feat(client-redshift): Adds new API GetClusterCredentialsWithIAM to r…

…eturn temporary credentials.

clients/client-redshift/src/Redshift.ts

@@ -419,6 +419,11 @@ import {
   GetClusterCredentialsCommandInput,
   GetClusterCredentialsCommandOutput,
 } from "./commands/GetClusterCredentialsCommand";
+import {
+  GetClusterCredentialsWithIAMCommand,
+  GetClusterCredentialsWithIAMCommandInput,
+  GetClusterCredentialsWithIAMCommandOutput,
+} from "./commands/GetClusterCredentialsWithIAMCommand";
 import {
   GetReservedNodeExchangeConfigurationOptionsCommand,
   GetReservedNodeExchangeConfigurationOptionsCommandInput,
@@ -3709,6 +3714,47 @@ export class Redshift extends RedshiftClient {
     }
   }
 
+  /**
+   * <p>Returns a database user name and temporary password with temporary authorization to
+   *             log in to an Amazon Redshift database.
+   *             The database user is mapped 1:1 to the source Identity and Access Management (IAM) identity.
+   *             For more information about IAM identities, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html">IAM Identities (users, user groups, and roles)</a> in the
+   *             Amazon Web Services Identity and Access Management User Guide.</p>
+   *         <p>The Identity and Access Management (IAM) identity that runs
+   *             this operation must have an IAM policy attached that allows access to all
+   *             necessary actions and resources.
+   *                 For more information about permissions, see <a href="https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-identity-based.html">Using identity-based policies (IAM policies)</a> in the
+   *             Amazon Redshift Cluster Management Guide. </p>
+   */
+  public getClusterCredentialsWithIAM(
+    args: GetClusterCredentialsWithIAMCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetClusterCredentialsWithIAMCommandOutput>;
+  public getClusterCredentialsWithIAM(
+    args: GetClusterCredentialsWithIAMCommandInput,
+    cb: (err: any, data?: GetClusterCredentialsWithIAMCommandOutput) => void
+  ): void;
+  public getClusterCredentialsWithIAM(
+    args: GetClusterCredentialsWithIAMCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetClusterCredentialsWithIAMCommandOutput) => void
+  ): void;
+  public getClusterCredentialsWithIAM(
+    args: GetClusterCredentialsWithIAMCommandInput,
+    optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: GetClusterCredentialsWithIAMCommandOutput) => void),
+    cb?: (err: any, data?: GetClusterCredentialsWithIAMCommandOutput) => void
+  ): Promise<GetClusterCredentialsWithIAMCommandOutput> | void {
+    const command = new GetClusterCredentialsWithIAMCommand(args);
+    if (typeof optionsOrCb === "function") {
+      this.send(command, optionsOrCb);
+    } else if (typeof cb === "function") {
+      if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
+      this.send(command, optionsOrCb || {}, cb);
+    } else {
+      return this.send(command, optionsOrCb);
+    }
+  }
+
   /**
    * <p>Gets the configuration options for the reserved-node exchange. These options
    *             include information about the source reserved node and target reserved node offering.

clients/client-redshift/src/RedshiftClient.ts

@@ -337,6 +337,10 @@ import {
   GetClusterCredentialsCommandInput,
   GetClusterCredentialsCommandOutput,
 } from "./commands/GetClusterCredentialsCommand";
+import {
+  GetClusterCredentialsWithIAMCommandInput,
+  GetClusterCredentialsWithIAMCommandOutput,
+} from "./commands/GetClusterCredentialsWithIAMCommand";
 import {
   GetReservedNodeExchangeConfigurationOptionsCommandInput,
   GetReservedNodeExchangeConfigurationOptionsCommandOutput,
@@ -533,6 +537,7 @@ export type ServiceInputTypes =
   | EnableLoggingCommandInput
   | EnableSnapshotCopyCommandInput
   | GetClusterCredentialsCommandInput
+  | GetClusterCredentialsWithIAMCommandInput
   | GetReservedNodeExchangeConfigurationOptionsCommandInput
   | GetReservedNodeExchangeOfferingsCommandInput
   | ModifyAquaConfigurationCommandInput
@@ -653,6 +658,7 @@ export type ServiceOutputTypes =
   | EnableLoggingCommandOutput
   | EnableSnapshotCopyCommandOutput
   | GetClusterCredentialsCommandOutput
+  | GetClusterCredentialsWithIAMCommandOutput
   | GetReservedNodeExchangeConfigurationOptionsCommandOutput
   | GetReservedNodeExchangeOfferingsCommandOutput
   | ModifyAquaConfigurationCommandOutput

clients/client-redshift/src/commands/DescribeHsmConfigurationsCommand.ts

@@ -12,8 +12,7 @@ import {
   SerdeContext as __SerdeContext,
 } from "@aws-sdk/types";
 
-import { DescribeHsmConfigurationsMessage } from "../models/models_0";
-import { HsmConfigurationMessage } from "../models/models_1";
+import { DescribeHsmConfigurationsMessage, HsmConfigurationMessage } from "../models/models_1";
 import {
   deserializeAws_queryDescribeHsmConfigurationsCommand,
   serializeAws_queryDescribeHsmConfigurationsCommand,

clients/client-redshift/src/commands/GetClusterCredentialsWithIAMCommand.ts

@@ -0,0 +1,109 @@
+// smithy-typescript generated code
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+import { ClusterExtendedCredentials } from "../models/models_0";
+import { GetClusterCredentialsWithIAMMessage } from "../models/models_1";
+import {
+  deserializeAws_queryGetClusterCredentialsWithIAMCommand,
+  serializeAws_queryGetClusterCredentialsWithIAMCommand,
+} from "../protocols/Aws_query";
+import { RedshiftClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../RedshiftClient";
+
+export interface GetClusterCredentialsWithIAMCommandInput extends GetClusterCredentialsWithIAMMessage {}
+export interface GetClusterCredentialsWithIAMCommandOutput extends ClusterExtendedCredentials, __MetadataBearer {}
+
+/**
+ * <p>Returns a database user name and temporary password with temporary authorization to
+ *             log in to an Amazon Redshift database.
+ *             The database user is mapped 1:1 to the source Identity and Access Management (IAM) identity.
+ *             For more information about IAM identities, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html">IAM Identities (users, user groups, and roles)</a> in the
+ *             Amazon Web Services Identity and Access Management User Guide.</p>
+ *         <p>The Identity and Access Management (IAM) identity that runs
+ *             this operation must have an IAM policy attached that allows access to all
+ *             necessary actions and resources.
+ *                 For more information about permissions, see <a href="https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-identity-based.html">Using identity-based policies (IAM policies)</a> in the
+ *             Amazon Redshift Cluster Management Guide. </p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { RedshiftClient, GetClusterCredentialsWithIAMCommand } from "@aws-sdk/client-redshift"; // ES Modules import
+ * // const { RedshiftClient, GetClusterCredentialsWithIAMCommand } = require("@aws-sdk/client-redshift"); // CommonJS import
+ * const client = new RedshiftClient(config);
+ * const command = new GetClusterCredentialsWithIAMCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link GetClusterCredentialsWithIAMCommandInput} for command's `input` shape.
+ * @see {@link GetClusterCredentialsWithIAMCommandOutput} for command's `response` shape.
+ * @see {@link RedshiftClientResolvedConfig | config} for RedshiftClient's `config` shape.
+ *
+ */
+export class GetClusterCredentialsWithIAMCommand extends $Command<
+  GetClusterCredentialsWithIAMCommandInput,
+  GetClusterCredentialsWithIAMCommandOutput,
+  RedshiftClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: GetClusterCredentialsWithIAMCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: RedshiftClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<GetClusterCredentialsWithIAMCommandInput, GetClusterCredentialsWithIAMCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "RedshiftClient";
+    const commandName = "GetClusterCredentialsWithIAMCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: GetClusterCredentialsWithIAMMessage.filterSensitiveLog,
+      outputFilterSensitiveLog: ClusterExtendedCredentials.filterSensitiveLog,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(input: GetClusterCredentialsWithIAMCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
+    return serializeAws_queryGetClusterCredentialsWithIAMCommand(input, context);
+  }
+
+  private deserialize(
+    output: __HttpResponse,
+    context: __SerdeContext
+  ): Promise<GetClusterCredentialsWithIAMCommandOutput> {
+    return deserializeAws_queryGetClusterCredentialsWithIAMCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}

clients/client-redshift/src/commands/index.ts

@@ -85,6 +85,7 @@ export * from "./DisassociateDataShareConsumerCommand";
 export * from "./EnableLoggingCommand";
 export * from "./EnableSnapshotCopyCommand";
 export * from "./GetClusterCredentialsCommand";
+export * from "./GetClusterCredentialsWithIAMCommand";
 export * from "./GetReservedNodeExchangeConfigurationOptionsCommand";
 export * from "./GetReservedNodeExchangeOfferingsCommand";
 export * from "./ModifyAquaConfigurationCommand";

clients/client-redshift/src/models/models_0.ts

@@ -3429,6 +3429,38 @@ export namespace ClusterDbRevisionsMessage {
   });
 }
 
+export interface ClusterExtendedCredentials {
+  /**
+   * <p>A database user name that you provide when you connect to a database. The database user is mapped 1:1 to the source IAM identity. </p>
+   */
+  DbUser?: string;
+
+  /**
+   * <p>A temporary password that you provide when you connect to a database.</p>
+   */
+  DbPassword?: string;
+
+  /**
+   * <p>The time (UTC) when the temporary password expires. After this timestamp, a log in with the temporary password fails.</p>
+   */
+  Expiration?: Date;
+
+  /**
+   * <p>Reserved for future use.</p>
+   */
+  NextRefreshTime?: Date;
+}
+
+export namespace ClusterExtendedCredentials {
+  /**
+   * @internal
+   */
+  export const filterSensitiveLog = (obj: ClusterExtendedCredentials): any => ({
+    ...obj,
+    ...(obj.DbPassword && { DbPassword: SENSITIVE_STRING }),
+  });
+}
+
 /**
  * <p>Cluster is already on the latest database revision.</p>
  */
@@ -4406,8 +4438,8 @@ export interface CreateClusterMessage {
    *                 <p>Must contain one number.</p>
    *             </li>
    *             <li>
-   *                 <p>Can be any printable ASCII character (ASCII code 33-126) except '
-   *                     (single quote), " (double quote), \, /, or @.</p>
+   *                 <p>Can be any printable ASCII character (ASCII code 33-126) except <code>'</code>
+   *                     (single quote), <code>"</code> (double quote), <code>\</code>, <code>/</code>, or <code>@</code>.</p>
    *             </li>
    *          </ul>
    */
@@ -9283,65 +9315,3 @@ export namespace HsmClientCertificateMessage {
     ...obj,
   });
 }
-
-/**
- * <p></p>
- */
-export interface DescribeHsmConfigurationsMessage {
-  /**
-   * <p>The identifier of a specific Amazon Redshift HSM configuration to be described. If no
-   *             identifier is specified, information is returned for all HSM configurations owned by
-   *             your Amazon Web Services account.</p>
-   */
-  HsmConfigurationIdentifier?: string;
-
-  /**
-   * <p>The maximum number of response records to return in each call. If the number of
-   *             remaining response records exceeds the specified <code>MaxRecords</code> value, a value
-   *             is returned in a <code>marker</code> field of the response. You can retrieve the next
-   *             set of records by retrying the command with the returned marker value. </p>
-   *         <p>Default: <code>100</code>
-   *         </p>
-   *         <p>Constraints: minimum 20, maximum 100.</p>
-   */
-  MaxRecords?: number;
-
-  /**
-   * <p>An optional parameter that specifies the starting point to return a set of response
-   *             records. When the results of a <a>DescribeHsmConfigurations</a> request
-   *             exceed the value specified in <code>MaxRecords</code>, Amazon Web Services returns a value in the
-   *                 <code>Marker</code> field of the response. You can retrieve the next set of response
-   *             records by providing the returned marker value in the <code>Marker</code> parameter and
-   *             retrying the request. </p>
-   */
-  Marker?: string;
-
-  /**
-   * <p>A tag key or keys for which you want to return all matching HSM configurations that
-   *             are associated with the specified key or keys. For example, suppose that you have HSM
-   *             configurations that are tagged with keys called <code>owner</code> and
-   *                 <code>environment</code>. If you specify both of these tag keys in the request,
-   *             Amazon Redshift returns a response with the HSM configurations that have either or both of
-   *             these tag keys associated with them.</p>
-   */
-  TagKeys?: string[];
-
-  /**
-   * <p>A tag value or values for which you want to return all matching HSM configurations
-   *             that are associated with the specified tag value or values. For example, suppose that
-   *             you have HSM configurations that are tagged with values called <code>admin</code> and
-   *                 <code>test</code>. If you specify both of these tag values in the request, Amazon Redshift
-   *             returns a response with the HSM configurations that have either or both of these tag
-   *             values associated with them.</p>
-   */
-  TagValues?: string[];
-}
-
-export namespace DescribeHsmConfigurationsMessage {
-  /**
-   * @internal
-   */
-  export const filterSensitiveLog = (obj: DescribeHsmConfigurationsMessage): any => ({
-    ...obj,
-  });
-}