", "TRUSTED_PUBLIC_KEY_CERTIFICATE", + "KEY_CRYPTOGRAM", } } @@ -152,6 +154,7 @@ const ( KeyUsageTr31K1KeyBlockProtectionKey KeyUsage = "TR31_K1_KEY_BLOCK_PROTECTION_KEY" KeyUsageTr31K3AsymmetricKeyForKeyAgreement KeyUsage = "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT" KeyUsageTr31M3Iso97973MacKey KeyUsage = "TR31_M3_ISO_9797_3_MAC_KEY" + KeyUsageTr31M1Iso97971MacKey KeyUsage = "TR31_M1_ISO_9797_1_MAC_KEY" KeyUsageTr31M6Iso97975CmacKey KeyUsage = "TR31_M6_ISO_9797_5_CMAC_KEY" KeyUsageTr31M7HmacKey KeyUsage = "TR31_M7_HMAC_KEY" KeyUsageTr31P0PinEncryptionKey KeyUsage = "TR31_P0_PIN_ENCRYPTION_KEY" @@ -181,6 +184,7 @@ func (KeyUsage) Values() []KeyUsage { "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", + "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", @@ -227,3 +231,21 @@ func (WrappedKeyMaterialFormat) Values() []WrappedKeyMaterialFormat { "TR34_KEY_BLOCK", } } + +type WrappingKeySpec string + +// Enum values for WrappingKeySpec +const ( + WrappingKeySpecRsaOaepSha256 WrappingKeySpec = "RSA_OAEP_SHA_256" + WrappingKeySpecRsaOaepSha512 WrappingKeySpec = "RSA_OAEP_SHA_512" +) + +// Values returns all known values for WrappingKeySpec. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (WrappingKeySpec) Values() []WrappingKeySpec { + return []WrappingKeySpec{ + "RSA_OAEP_SHA_256", + "RSA_OAEP_SHA_512", + } +} diff --git a/service/paymentcryptography/types/types.go b/service/paymentcryptography/types/types.go index ebcad4c60ce..0938d8736d8 100644 --- a/service/paymentcryptography/types/types.go +++ b/service/paymentcryptography/types/types.go @@ -54,17 +54,51 @@ type ExportDukptInitialKey struct { noSmithyDocumentSerde } +// Parameter information for key material export using asymmetric RSA wrap and +// unwrap key exchange method. +type ExportKeyCryptogram struct { + + // The KeyARN of the certificate chain that signs the wrapping key certificate + // during RSA wrap and unwrap key export. + // + // This member is required. + CertificateAuthorityPublicKeyIdentifier *string + + // The wrapping key certificate in PEM format (base64 encoded). Amazon Web + // Services Payment Cryptography uses this certificate to wrap the key under + // export. + // + // This member is required. + WrappingKeyCertificate *string + + // The wrapping spec for the key under export. + WrappingSpec WrappingKeySpec + + noSmithyDocumentSerde +} + // Parameter information for key material export from Amazon Web Services Payment -// Cryptography using TR-31 or TR-34 key exchange method. +// Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method. // // The following types satisfy this interface: // +// ExportKeyMaterialMemberKeyCryptogram // ExportKeyMaterialMemberTr31KeyBlock // ExportKeyMaterialMemberTr34KeyBlock type ExportKeyMaterial interface { isExportKeyMaterial() } +// Parameter information for key material export using asymmetric RSA wrap and +// unwrap key exchange method +type ExportKeyMaterialMemberKeyCryptogram struct { + Value ExportKeyCryptogram + + noSmithyDocumentSerde +} + +func (*ExportKeyMaterialMemberKeyCryptogram) isExportKeyMaterial() {} + // Parameter information for key material export using symmetric TR-31 key // exchange method. type ExportKeyMaterialMemberTr31KeyBlock struct { @@ -137,11 +171,47 @@ type ExportTr34KeyBlock struct { noSmithyDocumentSerde } +// Parameter information for key material import using asymmetric RSA wrap and +// unwrap key exchange method. +type ImportKeyCryptogram struct { + + // Specifies whether the key is exportable from the service. + // + // This member is required. + Exportable *bool + + // The import token that initiates key import using the asymmetric RSA wrap and + // unwrap key exchange method into AWS Payment Cryptography. It expires after 7 + // days. You can use the same import token to import multiple keys to the same + // service account. + // + // This member is required. + ImportToken *string + + // The role of the key, the algorithm it supports, and the cryptographic + // operations allowed with the key. This data is immutable after the key is + // created. + // + // This member is required. + KeyAttributes *KeyAttributes + + // The RSA wrapped key cryptogram under import. + // + // This member is required. + WrappedKeyCryptogram *string + + // The wrapping spec for the wrapped key cryptogram. + WrappingSpec WrappingKeySpec + + noSmithyDocumentSerde +} + // Parameter information for key material import into Amazon Web Services Payment -// Cryptography using TR-31 or TR-34 key exchange method. +// Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method. // // The following types satisfy this interface: // +// ImportKeyMaterialMemberKeyCryptogram // ImportKeyMaterialMemberRootCertificatePublicKey // ImportKeyMaterialMemberTr31KeyBlock // ImportKeyMaterialMemberTr34KeyBlock @@ -150,6 +220,16 @@ type ImportKeyMaterial interface { isImportKeyMaterial() } +// Parameter information for key material import using asymmetric RSA wrap and +// unwrap key exchange method. +type ImportKeyMaterialMemberKeyCryptogram struct { + Value ImportKeyCryptogram + + noSmithyDocumentSerde +} + +func (*ImportKeyMaterialMemberKeyCryptogram) isImportKeyMaterial() {} + // Parameter information for root public key certificate import. type ImportKeyMaterialMemberRootCertificatePublicKey struct { Value RootCertificatePublicKey diff --git a/service/paymentcryptography/types/types_exported_test.go b/service/paymentcryptography/types/types_exported_test.go index 9e4d9176db4..ecf3d001390 100644 --- a/service/paymentcryptography/types/types_exported_test.go +++ b/service/paymentcryptography/types/types_exported_test.go @@ -11,6 +11,9 @@ func ExampleExportKeyMaterial_outputUsage() { var union types.ExportKeyMaterial // type switches can be used to check the union value switch v := union.(type) { + case *types.ExportKeyMaterialMemberKeyCryptogram: + _ = v.Value // Value is types.ExportKeyCryptogram + case *types.ExportKeyMaterialMemberTr31KeyBlock: _ = v.Value // Value is types.ExportTr31KeyBlock @@ -26,6 +29,7 @@ func ExampleExportKeyMaterial_outputUsage() { } } +var _ *types.ExportKeyCryptogram var _ *types.ExportTr34KeyBlock var _ *types.ExportTr31KeyBlock @@ -33,6 +37,9 @@ func ExampleImportKeyMaterial_outputUsage() { var union types.ImportKeyMaterial // type switches can be used to check the union value switch v := union.(type) { + case *types.ImportKeyMaterialMemberKeyCryptogram: + _ = v.Value // Value is types.ImportKeyCryptogram + case *types.ImportKeyMaterialMemberRootCertificatePublicKey: _ = v.Value // Value is types.RootCertificatePublicKey @@ -55,6 +62,7 @@ func ExampleImportKeyMaterial_outputUsage() { } var _ *types.RootCertificatePublicKey +var _ *types.ImportKeyCryptogram var _ *types.TrustedCertificatePublicKey var _ *types.ImportTr34KeyBlock var _ *types.ImportTr31KeyBlock diff --git a/service/paymentcryptography/validators.go b/service/paymentcryptography/validators.go index 44fd05ba984..2edac7b1474 100644 --- a/service/paymentcryptography/validators.go +++ b/service/paymentcryptography/validators.go @@ -474,12 +474,35 @@ func validateExportDukptInitialKey(v *types.ExportDukptInitialKey) error { } } +func validateExportKeyCryptogram(v *types.ExportKeyCryptogram) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "ExportKeyCryptogram"} + if v.CertificateAuthorityPublicKeyIdentifier == nil { + invalidParams.Add(smithy.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier")) + } + if v.WrappingKeyCertificate == nil { + invalidParams.Add(smithy.NewErrParamRequired("WrappingKeyCertificate")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateExportKeyMaterial(v types.ExportKeyMaterial) error { if v == nil { return nil } invalidParams := smithy.InvalidParamsError{Context: "ExportKeyMaterial"} switch uv := v.(type) { + case *types.ExportKeyMaterialMemberKeyCryptogram: + if err := validateExportKeyCryptogram(&uv.Value); err != nil { + invalidParams.AddNested("[KeyCryptogram]", err.(smithy.InvalidParamsError)) + } + case *types.ExportKeyMaterialMemberTr31KeyBlock: if err := validateExportTr31KeyBlock(&uv.Value); err != nil { invalidParams.AddNested("[Tr31KeyBlock]", err.(smithy.InvalidParamsError)) @@ -537,12 +560,45 @@ func validateExportTr34KeyBlock(v *types.ExportTr34KeyBlock) error { } } +func validateImportKeyCryptogram(v *types.ImportKeyCryptogram) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "ImportKeyCryptogram"} + if v.KeyAttributes == nil { + invalidParams.Add(smithy.NewErrParamRequired("KeyAttributes")) + } else if v.KeyAttributes != nil { + if err := validateKeyAttributes(v.KeyAttributes); err != nil { + invalidParams.AddNested("KeyAttributes", err.(smithy.InvalidParamsError)) + } + } + if v.Exportable == nil { + invalidParams.Add(smithy.NewErrParamRequired("Exportable")) + } + if v.WrappedKeyCryptogram == nil { + invalidParams.Add(smithy.NewErrParamRequired("WrappedKeyCryptogram")) + } + if v.ImportToken == nil { + invalidParams.Add(smithy.NewErrParamRequired("ImportToken")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateImportKeyMaterial(v types.ImportKeyMaterial) error { if v == nil { return nil } invalidParams := smithy.InvalidParamsError{Context: "ImportKeyMaterial"} switch uv := v.(type) { + case *types.ImportKeyMaterialMemberKeyCryptogram: + if err := validateImportKeyCryptogram(&uv.Value); err != nil { + invalidParams.AddNested("[KeyCryptogram]", err.(smithy.InvalidParamsError)) + } + case *types.ImportKeyMaterialMemberRootCertificatePublicKey: if err := validateRootCertificatePublicKey(&uv.Value); err != nil { invalidParams.AddNested("[RootCertificatePublicKey]", err.(smithy.InvalidParamsError)) diff --git a/service/personalize/api_op_CreateCampaign.go b/service/personalize/api_op_CreateCampaign.go index 0488094d03c..49668a4f703 100644 --- a/service/personalize/api_op_CreateCampaign.go +++ b/service/personalize/api_op_CreateCampaign.go @@ -16,22 +16,26 @@ import ( // GetRecommendations (https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetRecommendations.html) // and GetPersonalizedRanking (https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetPersonalizedRanking.html) // APIs, a campaign is specified in the request. Minimum Provisioned TPS and -// Auto-Scaling A high minProvisionedTPS will increase your bill. We recommend +// Auto-Scaling A high minProvisionedTPS will increase your cost. We recommend // starting with 1 for minProvisionedTPS (the default). Track your usage using -// Amazon CloudWatch metrics, and increase the minProvisionedTPS as necessary. A -// transaction is a single GetRecommendations or GetPersonalizedRanking call. -// Transactions per second (TPS) is the throughput and unit of billing for Amazon -// Personalize. The minimum provisioned TPS ( minProvisionedTPS ) specifies the -// baseline throughput provisioned by Amazon Personalize, and thus, the minimum -// billing charge. If your TPS increases beyond minProvisionedTPS , Amazon -// Personalize auto-scales the provisioned capacity up and down, but never below -// minProvisionedTPS . There's a short time delay while the capacity is increased -// that might cause loss of transactions. The actual TPS used is calculated as the -// average requests/second within a 5-minute window. You pay for maximum of either -// the minimum provisioned TPS or the actual TPS. We recommend starting with a low +// Amazon CloudWatch metrics, and increase the minProvisionedTPS as necessary. +// When you create an Amazon Personalize campaign, you can specify the minimum +// provisioned transactions per second ( minProvisionedTPS ) for the campaign. This +// is the baseline transaction throughput for the campaign provisioned by Amazon +// Personalize. It sets the minimum billing charge for the campaign while it is +// active. A transaction is a single GetRecommendations or GetPersonalizedRanking +// request. The default minProvisionedTPS is 1. If your TPS increases beyond the +// minProvisionedTPS , Amazon Personalize auto-scales the provisioned capacity up +// and down, but never below minProvisionedTPS . There's a short time delay while +// the capacity is increased that might cause loss of transactions. When your +// traffic reduces, capacity returns to the minProvisionedTPS . You are charged for +// the the minimum provisioned TPS or, if your requests exceed the +// minProvisionedTPS , the actual TPS. The actual TPS is the total number of +// recommendation requests you make. We recommend starting with a low // minProvisionedTPS , track your usage using Amazon CloudWatch metrics, and then -// increase the minProvisionedTPS as necessary. Status A campaign can be in one of -// the following states: +// increase the minProvisionedTPS as necessary. For more information about +// campaign costs, see Amazon Personalize pricing (https://aws.amazon.com/personalize/pricing/) +// . Status A campaign can be in one of the following states: // - CREATE PENDING > CREATE IN_PROGRESS > ACTIVE -or- CREATE FAILED // - DELETE PENDING > DELETE IN_PROGRESS // diff --git a/service/personalize/api_op_CreateSolution.go b/service/personalize/api_op_CreateSolution.go index fd056e4b2e5..61749ed07ab 100644 --- a/service/personalize/api_op_CreateSolution.go +++ b/service/personalize/api_op_CreateSolution.go @@ -82,8 +82,8 @@ type CreateSolutionInput struct { // We don't recommend enabling automated machine learning. Instead, match your use // case to the available Amazon Personalize recipes. For more information, see - // Determining your use case. (https://docs.aws.amazon.com/personalize/latest/dg/determining-use-case.html) - // Whether to perform automated machine learning (AutoML). The default is false . + // Choosing a recipe (https://docs.aws.amazon.com/personalize/latest/dg/working-with-predefined-recipes.html) + // . Whether to perform automated machine learning (AutoML). The default is false . // For this case, you must specify recipeArn . When set to true , Amazon // Personalize analyzes your training data and selects the optimal // USER_PERSONALIZATION recipe and hyperparameters. In this case, you must omit @@ -97,8 +97,10 @@ type CreateSolutionInput struct { // is always true and you should not set it to false . PerformHPO *bool - // The ARN of the recipe to use for model training. This is required when - // performAutoML is false. + // The Amazon Resource Name (ARN) of the recipe to use for model training. This is + // required when performAutoML is false. For information about different Amazon + // Personalize recipes and their ARNs, see Choosing a recipe (https://docs.aws.amazon.com/personalize/latest/dg/working-with-predefined-recipes.html) + // . RecipeArn *string // The configuration to use with the solution. When performAutoML is set to true, diff --git a/service/personalize/types/types.go b/service/personalize/types/types.go index 02dff214cc1..9abcf5a0faa 100644 --- a/service/personalize/types/types.go +++ b/service/personalize/types/types.go @@ -378,8 +378,10 @@ type CampaignConfig struct { // Whether metadata with recommendations is enabled for the campaign. If enabled, // you can specify the columns from your Items dataset in your request for // recommendations. Amazon Personalize returns this data for each item in the - // recommendation response. If you enable metadata in recommendations, you will - // incur additional costs. For more information, see Amazon Personalize pricing (https://aws.amazon.com/personalize/pricing/) + // recommendation response. For information about enabling metadata for a campaign, + // see Enabling metadata in recommendations for a campaign (https://docs.aws.amazon.com/personalize/latest/dg/campaigns.html#create-campaign-return-metadata) + // . If you enable metadata in recommendations, you will incur additional costs. + // For more information, see Amazon Personalize pricing (https://aws.amazon.com/personalize/pricing/) // . EnableMetadataWithRecommendations *bool @@ -1442,8 +1444,10 @@ type RecommenderConfig struct { // Whether metadata with recommendations is enabled for the recommender. If // enabled, you can specify the columns from your Items dataset in your request for // recommendations. Amazon Personalize returns this data for each item in the - // recommendation response. If you enable metadata in recommendations, you will - // incur additional costs. For more information, see Amazon Personalize pricing (https://aws.amazon.com/personalize/pricing/) + // recommendation response. For information about enabling metadata for a + // recommender, see Enabling metadata in recommendations for a recommender (https://docs.aws.amazon.com/personalize/latest/dg/creating-recommenders.html#create-recommender-return-metadata) + // . If you enable metadata in recommendations, you will incur additional costs. + // For more information, see Amazon Personalize pricing (https://aws.amazon.com/personalize/pricing/) // . EnableMetadataWithRecommendations *bool diff --git a/service/personalizeruntime/api_op_GetPersonalizedRanking.go b/service/personalizeruntime/api_op_GetPersonalizedRanking.go index aa32de59d19..577614a6447 100644 --- a/service/personalizeruntime/api_op_GetPersonalizedRanking.go +++ b/service/personalizeruntime/api_op_GetPersonalizedRanking.go @@ -81,7 +81,7 @@ type GetPersonalizedRankingInput struct { // personalized ranking. The map key is ITEMS and the value is a list of column // names from your Items dataset. The maximum number of columns you can provide is // 10. For information about enabling metadata for a campaign, see Enabling - // metadata in recommendations for a campaign (https://docs.aws.amazon.com/personalize/latest/dg/create-campaign-return-metadata.html) + // metadata in recommendations for a campaign (https://docs.aws.amazon.com/personalize/latest/dg/campaigns.html#create-campaign-return-metadata) // . MetadataColumns map[string][]string diff --git a/service/personalizeruntime/api_op_GetRecommendations.go b/service/personalizeruntime/api_op_GetRecommendations.go index a5deb52f6c3..35d5669a841 100644 --- a/service/personalizeruntime/api_op_GetRecommendations.go +++ b/service/personalizeruntime/api_op_GetRecommendations.go @@ -77,9 +77,9 @@ type GetRecommendationsInput struct { // include in item recommendations. The map key is ITEMS and the value is a list // of column names from your Items dataset. The maximum number of columns you can // provide is 10. For information about enabling metadata for a campaign, see - // Enabling metadata in recommendations for a campaign (https://docs.aws.amazon.com/personalize/latest/dg/create-campaign-return-metadata.html) + // Enabling metadata in recommendations for a campaign (https://docs.aws.amazon.com/personalize/latest/dg/campaigns.html#create-campaign-return-metadata) // . For information about enabling metadata for a recommender, see Enabling - // metadata in recommendations for a recommender (https://docs.aws.amazon.com/personalize/latest/dg/create-recommender-return-metadata.html) + // metadata in recommendations for a recommender (https://docs.aws.amazon.com/personalize/latest/dg/creating-recommenders.html#create-recommender-return-metadata) // . MetadataColumns map[string][]string diff --git a/service/rekognition/api_op_AssociateFaces.go b/service/rekognition/api_op_AssociateFaces.go index 919b93054c9..260e5a78e7c 100644 --- a/service/rekognition/api_op_AssociateFaces.go +++ b/service/rekognition/api_op_AssociateFaces.go @@ -81,9 +81,9 @@ type AssociateFacesInput struct { type AssociateFacesOutput struct { - // An array of AssociatedFace objects containing FaceIDs that are successfully - // associated with the UserID is returned. Returned if the AssociateFaces action is - // successful. + // An array of AssociatedFace objects containing FaceIDs that have been + // successfully associated with the UserID. Returned if the AssociateFaces action + // is successful. AssociatedFaces []types.AssociatedFace // An array of UnsuccessfulAssociation objects containing FaceIDs that are not diff --git a/service/rekognition/api_op_DetectCustomLabels.go b/service/rekognition/api_op_DetectCustomLabels.go index 17717d59e27..c0c98a3d85a 100644 --- a/service/rekognition/api_op_DetectCustomLabels.go +++ b/service/rekognition/api_op_DetectCustomLabels.go @@ -23,23 +23,25 @@ import ( // CustomLabel ) object in an array ( CustomLabels ). Each CustomLabel object // provides the label name ( Name ), the level of confidence that the image // contains the object ( Confidence ), and object location information, if it -// exists, for the label on the image ( Geometry ). To filter labels that are -// returned, specify a value for MinConfidence . DetectCustomLabelsLabels only -// returns labels with a confidence that's higher than the specified value. The -// value of MinConfidence maps to the assumed threshold values created during -// training. For more information, see Assumed threshold in the Amazon Rekognition -// Custom Labels Developer Guide. Amazon Rekognition Custom Labels metrics -// expresses an assumed threshold as a floating point value between 0-1. The range -// of MinConfidence normalizes the threshold value to a percentage value (0-100). -// Confidence responses from DetectCustomLabels are also returned as a percentage. -// You can use MinConfidence to change the precision and recall or your model. For -// more information, see Analyzing an image in the Amazon Rekognition Custom Labels -// Developer Guide. If you don't specify a value for MinConfidence , -// DetectCustomLabels returns labels based on the assumed threshold of each label. -// This is a stateless API operation. That is, the operation does not persist any -// data. This operation requires permissions to perform the -// rekognition:DetectCustomLabels action. For more information, see Analyzing an -// image in the Amazon Rekognition Custom Labels Developer Guide. +// exists, for the label on the image ( Geometry ). Note that for the +// DetectCustomLabelsLabels operation, Polygons are not returned in the Geometry +// section of the response. To filter labels that are returned, specify a value for +// MinConfidence . DetectCustomLabelsLabels only returns labels with a confidence +// that's higher than the specified value. The value of MinConfidence maps to the +// assumed threshold values created during training. For more information, see +// Assumed threshold in the Amazon Rekognition Custom Labels Developer Guide. +// Amazon Rekognition Custom Labels metrics expresses an assumed threshold as a +// floating point value between 0-1. The range of MinConfidence normalizes the +// threshold value to a percentage value (0-100). Confidence responses from +// DetectCustomLabels are also returned as a percentage. You can use MinConfidence +// to change the precision and recall or your model. For more information, see +// Analyzing an image in the Amazon Rekognition Custom Labels Developer Guide. If +// you don't specify a value for MinConfidence , DetectCustomLabels returns labels +// based on the assumed threshold of each label. This is a stateless API operation. +// That is, the operation does not persist any data. This operation requires +// permissions to perform the rekognition:DetectCustomLabels action. For more +// information, see Analyzing an image in the Amazon Rekognition Custom Labels +// Developer Guide. func (c *Client) DetectCustomLabels(ctx context.Context, params *DetectCustomLabelsInput, optFns ...func(*Options)) (*DetectCustomLabelsOutput, error) { if params == nil { params = &DetectCustomLabelsInput{} diff --git a/service/rekognition/api_op_DetectModerationLabels.go b/service/rekognition/api_op_DetectModerationLabels.go index d9f17923bf2..19738d8cc92 100644 --- a/service/rekognition/api_op_DetectModerationLabels.go +++ b/service/rekognition/api_op_DetectModerationLabels.go @@ -69,6 +69,10 @@ type DetectModerationLabelsInput struct { type DetectModerationLabelsOutput struct { + // A list of predicted results for the type of content an image contains. For + // example, the image content might be from animation, sports, or a video game. + ContentTypes []types.ContentType + // Shows the results of the human in the loop evaluation. HumanLoopActivationOutput *types.HumanLoopActivationOutput diff --git a/service/rekognition/deserializers.go b/service/rekognition/deserializers.go index b8af78beb1d..1232abd061a 100644 --- a/service/rekognition/deserializers.go +++ b/service/rekognition/deserializers.go @@ -12360,6 +12360,114 @@ func awsAwsjson11_deserializeDocumentContentModerationDetections(v *[]types.Cont return nil } +func awsAwsjson11_deserializeDocumentContentType(v **types.ContentType, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.ContentType + if *v == nil { + sv = &types.ContentType{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Confidence": + if value != nil { + switch jtv := value.(type) { + case json.Number: + f64, err := jtv.Float64() + if err != nil { + return err + } + sv.Confidence = ptr.Float32(float32(f64)) + + case string: + var f64 float64 + switch { + case strings.EqualFold(jtv, "NaN"): + f64 = math.NaN() + + case strings.EqualFold(jtv, "Infinity"): + f64 = math.Inf(1) + + case strings.EqualFold(jtv, "-Infinity"): + f64 = math.Inf(-1) + + default: + return fmt.Errorf("unknown JSON number value: %s", jtv) + + } + sv.Confidence = ptr.Float32(float32(f64)) + + default: + return fmt.Errorf("expected Percent to be a JSON Number, got %T instead", value) + + } + } + + case "Name": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Name = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentContentTypes(v *[]types.ContentType, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []types.ContentType + if *v == nil { + cv = []types.ContentType{} + } else { + cv = *v + } + + for _, value := range shape { + var col types.ContentType + destAddr := &col + if err := awsAwsjson11_deserializeDocumentContentType(&destAddr, value); err != nil { + return err + } + col = *destAddr + cv = append(cv, col) + + } + *v = cv + return nil +} + func awsAwsjson11_deserializeDocumentCoversBodyPart(v **types.CoversBodyPart, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -17353,6 +17461,46 @@ func awsAwsjson11_deserializeDocumentMediaAnalysisManifestSummary(v **types.Medi return nil } +func awsAwsjson11_deserializeDocumentMediaAnalysisModelVersions(v **types.MediaAnalysisModelVersions, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.MediaAnalysisModelVersions + if *v == nil { + sv = &types.MediaAnalysisModelVersions{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Moderation": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Moderation = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentMediaAnalysisOperationsConfig(v **types.MediaAnalysisOperationsConfig, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -17460,6 +17608,11 @@ func awsAwsjson11_deserializeDocumentMediaAnalysisResults(v **types.MediaAnalysi for key, value := range shape { switch key { + case "ModelVersions": + if err := awsAwsjson11_deserializeDocumentMediaAnalysisModelVersions(&sv.ModelVersions, value); err != nil { + return err + } + case "S3Object": if err := awsAwsjson11_deserializeDocumentS3Object(&sv.S3Object, value); err != nil { return err @@ -17548,6 +17701,19 @@ func awsAwsjson11_deserializeDocumentModerationLabel(v **types.ModerationLabel, sv.ParentName = ptr.String(jtv) } + case "TaxonomyLevel": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected UInteger to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.TaxonomyLevel = ptr.Int32(int32(i64)) + } + default: _, _ = key, value @@ -23632,6 +23798,11 @@ func awsAwsjson11_deserializeOpDocumentDetectModerationLabelsOutput(v **DetectMo for key, value := range shape { switch key { + case "ContentTypes": + if err := awsAwsjson11_deserializeDocumentContentTypes(&sv.ContentTypes, value); err != nil { + return err + } + case "HumanLoopActivationOutput": if err := awsAwsjson11_deserializeDocumentHumanLoopActivationOutput(&sv.HumanLoopActivationOutput, value); err != nil { return err diff --git a/service/rekognition/doc.go b/service/rekognition/doc.go index 0d440614d06..629bf5bc509 100644 --- a/service/rekognition/doc.go +++ b/service/rekognition/doc.go @@ -24,8 +24,10 @@ // - DetectText (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_DetectText.html) // - DisassociateFaces (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_DisassociateFaces.html) // - GetCelebrityInfo (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_GetCelebrityInfo.html) +// - GetMediaAnalysisJob (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_GetMediaAnalysisJob.html) // - IndexFaces (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_IndexFaces.html) // - ListCollections (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_ListCollections.html) +// - ListMediaAnalysisJob (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_ListMediaAnalysisJob.html) // - ListFaces (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_ListFaces.html) // - ListUsers (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_ListFaces.html) // - RecognizeCelebrities (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_RecognizeCelebrities.html) @@ -33,6 +35,7 @@ // - SearchFacesByImage (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_SearchFacesByImage.html) // - SearchUsers (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_SearchUsers.html) // - SearchUsersByImage (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_SearchUsersByImage.html) +// - StartMediaAnalysisJob (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_StartMediaAnalysisJob.html) // // Amazon Rekognition Custom Labels // - CopyProjectVersion (https://docs.aws.amazon.com/rekognition/latest/APIReference/API_CopyProjectVersion.html) diff --git a/service/rekognition/types/types.go b/service/rekognition/types/types.go index f295befca8e..581993583a6 100644 --- a/service/rekognition/types/types.go +++ b/service/rekognition/types/types.go @@ -377,6 +377,19 @@ type ContentModerationDetection struct { noSmithyDocumentSerde } +// Contains information regarding the confidence and name of a detected content +// type. +type ContentType struct { + + // The confidence level of the label given + Confidence *float32 + + // The name of the label + Name *string + + noSmithyDocumentSerde +} + // Information about an item of Personal Protective Equipment covering a // corresponding body part. For more information, see DetectProtectiveEquipment . type CoversBodyPart struct { @@ -1583,6 +1596,16 @@ type MediaAnalysisManifestSummary struct { noSmithyDocumentSerde } +// Object containing information about the model versions of selected features in +// a given job. +type MediaAnalysisModelVersions struct { + + // The Moderation base model version. + Moderation *string + + noSmithyDocumentSerde +} + // Configuration options for a media analysis job. Configuration is // operation-specific. type MediaAnalysisOperationsConfig struct { @@ -1612,6 +1635,9 @@ type MediaAnalysisOutputConfig struct { // StartMediaAnalysisJob. type MediaAnalysisResults struct { + // Information about the model versions for the features selected in a given job. + ModelVersions *MediaAnalysisModelVersions + // Provides the S3 bucket name and object name. The region for the S3 bucket // containing the S3 object must match the region you use for Amazon Rekognition // operations. For Amazon Rekognition to process an S3 object, the user must have @@ -1641,6 +1667,9 @@ type ModerationLabel struct { // the parent label "" . ParentName *string + // The level of the moderation label with regard to its taxonomy, from 1 to 3. + TaxonomyLevel *int32 + noSmithyDocumentSerde } diff --git a/service/securityhub/doc.go b/service/securityhub/doc.go index a4e6ad5733b..7ffe804cca8 100644 --- a/service/securityhub/doc.go +++ b/service/securityhub/doc.go @@ -3,25 +3,58 @@ // Package securityhub provides the API client, operations, and parameter types // for AWS SecurityHub. // -// Security Hub provides you with a comprehensive view of the security state of -// your Amazon Web Services environment and resources. It also provides you with -// the readiness status of your environment based on controls from supported -// security standards. Security Hub collects security data from Amazon Web Services -// accounts, services, and integrated third-party products and helps you analyze -// security trends in your environment to identify the highest priority security -// issues. For more information about Security Hub, see the Security Hub User -// Guide (https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) -// . When you use operations in the Security Hub API, the requests are executed -// only in the Amazon Web Services Region that is currently active or in the -// specific Amazon Web Services Region that you specify in your request. Any -// configuration or settings change that results from the operation is applied only -// to that Region. To make the same change in other Regions, run the same command -// for each Region in which you want to apply the change. For example, if your -// Region is set to us-west-2 , when you use CreateMembers to add a member account -// to Security Hub, the association of the member account with the administrator -// account is created only in the us-west-2 Region. Security Hub must be enabled -// for the member account in the same Region that the invitation was sent from. The -// following throttling limits apply to using Security Hub API operations. +// Security Hub provides you with a comprehensive view of your security state in +// Amazon Web Services and helps you assess your Amazon Web Services environment +// against security industry standards and best practices. Security Hub collects +// security data across Amazon Web Services accounts, Amazon Web Services, and +// supported third-party products and helps you analyze your security trends and +// identify the highest priority security issues. To help you manage the security +// state of your organization, Security Hub supports multiple security standards. +// These include the Amazon Web Services Foundational Security Best Practices +// (FSBP) standard developed by Amazon Web Services, and external compliance +// frameworks such as the Center for Internet Security (CIS), the Payment Card +// Industry Data Security Standard (PCI DSS), and the National Institute of +// Standards and Technology (NIST). Each standard includes several security +// controls, each of which represents a security best practice. Security Hub runs +// checks against security controls and generates control findings to help you +// assess your compliance against security best practices. In addition to +// generating control findings, Security Hub also receives findings from other +// Amazon Web Services, such as Amazon GuardDuty and Amazon Inspector, and +// supported third-party products. This gives you a single pane of glass into a +// variety of security-related issues. You can also send Security Hub findings to +// other Amazon Web Services and supported third-party products. Security Hub +// offers automation features that help you triage and remediate security issues. +// For example, you can use automation rules to automatically update critical +// findings when a security check fails. You can also leverage the integration with +// Amazon EventBridge to trigger automatic responses to specific findings. This +// guide, the Security Hub API Reference, provides information about the Security +// Hub API. This includes supported resources, HTTP methods, parameters, and +// schemas. If you're new to Security Hub, you might find it helpful to also review +// the Security Hub User Guide (https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) +// . The user guide explains key concepts and provides procedures that demonstrate +// how to use Security Hub features. It also provides information about topics such +// as integrating Security Hub with other Amazon Web Services. In addition to +// interacting with Security Hub by making calls to the Security Hub API, you can +// use a current version of an Amazon Web Services command line tool or SDK. Amazon +// Web Services provides tools and SDKs that consist of libraries and sample code +// for various languages and platforms, such as PowerShell, Java, Go, Python, C++, +// and .NET. These tools and SDKs provide convenient, programmatic access to +// Security Hub and other Amazon Web Services . They also handle tasks such as +// signing requests, managing errors, and retrying requests automatically. For +// information about installing and using the Amazon Web Services tools and SDKs, +// see Tools to Build on Amazon Web Services (http://aws.amazon.com/developer/tools/) +// . With the exception of operations that are related to central configuration, +// Security Hub API requests are executed only in the Amazon Web Services Region +// that is currently active or in the specific Amazon Web Services Region that you +// specify in your request. Any configuration or settings change that results from +// the operation is applied only to that Region. To make the same change in other +// Regions, call the same API operation in each Region in which you want to apply +// the change. When you use central configuration, API requests for enabling +// Security Hub, standards, and controls are executed in the home Region and all +// linked Regions. For a list of central configuration operations, see the Central +// configuration terms and concepts (https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html#central-configuration-concepts) +// section of the Security Hub User Guide. The following throttling limits apply to +// Security Hub API operations. // - BatchEnableStandards - RateLimit of 1 request per second. BurstLimit of 1 // request per second. // - GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests diff --git a/service/securityhub/types/types.go b/service/securityhub/types/types.go index 1a050be81e8..6872ce12cc5 100644 --- a/service/securityhub/types/types.go +++ b/service/securityhub/types/types.go @@ -8538,9 +8538,16 @@ type AwsLambdaFunctionVpcConfig struct { // Details about a Lambda layer version. type AwsLambdaLayerVersionDetails struct { - // The layer's compatible runtimes. Maximum number of five items. Valid values: - // nodejs10.x | nodejs12.x | java8 | java11 | python2.7 | python3.6 | python3.7 | - // python3.8 | dotnetcore1.0 | dotnetcore2.1 | go1.x | ruby2.5 | provided + // The layer's compatible function runtimes (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) + // . The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy) + // in the Lambda Developer Guide. Array Members: Maximum number of 5 items. Valid + // Values: nodejs | nodejs4.3 | nodejs6.10 | nodejs8.10 | nodejs10.x | nodejs12.x + // | nodejs14.x | nodejs16.x | java8 | java8.al2 | java11 | python2.7 | python3.6 | + // python3.7 | python3.8 | python3.9 | dotnetcore1.0 | dotnetcore2.0 | + // dotnetcore2.1 | dotnetcore3.1 | dotnet6 | nodejs4.3-edge | go1.x | ruby2.5 | + // ruby2.7 | provided | provided.al2 | nodejs18.x | python3.10 | java17 | ruby3.2 | + // python3.11 | nodejs20.x | provided.al2023 | python3.12 | java21 CompatibleRuntimes []string // Indicates when the version was created. Uses the date-time format specified in diff --git a/service/ssooidc/internal/endpoints/endpoints.go b/service/ssooidc/internal/endpoints/endpoints.go index c48da8b88a6..cbd77fd291c 100644 --- a/service/ssooidc/internal/endpoints/endpoints.go +++ b/service/ssooidc/internal/endpoints/endpoints.go @@ -283,6 +283,14 @@ var defaultPartitions = endpoints.Partitions{ Region: "il-central-1", }, }, + endpoints.EndpointKey{ + Region: "me-central-1", + }: endpoints.Endpoint{ + Hostname: "oidc.me-central-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "me-central-1", + }, + }, endpoints.EndpointKey{ Region: "me-south-1", }: endpoints.Endpoint{