From 9c613340b1888ba7b81b43421d327b47fc55edad Mon Sep 17 00:00:00 2001 From: AWS SDK for Go v2 automation user Date: Wed, 6 Mar 2024 19:47:43 +0000 Subject: [PATCH] Regenerated Clients --- .../1bba3a9d97db43f9a3a7f5da526d994b.json | 8 + .../5b1d46a4ef2b4344a5165b6a0cc41195.json | 8 + .../8ead962e948d469bbdee690ebe342bd3.json | 8 + .../c1b597b85df84e2b9bfae8a5c7db3b90.json | 8 + .../caa04509f723429a8ae0fad22e4c7d24.json | 8 + .../e9090eace4ba4a4f899881c3b15fb8c0.json | 8 + .../api_op_ExportTableToPointInTime.go | 3 +- service/dynamodb/api_op_Query.go | 2 +- service/dynamodb/api_op_UpdateGlobalTable.go | 2 +- service/dynamodb/types/types.go | 3 +- service/imagebuilder/deserializers.go | 32 +++ service/imagebuilder/types/enums.go | 2 + service/imagebuilder/types/types.go | 13 +- service/mwaa/api_op_CreateEnvironment.go | 1 + service/rds/api_op_CreateDBCluster.go | 4 + service/rds/api_op_CreateDBInstance.go | 28 +-- .../rds/api_op_CreateDBInstanceReadReplica.go | 7 +- service/rds/api_op_ModifyDBCluster.go | 4 + service/rds/api_op_ModifyDBInstance.go | 31 ++- .../api_op_RestoreDBInstanceFromDBSnapshot.go | 6 +- service/rds/api_op_RestoreDBInstanceFromS3.go | 6 +- .../api_op_RestoreDBInstanceToPointInTime.go | 8 +- service/rds/deserializers.go | 12 ++ service/rds/serializers.go | 10 + service/rds/types/types.go | 16 +- .../api_op_AssociateDataShareConsumer.go | 12 +- service/redshift/api_op_AuthorizeDataShare.go | 11 +- .../api_op_AuthorizeSnapshotAccess.go | 10 +- service/redshift/api_op_CreateCluster.go | 7 +- .../redshift/api_op_DeauthorizeDataShare.go | 10 +- service/redshift/api_op_DescribeDataShares.go | 2 +- .../api_op_DescribeDataSharesForConsumer.go | 4 +- .../api_op_DescribeDataSharesForProducer.go | 4 +- .../api_op_DisassociateDataShareConsumer.go | 11 +- service/redshift/api_op_ModifyCluster.go | 7 +- service/redshift/api_op_RejectDataShare.go | 7 +- .../api_op_RestoreFromClusterSnapshot.go | 4 +- service/redshift/types/types.go | 7 +- .../api_op_CreateIdentitySource.go | 7 +- .../api_op_CreatePolicy.go | 7 +- .../api_op_CreatePolicyStore.go | 7 +- .../api_op_CreatePolicyTemplate.go | 7 +- .../api_op_GetIdentitySource.go | 14 +- .../api_op_IsAuthorizedWithToken.go | 10 +- .../verifiedpermissions/api_op_PutSchema.go | 4 +- .../api_op_UpdateIdentitySource.go | 2 +- .../api_op_UpdatePolicy.go | 4 +- .../api_op_UpdatePolicyStore.go | 4 +- .../api_op_UpdatePolicyTemplate.go | 2 +- service/verifiedpermissions/deserializers.go | 198 ++++++++++++++++++ service/verifiedpermissions/types/types.go | 175 ++++++++++++++-- .../types/types_exported_test.go | 36 ++++ 52 files changed, 671 insertions(+), 140 deletions(-) create mode 100644 .changelog/1bba3a9d97db43f9a3a7f5da526d994b.json create mode 100644 .changelog/5b1d46a4ef2b4344a5165b6a0cc41195.json create mode 100644 .changelog/8ead962e948d469bbdee690ebe342bd3.json create mode 100644 .changelog/c1b597b85df84e2b9bfae8a5c7db3b90.json create mode 100644 .changelog/caa04509f723429a8ae0fad22e4c7d24.json create mode 100644 .changelog/e9090eace4ba4a4f899881c3b15fb8c0.json diff --git a/.changelog/1bba3a9d97db43f9a3a7f5da526d994b.json b/.changelog/1bba3a9d97db43f9a3a7f5da526d994b.json new file mode 100644 index 00000000000..3952d5bfb68 --- /dev/null +++ b/.changelog/1bba3a9d97db43f9a3a7f5da526d994b.json @@ -0,0 +1,8 @@ +{ + "id": "1bba3a9d-97db-43f9-a3a7-f5da526d994b", + "type": "feature", + "description": "Updated the input of CreateDBCluster and ModifyDBCluster to support setting CA certificates. Updated the output of DescribeDBCluster to show current CA certificate setting value.", + "modules": [ + "service/rds" + ] +} \ No newline at end of file diff --git a/.changelog/5b1d46a4ef2b4344a5165b6a0cc41195.json b/.changelog/5b1d46a4ef2b4344a5165b6a0cc41195.json new file mode 100644 index 00000000000..7877dda0e03 --- /dev/null +++ b/.changelog/5b1d46a4ef2b4344a5165b6a0cc41195.json @@ -0,0 +1,8 @@ +{ + "id": "5b1d46a4-ef2b-4344-a516-5b6a0cc41195", + "type": "documentation", + "description": "Update for documentation only. Covers port ranges, definition updates for data sharing, and definition updates to cluster-snapshot documentation.", + "modules": [ + "service/redshift" + ] +} \ No newline at end of file diff --git a/.changelog/8ead962e948d469bbdee690ebe342bd3.json b/.changelog/8ead962e948d469bbdee690ebe342bd3.json new file mode 100644 index 00000000000..ddc0dbe87b6 --- /dev/null +++ b/.changelog/8ead962e948d469bbdee690ebe342bd3.json @@ -0,0 +1,8 @@ +{ + "id": "8ead962e-948d-469b-bdee-690ebe342bd3", + "type": "documentation", + "description": "Doc only updates for DynamoDB documentation", + "modules": [ + "service/dynamodb" + ] +} \ No newline at end of file diff --git a/.changelog/c1b597b85df84e2b9bfae8a5c7db3b90.json b/.changelog/c1b597b85df84e2b9bfae8a5c7db3b90.json new file mode 100644 index 00000000000..42396aca9f3 --- /dev/null +++ b/.changelog/c1b597b85df84e2b9bfae8a5c7db3b90.json @@ -0,0 +1,8 @@ +{ + "id": "c1b597b8-5df8-4e2b-9bfa-e8a5c7db3b90", + "type": "documentation", + "description": "Amazon MWAA adds support for Apache Airflow v2.8.1.", + "modules": [ + "service/mwaa" + ] +} \ No newline at end of file diff --git a/.changelog/caa04509f723429a8ae0fad22e4c7d24.json b/.changelog/caa04509f723429a8ae0fad22e4c7d24.json new file mode 100644 index 00000000000..4706502218b --- /dev/null +++ b/.changelog/caa04509f723429a8ae0fad22e4c7d24.json @@ -0,0 +1,8 @@ +{ + "id": "caa04509-f723-429a-8ae0-fad22e4c7d24", + "type": "feature", + "description": "Add PENDING status to Lifecycle Execution resource status. Add StartTime and EndTime to ListLifecycleExecutionResource API response.", + "modules": [ + "service/imagebuilder" + ] +} \ No newline at end of file diff --git a/.changelog/e9090eace4ba4a4f899881c3b15fb8c0.json b/.changelog/e9090eace4ba4a4f899881c3b15fb8c0.json new file mode 100644 index 00000000000..56fea2963bb --- /dev/null +++ b/.changelog/e9090eace4ba4a4f899881c3b15fb8c0.json @@ -0,0 +1,8 @@ +{ + "id": "e9090eac-e4ba-4a4f-8998-81c3b15fb8c0", + "type": "feature", + "description": "Deprecating details in favor of configuration for GetIdentitySource and ListIdentitySources APIs.", + "modules": [ + "service/verifiedpermissions" + ] +} \ No newline at end of file diff --git a/service/dynamodb/api_op_ExportTableToPointInTime.go b/service/dynamodb/api_op_ExportTableToPointInTime.go index 7c916ed2e07..297f6de3674 100644 --- a/service/dynamodb/api_op_ExportTableToPointInTime.go +++ b/service/dynamodb/api_op_ExportTableToPointInTime.go @@ -72,7 +72,8 @@ type ExportTableToPointInTimeInput struct { IncrementalExportSpecification *types.IncrementalExportSpecification // The ID of the Amazon Web Services account that owns the bucket the export will - // be stored in. + // be stored in. S3BucketOwner is a required parameter when exporting to a S3 + // bucket in another account. S3BucketOwner *string // The Amazon S3 bucket prefix to use as the file name and path of the exported diff --git a/service/dynamodb/api_op_Query.go b/service/dynamodb/api_op_Query.go index d0225411e56..84be7e41468 100644 --- a/service/dynamodb/api_op_Query.go +++ b/service/dynamodb/api_op_Query.go @@ -137,7 +137,7 @@ type QueryInput struct { // key attributes. You cannot define a filter expression based on a partition key // or a sort key. A FilterExpression is applied after the items have already been // read; the process of filtering does not consume any additional read capacity - // units. For more information, see Filter Expressions (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/QueryAndScan.html#Query.FilterExpression) + // units. For more information, see Filter Expressions (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.FilterExpression.html) // in the Amazon DynamoDB Developer Guide. FilterExpression *string diff --git a/service/dynamodb/api_op_UpdateGlobalTable.go b/service/dynamodb/api_op_UpdateGlobalTable.go index c95e8673ff0..767af7c3f3a 100644 --- a/service/dynamodb/api_op_UpdateGlobalTable.go +++ b/service/dynamodb/api_op_UpdateGlobalTable.go @@ -25,7 +25,7 @@ import ( // 2019.11.21 (Current), see Updating global tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_upgrade.html) // . This operation only applies to Version 2017.11.29 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) // of global tables. If you are using global tables Version 2019.11.21 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) -// you can use DescribeTable (https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeTable.html) +// you can use UpdateTable (https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateTable.html) // instead. Although you can use UpdateGlobalTable to add replicas and remove // replicas in a single request, for simplicity we recommend that you issue // separate requests for adding or removing replicas. If global secondary indexes diff --git a/service/dynamodb/types/types.go b/service/dynamodb/types/types.go index ce38bd1f41d..196842a1dde 100644 --- a/service/dynamodb/types/types.go +++ b/service/dynamodb/types/types.go @@ -28,7 +28,7 @@ type ArchivalSummary struct { noSmithyDocumentSerde } -// Represents an attribute for describing the key schema for the table and indexes. +// Represents an attribute for describing the schema for the table and indexes. type AttributeDefinition struct { // A name for the attribute. @@ -1968,6 +1968,7 @@ type Projection struct { // - INCLUDE - In addition to the attributes described in KEYS_ONLY , the // secondary index will include other non-key attributes that you specify. // - ALL - All of the table attributes are projected into the index. + // When using the DynamoDB console, ALL is selected by default. ProjectionType ProjectionType noSmithyDocumentSerde diff --git a/service/imagebuilder/deserializers.go b/service/imagebuilder/deserializers.go index ac8655bef45..bcba26b0a42 100644 --- a/service/imagebuilder/deserializers.go +++ b/service/imagebuilder/deserializers.go @@ -19537,6 +19537,22 @@ func awsRestjson1_deserializeDocumentLifecycleExecutionResource(v **types.Lifecy return err } + case "endTime": + if value != nil { + switch jtv := value.(type) { + case json.Number: + f64, err := jtv.Float64() + if err != nil { + return err + } + sv.EndTime = ptr.Time(smithytime.ParseEpochSeconds(f64)) + + default: + return fmt.Errorf("expected DateTimeTimestamp to be a JSON Number, got %T instead", value) + + } + } + case "imageUris": if err := awsRestjson1_deserializeDocumentStringList(&sv.ImageUris, value); err != nil { return err @@ -19565,6 +19581,22 @@ func awsRestjson1_deserializeDocumentLifecycleExecutionResource(v **types.Lifecy return err } + case "startTime": + if value != nil { + switch jtv := value.(type) { + case json.Number: + f64, err := jtv.Float64() + if err != nil { + return err + } + sv.StartTime = ptr.Time(smithytime.ParseEpochSeconds(f64)) + + default: + return fmt.Errorf("expected DateTimeTimestamp to be a JSON Number, got %T instead", value) + + } + } + case "state": if err := awsRestjson1_deserializeDocumentLifecycleExecutionResourceState(&sv.State, value); err != nil { return err diff --git a/service/imagebuilder/types/enums.go b/service/imagebuilder/types/enums.go index 314cc344a28..97a374d82fd 100644 --- a/service/imagebuilder/types/enums.go +++ b/service/imagebuilder/types/enums.go @@ -313,6 +313,7 @@ const ( LifecycleExecutionStatusCancelling LifecycleExecutionStatus = "CANCELLING" LifecycleExecutionStatusFailed LifecycleExecutionStatus = "FAILED" LifecycleExecutionStatusSuccess LifecycleExecutionStatus = "SUCCESS" + LifecycleExecutionStatusPending LifecycleExecutionStatus = "PENDING" ) // Values returns all known values for LifecycleExecutionStatus. Note that this @@ -325,6 +326,7 @@ func (LifecycleExecutionStatus) Values() []LifecycleExecutionStatus { "CANCELLING", "FAILED", "SUCCESS", + "PENDING", } } diff --git a/service/imagebuilder/types/types.go b/service/imagebuilder/types/types.go index e5660e22c7d..e297d432018 100644 --- a/service/imagebuilder/types/types.go +++ b/service/imagebuilder/types/types.go @@ -1587,6 +1587,9 @@ type LifecycleExecutionResource struct { // The action to take for the identified resource. Action *LifecycleExecutionResourceAction + // The ending timestamp from the lifecycle action that was applied to the resource. + EndTime *time.Time + // For an impacted container image, this identifies a list of URIs for associated // container images distributed to ECR repositories. ImageUris []string @@ -1605,6 +1608,10 @@ type LifecycleExecutionResource struct { // AMI. Snapshots []LifecycleExecutionSnapshotResource + // The starting timestamp from the lifecycle action that was applied to the + // resource. + StartTime *time.Time + // The runtime state for the lifecycle execution. State *LifecycleExecutionResourceState @@ -1774,7 +1781,7 @@ type LifecyclePolicyDetailExclusionRules struct { Amis *LifecyclePolicyDetailExclusionRulesAmis // Contains a list of tags that Image Builder uses to skip lifecycle actions for - // resources that have them. + // Image Builder image resources that have them. TagMap map[string]string noSmithyDocumentSerde @@ -1860,8 +1867,8 @@ type LifecyclePolicyResourceSelection struct { // that the lifecycle policy applies to. Recipes []LifecyclePolicyResourceSelectionRecipe - // A list of tags that are used as selection criteria for the resources that the - // lifecycle policy applies to. + // A list of tags that are used as selection criteria for the Image Builder image + // resources that the lifecycle policy applies to. TagMap map[string]string noSmithyDocumentSerde diff --git a/service/mwaa/api_op_CreateEnvironment.go b/service/mwaa/api_op_CreateEnvironment.go index 2a19bd58dc5..059811287e6 100644 --- a/service/mwaa/api_op_CreateEnvironment.go +++ b/service/mwaa/api_op_CreateEnvironment.go @@ -83,6 +83,7 @@ type CreateEnvironmentInput struct { // defaults to the latest version. For more information, see Apache Airflow // versions on Amazon Managed Workflows for Apache Airflow (MWAA) (https://docs.aws.amazon.com/mwaa/latest/userguide/airflow-versions.html) // . Valid values: 1.10.12 , 2.0.2 , 2.2.2 , 2.4.3 , 2.5.1 , 2.6.3 , 2.7.2 + // 2.8.1 AirflowVersion *string // Defines whether the VPC endpoints configured for the environment are created, diff --git a/service/rds/api_op_CreateDBCluster.go b/service/rds/api_op_CreateDBCluster.go index fb91f05b785..cdfcf8a633a 100644 --- a/service/rds/api_op_CreateDBCluster.go +++ b/service/rds/api_op_CreateDBCluster.go @@ -91,6 +91,10 @@ type CreateDBClusterInput struct { // - Must be a value from 1 to 35. BackupRetentionPeriod *int32 + // The CA certificate identifier to use for the DB cluster's server certificate. + // Valid for Cluster Type: Multi-AZ DB clusters + CACertificateIdentifier *string + // The name of the character set ( CharacterSet ) to associate the DB cluster with. // Valid for Cluster Type: Aurora DB clusters only CharacterSetName *string diff --git a/service/rds/api_op_CreateDBInstance.go b/service/rds/api_op_CreateDBInstance.go index 84277182d98..96dbf0dee8c 100644 --- a/service/rds/api_op_CreateDBInstance.go +++ b/service/rds/api_op_CreateDBInstance.go @@ -90,42 +90,42 @@ type CreateDBInstanceInput struct { // following: // - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 40 to // 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. - // - Provisioned IOPS storage (io1): Must be an integer from 40 to 65536 for RDS - // Custom for Oracle, 16384 for RDS Custom for SQL Server. + // - Provisioned IOPS storage (io1, io2): Must be an integer from 40 to 65536 + // for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. // RDS for Db2 Constraints to the amount of storage for each storage type are the // following: - // - General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000. - // - Provisioned IOPS storage (io1): Must be an integer from 100 to 64000. + // - General Purpose (SSD) storage (gp3): Must be an integer from 20 to 65536. + // - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. // RDS for MariaDB Constraints to the amount of storage for each storage type are // the following: // - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to // 65536. - // - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + // - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. // - Magnetic storage (standard): Must be an integer from 5 to 3072. // RDS for MySQL Constraints to the amount of storage for each storage type are // the following: // - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to // 65536. - // - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + // - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. // - Magnetic storage (standard): Must be an integer from 5 to 3072. // RDS for Oracle Constraints to the amount of storage for each storage type are // the following: // - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to // 65536. - // - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + // - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. // - Magnetic storage (standard): Must be an integer from 10 to 3072. // RDS for PostgreSQL Constraints to the amount of storage for each storage type // are the following: // - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to // 65536. - // - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + // - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. // - Magnetic storage (standard): Must be an integer from 5 to 3072. // RDS for SQL Server Constraints to the amount of storage for each storage type // are the following: // - General Purpose (SSD) storage (gp2, gp3): // - Enterprise and Standard editions: Must be an integer from 20 to 16384. // - Web and Express editions: Must be an integer from 20 to 16384. - // - Provisioned IOPS storage (io1): + // - Provisioned IOPS storage (io1, io2): // - Enterprise and Standard editions: Must be an integer from 100 to 16384. // - Web and Express editions: Must be an integer from 100 to 16384. // - Magnetic storage (standard): @@ -673,11 +673,11 @@ type CreateDBInstanceInput struct { // DB instances. StorageThroughput *int32 - // The storage type to associate with the DB instance. If you specify io1 or gp3 , - // you must also include a value for the Iops parameter. This setting doesn't - // apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid - // Values: gp2 | gp3 | io1 | standard Default: io1 , if the Iops parameter is - // specified. Otherwise, gp2 . + // The storage type to associate with the DB instance. If you specify io1 , io2 , + // or gp3 , you must also include a value for the Iops parameter. This setting + // doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB + // cluster. Valid Values: gp2 | gp3 | io1 | io2 | standard Default: io1 , if the + // Iops parameter is specified. Otherwise, gp2 . StorageType *string // Tags to assign to the DB instance. diff --git a/service/rds/api_op_CreateDBInstanceReadReplica.go b/service/rds/api_op_CreateDBInstanceReadReplica.go index d946c69b717..024046712ac 100644 --- a/service/rds/api_op_CreateDBInstanceReadReplica.go +++ b/service/rds/api_op_CreateDBInstanceReadReplica.go @@ -413,9 +413,10 @@ type CreateDBInstanceReadReplicaInput struct { // doesn't apply to RDS Custom or Amazon Aurora DB instances. StorageThroughput *int32 - // The storage type to associate with the read replica. If you specify io1 or gp3 , - // you must also include a value for the Iops parameter. Valid Values: gp2 | gp3 | - // io1 | standard Default: io1 if the Iops parameter is specified. Otherwise, gp2 . + // The storage type to associate with the read replica. If you specify io1 , io2 , + // or gp3 , you must also include a value for the Iops parameter. Valid Values: + // gp2 | gp3 | io1 | io2 | standard Default: io1 if the Iops parameter is + // specified. Otherwise, gp2 . StorageType *string // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) diff --git a/service/rds/api_op_ModifyDBCluster.go b/service/rds/api_op_ModifyDBCluster.go index e745b6ef161..7b89461176c 100644 --- a/service/rds/api_op_ModifyDBCluster.go +++ b/service/rds/api_op_ModifyDBCluster.go @@ -94,6 +94,10 @@ type ModifyDBClusterInput struct { // - Must be a value from 1 to 35. BackupRetentionPeriod *int32 + // The CA certificate identifier to use for the DB cluster's server certificate. + // Valid for Cluster Type: Multi-AZ DB clusters + CACertificateIdentifier *string + // The configuration setting for the log types to be enabled for export to // CloudWatch Logs for a specific DB cluster. Valid for Cluster Type: Aurora DB // clusters and Multi-AZ DB clusters The following values are valid for each DB diff --git a/service/rds/api_op_ModifyDBInstance.go b/service/rds/api_op_ModifyDBInstance.go index 03ecc0cb18c..10d813e0b0a 100644 --- a/service/rds/api_op_ModifyDBInstance.go +++ b/service/rds/api_op_ModifyDBInstance.go @@ -602,22 +602,21 @@ type ModifyDBInstanceInput struct { // DB instances. StorageThroughput *int32 - // The storage type to associate with the DB instance. If you specify Provisioned - // IOPS ( io1 ), you must also include a value for the Iops parameter. If you - // choose to migrate your DB instance from using standard storage to using - // Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the - // process can take time. The duration of the migration depends on several factors - // such as database load, storage size, storage type (standard or Provisioned - // IOPS), amount of IOPS provisioned (if any), and the number of prior scale - // storage operations. Typical migration times are under 24 hours, but the process - // can take up to several days in some cases. During the migration, the DB instance - // is available for use, but might experience performance degradation. While the - // migration takes place, nightly backups for the instance are suspended. No other - // Amazon RDS operations can take place for the instance, including modifying the - // instance, rebooting the instance, deleting the instance, creating a read replica - // for the instance, and creating a DB snapshot of the instance. Valid Values: gp2 - // | gp3 | io1 | standard Default: io1 , if the Iops parameter is specified. - // Otherwise, gp2 . + // The storage type to associate with the DB instance. If you specify io1 ), io2 , + // or gp3 you must also include a value for the Iops parameter. If you choose to + // migrate your DB instance from using standard storage to using Provisioned IOPS, + // or from using Provisioned IOPS to using standard storage, the process can take + // time. The duration of the migration depends on several factors such as database + // load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS + // provisioned (if any), and the number of prior scale storage operations. Typical + // migration times are under 24 hours, but the process can take up to several days + // in some cases. During the migration, the DB instance is available for use, but + // might experience performance degradation. While the migration takes place, + // nightly backups for the instance are suspended. No other Amazon RDS operations + // can take place for the instance, including modifying the instance, rebooting the + // instance, deleting the instance, creating a read replica for the instance, and + // creating a DB snapshot of the instance. Valid Values: gp2 | gp3 | io1 | io2 | + // standard Default: io1 , if the Iops parameter is specified. Otherwise, gp2 . StorageType *string // The ARN from the key store with which to associate the instance for TDE diff --git a/service/rds/api_op_RestoreDBInstanceFromDBSnapshot.go b/service/rds/api_op_RestoreDBInstanceFromDBSnapshot.go index 1ac6e9da785..3826d477beb 100644 --- a/service/rds/api_op_RestoreDBInstanceFromDBSnapshot.go +++ b/service/rds/api_op_RestoreDBInstanceFromDBSnapshot.go @@ -303,9 +303,9 @@ type RestoreDBInstanceFromDBSnapshotInput struct { StorageThroughput *int32 // Specifies the storage type to be associated with the DB instance. Valid Values: - // gp2 | gp3 | io1 | standard If you specify io1 or gp3 , you must also include a - // value for the Iops parameter. Default: io1 if the Iops parameter is specified, - // otherwise gp2 + // gp2 | gp3 | io1 | io2 | standard If you specify io1 , io2 , or gp3 , you must + // also include a value for the Iops parameter. Default: io1 if the Iops parameter + // is specified, otherwise gp2 StorageType *string // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) diff --git a/service/rds/api_op_RestoreDBInstanceFromS3.go b/service/rds/api_op_RestoreDBInstanceFromS3.go index 9c8b3571a62..4d54c3bb14f 100644 --- a/service/rds/api_op_RestoreDBInstanceFromS3.go +++ b/service/rds/api_op_RestoreDBInstanceFromS3.go @@ -337,9 +337,9 @@ type RestoreDBInstanceFromS3Input struct { StorageThroughput *int32 // Specifies the storage type to be associated with the DB instance. Valid Values: - // gp2 | gp3 | io1 | standard If you specify io1 or gp3 , you must also include a - // value for the Iops parameter. Default: io1 if the Iops parameter is specified; - // otherwise gp2 + // gp2 | gp3 | io1 | io2 | standard If you specify io1 , io2 , or gp3 , you must + // also include a value for the Iops parameter. Default: io1 if the Iops parameter + // is specified; otherwise gp2 StorageType *string // A list of tags to associate with this DB instance. For more information, see diff --git a/service/rds/api_op_RestoreDBInstanceToPointInTime.go b/service/rds/api_op_RestoreDBInstanceToPointInTime.go index f2ccee9ff12..96b336fb887 100644 --- a/service/rds/api_op_RestoreDBInstanceToPointInTime.go +++ b/service/rds/api_op_RestoreDBInstanceToPointInTime.go @@ -303,10 +303,10 @@ type RestoreDBInstanceToPointInTimeInput struct { StorageThroughput *int32 // The storage type to associate with the DB instance. Valid Values: gp2 | gp3 | - // io1 | standard Default: io1 , if the Iops parameter is specified. Otherwise, gp2 - // . Constraints: - // - If you specify io1 or gp3 , you must also include a value for the Iops - // parameter. + // io1 | io2 | standard Default: io1 , if the Iops parameter is specified. + // Otherwise, gp2 . Constraints: + // - If you specify io1 , io2 , or gp3 , you must also include a value for the + // Iops parameter. StorageType *string // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) diff --git a/service/rds/deserializers.go b/service/rds/deserializers.go index faf6375f29f..b49fdf9f281 100644 --- a/service/rds/deserializers.go +++ b/service/rds/deserializers.go @@ -26709,6 +26709,12 @@ func awsAwsquery_deserializeDocumentClusterPendingModifiedValues(v **types.Clust sv.BackupRetentionPeriod = ptr.Int32(int32(i64)) } + case strings.EqualFold("CertificateDetails", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsAwsquery_deserializeDocumentCertificateDetails(&sv.CertificateDetails, nodeDecoder); err != nil { + return err + } + case strings.EqualFold("DBClusterIdentifier", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -27580,6 +27586,12 @@ func awsAwsquery_deserializeDocumentDBCluster(v **types.DBCluster, decoder smith sv.Capacity = ptr.Int32(int32(i64)) } + case strings.EqualFold("CertificateDetails", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsAwsquery_deserializeDocumentCertificateDetails(&sv.CertificateDetails, nodeDecoder); err != nil { + return err + } + case strings.EqualFold("CharacterSetName", t.Name.Local): val, err := decoder.Value() if err != nil { diff --git a/service/rds/serializers.go b/service/rds/serializers.go index efa5113cdb1..c1094f12925 100644 --- a/service/rds/serializers.go +++ b/service/rds/serializers.go @@ -11535,6 +11535,11 @@ func awsAwsquery_serializeOpDocumentCreateDBClusterInput(v *CreateDBClusterInput objectKey.Integer(*v.BackupRetentionPeriod) } + if v.CACertificateIdentifier != nil { + objectKey := object.Key("CACertificateIdentifier") + objectKey.String(*v.CACertificateIdentifier) + } + if v.CharacterSetName != nil { objectKey := object.Key("CharacterSetName") objectKey.String(*v.CharacterSetName) @@ -15043,6 +15048,11 @@ func awsAwsquery_serializeOpDocumentModifyDBClusterInput(v *ModifyDBClusterInput objectKey.Integer(*v.BackupRetentionPeriod) } + if v.CACertificateIdentifier != nil { + objectKey := object.Key("CACertificateIdentifier") + objectKey.String(*v.CACertificateIdentifier) + } + if v.CloudwatchLogsExportConfiguration != nil { objectKey := object.Key("CloudwatchLogsExportConfiguration") if err := awsAwsquery_serializeDocumentCloudwatchLogsExportConfiguration(v.CloudwatchLogsExportConfiguration, objectKey); err != nil { diff --git a/service/rds/types/types.go b/service/rds/types/types.go index 155e5faa412..967b3144300 100644 --- a/service/rds/types/types.go +++ b/service/rds/types/types.go @@ -286,6 +286,13 @@ type ClusterPendingModifiedValues struct { // The number of days for which automatic DB snapshots are retained. BackupRetentionPeriod *int32 + // Returns the details of the DB instance’s server certificate. For more + // information, see Using SSL/TLS to encrypt a connection to a DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB + // cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CertificateDetails *CertificateDetails + // The DBClusterIdentifier value for the DB cluster. DBClusterIdentifier *string @@ -509,6 +516,13 @@ type DBCluster struct { // in the Amazon Aurora User Guide. Capacity *int32 + // Returns the details of the DB instance’s server certificate. For more + // information, see Using SSL/TLS to encrypt a connection to a DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB + // cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CertificateDetails *CertificateDetails + // If present, specifies the name of the character set that this cluster is // associated with. CharacterSetName *string @@ -4646,7 +4660,7 @@ type ValidStorageOptions struct { // 0-0.25. StorageThroughputToIopsRatio []DoubleRange - // The valid storage types for your DB instance. For example: gp2, gp3, io1. + // The valid storage types for your DB instance. For example: gp2, gp3, io1, io2. StorageType *string // Indicates whether or not Amazon RDS can automatically scale storage for DB diff --git a/service/redshift/api_op_AssociateDataShareConsumer.go b/service/redshift/api_op_AssociateDataShareConsumer.go index b58504cb90e..d7e2cfe7315 100644 --- a/service/redshift/api_op_AssociateDataShareConsumer.go +++ b/service/redshift/api_op_AssociateDataShareConsumer.go @@ -31,8 +31,7 @@ func (c *Client) AssociateDataShareConsumer(ctx context.Context, params *Associa type AssociateDataShareConsumerInput struct { - // The Amazon Resource Name (ARN) of the datashare that the consumer is to use - // with the account or the namespace. + // The Amazon Resource Name (ARN) of the datashare that the consumer is to use. // // This member is required. DataShareArn *string @@ -44,7 +43,7 @@ type AssociateDataShareConsumerInput struct { // account. AssociateEntireAccount *bool - // The Amazon Resource Name (ARN) of the consumer that is associated with the + // The Amazon Resource Name (ARN) of the consumer namespace associated with the // datashare. ConsumerArn *string @@ -61,10 +60,7 @@ type AssociateDataShareConsumerOutput struct { // accessible cluster. AllowPubliclyAccessibleConsumers *bool - // An Amazon Resource Name (ARN) that references the datashare that is owned by a - // specific namespace of the producer cluster. A datashare ARN is in the - // arn:aws:redshift:{region}:{account-id}:{datashare}:{namespace-guid}/{datashare-name} - // format. + // The Amazon Resource Name (ARN) of the datashare that the consumer is to use. DataShareArn *string // A value that specifies when the datashare has an association between producer @@ -74,7 +70,7 @@ type AssociateDataShareConsumerOutput struct { // The identifier of a datashare to show its managing entity. ManagedBy *string - // The Amazon Resource Name (ARN) of the producer. + // The Amazon Resource Name (ARN) of the producer namespace. ProducerArn *string // Metadata pertaining to the operation's result. diff --git a/service/redshift/api_op_AuthorizeDataShare.go b/service/redshift/api_op_AuthorizeDataShare.go index 70b42013e97..5d2946bf9cc 100644 --- a/service/redshift/api_op_AuthorizeDataShare.go +++ b/service/redshift/api_op_AuthorizeDataShare.go @@ -37,8 +37,8 @@ type AuthorizeDataShareInput struct { // This member is required. ConsumerIdentifier *string - // The Amazon Resource Name (ARN) of the datashare that producers are to authorize - // sharing for. + // The Amazon Resource Name (ARN) of the datashare namespace that producers are to + // authorize sharing for. // // This member is required. DataShareArn *string @@ -55,10 +55,7 @@ type AuthorizeDataShareOutput struct { // accessible cluster. AllowPubliclyAccessibleConsumers *bool - // An Amazon Resource Name (ARN) that references the datashare that is owned by a - // specific namespace of the producer cluster. A datashare ARN is in the - // arn:aws:redshift:{region}:{account-id}:{datashare}:{namespace-guid}/{datashare-name} - // format. + // The Amazon Resource Name (ARN) of the datashare that the consumer is to use. DataShareArn *string // A value that specifies when the datashare has an association between producer @@ -68,7 +65,7 @@ type AuthorizeDataShareOutput struct { // The identifier of a datashare to show its managing entity. ManagedBy *string - // The Amazon Resource Name (ARN) of the producer. + // The Amazon Resource Name (ARN) of the producer namespace. ProducerArn *string // Metadata pertaining to the operation's result. diff --git a/service/redshift/api_op_AuthorizeSnapshotAccess.go b/service/redshift/api_op_AuthorizeSnapshotAccess.go index fa03afe6b02..bf3d9cbc7d4 100644 --- a/service/redshift/api_op_AuthorizeSnapshotAccess.go +++ b/service/redshift/api_op_AuthorizeSnapshotAccess.go @@ -42,9 +42,13 @@ type AuthorizeSnapshotAccessInput struct { // The Amazon Resource Name (ARN) of the snapshot to authorize access to. SnapshotArn *string - // The identifier of the cluster the snapshot was created from. This parameter is - // required if your IAM user has a policy containing a snapshot resource element - // that specifies anything other than * for the cluster name. + // The identifier of the cluster the snapshot was created from. + // - If the snapshot to access doesn't exist and the associated IAM policy + // doesn't allow access to all (*) snapshots - This parameter is required. + // Otherwise, permissions aren't available to check if the snapshot exists. + // - If the snapshot to access exists - This parameter isn't required. Redshift + // can retrieve the cluster identifier and use it to validate snapshot + // authorization. SnapshotClusterIdentifier *string // The identifier of the snapshot the account is authorized to restore. diff --git a/service/redshift/api_op_CreateCluster.go b/service/redshift/api_op_CreateCluster.go index ab484b908ec..47f548a15e6 100644 --- a/service/redshift/api_op_CreateCluster.go +++ b/service/redshift/api_op_CreateCluster.go @@ -245,7 +245,12 @@ type CreateClusterInput struct { // The port number on which the cluster accepts incoming connections. The cluster // is accessible only via the JDBC and ODBC connection strings. Part of the // connection string requires the port on which the cluster will listen for - // incoming connections. Default: 5439 Valid Values: 1150-65535 + // incoming connections. Default: 5439 Valid Values: + // - For clusters with ra3 nodes - Select a port within the ranges 5431-5455 or + // 8191-8215 . (If you have an existing cluster with ra3 nodes, it isn't required + // that you change the port to these ranges.) + // - For clusters with ds2 or dc2 nodes - Select a port within the range + // 1150-65535 . Port *int32 // The weekly time range (in UTC) during which automated cluster maintenance can diff --git a/service/redshift/api_op_DeauthorizeDataShare.go b/service/redshift/api_op_DeauthorizeDataShare.go index 59fd2b38e63..a99e247ec12 100644 --- a/service/redshift/api_op_DeauthorizeDataShare.go +++ b/service/redshift/api_op_DeauthorizeDataShare.go @@ -37,7 +37,8 @@ type DeauthorizeDataShareInput struct { // This member is required. ConsumerIdentifier *string - // The Amazon Resource Name (ARN) of the datashare to remove authorization from. + // The namespace Amazon Resource Name (ARN) of the datashare to remove + // authorization from. // // This member is required. DataShareArn *string @@ -51,10 +52,7 @@ type DeauthorizeDataShareOutput struct { // accessible cluster. AllowPubliclyAccessibleConsumers *bool - // An Amazon Resource Name (ARN) that references the datashare that is owned by a - // specific namespace of the producer cluster. A datashare ARN is in the - // arn:aws:redshift:{region}:{account-id}:{datashare}:{namespace-guid}/{datashare-name} - // format. + // The Amazon Resource Name (ARN) of the datashare that the consumer is to use. DataShareArn *string // A value that specifies when the datashare has an association between producer @@ -64,7 +62,7 @@ type DeauthorizeDataShareOutput struct { // The identifier of a datashare to show its managing entity. ManagedBy *string - // The Amazon Resource Name (ARN) of the producer. + // The Amazon Resource Name (ARN) of the producer namespace. ProducerArn *string // Metadata pertaining to the operation's result. diff --git a/service/redshift/api_op_DescribeDataShares.go b/service/redshift/api_op_DescribeDataShares.go index 4b08a5ac920..cbd6eaaac52 100644 --- a/service/redshift/api_op_DescribeDataShares.go +++ b/service/redshift/api_op_DescribeDataShares.go @@ -30,7 +30,7 @@ func (c *Client) DescribeDataShares(ctx context.Context, params *DescribeDataSha type DescribeDataSharesInput struct { - // The identifier of the datashare to describe details of. + // The Amazon resource name (ARN) of the datashare to describe details of. DataShareArn *string // An optional parameter that specifies the starting point to return a set of diff --git a/service/redshift/api_op_DescribeDataSharesForConsumer.go b/service/redshift/api_op_DescribeDataSharesForConsumer.go index 4810da1ee17..b9aa38a9a60 100644 --- a/service/redshift/api_op_DescribeDataSharesForConsumer.go +++ b/service/redshift/api_op_DescribeDataSharesForConsumer.go @@ -30,8 +30,8 @@ func (c *Client) DescribeDataSharesForConsumer(ctx context.Context, params *Desc type DescribeDataSharesForConsumerInput struct { - // The Amazon Resource Name (ARN) of the consumer that returns in the list of - // datashares. + // The Amazon Resource Name (ARN) of the consumer namespace that returns in the + // list of datashares. ConsumerArn *string // An optional parameter that specifies the starting point to return a set of diff --git a/service/redshift/api_op_DescribeDataSharesForProducer.go b/service/redshift/api_op_DescribeDataSharesForProducer.go index 1ca1902c3da..d318f5fbffe 100644 --- a/service/redshift/api_op_DescribeDataSharesForProducer.go +++ b/service/redshift/api_op_DescribeDataSharesForProducer.go @@ -44,8 +44,8 @@ type DescribeDataSharesForProducerInput struct { // records by retrying the command with the returned marker value. MaxRecords *int32 - // The Amazon Resource Name (ARN) of the producer that returns in the list of - // datashares. + // The Amazon Resource Name (ARN) of the producer namespace that returns in the + // list of datashares. ProducerArn *string // An identifier giving the status of a datashare in the producer. If this field diff --git a/service/redshift/api_op_DisassociateDataShareConsumer.go b/service/redshift/api_op_DisassociateDataShareConsumer.go index 2c3c1bfcff6..ddc3b291c07 100644 --- a/service/redshift/api_op_DisassociateDataShareConsumer.go +++ b/service/redshift/api_op_DisassociateDataShareConsumer.go @@ -35,8 +35,8 @@ type DisassociateDataShareConsumerInput struct { // This member is required. DataShareArn *string - // The Amazon Resource Name (ARN) of the consumer that association for the - // datashare is removed from. + // The Amazon Resource Name (ARN) of the consumer namespace that association for + // the datashare is removed from. ConsumerArn *string // From a datashare consumer account, removes association of a datashare from all @@ -56,10 +56,7 @@ type DisassociateDataShareConsumerOutput struct { // accessible cluster. AllowPubliclyAccessibleConsumers *bool - // An Amazon Resource Name (ARN) that references the datashare that is owned by a - // specific namespace of the producer cluster. A datashare ARN is in the - // arn:aws:redshift:{region}:{account-id}:{datashare}:{namespace-guid}/{datashare-name} - // format. + // The Amazon Resource Name (ARN) of the datashare that the consumer is to use. DataShareArn *string // A value that specifies when the datashare has an association between producer @@ -69,7 +66,7 @@ type DisassociateDataShareConsumerOutput struct { // The identifier of a datashare to show its managing entity. ManagedBy *string - // The Amazon Resource Name (ARN) of the producer. + // The Amazon Resource Name (ARN) of the producer namespace. ProducerArn *string // Metadata pertaining to the operation's result. diff --git a/service/redshift/api_op_ModifyCluster.go b/service/redshift/api_op_ModifyCluster.go index c11acba1e53..ead6b8c18da 100644 --- a/service/redshift/api_op_ModifyCluster.go +++ b/service/redshift/api_op_ModifyCluster.go @@ -204,7 +204,12 @@ type ModifyClusterInput struct { // than 0 . NumberOfNodes *int32 - // The option to change the port of an Amazon Redshift cluster. + // The option to change the port of an Amazon Redshift cluster. Valid Values: + // - For clusters with ra3 nodes - Select a port within the ranges 5431-5455 or + // 8191-8215 . (If you have an existing cluster with ra3 nodes, it isn't required + // that you change the port to these ranges.) + // - For clusters with ds2 or dc2 nodes - Select a port within the range + // 1150-65535 . Port *int32 // The weekly time range (in UTC) during which system maintenance can occur, if diff --git a/service/redshift/api_op_RejectDataShare.go b/service/redshift/api_op_RejectDataShare.go index 0dea3b54024..a0711b574d1 100644 --- a/service/redshift/api_op_RejectDataShare.go +++ b/service/redshift/api_op_RejectDataShare.go @@ -43,10 +43,7 @@ type RejectDataShareOutput struct { // accessible cluster. AllowPubliclyAccessibleConsumers *bool - // An Amazon Resource Name (ARN) that references the datashare that is owned by a - // specific namespace of the producer cluster. A datashare ARN is in the - // arn:aws:redshift:{region}:{account-id}:{datashare}:{namespace-guid}/{datashare-name} - // format. + // The Amazon Resource Name (ARN) of the datashare that the consumer is to use. DataShareArn *string // A value that specifies when the datashare has an association between producer @@ -56,7 +53,7 @@ type RejectDataShareOutput struct { // The identifier of a datashare to show its managing entity. ManagedBy *string - // The Amazon Resource Name (ARN) of the producer. + // The Amazon Resource Name (ARN) of the producer namespace. ProducerArn *string // Metadata pertaining to the operation's result. diff --git a/service/redshift/api_op_RestoreFromClusterSnapshot.go b/service/redshift/api_op_RestoreFromClusterSnapshot.go index 968fd1f0bd3..c751929f86e 100644 --- a/service/redshift/api_op_RestoreFromClusterSnapshot.go +++ b/service/redshift/api_op_RestoreFromClusterSnapshot.go @@ -196,7 +196,9 @@ type RestoreFromClusterSnapshotInput struct { OwnerAccount *string // The port number on which the cluster accepts connections. Default: The same - // port as the original cluster. Constraints: Must be between 1115 and 65535 . + // port as the original cluster. Valid values: For clusters with ds2 or dc2 nodes, + // must be within the range 1150 - 65535 . For clusters with ra3 nodes, must be + // within the ranges 5431 - 5455 or 8191 - 8215 . Port *int32 // The weekly time range (in UTC) during which automated cluster maintenance can diff --git a/service/redshift/types/types.go b/service/redshift/types/types.go index 7cc423bf1c3..cebc8c6ea4f 100644 --- a/service/redshift/types/types.go +++ b/service/redshift/types/types.go @@ -623,10 +623,7 @@ type DataShare struct { // accessible cluster. AllowPubliclyAccessibleConsumers *bool - // An Amazon Resource Name (ARN) that references the datashare that is owned by a - // specific namespace of the producer cluster. A datashare ARN is in the - // arn:aws:redshift:{region}:{account-id}:{datashare}:{namespace-guid}/{datashare-name} - // format. + // The Amazon Resource Name (ARN) of the datashare that the consumer is to use. DataShareArn *string // A value that specifies when the datashare has an association between producer @@ -636,7 +633,7 @@ type DataShare struct { // The identifier of a datashare to show its managing entity. ManagedBy *string - // The Amazon Resource Name (ARN) of the producer. + // The Amazon Resource Name (ARN) of the producer namespace. ProducerArn *string noSmithyDocumentSerde diff --git a/service/verifiedpermissions/api_op_CreateIdentitySource.go b/service/verifiedpermissions/api_op_CreateIdentitySource.go index d328915df48..8caa4e21ee1 100644 --- a/service/verifiedpermissions/api_op_CreateIdentitySource.go +++ b/service/verifiedpermissions/api_op_CreateIdentitySource.go @@ -32,7 +32,7 @@ import ( // is the string that you provide to the PrincipalEntityType parameter for this // operation. The CognitoUserPoolId and CognitoClientId are defined by the Amazon // Cognito user pool. Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) -// . It can take a few seconds for a new or changed element to be propagate through +// . It can take a few seconds for a new or changed element to propagate through // the service and be visible in the results of other Verified Permissions // operations. func (c *Client) CreateIdentitySource(ctx context.Context, params *CreateIdentitySourceInput, optFns ...func(*Options)) (*CreateIdentitySourceOutput, error) { @@ -74,7 +74,10 @@ type CreateIdentitySourceInput struct { // all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier) // . If you don't provide this value, then Amazon Web Services generates a random // one for you. If you retry the operation with the same ClientToken , but with - // different parameters, the retry fails with an IdempotentParameterMismatch error. + // different parameters, the retry fails with an ConflictException error. Verified + // Permissions recognizes a ClientToken for eight hours. After eight hours, the + // next request with the same parameters performs the operation again regardless of + // the value of ClientToken . ClientToken *string // Specifies the namespace and data type of the principals generated for diff --git a/service/verifiedpermissions/api_op_CreatePolicy.go b/service/verifiedpermissions/api_op_CreatePolicy.go index bc5e7074b45..30b58e58d9e 100644 --- a/service/verifiedpermissions/api_op_CreatePolicy.go +++ b/service/verifiedpermissions/api_op_CreatePolicy.go @@ -25,7 +25,7 @@ import ( // Creating a policy causes it to be validated against the schema in the policy // store. If the policy doesn't pass validation, the operation fails and the policy // isn't stored. Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) -// . It can take a few seconds for a new or changed element to be propagate through +// . It can take a few seconds for a new or changed element to propagate through // the service and be visible in the results of other Verified Permissions // operations. func (c *Client) CreatePolicy(ctx context.Context, params *CreatePolicyInput, optFns ...func(*Options)) (*CreatePolicyOutput, error) { @@ -64,7 +64,10 @@ type CreatePolicyInput struct { // all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier) // . If you don't provide this value, then Amazon Web Services generates a random // one for you. If you retry the operation with the same ClientToken , but with - // different parameters, the retry fails with an IdempotentParameterMismatch error. + // different parameters, the retry fails with an ConflictException error. Verified + // Permissions recognizes a ClientToken for eight hours. After eight hours, the + // next request with the same parameters performs the operation again regardless of + // the value of ClientToken . ClientToken *string noSmithyDocumentSerde diff --git a/service/verifiedpermissions/api_op_CreatePolicyStore.go b/service/verifiedpermissions/api_op_CreatePolicyStore.go index c2a7d5a1d83..5ed2c2d1622 100644 --- a/service/verifiedpermissions/api_op_CreatePolicyStore.go +++ b/service/verifiedpermissions/api_op_CreatePolicyStore.go @@ -16,7 +16,7 @@ import ( // Although Cedar supports multiple namespaces (https://docs.cedarpolicy.com/schema/schema.html#namespace) // , Verified Permissions currently supports only one namespace per policy store. // Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) -// . It can take a few seconds for a new or changed element to be propagate through +// . It can take a few seconds for a new or changed element to propagate through // the service and be visible in the results of other Verified Permissions // operations. func (c *Client) CreatePolicyStore(ctx context.Context, params *CreatePolicyStoreInput, optFns ...func(*Options)) (*CreatePolicyStoreOutput, error) { @@ -54,7 +54,10 @@ type CreatePolicyStoreInput struct { // all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier) // . If you don't provide this value, then Amazon Web Services generates a random // one for you. If you retry the operation with the same ClientToken , but with - // different parameters, the retry fails with an IdempotentParameterMismatch error. + // different parameters, the retry fails with an ConflictException error. Verified + // Permissions recognizes a ClientToken for eight hours. After eight hours, the + // next request with the same parameters performs the operation again regardless of + // the value of ClientToken . ClientToken *string // Descriptive text that you can provide to help with identification of the diff --git a/service/verifiedpermissions/api_op_CreatePolicyTemplate.go b/service/verifiedpermissions/api_op_CreatePolicyTemplate.go index fafbea4361c..b8cb1344f46 100644 --- a/service/verifiedpermissions/api_op_CreatePolicyTemplate.go +++ b/service/verifiedpermissions/api_op_CreatePolicyTemplate.go @@ -19,7 +19,7 @@ import ( // dynamically linked to the template. If the template changes, then any policies // that are linked to that template are immediately updated as well. Verified // Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) -// . It can take a few seconds for a new or changed element to be propagate through +// . It can take a few seconds for a new or changed element to propagate through // the service and be visible in the results of other Verified Permissions // operations. func (c *Client) CreatePolicyTemplate(ctx context.Context, params *CreatePolicyTemplateInput, optFns ...func(*Options)) (*CreatePolicyTemplateOutput, error) { @@ -57,7 +57,10 @@ type CreatePolicyTemplateInput struct { // all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier) // . If you don't provide this value, then Amazon Web Services generates a random // one for you. If you retry the operation with the same ClientToken , but with - // different parameters, the retry fails with an IdempotentParameterMismatch error. + // different parameters, the retry fails with an ConflictException error. Verified + // Permissions recognizes a ClientToken for eight hours. After eight hours, the + // next request with the same parameters performs the operation again regardless of + // the value of ClientToken . ClientToken *string // Specifies a description for the policy template. diff --git a/service/verifiedpermissions/api_op_GetIdentitySource.go b/service/verifiedpermissions/api_op_GetIdentitySource.go index 46d682d8489..12d93457c54 100644 --- a/service/verifiedpermissions/api_op_GetIdentitySource.go +++ b/service/verifiedpermissions/api_op_GetIdentitySource.go @@ -51,11 +51,6 @@ type GetIdentitySourceOutput struct { // This member is required. CreatedDate *time.Time - // A structure that describes the configuration of the identity source. - // - // This member is required. - Details *types.IdentitySourceDetails - // The ID of the identity source. // // This member is required. @@ -77,6 +72,15 @@ type GetIdentitySourceOutput struct { // This member is required. PrincipalEntityType *string + // Contains configuration information about an identity source. + Configuration types.ConfigurationDetail + + // A structure that describes the configuration of the identity source. + // + // Deprecated: This attribute has been replaced by + // configuration.cognitoUserPoolConfiguration + Details *types.IdentitySourceDetails + // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata diff --git a/service/verifiedpermissions/api_op_IsAuthorizedWithToken.go b/service/verifiedpermissions/api_op_IsAuthorizedWithToken.go index a03e7e8ccd2..49e74651a24 100644 --- a/service/verifiedpermissions/api_op_IsAuthorizedWithToken.go +++ b/service/verifiedpermissions/api_op_IsAuthorizedWithToken.go @@ -53,8 +53,9 @@ type IsAuthorizedWithTokenInput struct { // Specifies an access token for the principal to be authorized. This token is // provided to you by the identity provider (IdP) associated with the specified - // identity source. You must specify either an AccessToken , or an IdentityToken , - // or both. + // identity source. You must specify either an accessToken , an identityToken , or + // both. Must be an access token. Verified Permissions returns an error if the + // token_use claim in the submitted token isn't access . AccessToken *string // Specifies the requested action to be authorized. Is the specified principal @@ -75,8 +76,9 @@ type IsAuthorizedWithTokenInput struct { // Specifies an identity token for the principal to be authorized. This token is // provided to you by the identity provider (IdP) associated with the specified - // identity source. You must specify either an AccessToken or an IdentityToken , or - // both. + // identity source. You must specify either an accessToken , an identityToken , or + // both. Must be an ID token. Verified Permissions returns an error if the + // token_use claim in the submitted token isn't id . IdentityToken *string // Specifies the resource for which the authorization decision is made. For diff --git a/service/verifiedpermissions/api_op_PutSchema.go b/service/verifiedpermissions/api_op_PutSchema.go index 907f8faf70f..02679e7c9e2 100644 --- a/service/verifiedpermissions/api_op_PutSchema.go +++ b/service/verifiedpermissions/api_op_PutSchema.go @@ -19,8 +19,8 @@ import ( // re-evaluated against the changed schema. If you later update a policy, then it // is evaluated against the new schema at that time. Verified Permissions is // eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can -// take a few seconds for a new or changed element to be propagate through the -// service and be visible in the results of other Verified Permissions operations. +// take a few seconds for a new or changed element to propagate through the service +// and be visible in the results of other Verified Permissions operations. func (c *Client) PutSchema(ctx context.Context, params *PutSchemaInput, optFns ...func(*Options)) (*PutSchemaOutput, error) { if params == nil { params = &PutSchemaInput{} diff --git a/service/verifiedpermissions/api_op_UpdateIdentitySource.go b/service/verifiedpermissions/api_op_UpdateIdentitySource.go index 47a7b0aa010..08c713daaf7 100644 --- a/service/verifiedpermissions/api_op_UpdateIdentitySource.go +++ b/service/verifiedpermissions/api_op_UpdateIdentitySource.go @@ -15,7 +15,7 @@ import ( // Updates the specified identity source to use a new identity provider (IdP) // source, or to change the mapping of identities from the IdP to a different // principal entity type. Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) -// . It can take a few seconds for a new or changed element to be propagate through +// . It can take a few seconds for a new or changed element to propagate through // the service and be visible in the results of other Verified Permissions // operations. func (c *Client) UpdateIdentitySource(ctx context.Context, params *UpdateIdentitySourceInput, optFns ...func(*Options)) (*UpdateIdentitySourceOutput, error) { diff --git a/service/verifiedpermissions/api_op_UpdatePolicy.go b/service/verifiedpermissions/api_op_UpdatePolicy.go index 85f44e5e953..45010f3e9a5 100644 --- a/service/verifiedpermissions/api_op_UpdatePolicy.go +++ b/service/verifiedpermissions/api_op_UpdatePolicy.go @@ -22,7 +22,7 @@ import ( // policy causes Verified Permissions to validate the policy against the schema in // the policy store. If the updated static policy doesn't pass validation, the // operation fails and the update isn't stored. -// - When you edit a static policy, You can change only certain elements of a +// - When you edit a static policy, you can change only certain elements of a // static policy: // - The action referenced by the policy. // - A condition clause, such as when and unless. You can't change these @@ -34,7 +34,7 @@ import ( // - To update a template-linked policy, you must update the template instead. // // Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) -// . It can take a few seconds for a new or changed element to be propagate through +// . It can take a few seconds for a new or changed element to propagate through // the service and be visible in the results of other Verified Permissions // operations. func (c *Client) UpdatePolicy(ctx context.Context, params *UpdatePolicyInput, optFns ...func(*Options)) (*UpdatePolicyOutput, error) { diff --git a/service/verifiedpermissions/api_op_UpdatePolicyStore.go b/service/verifiedpermissions/api_op_UpdatePolicyStore.go index 1c7d2bd8314..78474ee7c60 100644 --- a/service/verifiedpermissions/api_op_UpdatePolicyStore.go +++ b/service/verifiedpermissions/api_op_UpdatePolicyStore.go @@ -14,8 +14,8 @@ import ( // Modifies the validation setting for a policy store. Verified Permissions is // eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can -// take a few seconds for a new or changed element to be propagate through the -// service and be visible in the results of other Verified Permissions operations. +// take a few seconds for a new or changed element to propagate through the service +// and be visible in the results of other Verified Permissions operations. func (c *Client) UpdatePolicyStore(ctx context.Context, params *UpdatePolicyStoreInput, optFns ...func(*Options)) (*UpdatePolicyStoreOutput, error) { if params == nil { params = &UpdatePolicyStoreInput{} diff --git a/service/verifiedpermissions/api_op_UpdatePolicyTemplate.go b/service/verifiedpermissions/api_op_UpdatePolicyTemplate.go index 74e8b470bb3..8f93703850b 100644 --- a/service/verifiedpermissions/api_op_UpdatePolicyTemplate.go +++ b/service/verifiedpermissions/api_op_UpdatePolicyTemplate.go @@ -17,7 +17,7 @@ import ( // constraints of eventual consistency) reflected in authorization decisions that // involve all template-linked policies instantiated from this template. Verified // Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) -// . It can take a few seconds for a new or changed element to be propagate through +// . It can take a few seconds for a new or changed element to propagate through // the service and be visible in the results of other Verified Permissions // operations. func (c *Client) UpdatePolicyTemplate(ctx context.Context, params *UpdatePolicyTemplateInput, optFns ...func(*Options)) (*UpdatePolicyTemplateOutput, error) { diff --git a/service/verifiedpermissions/deserializers.go b/service/verifiedpermissions/deserializers.go index 854390fbcc9..88f68929872 100644 --- a/service/verifiedpermissions/deserializers.go +++ b/service/verifiedpermissions/deserializers.go @@ -3645,6 +3645,194 @@ func awsAwsjson10_deserializeDocumentClientIds(v *[]string, value interface{}) e return nil } +func awsAwsjson10_deserializeDocumentCognitoUserPoolConfigurationDetail(v **types.CognitoUserPoolConfigurationDetail, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.CognitoUserPoolConfigurationDetail + if *v == nil { + sv = &types.CognitoUserPoolConfigurationDetail{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "clientIds": + if err := awsAwsjson10_deserializeDocumentClientIds(&sv.ClientIds, value); err != nil { + return err + } + + case "issuer": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Issuer to be of type string, got %T instead", value) + } + sv.Issuer = ptr.String(jtv) + } + + case "userPoolArn": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected UserPoolArn to be of type string, got %T instead", value) + } + sv.UserPoolArn = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentCognitoUserPoolConfigurationItem(v **types.CognitoUserPoolConfigurationItem, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.CognitoUserPoolConfigurationItem + if *v == nil { + sv = &types.CognitoUserPoolConfigurationItem{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "clientIds": + if err := awsAwsjson10_deserializeDocumentClientIds(&sv.ClientIds, value); err != nil { + return err + } + + case "issuer": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Issuer to be of type string, got %T instead", value) + } + sv.Issuer = ptr.String(jtv) + } + + case "userPoolArn": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected UserPoolArn to be of type string, got %T instead", value) + } + sv.UserPoolArn = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentConfigurationDetail(v *types.ConfigurationDetail, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var uv types.ConfigurationDetail +loop: + for key, value := range shape { + if value == nil { + continue + } + switch key { + case "cognitoUserPoolConfiguration": + var mv types.CognitoUserPoolConfigurationDetail + destAddr := &mv + if err := awsAwsjson10_deserializeDocumentCognitoUserPoolConfigurationDetail(&destAddr, value); err != nil { + return err + } + mv = *destAddr + uv = &types.ConfigurationDetailMemberCognitoUserPoolConfiguration{Value: mv} + break loop + + default: + uv = &types.UnknownUnionMember{Tag: key} + break loop + + } + } + *v = uv + return nil +} + +func awsAwsjson10_deserializeDocumentConfigurationItem(v *types.ConfigurationItem, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var uv types.ConfigurationItem +loop: + for key, value := range shape { + if value == nil { + continue + } + switch key { + case "cognitoUserPoolConfiguration": + var mv types.CognitoUserPoolConfigurationItem + destAddr := &mv + if err := awsAwsjson10_deserializeDocumentCognitoUserPoolConfigurationItem(&destAddr, value); err != nil { + return err + } + mv = *destAddr + uv = &types.ConfigurationItemMemberCognitoUserPoolConfiguration{Value: mv} + break loop + + default: + uv = &types.UnknownUnionMember{Tag: key} + break loop + + } + } + *v = uv + return nil +} + func awsAwsjson10_deserializeDocumentConflictException(v **types.ConflictException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -4044,6 +4232,11 @@ func awsAwsjson10_deserializeDocumentIdentitySourceItem(v **types.IdentitySource for key, value := range shape { switch key { + case "configuration": + if err := awsAwsjson10_deserializeDocumentConfigurationItem(&sv.Configuration, value); err != nil { + return err + } + case "createdDate": if value != nil { jtv, ok := value.(string) @@ -5952,6 +6145,11 @@ func awsAwsjson10_deserializeOpDocumentGetIdentitySourceOutput(v **GetIdentitySo for key, value := range shape { switch key { + case "configuration": + if err := awsAwsjson10_deserializeDocumentConfigurationDetail(&sv.Configuration, value); err != nil { + return err + } + case "createdDate": if value != nil { jtv, ok := value.(string) diff --git a/service/verifiedpermissions/types/types.go b/service/verifiedpermissions/types/types.go index fe5d2e6fa15..f1ff5290002 100644 --- a/service/verifiedpermissions/types/types.go +++ b/service/verifiedpermissions/types/types.go @@ -167,7 +167,7 @@ type BatchIsAuthorizedOutputItem struct { // The configuration for an identity source that represents a connection to an // Amazon Cognito user pool used as an identity provider for Verified Permissions. // This data type is used as a field that is part of an Configuration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html) -// structure that is used as a parameter to the Configuration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html) +// structure that is used as a parameter to CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) // . Example: // "CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": // ["a1b2c3d4e5f6g7h8i9j0kalbmc"]} @@ -188,6 +188,72 @@ type CognitoUserPoolConfiguration struct { noSmithyDocumentSerde } +// The configuration for an identity source that represents a connection to an +// Amazon Cognito user pool used as an identity provider for Verified Permissions. +// This data type is used as a field that is part of an ConfigurationDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html) +// structure that is part of the response to GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html) +// . Example: +// "CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": +// ["a1b2c3d4e5f6g7h8i9j0kalbmc"]} +type CognitoUserPoolConfigurationDetail struct { + + // The unique application client IDs that are associated with the specified Amazon + // Cognito user pool. Example: "clientIds": ["&ExampleCogClientId;"] + // + // This member is required. + ClientIds []string + + // The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that + // contains the identities to be authorized. Example: "issuer": + // "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5" + // + // This member is required. + Issuer *string + + // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of the Amazon Cognito user pool that contains the identities to be authorized. + // Example: "userPoolArn": + // "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5" + // + // This member is required. + UserPoolArn *string + + noSmithyDocumentSerde +} + +// The configuration for an identity source that represents a connection to an +// Amazon Cognito user pool used as an identity provider for Verified Permissions. +// This data type is used as a field that is part of the ConfigurationItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationItem.html) +// structure that is part of the response to ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html) +// . Example: +// "CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": +// ["a1b2c3d4e5f6g7h8i9j0kalbmc"]} +type CognitoUserPoolConfigurationItem struct { + + // The unique application client IDs that are associated with the specified Amazon + // Cognito user pool. Example: "clientIds": ["&ExampleCogClientId;"] + // + // This member is required. + ClientIds []string + + // The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that + // contains the identities to be authorized. Example: "issuer": + // "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5" + // + // This member is required. + Issuer *string + + // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of the Amazon Cognito user pool that contains the identities to be authorized. + // Example: "userPoolArn": + // "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5" + // + // This member is required. + UserPoolArn *string + + noSmithyDocumentSerde +} + // Contains configuration information used when creating a new identity source. At // this time, the only valid member of this structure is a Amazon Cognito user pool // configuration. You must specify a userPoolArn , and optionally, a ClientId . @@ -215,6 +281,56 @@ type ConfigurationMemberCognitoUserPoolConfiguration struct { func (*ConfigurationMemberCognitoUserPoolConfiguration) isConfiguration() {} +// Contains configuration information about an identity source. This data type is +// a response parameter to the GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html) +// operation. +// +// The following types satisfy this interface: +// +// ConfigurationDetailMemberCognitoUserPoolConfiguration +type ConfigurationDetail interface { + isConfigurationDetail() +} + +// Contains configuration details of a Amazon Cognito user pool that Verified +// Permissions can use as a source of authenticated identities as entities. It +// specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) +// of a Amazon Cognito user pool and one or more application client IDs. Example: +// "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": +// ["a1b2c3d4e5f6g7h8i9j0kalbmc"]}} +type ConfigurationDetailMemberCognitoUserPoolConfiguration struct { + Value CognitoUserPoolConfigurationDetail + + noSmithyDocumentSerde +} + +func (*ConfigurationDetailMemberCognitoUserPoolConfiguration) isConfigurationDetail() {} + +// Contains configuration information about an identity source. This data type is +// a response parameter to the ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html) +// operation. +// +// The following types satisfy this interface: +// +// ConfigurationItemMemberCognitoUserPoolConfiguration +type ConfigurationItem interface { + isConfigurationItem() +} + +// Contains configuration details of a Amazon Cognito user pool that Verified +// Permissions can use as a source of authenticated identities as entities. It +// specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) +// of a Amazon Cognito user pool and one or more application client IDs. Example: +// "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": +// ["a1b2c3d4e5f6g7h8i9j0kalbmc"]}} +type ConfigurationItemMemberCognitoUserPoolConfiguration struct { + Value CognitoUserPoolConfigurationItem + + noSmithyDocumentSerde +} + +func (*ConfigurationItemMemberCognitoUserPoolConfiguration) isConfigurationItem() {} + // Contains additional details about the context of the request. Verified // Permissions evaluates this information in an authorization request as part of // the when and unless clauses in a policy. This data type is used as a request @@ -378,12 +494,16 @@ type EvaluationErrorItem struct { } // A structure that contains configuration of the identity source. This data type -// is used as a response parameter for the CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) -// operation. +// was a response parameter for the GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html) +// operation. Replaced by ConfigurationDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html) +// . type IdentitySourceDetails struct { // The application client IDs associated with the specified Amazon Cognito user // pool that are enabled for this identity source. + // + // Deprecated: This attribute has been replaced by + // configuration.cognitoUserPoolConfiguration.clientIds ClientIds []string // The well-known URL that points to this user pool's OIDC discovery endpoint. @@ -391,23 +511,30 @@ type IdentitySourceDetails struct { // for both the Amazon Web Services Region and the user pool identifier with those // appropriate for this user pool. // https://cognito-idp..amazonaws.com//.well-known/openid-configuration + // + // Deprecated: This attribute has been replaced by + // configuration.cognitoUserPoolConfiguration.issuer DiscoveryUrl *string // A string that identifies the type of OIDC service represented by this identity // source. At this time, the only valid value is cognito . + // + // Deprecated: This attribute has been replaced by configuration OpenIdIssuer OpenIdIssuer // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of the Amazon Cognito user pool whose identities are accessible to this Verified // Permissions policy store. + // + // Deprecated: This attribute has been replaced by + // configuration.cognitoUserPoolConfiguration.userPoolArn UserPoolArn *string noSmithyDocumentSerde } // A structure that defines characteristics of an identity source that you can use -// to filter. This data type is used as a request parameter for the -// ListIdentityStores (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentityStores.html) +// to filter. This data type is a request parameter for the ListIdentityStores (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentityStores.html) // operation. type IdentitySourceFilter struct { @@ -418,8 +545,8 @@ type IdentitySourceFilter struct { noSmithyDocumentSerde } -// A structure that defines an identity source. This data type is used as a -// request parameter for the ListIdentityStores (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentityStores.html) +// A structure that defines an identity source. This data type is a response +// parameter to the ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html) // operation. type IdentitySourceItem struct { @@ -428,11 +555,6 @@ type IdentitySourceItem struct { // This member is required. CreatedDate *time.Time - // A structure that contains the details of the associated identity provider (IdP). - // - // This member is required. - Details *IdentitySourceItemDetails - // The unique identifier of the identity source. // // This member is required. @@ -454,16 +576,29 @@ type IdentitySourceItem struct { // This member is required. PrincipalEntityType *string + // Contains configuration information about an identity source. + Configuration ConfigurationItem + + // A structure that contains the details of the associated identity provider (IdP). + // + // Deprecated: This attribute has been replaced by + // configuration.cognitoUserPoolConfiguration + Details *IdentitySourceItemDetails + noSmithyDocumentSerde } // A structure that contains configuration of the identity source. This data type -// is used as a response parameter for the CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) -// operation. +// was a response parameter for the ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html) +// operation. Replaced by ConfigurationItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationItem.html) +// . type IdentitySourceItemDetails struct { // The application client IDs associated with the specified Amazon Cognito user // pool that are enabled for this identity source. + // + // Deprecated: This attribute has been replaced by + // configuration.cognitoUserPoolConfiguration.clientIds ClientIds []string // The well-known URL that points to this user pool's OIDC discovery endpoint. @@ -471,14 +606,22 @@ type IdentitySourceItemDetails struct { // for both the Amazon Web Services Region and the user pool identifier with those // appropriate for this user pool. // https://cognito-idp..amazonaws.com//.well-known/openid-configuration + // + // Deprecated: This attribute has been replaced by + // configuration.cognitoUserPoolConfiguration.issuer DiscoveryUrl *string // A string that identifies the type of OIDC service represented by this identity // source. At this time, the only valid value is cognito . + // + // Deprecated: This attribute has been replaced by configuration OpenIdIssuer OpenIdIssuer // The Amazon Cognito user pool whose identities are accessible to this Verified // Permissions policy store. + // + // Deprecated: This attribute has been replaced by + // configuration.cognitoUserPoolConfiguration.userPoolArn UserPoolArn *string noSmithyDocumentSerde @@ -824,7 +967,7 @@ type TemplateLinkedPolicyDefinition struct { } // Contains information about a policy that was created by instantiating a policy -// template. This +// template. type TemplateLinkedPolicyDefinitionDetail struct { // The unique identifier of the policy template used to create this policy. @@ -1006,6 +1149,8 @@ type UnknownUnionMember struct { func (*UnknownUnionMember) isAttributeValue() {} func (*UnknownUnionMember) isConfiguration() {} +func (*UnknownUnionMember) isConfigurationDetail() {} +func (*UnknownUnionMember) isConfigurationItem() {} func (*UnknownUnionMember) isContextDefinition() {} func (*UnknownUnionMember) isEntitiesDefinition() {} func (*UnknownUnionMember) isEntityReference() {} diff --git a/service/verifiedpermissions/types/types_exported_test.go b/service/verifiedpermissions/types/types_exported_test.go index 72a8b31c3dd..b906f6b904c 100644 --- a/service/verifiedpermissions/types/types_exported_test.go +++ b/service/verifiedpermissions/types/types_exported_test.go @@ -63,6 +63,42 @@ func ExampleConfiguration_outputUsage() { var _ *types.CognitoUserPoolConfiguration +func ExampleConfigurationDetail_outputUsage() { + var union types.ConfigurationDetail + // type switches can be used to check the union value + switch v := union.(type) { + case *types.ConfigurationDetailMemberCognitoUserPoolConfiguration: + _ = v.Value // Value is types.CognitoUserPoolConfigurationDetail + + case *types.UnknownUnionMember: + fmt.Println("unknown tag:", v.Tag) + + default: + fmt.Println("union is nil or unknown type") + + } +} + +var _ *types.CognitoUserPoolConfigurationDetail + +func ExampleConfigurationItem_outputUsage() { + var union types.ConfigurationItem + // type switches can be used to check the union value + switch v := union.(type) { + case *types.ConfigurationItemMemberCognitoUserPoolConfiguration: + _ = v.Value // Value is types.CognitoUserPoolConfigurationItem + + case *types.UnknownUnionMember: + fmt.Println("unknown tag:", v.Tag) + + default: + fmt.Println("union is nil or unknown type") + + } +} + +var _ *types.CognitoUserPoolConfigurationItem + func ExampleContextDefinition_outputUsage() { var union types.ContextDefinition // type switches can be used to check the union value