api.go

// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

package secretsmanager

import (
	"fmt"
	"time"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/internal/awsutil"
	"github.com/aws/aws-sdk-go-v2/private/protocol"
	"github.com/aws/aws-sdk-go-v2/private/protocol/jsonrpc"
)

const opCancelRotateSecret = "CancelRotateSecret"

// CancelRotateSecretRequest is a API request type for the CancelRotateSecret API operation.
type CancelRotateSecretRequest struct {
	*aws.Request
	Input *CancelRotateSecretInput
	Copy  func(*CancelRotateSecretInput) CancelRotateSecretRequest
}

// Send marshals and sends the CancelRotateSecret API request.
func (r CancelRotateSecretRequest) Send() (*CancelRotateSecretOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*CancelRotateSecretOutput), nil
}

// CancelRotateSecretRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Disables automatic scheduled rotation and cancels the rotation of a secret
// if one is currently in progress.
//
// To re-enable scheduled rotation, call RotateSecret with AutomaticallyRotateAfterDays
// set to a value greater than 0. This will immediately rotate your secret and
// then enable the automatic schedule.
//
// If you cancel a rotation that is in progress, it can leave the VersionStage
// labels in an unexpected state. Depending on what step of the rotation was
// in progress, you might need to remove the staging label AWSPENDING from the
// partially created version, specified by the SecretVersionId response value.
// You should also evaluate the partially rotated new version to see if it should
// be deleted, which you can do by removing all staging labels from the new
// version's VersionStage field.
//
// To successfully start a rotation, the staging label AWSPENDING must be in
// one of the following states:
//
//    * Not be attached to any version at all
//
//    * Attached to the same version as the staging label AWSCURRENT
//
// If the staging label AWSPENDING is attached to a different version than the
// version with AWSCURRENT then the attempt to rotate fails.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:CancelRotateSecret
//
// Related operations
//
//    * To configure rotation for a secret or to manually trigger a rotation,
//    use RotateSecret.
//
//    * To get the rotation configuration details for a secret, use DescribeSecret.
//
//    * To list all of the currently available secrets, use ListSecrets.
//
//    * To list all of the versions currently associated with a secret, use
//    ListSecretVersionIds.
//
//    // Example sending a request using the CancelRotateSecretRequest method.
//    req := client.CancelRotateSecretRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret
func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) CancelRotateSecretRequest {
	op := &aws.Operation{
		Name:       opCancelRotateSecret,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CancelRotateSecretInput{}
	}

	output := &CancelRotateSecretOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return CancelRotateSecretRequest{Request: req, Input: input, Copy: c.CancelRotateSecretRequest}
}

const opCreateSecret = "CreateSecret"

// CreateSecretRequest is a API request type for the CreateSecret API operation.
type CreateSecretRequest struct {
	*aws.Request
	Input *CreateSecretInput
	Copy  func(*CreateSecretInput) CreateSecretRequest
}

// Send marshals and sends the CreateSecret API request.
func (r CreateSecretRequest) Send() (*CreateSecretOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*CreateSecretOutput), nil
}

// CreateSecretRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Creates a new secret. A secret in Secrets Manager consists of both the protected
// secret data and the important information needed to manage the secret.
//
// Secrets Manager stores the encrypted secret data in one of a collection of
// "versions" associated with the secret. Each version contains a copy of the
// encrypted secret data. Each version is associated with one or more "staging
// labels" that identify where the version is in the rotation cycle. The SecretVersionsToStages
// field of the secret contains the mapping of staging labels to the active
// versions of the secret. Versions without a staging label are considered deprecated
// and are not included in the list.
//
// You provide the secret data to be encrypted by putting text in either the
// SecretString parameter or binary data in the SecretBinary parameter, but
// not both. If you include SecretString or SecretBinary then Secrets Manager
// also creates an initial secret version and automatically attaches the staging
// label AWSCURRENT to the new version.
//
// If you call an operation that needs to encrypt or decrypt the SecretString
// or SecretBinary for a secret in the same account as the calling user and
// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
// If this key doesn't already exist in your account then Secrets Manager creates
// it for you automatically. All users in the same AWS account automatically
// have access to use the default CMK. Note that if an Secrets Manager API call
// results in AWS having to create the account's AWS-managed CMK, it can result
// in a one-time significant delay in returning the result.
//
// If the secret is in a different AWS account from the credentials calling
// an API that requires encryption or decryption of the secret value then you
// must create and use a custom KMS CMK because you can't access the default
// CMK for the account using credentials from a different AWS account. Store
// the ARN of the CMK in the secret when you create the secret or when you update
// it by including it in the KMSKeyId. If you call an API that must encrypt
// or decrypt SecretString or SecretBinary using credentials from a different
// account then the KMS key policy must grant cross-account access to that other
// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:CreateSecret
//
//    * kms:GenerateDataKey - needed only if you use a customer-created KMS
//    key to encrypt the secret. You do not need this permission to use the
//    account's default AWS managed CMK for Secrets Manager.
//
//    * kms:Decrypt - needed only if you use a customer-created KMS key to encrypt
//    the secret. You do not need this permission to use the account's default
//    AWS managed CMK for Secrets Manager.
//
// Related operations
//
//    * To delete a secret, use DeleteSecret.
//
//    * To modify an existing secret, use UpdateSecret.
//
//    * To create a new version of a secret, use PutSecretValue.
//
//    * To retrieve the encrypted secure string and secure binary values, use
//    GetSecretValue.
//
//    * To retrieve all other details for a secret, use DescribeSecret. This
//    does not include the encrypted secure string and secure binary values.
//
//    * To retrieve the list of secret versions associated with the current
//    secret, use DescribeSecret and examine the SecretVersionsToStages response
//    value.
//
//    // Example sending a request using the CreateSecretRequest method.
//    req := client.CreateSecretRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret
func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) CreateSecretRequest {
	op := &aws.Operation{
		Name:       opCreateSecret,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateSecretInput{}
	}

	output := &CreateSecretOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return CreateSecretRequest{Request: req, Input: input, Copy: c.CreateSecretRequest}
}

const opDeleteSecret = "DeleteSecret"

// DeleteSecretRequest is a API request type for the DeleteSecret API operation.
type DeleteSecretRequest struct {
	*aws.Request
	Input *DeleteSecretInput
	Copy  func(*DeleteSecretInput) DeleteSecretRequest
}

// Send marshals and sends the DeleteSecret API request.
func (r DeleteSecretRequest) Send() (*DeleteSecretOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*DeleteSecretOutput), nil
}

// DeleteSecretRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Deletes an entire secret and all of its versions. You can optionally include
// a recovery window during which you can restore the secret. If you don't specify
// a recovery window value, the operation defaults to 30 days. Secrets Manager
// attaches a DeletionDate stamp to the secret that specifies the end of the
// recovery window. At the end of the recovery window, Secrets Manager deletes
// the secret permanently.
//
// At any time before recovery window ends, you can use RestoreSecret to remove
// the DeletionDate and cancel the deletion of the secret.
//
// You cannot access the encrypted secret information in any secret that is
// scheduled for deletion. If you need to access that information, you must
// cancel the deletion with RestoreSecret and then retrieve the information.
//
// There is no explicit operation to delete a version of a secret. Instead,
// remove all staging labels from the VersionStage field of a version. That
// marks the version as deprecated and allows Secrets Manager to delete it as
// needed. Versions that do not have any staging labels do not show up in ListSecretVersionIds
// unless you specify IncludeDeprecated.
//
// The permanent secret deletion at the end of the waiting period is performed
// as a background task with low priority. There is no guarantee of a specific
// time after the recovery window for the actual delete operation to occur.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:DeleteSecret
//
// Related operations
//
//    * To create a secret, use CreateSecret.
//
//    * To cancel deletion of a version of a secret before the recovery window
//    has expired, use RestoreSecret.
//
//    // Example sending a request using the DeleteSecretRequest method.
//    req := client.DeleteSecretRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret
func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) DeleteSecretRequest {
	op := &aws.Operation{
		Name:       opDeleteSecret,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteSecretInput{}
	}

	output := &DeleteSecretOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return DeleteSecretRequest{Request: req, Input: input, Copy: c.DeleteSecretRequest}
}

const opDescribeSecret = "DescribeSecret"

// DescribeSecretRequest is a API request type for the DescribeSecret API operation.
type DescribeSecretRequest struct {
	*aws.Request
	Input *DescribeSecretInput
	Copy  func(*DescribeSecretInput) DescribeSecretRequest
}

// Send marshals and sends the DescribeSecret API request.
func (r DescribeSecretRequest) Send() (*DescribeSecretOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*DescribeSecretOutput), nil
}

// DescribeSecretRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Retrieves the details of a secret. It does not include the encrypted fields.
// Only those fields that are populated with a value are returned in the response.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:DescribeSecret
//
// Related operations
//
//    * To create a secret, use CreateSecret.
//
//    * To modify a secret, use UpdateSecret.
//
//    * To retrieve the encrypted secret information in a version of the secret,
//    use GetSecretValue.
//
//    * To list all of the secrets in the AWS account, use ListSecrets.
//
//    // Example sending a request using the DescribeSecretRequest method.
//    req := client.DescribeSecretRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret
func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) DescribeSecretRequest {
	op := &aws.Operation{
		Name:       opDescribeSecret,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DescribeSecretInput{}
	}

	output := &DescribeSecretOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return DescribeSecretRequest{Request: req, Input: input, Copy: c.DescribeSecretRequest}
}

const opGetRandomPassword = "GetRandomPassword"

// GetRandomPasswordRequest is a API request type for the GetRandomPassword API operation.
type GetRandomPasswordRequest struct {
	*aws.Request
	Input *GetRandomPasswordInput
	Copy  func(*GetRandomPasswordInput) GetRandomPasswordRequest
}

// Send marshals and sends the GetRandomPassword API request.
func (r GetRandomPasswordRequest) Send() (*GetRandomPasswordOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*GetRandomPasswordOutput), nil
}

// GetRandomPasswordRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Generates a random password of the specified complexity. This operation is
// intended for use in the Lambda rotation function. Per best practice, we recommend
// that you specify the maximum length and include every character type that
// the system you are generating a password for can support.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:GetRandomPassword
//
//    // Example sending a request using the GetRandomPasswordRequest method.
//    req := client.GetRandomPasswordRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword
func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) GetRandomPasswordRequest {
	op := &aws.Operation{
		Name:       opGetRandomPassword,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetRandomPasswordInput{}
	}

	output := &GetRandomPasswordOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return GetRandomPasswordRequest{Request: req, Input: input, Copy: c.GetRandomPasswordRequest}
}

const opGetSecretValue = "GetSecretValue"

// GetSecretValueRequest is a API request type for the GetSecretValue API operation.
type GetSecretValueRequest struct {
	*aws.Request
	Input *GetSecretValueInput
	Copy  func(*GetSecretValueInput) GetSecretValueRequest
}

// Send marshals and sends the GetSecretValue API request.
func (r GetSecretValueRequest) Send() (*GetSecretValueOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*GetSecretValueOutput), nil
}

// GetSecretValueRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Retrieves the contents of the encrypted fields SecretString or SecretBinary
// from the specified version of a secret, whichever contains content.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:GetSecretValue
//
//    * kms:Decrypt - required only if you use a customer-created KMS key to
//    encrypt the secret. You do not need this permission to use the account's
//    default AWS managed CMK for Secrets Manager.
//
// Related operations
//
//    * To create a new version of the secret with different encrypted information,
//    use PutSecretValue.
//
//    * To retrieve the non-encrypted details for the secret, use DescribeSecret.
//
//    // Example sending a request using the GetSecretValueRequest method.
//    req := client.GetSecretValueRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue
func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) GetSecretValueRequest {
	op := &aws.Operation{
		Name:       opGetSecretValue,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetSecretValueInput{}
	}

	output := &GetSecretValueOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return GetSecretValueRequest{Request: req, Input: input, Copy: c.GetSecretValueRequest}
}

const opListSecretVersionIds = "ListSecretVersionIds"

// ListSecretVersionIdsRequest is a API request type for the ListSecretVersionIds API operation.
type ListSecretVersionIdsRequest struct {
	*aws.Request
	Input *ListSecretVersionIdsInput
	Copy  func(*ListSecretVersionIdsInput) ListSecretVersionIdsRequest
}

// Send marshals and sends the ListSecretVersionIds API request.
func (r ListSecretVersionIdsRequest) Send() (*ListSecretVersionIdsOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*ListSecretVersionIdsOutput), nil
}

// ListSecretVersionIdsRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Lists all of the versions attached to the specified secret. The output does
// not include the SecretString or SecretBinary fields. By default, the list
// includes only versions that have at least one staging label in VersionStage
// attached.
//
// Always check the NextToken response parameter when calling any of the List*
// operations. These operations can occasionally return an empty or shorter
// than expected list of results even when there are more results available.
// When this happens, the NextToken response parameter contains a value to pass
// to the next call to the same API to request the next part of the list.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:ListSecretVersionIds
//
// Related operations
//
//    * To list the secrets in an account, use ListSecrets.
//
//    // Example sending a request using the ListSecretVersionIdsRequest method.
//    req := client.ListSecretVersionIdsRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds
func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) ListSecretVersionIdsRequest {
	op := &aws.Operation{
		Name:       opListSecretVersionIds,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &aws.Paginator{
			InputTokens:     []string{"NextToken"},
			OutputTokens:    []string{"NextToken"},
			LimitToken:      "MaxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListSecretVersionIdsInput{}
	}

	output := &ListSecretVersionIdsOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return ListSecretVersionIdsRequest{Request: req, Input: input, Copy: c.ListSecretVersionIdsRequest}
}

// Paginate pages iterates over the pages of a ListSecretVersionIdsRequest operation,
// calling the Next method for each page. Using the paginators Next
// method will depict whether or not there are more pages.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListSecretVersionIds operation.
//		req := client.ListSecretVersionIdsRequest(input)
//		p := req.Paginate()
//		for p.Next() {
//			page := p.CurrentPage()
//		}
//
//		if err := p.Err(); err != nil {
//			return err
//		}
//
func (p *ListSecretVersionIdsRequest) Paginate(opts ...aws.Option) ListSecretVersionIdsPager {
	return ListSecretVersionIdsPager{
		Pager: aws.Pager{
			NewRequest: func() (*aws.Request, error) {
				var inCpy *ListSecretVersionIdsInput
				if p.Input != nil {
					tmp := *p.Input
					inCpy = &tmp
				}

				req := p.Copy(inCpy)
				req.ApplyOptions(opts...)

				return req.Request, nil
			},
		},
	}
}

// ListSecretVersionIdsPager is used to paginate the request. This can be done by
// calling Next and CurrentPage.
type ListSecretVersionIdsPager struct {
	aws.Pager
}

func (p *ListSecretVersionIdsPager) CurrentPage() *ListSecretVersionIdsOutput {
	return p.Pager.CurrentPage().(*ListSecretVersionIdsOutput)
}

const opListSecrets = "ListSecrets"

// ListSecretsRequest is a API request type for the ListSecrets API operation.
type ListSecretsRequest struct {
	*aws.Request
	Input *ListSecretsInput
	Copy  func(*ListSecretsInput) ListSecretsRequest
}

// Send marshals and sends the ListSecrets API request.
func (r ListSecretsRequest) Send() (*ListSecretsOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*ListSecretsOutput), nil
}

// ListSecretsRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Lists all of the secrets that are stored by Secrets Manager in the AWS account.
// To list the versions currently stored for a specific secret, use ListSecretVersionIds.
// The encrypted fields SecretString and SecretBinary are not included in the
// output. To get that information, call the GetSecretValue operation.
//
// Always check the NextToken response parameter when calling any of the List*
// operations. These operations can occasionally return an empty or shorter
// than expected list of results even when there are more results available.
// When this happens, the NextToken response parameter contains a value to pass
// to the next call to the same API to request the next part of the list.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:ListSecrets
//
// Related operations
//
//    * To list the versions attached to a secret, use ListSecretVersionIds.
//
//    // Example sending a request using the ListSecretsRequest method.
//    req := client.ListSecretsRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets
func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) ListSecretsRequest {
	op := &aws.Operation{
		Name:       opListSecrets,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &aws.Paginator{
			InputTokens:     []string{"NextToken"},
			OutputTokens:    []string{"NextToken"},
			LimitToken:      "MaxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListSecretsInput{}
	}

	output := &ListSecretsOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return ListSecretsRequest{Request: req, Input: input, Copy: c.ListSecretsRequest}
}

// Paginate pages iterates over the pages of a ListSecretsRequest operation,
// calling the Next method for each page. Using the paginators Next
// method will depict whether or not there are more pages.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListSecrets operation.
//		req := client.ListSecretsRequest(input)
//		p := req.Paginate()
//		for p.Next() {
//			page := p.CurrentPage()
//		}
//
//		if err := p.Err(); err != nil {
//			return err
//		}
//
func (p *ListSecretsRequest) Paginate(opts ...aws.Option) ListSecretsPager {
	return ListSecretsPager{
		Pager: aws.Pager{
			NewRequest: func() (*aws.Request, error) {
				var inCpy *ListSecretsInput
				if p.Input != nil {
					tmp := *p.Input
					inCpy = &tmp
				}

				req := p.Copy(inCpy)
				req.ApplyOptions(opts...)

				return req.Request, nil
			},
		},
	}
}

// ListSecretsPager is used to paginate the request. This can be done by
// calling Next and CurrentPage.
type ListSecretsPager struct {
	aws.Pager
}

func (p *ListSecretsPager) CurrentPage() *ListSecretsOutput {
	return p.Pager.CurrentPage().(*ListSecretsOutput)
}

const opPutSecretValue = "PutSecretValue"

// PutSecretValueRequest is a API request type for the PutSecretValue API operation.
type PutSecretValueRequest struct {
	*aws.Request
	Input *PutSecretValueInput
	Copy  func(*PutSecretValueInput) PutSecretValueRequest
}

// Send marshals and sends the PutSecretValue API request.
func (r PutSecretValueRequest) Send() (*PutSecretValueOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*PutSecretValueOutput), nil
}

// PutSecretValueRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Stores a new encrypted secret value in the specified secret. To do this,
// the operation creates a new version and attaches it to the secret. The version
// can contain a new SecretString value or a new SecretBinary value. You can
// also specify the staging labels that are initially attached to the new version.
//
// The Secrets Manager console uses only the SecretString field. To add binary
// data to a secret with the SecretBinary field you must use the AWS CLI or
// one of the AWS SDKs.
//
//    * If this operation creates the first version for the secret then Secrets
//    Manager automatically attaches the staging label AWSCURRENT to the new
//    version.
//
//    * If another version of this secret already exists, then this operation
//    does not automatically move any staging labels other than those that you
//    explicitly specify in the VersionStages parameter.
//
//    * If this operation moves the staging label AWSCURRENT from another version
//    to this version (because you included it in the StagingLabels parameter)
//    then Secrets Manager also automatically moves the staging label AWSPREVIOUS
//    to the version that AWSCURRENT was removed from.
//
//    * This operation is idempotent. If a version with a SecretVersionId with
//    the same value as the ClientRequestToken parameter already exists and
//    you specify the same secret data, the operation succeeds but does nothing.
//    However, if the secret data is different, then the operation fails because
//    you cannot modify an existing version; you can only create new ones.
//
// If you call an operation that needs to encrypt or decrypt the SecretString
// or SecretBinary for a secret in the same account as the calling user and
// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
// If this key doesn't already exist in your account then Secrets Manager creates
// it for you automatically. All users in the same AWS account automatically
// have access to use the default CMK. Note that if an Secrets Manager API call
// results in AWS having to create the account's AWS-managed CMK, it can result
// in a one-time significant delay in returning the result.
//
// If the secret is in a different AWS account from the credentials calling
// an API that requires encryption or decryption of the secret value then you
// must create and use a custom KMS CMK because you can't access the default
// CMK for the account using credentials from a different AWS account. Store
// the ARN of the CMK in the secret when you create the secret or when you update
// it by including it in the KMSKeyId. If you call an API that must encrypt
// or decrypt SecretString or SecretBinary using credentials from a different
// account then the KMS key policy must grant cross-account access to that other
// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:PutSecretValue
//
//    * kms:GenerateDataKey - needed only if you use a customer-created KMS
//    key to encrypt the secret. You do not need this permission to use the
//    account's AWS managed CMK for Secrets Manager.
//
//    * kms:Encrypt - needed only if you use a customer-created KMS key to encrypt
//    the secret. You do not need this permission to use the account's AWS managed
//    CMK for Secrets Manager.
//
// Related operations
//
//    * To retrieve the encrypted value you store in the version of a secret,
//    use GetSecretValue.
//
//    * To create a secret, use CreateSecret.
//
//    * To get the details for a secret, use DescribeSecret.
//
//    * To list the versions attached to a secret, use ListSecretVersionIds.
//
//    // Example sending a request using the PutSecretValueRequest method.
//    req := client.PutSecretValueRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue
func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) PutSecretValueRequest {
	op := &aws.Operation{
		Name:       opPutSecretValue,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutSecretValueInput{}
	}

	output := &PutSecretValueOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return PutSecretValueRequest{Request: req, Input: input, Copy: c.PutSecretValueRequest}
}

const opRestoreSecret = "RestoreSecret"

// RestoreSecretRequest is a API request type for the RestoreSecret API operation.
type RestoreSecretRequest struct {
	*aws.Request
	Input *RestoreSecretInput
	Copy  func(*RestoreSecretInput) RestoreSecretRequest
}

// Send marshals and sends the RestoreSecret API request.
func (r RestoreSecretRequest) Send() (*RestoreSecretOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*RestoreSecretOutput), nil
}

// RestoreSecretRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Cancels the scheduled deletion of a secret by removing the DeletedDate time
// stamp. This makes the secret accessible to query once again.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:RestoreSecret
//
// Related operations
//
//    * To delete a secret, use DeleteSecret.
//
//    // Example sending a request using the RestoreSecretRequest method.
//    req := client.RestoreSecretRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret
func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) RestoreSecretRequest {
	op := &aws.Operation{
		Name:       opRestoreSecret,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RestoreSecretInput{}
	}

	output := &RestoreSecretOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return RestoreSecretRequest{Request: req, Input: input, Copy: c.RestoreSecretRequest}
}

const opRotateSecret = "RotateSecret"

// RotateSecretRequest is a API request type for the RotateSecret API operation.
type RotateSecretRequest struct {
	*aws.Request
	Input *RotateSecretInput
	Copy  func(*RotateSecretInput) RotateSecretRequest
}

// Send marshals and sends the RotateSecret API request.
func (r RotateSecretRequest) Send() (*RotateSecretOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*RotateSecretOutput), nil
}

// RotateSecretRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Configures and starts the asynchronous process of rotating this secret. If
// you include the configuration parameters, the operation sets those values
// for the secret and then immediately starts a rotation. If you do not include
// the configuration parameters, the operation starts a rotation with the values
// already stored in the secret. After the rotation completes, the protected
// service and its clients all use the new version of the secret.
//
// This required configuration information includes the ARN of an AWS Lambda
// function and the time between scheduled rotations. The Lambda rotation function
// creates a new version of the secret and creates or updates the credentials
// on the protected service to match. After testing the new credentials, the
// function marks the new secret with the staging label AWSCURRENT so that your
// clients all immediately begin to use the new version. For more information
// about rotating secrets and how to configure a Lambda function to rotate the
// secrets for your protected service, see Rotating Secrets in AWS Secrets Manager
// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html)
// in the AWS Secrets Manager User Guide.
//
// The rotation function must end with the versions of the secret in one of
// two states:
//
//    * The AWSPENDING and AWSCURRENT staging labels are attached to the same
//    version of the secret, or
//
//    * The AWSPENDING staging label is not attached to any version of the secret.
//
// If instead the AWSPENDING staging label is present but is not attached to
// the same version as AWSCURRENT then any later invocation of RotateSecret
// assumes that a previous rotation request is still in progress and returns
// an error.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:RotateSecret
//
//    * lambda:InvokeFunction (on the function specified in the secret's metadata)
//
// Related operations
//
//    * To list the secrets in your account, use ListSecrets.
//
//    * To get the details for a version of a secret, use DescribeSecret.
//
//    * To create a new version of a secret, use CreateSecret.
//
//    * To attach staging labels to or remove staging labels from a version
//    of a secret, use UpdateSecretVersionStage.
//
//    // Example sending a request using the RotateSecretRequest method.
//    req := client.RotateSecretRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret
func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) RotateSecretRequest {
	op := &aws.Operation{
		Name:       opRotateSecret,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RotateSecretInput{}
	}

	output := &RotateSecretOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return RotateSecretRequest{Request: req, Input: input, Copy: c.RotateSecretRequest}
}

const opTagResource = "TagResource"

// TagResourceRequest is a API request type for the TagResource API operation.
type TagResourceRequest struct {
	*aws.Request
	Input *TagResourceInput
	Copy  func(*TagResourceInput) TagResourceRequest
}

// Send marshals and sends the TagResource API request.
func (r TagResourceRequest) Send() (*TagResourceOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*TagResourceOutput), nil
}

// TagResourceRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Attaches one or more tags, each consisting of a key name and a value, to
// the specified secret. Tags are part of the secret's overall metadata, and
// are not associated with any specific version of the secret. This operation
// only appends tags to the existing list of tags. To remove tags, you must
// use UntagResource.
//
// The following basic restrictions apply to tags:
//
//    * Maximum number of tags per secret—50
//
//    * Maximum key length—127 Unicode characters in UTF-8
//
//    * Maximum value length—255 Unicode characters in UTF-8
//
//    * Tag keys and values are case sensitive.
//
//    * Do not use the aws: prefix in your tag names or values because it is
//    reserved for AWS use. You can't edit or delete tag names or values with
//    this prefix. Tags with this prefix do not count against your tags per
//    secret limit.
//
//    * If your tagging schema will be used across multiple services and resources,
//    remember that other services might have restrictions on allowed characters.
//    Generally allowed characters are: letters, spaces, and numbers representable
//    in UTF-8, plus the following special characters: + - = . _ : / @.
//
// If you use tags as part of your security strategy, then adding or removing
// a tag can change permissions. If successfully completing this operation would
// result in you losing your permissions for this secret, then the operation
// is blocked and returns an Access Denied error.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:TagResource
//
// Related operations
//
//    * To remove one or more tags from the collection attached to a secret,
//    use UntagResource.
//
//    * To view the list of tags attached to a secret, use DescribeSecret.
//
//    // Example sending a request using the TagResourceRequest method.
//    req := client.TagResourceRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource
func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) TagResourceRequest {
	op := &aws.Operation{
		Name:       opTagResource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagResourceInput{}
	}

	output := &TagResourceOutput{}
	req := c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output.responseMetadata = aws.Response{Request: req}

	return TagResourceRequest{Request: req, Input: input, Copy: c.TagResourceRequest}
}

const opUntagResource = "UntagResource"

// UntagResourceRequest is a API request type for the UntagResource API operation.
type UntagResourceRequest struct {
	*aws.Request
	Input *UntagResourceInput
	Copy  func(*UntagResourceInput) UntagResourceRequest
}

// Send marshals and sends the UntagResource API request.
func (r UntagResourceRequest) Send() (*UntagResourceOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*UntagResourceOutput), nil
}

// UntagResourceRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Removes one or more tags from the specified secret.
//
// This operation is idempotent. If a requested tag is not attached to the secret,
// no error is returned and the secret metadata is unchanged.
//
// If you use tags as part of your security strategy, then removing a tag can
// change permissions. If successfully completing this operation would result
// in you losing your permissions for this secret, then the operation is blocked
// and returns an Access Denied error.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:UntagResource
//
// Related operations
//
//    * To add one or more tags to the collection attached to a secret, use
//    TagResource.
//
//    * To view the list of tags attached to a secret, use DescribeSecret.
//
//    // Example sending a request using the UntagResourceRequest method.
//    req := client.UntagResourceRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource
func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) UntagResourceRequest {
	op := &aws.Operation{
		Name:       opUntagResource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagResourceInput{}
	}

	output := &UntagResourceOutput{}
	req := c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output.responseMetadata = aws.Response{Request: req}

	return UntagResourceRequest{Request: req, Input: input, Copy: c.UntagResourceRequest}
}

const opUpdateSecret = "UpdateSecret"

// UpdateSecretRequest is a API request type for the UpdateSecret API operation.
type UpdateSecretRequest struct {
	*aws.Request
	Input *UpdateSecretInput
	Copy  func(*UpdateSecretInput) UpdateSecretRequest
}

// Send marshals and sends the UpdateSecret API request.
func (r UpdateSecretRequest) Send() (*UpdateSecretOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*UpdateSecretOutput), nil
}

// UpdateSecretRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Modifies many of the details of a secret. If you include a ClientRequestToken
// and either SecretString or SecretBinary then it also creates a new version
// attached to the secret.
//
// To modify the rotation configuration of a secret, use RotateSecret instead.
//
// The Secrets Manager console uses only the SecretString parameter and therefore
// limits you to encrypting and storing only a text string. To encrypt and store
// binary data as part of the version of a secret, you must use either the AWS
// CLI or one of the AWS SDKs.
//
//    * If a version with a SecretVersionId with the same value as the ClientRequestToken
//    parameter already exists, the operation generates an error. You cannot
//    modify an existing version, you can only create new ones.
//
//    * If you include SecretString or SecretBinary to create a new secret version,
//    Secrets Manager automatically attaches the staging label AWSCURRENT to
//    the new version.
//
// If you call an operation that needs to encrypt or decrypt the SecretString
// or SecretBinary for a secret in the same account as the calling user and
// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
// If this key doesn't already exist in your account then Secrets Manager creates
// it for you automatically. All users in the same AWS account automatically
// have access to use the default CMK. Note that if an Secrets Manager API call
// results in AWS having to create the account's AWS-managed CMK, it can result
// in a one-time significant delay in returning the result.
//
// If the secret is in a different AWS account from the credentials calling
// an API that requires encryption or decryption of the secret value then you
// must create and use a custom KMS CMK because you can't access the default
// CMK for the account using credentials from a different AWS account. Store
// the ARN of the CMK in the secret when you create the secret or when you update
// it by including it in the KMSKeyId. If you call an API that must encrypt
// or decrypt SecretString or SecretBinary using credentials from a different
// account then the KMS key policy must grant cross-account access to that other
// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:UpdateSecret
//
//    * kms:GenerateDataKey - needed only if you use a custom KMS key to encrypt
//    the secret. You do not need this permission to use the account's AWS managed
//    CMK for Secrets Manager.
//
//    * kms:Decrypt - needed only if you use a custom KMS key to encrypt the
//    secret. You do not need this permission to use the account's AWS managed
//    CMK for Secrets Manager.
//
// Related operations
//
//    * To create a new secret, use CreateSecret.
//
//    * To add only a new version to an existing secret, use PutSecretValue.
//
//    * To get the details for a secret, use DescribeSecret.
//
//    * To list the versions contained in a secret, use ListSecretVersionIds.
//
//    // Example sending a request using the UpdateSecretRequest method.
//    req := client.UpdateSecretRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret
func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) UpdateSecretRequest {
	op := &aws.Operation{
		Name:       opUpdateSecret,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateSecretInput{}
	}

	output := &UpdateSecretOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return UpdateSecretRequest{Request: req, Input: input, Copy: c.UpdateSecretRequest}
}

const opUpdateSecretVersionStage = "UpdateSecretVersionStage"

// UpdateSecretVersionStageRequest is a API request type for the UpdateSecretVersionStage API operation.
type UpdateSecretVersionStageRequest struct {
	*aws.Request
	Input *UpdateSecretVersionStageInput
	Copy  func(*UpdateSecretVersionStageInput) UpdateSecretVersionStageRequest
}

// Send marshals and sends the UpdateSecretVersionStage API request.
func (r UpdateSecretVersionStageRequest) Send() (*UpdateSecretVersionStageOutput, error) {
	err := r.Request.Send()
	if err != nil {
		return nil, err
	}

	return r.Request.Data.(*UpdateSecretVersionStageOutput), nil
}

// UpdateSecretVersionStageRequest returns a request value for making API operation for
// AWS Secrets Manager.
//
// Modifies the staging labels attached to a version of a secret. Staging labels
// are used to track a version as it progresses through the secret rotation
// process. You can attach a staging label to only one version of a secret at
// a time. If a staging label to be added is already attached to another version,
// then it is moved--removed from the other version first and then attached
// to this one. For more information about staging labels, see Staging Labels
// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label)
// in the AWS Secrets Manager User Guide.
//
// The staging labels that you specify in the VersionStage parameter are added
// to the existing list of staging labels--they don't replace it.
//
// You can move the AWSCURRENT staging label to this version by including it
// in this call.
//
// Whenever you move AWSCURRENT, Secrets Manager automatically moves the label
// AWSPREVIOUS to the version that AWSCURRENT was removed from.
//
// If this action results in the last label being removed from a version, then
// the version is considered to be 'deprecated' and can be deleted by Secrets
// Manager.
//
// Minimum permissions
//
// To run this command, you must have the following permissions:
//
//    * secretsmanager:UpdateSecretVersionStage
//
// Related operations
//
//    * To get the list of staging labels that are currently associated with
//    a version of a secret, use DescribeSecret and examine the SecretVersionsToStages
//    response value.
//
//    // Example sending a request using the UpdateSecretVersionStageRequest method.
//    req := client.UpdateSecretVersionStageRequest(params)
//    resp, err := req.Send()
//    if err == nil {
//        fmt.Println(resp)
//    }
//
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage
func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) UpdateSecretVersionStageRequest {
	op := &aws.Operation{
		Name:       opUpdateSecretVersionStage,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateSecretVersionStageInput{}
	}

	output := &UpdateSecretVersionStageOutput{}
	req := c.newRequest(op, input, output)
	output.responseMetadata = aws.Response{Request: req}

	return UpdateSecretVersionStageRequest{Request: req, Input: input, Copy: c.UpdateSecretVersionStageRequest}
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretRequest
type CancelRotateSecretInput struct {
	_ struct{} `type:"structure"`

	// Specifies the secret for which you want to cancel a rotation request. You
	// can specify either the Amazon Resource Name (ARN) or the friendly name of
	// the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s CancelRotateSecretInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CancelRotateSecretInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CancelRotateSecretInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "CancelRotateSecretInput"}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretResponse
type CancelRotateSecretOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The ARN of the secret for which rotation was canceled.
	ARN *string `min:"20" type:"string"`

	// The friendly name of the secret for which rotation was canceled.
	Name *string `min:"1" type:"string"`

	// The unique identifier of the version of the secret that was created during
	// the rotation. This version might not be complete, and should be evaluated
	// for possible deletion. At the very least, you should remove the VersionStage
	// value AWSPENDING to enable this version to be deleted. Failing to clean up
	// a cancelled rotation can block you from successfully starting future rotations.
	VersionId *string `min:"32" type:"string"`
}

// String returns the string representation
func (s CancelRotateSecretOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CancelRotateSecretOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s CancelRotateSecretOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretRequest
type CreateSecretInput struct {
	_ struct{} `type:"structure"`

	// (Optional) If you include SecretString or SecretBinary, then an initial version
	// is created as part of the secret, and this parameter specifies a unique identifier
	// for the new version.
	//
	// If you use the AWS CLI or one of the AWS SDK to call this operation, then
	// you can leave this parameter empty. The CLI or SDK generates a random UUID
	// for you and includes as the value for this parameter in the request. If you
	// don't use the SDK and instead generate a raw HTTP request to the Secrets
	// Manager service endpoint, then you must generate a ClientRequestToken yourself
	// for the new version and include that value in the request.
	//
	// This value helps ensure idempotency. Secrets Manager uses this value to prevent
	// the accidental creation of duplicate versions if there are failures and retries
	// during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value to ensure uniqueness of your versions within the specified secret.
	//
	//    * If the ClientRequestToken value isn't already associated with a version
	//    of the secret then a new version of the secret is created.
	//
	//    * If a version with this value already exists and that version's SecretString
	//    and SecretBinary values are the same as those in the request, then the
	//    request is ignored (the operation is idempotent).
	//
	//    * If a version with this value already exists and that version's SecretString
	//    and SecretBinary values are different from those in the request then the
	//    request fails because you cannot modify an existing version. Instead,
	//    use PutSecretValue to create a new version.
	//
	// This value becomes the SecretVersionId of the new version.
	ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`

	// (Optional) Specifies a user-provided description of the secret.
	Description *string `type:"string"`

	// (Optional) Specifies the ARN or alias of the AWS KMS customer master key
	// (CMK) to be used to encrypt the SecretString or SecretBinary values in the
	// versions stored in this secret.
	//
	// If you don't specify this value, then Secrets Manager defaults to using the
	// AWS account's default CMK (the one named aws/secretsmanager). If a KMS CMK
	// with that name doesn't yet exist, then Secrets Manager creates it for you
	// automatically the first time it needs to encrypt a version's SecretString
	// or SecretBinary fields.
	//
	// You can use the account's default CMK to encrypt and decrypt only if you
	// call this operation using credentials from the same account that owns the
	// secret. If the secret is in a different account, then you must create a custom
	// CMK and specify the ARN in this field.
	KmsKeyId *string `type:"string"`

	// Specifies the friendly name of the new secret.
	//
	// The secret name must be ASCII letters, digits, or the following characters
	// : /_+=,.@-
	//
	// Name is a required field
	Name *string `min:"1" type:"string" required:"true"`

	// (Optional) Specifies binary data that you want to encrypt and store in the
	// new version of the secret. To use this parameter in the command-line tools,
	// we recommend that you store your binary data in a file and then use the appropriate
	// technique for your tool to pass the contents of the file as a parameter.
	//
	// Either SecretString or SecretBinary must have a value, but not both. They
	// cannot both be empty.
	//
	// This parameter is not available using the Secrets Manager console. It can
	// be accessed only by using the AWS CLI or one of the AWS SDKs.
	//
	// SecretBinary is automatically base64 encoded/decoded by the SDK.
	SecretBinary []byte `type:"blob"`

	// (Optional) Specifies text data that you want to encrypt and store in this
	// new version of the secret.
	//
	// Either SecretString or SecretBinary must have a value, but not both. They
	// cannot both be empty.
	//
	// If you create a secret by using the Secrets Manager console then Secrets
	// Manager puts the protected secret text in only the SecretString parameter.
	// The Secrets Manager console stores the information as a JSON structure of
	// key/value pairs that the Lambda rotation function knows how to parse.
	//
	// For storing multiple values, we recommend that you use a JSON text string
	// argument and specify key/value pairs. For information on how to format a
	// JSON parameter for the various command line tool environments, see Using
	// JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
	// in the AWS CLI User Guide. For example:
	//
	// [{"username":"bob"},{"password":"abc123xyz456"}]
	//
	// If your command-line tool or SDK requires quotation marks around the parameter,
	// you should use single quotes to avoid confusion with the double quotes required
	// in the JSON text.
	SecretString *string `type:"string"`

	// (Optional) Specifies a list of user-defined tags that are attached to the
	// secret. Each tag is a "Key" and "Value" pair of strings. This operation only
	// appends tags to the existing list of tags. To remove tags, you must use UntagResource.
	//
	// Secrets Manager tag key names are case sensitive. A tag with the key "ABC"
	// is a different tag from one with key "abc".
	//
	// If you check tags in IAM policy Condition elements as part of your security
	// strategy, then adding or removing a tag can change permissions. If the successful
	// completion of this operation would result in you losing your permissions
	// for this secret, then this operation is blocked and returns an Access Denied
	// error.
	//
	// This parameter requires a JSON text string argument. For information on how
	// to format a JSON parameter for the various command line tool environments,
	// see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
	// in the AWS CLI User Guide. For example:
	//
	// [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
	//
	// If your command-line tool or SDK requires quotation marks around the parameter,
	// you should use single quotes to avoid confusion with the double quotes required
	// in the JSON text.
	//
	// The following basic restrictions apply to tags:
	//
	//    * Maximum number of tags per secret—50
	//
	//    * Maximum key length—127 Unicode characters in UTF-8
	//
	//    * Maximum value length—255 Unicode characters in UTF-8
	//
	//    * Tag keys and values are case sensitive.
	//
	//    * Do not use the aws: prefix in your tag names or values because it is
	//    reserved for AWS use. You can't edit or delete tag names or values with
	//    this prefix. Tags with this prefix do not count against your tags per
	//    secret limit.
	//
	//    * If your tagging schema will be used across multiple services and resources,
	//    remember that other services might have restrictions on allowed characters.
	//    Generally allowed characters are: letters, spaces, and numbers representable
	//    in UTF-8, plus the following special characters: + - = . _ : / @.
	Tags []Tag `type:"list"`
}

// String returns the string representation
func (s CreateSecretInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateSecretInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateSecretInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "CreateSecretInput"}
	if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 {
		invalidParams.Add(aws.NewErrParamMinLen("ClientRequestToken", 32))
	}

	if s.Name == nil {
		invalidParams.Add(aws.NewErrParamRequired("Name"))
	}
	if s.Name != nil && len(*s.Name) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("Name", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(aws.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse
type CreateSecretOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The Amazon Resource Name (ARN) of the secret that you just created.
	//
	// Secrets Manager automatically adds several random characters to the name
	// at the end of the ARN when you initially create a secret. This affects only
	// the ARN and not the actual friendly name. This ensures that if you create
	// a new secret with the same name as an old secret that you previously deleted,
	// then users with access to the old secret don't automatically get access to
	// the new secret because the ARNs are different.
	ARN *string `min:"20" type:"string"`

	// The friendly name of the secret that you just created.
	Name *string `min:"1" type:"string"`

	// The unique identifier that's associated with the version of the secret you
	// just created.
	VersionId *string `min:"32" type:"string"`
}

// String returns the string representation
func (s CreateSecretOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateSecretOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s CreateSecretOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretRequest
type DeleteSecretInput struct {
	_ struct{} `type:"structure"`

	// (Optional) Specifies the number of days that Secrets Manager waits before
	// it can delete the secret.
	//
	// This value can range from 7 to 30 days. The default value is 30.
	RecoveryWindowInDays *int64 `type:"long"`

	// Specifies the secret that you want to delete. You can specify either the
	// Amazon Resource Name (ARN) or the friendly name of the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteSecretInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteSecretInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteSecretInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "DeleteSecretInput"}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretResponse
type DeleteSecretOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The ARN of the secret that is now scheduled for deletion.
	ARN *string `min:"20" type:"string"`

	// The date and time after which this secret can be deleted by Secrets Manager
	// and can no longer be restored. This value is the date and time of the delete
	// request plus the number of days specified in RecoveryWindowInDays.
	DeletionDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The friendly name of the secret that is now scheduled for deletion.
	Name *string `min:"1" type:"string"`
}

// String returns the string representation
func (s DeleteSecretOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteSecretOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s DeleteSecretOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretRequest
type DescribeSecretInput struct {
	_ struct{} `type:"structure"`

	// The identifier of the secret whose details you want to retrieve. You can
	// specify either the Amazon Resource Name (ARN) or the friendly name of the
	// secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DescribeSecretInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DescribeSecretInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeSecretInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "DescribeSecretInput"}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse
type DescribeSecretOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// This value exists if the secret is scheduled for deletion. Some time after
	// the specified date and time, Secrets Manager deletes the secret and all of
	// its versions.
	//
	// If a secret is scheduled for deletion, then its details, including the encrypted
	// secret information, is not accessible. To cancel a scheduled deletion and
	// restore access, use RestoreSecret.
	DeletedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The user-provided description of the secret.
	Description *string `type:"string"`

	// The ARN or alias of the AWS KMS customer master key (CMK) that's used to
	// encrypt the SecretString or SecretBinary fields in each version of the secret.
	// If you don't provide a key, then Secrets Manager defaults to encrypting the
	// secret fields with the default KMS CMK (the one named awssecretsmanager)
	// for this account.
	KmsKeyId *string `type:"string"`

	// The last date that this secret was accessed. This value is truncated to midnight
	// of the date and therefore shows only the date, not the time.
	LastAccessedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The last date and time that this secret was modified in any way.
	LastChangedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The last date and time that the Secrets Manager rotation process for this
	// secret was invoked.
	LastRotatedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The user-provided friendly name of the secret.
	Name *string `min:"1" type:"string"`

	// Specifies whether automatic rotation is enabled for this secret.
	//
	// To enable rotation, use RotateSecret with AutomaticallyRotateAfterDays set
	// to a value greater than 0. To disable rotation, use CancelRotateSecret.
	RotationEnabled *bool `type:"boolean"`

	// The ARN of a Lambda function that's invoked by Secrets Manager to rotate
	// the secret either automatically per the schedule or manually by a call to
	// RotateSecret.
	RotationLambdaARN *string `type:"string"`

	// A structure that contains the rotation configuration for this secret.
	RotationRules *RotationRulesType `type:"structure"`

	// The list of user-defined tags that are associated with the secret. To add
	// tags to a secret, use TagResource. To remove tags, use UntagResource.
	Tags []Tag `type:"list"`

	// A list of all of the currently assigned VersionStage staging labels and the
	// SecretVersionId that each is attached to. Staging labels are used to keep
	// track of the different versions during the rotation process.
	//
	// A version that does not have any staging labels attached is considered deprecated
	// and subject to deletion. Such versions are not included in this list.
	VersionIdsToStages map[string][]string `type:"map"`
}

// String returns the string representation
func (s DescribeSecretOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DescribeSecretOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s DescribeSecretOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPasswordRequest
type GetRandomPasswordInput struct {
	_ struct{} `type:"structure"`

	// A string that includes characters that should not be included in the generated
	// password. The default is that all characters from the included sets can be
	// used.
	ExcludeCharacters *string `type:"string"`

	// Specifies that the generated password should not include lowercase letters.
	// The default if you do not include this switch parameter is that lowercase
	// letters can be included.
	ExcludeLowercase *bool `type:"boolean"`

	// Specifies that the generated password should not include digits. The default
	// if you do not include this switch parameter is that digits can be included.
	ExcludeNumbers *bool `type:"boolean"`

	// Specifies that the generated password should not include punctuation characters.
	// The default if you do not include this switch parameter is that punctuation
	// characters can be included.
	ExcludePunctuation *bool `type:"boolean"`

	// Specifies that the generated password should not include uppercase letters.
	// The default if you do not include this switch parameter is that uppercase
	// letters can be included.
	ExcludeUppercase *bool `type:"boolean"`

	// Specifies that the generated password can include the space character. The
	// default if you do not include this switch parameter is that the space character
	// is not included.
	IncludeSpace *bool `type:"boolean"`

	// The desired length of the generated password. The default value if you do
	// not include this parameter is 32 characters.
	PasswordLength *int64 `min:"1" type:"long"`

	// A boolean value that specifies whether the generated password must include
	// at least one of every allowed character type. The default value is True and
	// the operation requires at least one of every character type.
	RequireEachIncludedType *bool `type:"boolean"`
}

// String returns the string representation
func (s GetRandomPasswordInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetRandomPasswordInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetRandomPasswordInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "GetRandomPasswordInput"}
	if s.PasswordLength != nil && *s.PasswordLength < 1 {
		invalidParams.Add(aws.NewErrParamMinValue("PasswordLength", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPasswordResponse
type GetRandomPasswordOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// A string with the generated password.
	RandomPassword *string `type:"string"`
}

// String returns the string representation
func (s GetRandomPasswordOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetRandomPasswordOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s GetRandomPasswordOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValueRequest
type GetSecretValueInput struct {
	_ struct{} `type:"structure"`

	// Specifies the secret containing the version that you want to retrieve. You
	// can specify either the Amazon Resource Name (ARN) or the friendly name of
	// the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// Specifies the unique identifier of the version of the secret that you want
	// to retrieve. If you specify this parameter then don't specify VersionStage.
	// If you don't specify either a VersionStage or SecretVersionId then the default
	// is to perform the operation on the version with the VersionStage value of
	// AWSCURRENT.
	//
	// This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value with 32 hexadecimal digits.
	VersionId *string `min:"32" type:"string"`

	// Specifies the secret version that you want to retrieve by the staging label
	// attached to the version.
	//
	// Staging labels are used to keep track of different versions during the rotation
	// process. If you use this parameter then don't specify SecretVersionId. If
	// you don't specify either a VersionStage or SecretVersionId, then the default
	// is to perform the operation on the version with the VersionStage value of
	// AWSCURRENT.
	VersionStage *string `min:"1" type:"string"`
}

// String returns the string representation
func (s GetSecretValueInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetSecretValueInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetSecretValueInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "GetSecretValueInput"}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}
	if s.VersionId != nil && len(*s.VersionId) < 32 {
		invalidParams.Add(aws.NewErrParamMinLen("VersionId", 32))
	}
	if s.VersionStage != nil && len(*s.VersionStage) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("VersionStage", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValueResponse
type GetSecretValueOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The date and time that this version of the secret was created.
	CreatedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The friendly name of the secret.
	Name *string `min:"1" type:"string"`

	// The decrypted part of the protected secret information that was originally
	// provided as binary data in the form of a byte array. The response parameter
	// represents the binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4)
	// string.
	//
	// This parameter is not used if the secret is created by the Secrets Manager
	// console.
	//
	// If you store custom information in this field of the secret, then you must
	// code your Lambda rotation function to parse and interpret whatever you store
	// in the SecretString or SecretBinary fields.
	//
	// SecretBinary is automatically base64 encoded/decoded by the SDK.
	SecretBinary []byte `type:"blob"`

	// The decrypted part of the protected secret information that was originally
	// provided as a string.
	//
	// If you create this secret by using the Secrets Manager console then only
	// the SecretString parameter contains data. Secrets Manager stores the information
	// as a JSON structure of key/value pairs that the Lambda rotation function
	// knows how to parse.
	//
	// If you store custom information in the secret by using the CreateSecret,
	// UpdateSecret, or PutSecretValue API operations instead of the Secrets Manager
	// console, or by using the Other secret type in the console, then you must
	// code your Lambda rotation function to parse and interpret those values.
	SecretString *string `type:"string"`

	// The unique identifier of this version of the secret.
	VersionId *string `min:"32" type:"string"`

	// A list of all of the staging labels currently attached to this version of
	// the secret.
	VersionStages []string `min:"1" type:"list"`
}

// String returns the string representation
func (s GetSecretValueOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetSecretValueOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s GetSecretValueOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIdsRequest
type ListSecretVersionIdsInput struct {
	_ struct{} `type:"structure"`

	// (Optional) Specifies that you want the results to include versions that do
	// not have any staging labels attached to them. Such versions are considered
	// deprecated and are subject to deletion by Secrets Manager as needed.
	IncludeDeprecated *bool `type:"boolean"`

	// (Optional) Limits the number of results that you want to include in the response.
	// If you don't include this parameter, it defaults to a value that's specific
	// to the operation. If additional items exist beyond the maximum you specify,
	// the NextToken response element is present and has a value (isn't null). Include
	// that value as the NextToken request parameter in the next call to the operation
	// to get the next part of the results. Note that Secrets Manager might return
	// fewer results than the maximum even when there are more results available.
	// You should check NextToken after every operation to ensure that you receive
	// all of the results.
	MaxResults *int64 `min:"1" type:"integer"`

	// (Optional) Use this parameter in a request if you receive a NextToken response
	// in a previous request that indicates that there's more output available.
	// In a subsequent call, set it to the value of the previous call's NextToken
	// response to indicate where the output should continue from.
	NextToken *string `min:"1" type:"string"`

	// The identifier for the secret containing the versions you want to list. You
	// can specify either the Amazon Resource Name (ARN) or the friendly name of
	// the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ListSecretVersionIdsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSecretVersionIdsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListSecretVersionIdsInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "ListSecretVersionIdsInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(aws.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("NextToken", 1))
	}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIdsResponse
type ListSecretVersionIdsOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The Amazon Resource Name (ARN) for the secret.
	//
	// Secrets Manager automatically adds several random characters to the name
	// at the end of the ARN when you initially create a secret. This affects only
	// the ARN and not the actual friendly name. This ensures that if you create
	// a new secret with the same name as an old secret that you previously deleted,
	// then users with access to the old secret don't automatically get access to
	// the new secret because the ARNs are different.
	ARN *string `min:"20" type:"string"`

	// The friendly name of the secret.
	Name *string `min:"1" type:"string"`

	// If present in the response, this value indicates that there's more output
	// available than what's included in the current response. This can occur even
	// when the response includes no values at all, such as when you ask for a filtered
	// view of a very long list. Use this value in the NextToken request parameter
	// in a subsequent call to the operation to continue processing and get the
	// next part of the output. You should repeat this until the NextToken response
	// element comes back empty (as null).
	NextToken *string `min:"1" type:"string"`

	// The list of the currently available versions of the specified secret.
	Versions []SecretVersionsListEntry `type:"list"`
}

// String returns the string representation
func (s ListSecretVersionIdsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSecretVersionIdsOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s ListSecretVersionIdsOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsRequest
type ListSecretsInput struct {
	_ struct{} `type:"structure"`

	// (Optional) Limits the number of results that you want to include in the response.
	// If you don't include this parameter, it defaults to a value that's specific
	// to the operation. If additional items exist beyond the maximum you specify,
	// the NextToken response element is present and has a value (isn't null). Include
	// that value as the NextToken request parameter in the next call to the operation
	// to get the next part of the results. Note that Secrets Manager might return
	// fewer results than the maximum even when there are more results available.
	// You should check NextToken after every operation to ensure that you receive
	// all of the results.
	MaxResults *int64 `min:"1" type:"integer"`

	// (Optional) Use this parameter in a request if you receive a NextToken response
	// in a previous request that indicates that there's more output available.
	// In a subsequent call, set it to the value of the previous call's NextToken
	// response to indicate where the output should continue from.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListSecretsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSecretsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListSecretsInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "ListSecretsInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(aws.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("NextToken", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsResponse
type ListSecretsOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// If present in the response, this value indicates that there's more output
	// available than what's included in the current response. This can occur even
	// when the response includes no values at all, such as when you ask for a filtered
	// view of a very long list. Use this value in the NextToken request parameter
	// in a subsequent call to the operation to continue processing and get the
	// next part of the output. You should repeat this until the NextToken response
	// element comes back empty (as null).
	NextToken *string `min:"1" type:"string"`

	// A list of the secrets in the account.
	SecretList []SecretListEntry `type:"list"`
}

// String returns the string representation
func (s ListSecretsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSecretsOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s ListSecretsOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueRequest
type PutSecretValueInput struct {
	_ struct{} `type:"structure"`

	// (Optional) Specifies a unique identifier for the new version of the secret.
	//
	// If you use the AWS CLI or one of the AWS SDK to call this operation, then
	// you can leave this parameter empty. The CLI or SDK generates a random UUID
	// for you and includes that in the request. If you don't use the SDK and instead
	// generate a raw HTTP request to the Secrets Manager service endpoint, then
	// you must generate a ClientRequestToken yourself for new versions and include
	// that value in the request.
	//
	// This value helps ensure idempotency. Secrets Manager uses this value to prevent
	// the accidental creation of duplicate versions if there are failures and retries
	// during the Lambda rotation function's processing. We recommend that you generate
	// a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value
	// to ensure uniqueness within the specified secret.
	//
	//    * If the ClientRequestToken value isn't already associated with a version
	//    of the secret then a new version of the secret is created.
	//
	//    * If a version with this value already exists and that version's SecretString
	//    or SecretBinary values are the same as those in the request then the request
	//    is ignored (the operation is idempotent).
	//
	//    * If a version with this value already exists and that version's SecretString
	//    and SecretBinary values are different from those in the request then the
	//    request fails because you cannot modify an existing secret version. You
	//    can only create new versions to store new secret values.
	//
	// This value becomes the SecretVersionId of the new version.
	ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`

	// (Optional) Specifies binary data that you want to encrypt and store in the
	// new version of the secret. To use this parameter in the command-line tools,
	// we recommend that you store your binary data in a file and then use the appropriate
	// technique for your tool to pass the contents of the file as a parameter.
	// Either SecretBinary or SecretString must have a value, but not both. They
	// cannot both be empty.
	//
	// This parameter is not accessible if the secret using the Secrets Manager
	// console.
	//
	// SecretBinary is automatically base64 encoded/decoded by the SDK.
	SecretBinary []byte `type:"blob"`

	// Specifies the secret to which you want to add a new version. You can specify
	// either the Amazon Resource Name (ARN) or the friendly name of the secret.
	// The secret must already exist.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// (Optional) Specifies text data that you want to encrypt and store in this
	// new version of the secret. Either SecretString or SecretBinary must have
	// a value, but not both. They cannot both be empty.
	//
	// If you create this secret by using the Secrets Manager console then Secrets
	// Manager puts the protected secret text in only the SecretString parameter.
	// The Secrets Manager console stores the information as a JSON structure of
	// key/value pairs that the default Lambda rotation function knows how to parse.
	//
	// For storing multiple values, we recommend that you use a JSON text string
	// argument and specify key/value pairs. For information on how to format a
	// JSON parameter for the various command line tool environments, see Using
	// JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
	// in the AWS CLI User Guide.
	//
	// For example:
	//
	// [{"username":"bob"},{"password":"abc123xyz456"}]
	//
	// If your command-line tool or SDK requires quotation marks around the parameter,
	// you should use single quotes to avoid confusion with the double quotes required
	// in the JSON text.
	SecretString *string `type:"string"`

	// (Optional) Specifies a list of staging labels that are attached to this version
	// of the secret. These staging labels are used to track the versions through
	// the rotation process by the Lambda rotation function.
	//
	// A staging label must be unique to a single version of the secret. If you
	// specify a staging label that's already associated with a different version
	// of the same secret then that staging label is automatically removed from
	// the other version and attached to this version.
	//
	// If you do not specify a value for VersionStages then Secrets Manager automatically
	// moves the staging label AWSCURRENT to this new version.
	VersionStages []string `min:"1" type:"list"`
}

// String returns the string representation
func (s PutSecretValueInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PutSecretValueInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutSecretValueInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "PutSecretValueInput"}
	if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 {
		invalidParams.Add(aws.NewErrParamMinLen("ClientRequestToken", 32))
	}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}
	if s.VersionStages != nil && len(s.VersionStages) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("VersionStages", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueResponse
type PutSecretValueOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The Amazon Resource Name (ARN) for the secret for which you just created
	// a version.
	ARN *string `min:"20" type:"string"`

	// The friendly name of the secret for which you just created or updated a version.
	Name *string `min:"1" type:"string"`

	// The unique identifier of the version of the secret you just created or updated.
	VersionId *string `min:"32" type:"string"`

	// The list of staging labels that are currently attached to this version of
	// the secret. Staging labels are used to track a version as it progresses through
	// the secret rotation process.
	VersionStages []string `min:"1" type:"list"`
}

// String returns the string representation
func (s PutSecretValueOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PutSecretValueOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s PutSecretValueOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretRequest
type RestoreSecretInput struct {
	_ struct{} `type:"structure"`

	// Specifies the secret that you want to restore from a previously scheduled
	// deletion. You can specify either the Amazon Resource Name (ARN) or the friendly
	// name of the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s RestoreSecretInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RestoreSecretInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RestoreSecretInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "RestoreSecretInput"}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretResponse
type RestoreSecretOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The ARN of the secret that was restored.
	ARN *string `min:"20" type:"string"`

	// The friendly name of the secret that was restored.
	Name *string `min:"1" type:"string"`
}

// String returns the string representation
func (s RestoreSecretOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RestoreSecretOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s RestoreSecretOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest
type RotateSecretInput struct {
	_ struct{} `type:"structure"`

	// (Optional) Specifies a unique identifier for the new version of the secret
	// that helps ensure idempotency.
	//
	// If you use the AWS CLI or one of the AWS SDK to call this operation, then
	// you can leave this parameter empty. The CLI or SDK generates a random UUID
	// for you and includes that in the request for this parameter. If you don't
	// use the SDK and instead generate a raw HTTP request to the Secrets Manager
	// service endpoint, then you must generate a ClientRequestToken yourself for
	// new versions and include that value in the request.
	//
	// You only need to specify your own value if you are implementing your own
	// retry logic and want to ensure that a given secret is not created twice.
	// We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value to ensure uniqueness within the specified secret.
	//
	// Secrets Manager uses this value to prevent the accidental creation of duplicate
	// versions if there are failures and retries during the function's processing.
	//
	//    * If the ClientRequestToken value isn't already associated with a version
	//    of the secret then a new version of the secret is created.
	//
	//    * If a version with this value already exists and that version's SecretString
	//    and SecretBinary values are the same as the request, then the request
	//    is ignored (the operation is idempotent).
	//
	//    * If a version with this value already exists and that version's SecretString
	//    and SecretBinary values are different from the request then an error occurs
	//    because you cannot modify an existing secret value.
	//
	// This value becomes the SecretVersionId of the new version.
	ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`

	// (Optional) Specifies the ARN of the Lambda function that can rotate the secret.
	RotationLambdaARN *string `type:"string"`

	// A structure that defines the rotation configuration for this secret.
	RotationRules *RotationRulesType `type:"structure"`

	// Specifies the secret that you want to rotate. You can specify either the
	// Amazon Resource Name (ARN) or the friendly name of the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s RotateSecretInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RotateSecretInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RotateSecretInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "RotateSecretInput"}
	if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 {
		invalidParams.Add(aws.NewErrParamMinLen("ClientRequestToken", 32))
	}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}
	if s.RotationRules != nil {
		if err := s.RotationRules.Validate(); err != nil {
			invalidParams.AddNested("RotationRules", err.(aws.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretResponse
type RotateSecretOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The friendly name of the secret.
	Name *string `min:"1" type:"string"`

	// The ID of the new version of the secret created by the rotation started by
	// this request.
	VersionId *string `min:"32" type:"string"`
}

// String returns the string representation
func (s RotateSecretOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RotateSecretOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s RotateSecretOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// A structure that defines the rotation configuration for the secret.
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotationRulesType
type RotationRulesType struct {
	_ struct{} `type:"structure"`

	// Specifies the number of days between automatic scheduled rotations of the
	// secret.
	AutomaticallyAfterDays *int64 `min:"1" type:"long"`
}

// String returns the string representation
func (s RotationRulesType) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RotationRulesType) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RotationRulesType) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "RotationRulesType"}
	if s.AutomaticallyAfterDays != nil && *s.AutomaticallyAfterDays < 1 {
		invalidParams.Add(aws.NewErrParamMinValue("AutomaticallyAfterDays", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// A structure that contains the details about a secret. It does not include
// the encrypted SecretString and SecretBinary values. To get those values,
// use the GetSecretValue operation.
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretListEntry
type SecretListEntry struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the secret.
	//
	// For more information about ARNs in Secrets Manager, see Policy Resources
	// (http://docs.aws.amazon.com/http:/docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources)
	// in the AWS Secrets Manager User Guide.
	ARN *string `min:"20" type:"string"`

	// The date and time on which this secret was deleted. Not present on active
	// secrets. The secret can be recovered until the number of days in the recovery
	// window has passed, as specified in the RecoveryWindowInDays parameter of
	// the DeleteSecret operation.
	DeletedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The user-provided description of the secret.
	Description *string `type:"string"`

	// The ARN or alias of the AWS KMS customer master key (CMK) that's used to
	// encrypt the SecretString and SecretBinary fields in each version of the secret.
	// If you don't provide a key, then Secrets Manager defaults to encrypting the
	// secret fields with the default KMS CMK (the one named awssecretsmanager)
	// for this account.
	KmsKeyId *string `type:"string"`

	// The last date that this secret was accessed. This value is truncated to midnight
	// of the date and therefore shows only the date, not the time.
	LastAccessedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The last date and time that this secret was modified in any way.
	LastChangedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The last date and time that the rotation process for this secret was invoked.
	LastRotatedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The friendly name of the secret. You can use forward slashes in the name
	// to represent a path hierarchy. For example, /prod/databases/dbserver1 could
	// represent the secret for a server named dbserver1 in the folder databases
	// in the folder prod.
	Name *string `min:"1" type:"string"`

	// Indicated whether automatic, scheduled rotation is enabled for this secret.
	RotationEnabled *bool `type:"boolean"`

	// The ARN of an AWS Lambda function that's invoked by Secrets Manager to rotate
	// and expire the secret either automatically per the schedule or manually by
	// a call to RotateSecret.
	RotationLambdaARN *string `type:"string"`

	// A structure that defines the rotation configuration for the secret.
	RotationRules *RotationRulesType `type:"structure"`

	// A list of all of the currently assigned SecretVersionStage staging labels
	// and the SecretVersionId that each is attached to. Staging labels are used
	// to keep track of the different versions during the rotation process.
	//
	// A version that does not have any SecretVersionStage is considered deprecated
	// and subject to deletion. Such versions are not included in this list.
	SecretVersionsToStages map[string][]string `type:"map"`

	// The list of user-defined tags that are associated with the secret. To add
	// tags to a secret, use TagResource. To remove tags, use UntagResource.
	Tags []Tag `type:"list"`
}

// String returns the string representation
func (s SecretListEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SecretListEntry) GoString() string {
	return s.String()
}

// A structure that contains information about one version of a secret.
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretVersionsListEntry
type SecretVersionsListEntry struct {
	_ struct{} `type:"structure"`

	// The date and time this version of the secret was created.
	CreatedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The date that this version of the secret was last accessed. Note that the
	// resolution of this field is at the date level and does not include the time.
	LastAccessedDate *time.Time `type:"timestamp" timestampFormat:"unix"`

	// The unique version identifier of this version of the secret.
	VersionId *string `min:"32" type:"string"`

	// An array of staging labels that are currently associated with this version
	// of the secret.
	VersionStages []string `min:"1" type:"list"`
}

// String returns the string representation
func (s SecretVersionsListEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SecretVersionsListEntry) GoString() string {
	return s.String()
}

// A structure that contains information about a tag.
// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Tag
type Tag struct {
	_ struct{} `type:"structure"`

	// The key identifier, or name, of the tag.
	Key *string `min:"1" type:"string"`

	// The string value that's associated with the key of the tag.
	Value *string `type:"string"`
}

// String returns the string representation
func (s Tag) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s Tag) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *Tag) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "Tag"}
	if s.Key != nil && len(*s.Key) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("Key", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResourceRequest
type TagResourceInput struct {
	_ struct{} `type:"structure"`

	// The identifier for the secret that you want to attach tags to. You can specify
	// either the Amazon Resource Name (ARN) or the friendly name of the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// The tags to attach to the secret. Each element in the list consists of a
	// Key and a Value.
	//
	// This parameter to the API requires a JSON text string argument. For information
	// on how to format a JSON parameter for the various command line tool environments,
	// see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
	// in the AWS CLI User Guide. For the AWS CLI, you can also use the syntax:
	// --Tags Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]
	//
	// Tags is a required field
	Tags []Tag `type:"list" required:"true"`
}

// String returns the string representation
func (s TagResourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s TagResourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagResourceInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "TagResourceInput"}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if s.Tags == nil {
		invalidParams.Add(aws.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(aws.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResourceOutput
type TagResourceOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response
}

// String returns the string representation
func (s TagResourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s TagResourceOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s TagResourceOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResourceRequest
type UntagResourceInput struct {
	_ struct{} `type:"structure"`

	// The identifier for the secret that you want to remove tags from. You can
	// specify either the Amazon Resource Name (ARN) or the friendly name of the
	// secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// A list of tag key names to remove from the secret. You don't specify the
	// value. Both the key and its associated value are removed.
	//
	// This parameter to the API requires a JSON text string argument. For information
	// on how to format a JSON parameter for the various command line tool environments,
	// see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
	// in the AWS CLI User Guide.
	//
	// TagKeys is a required field
	TagKeys []string `type:"list" required:"true"`
}

// String returns the string representation
func (s UntagResourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UntagResourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagResourceInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "UntagResourceInput"}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if s.TagKeys == nil {
		invalidParams.Add(aws.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResourceOutput
type UntagResourceOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response
}

// String returns the string representation
func (s UntagResourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UntagResourceOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s UntagResourceOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest
type UpdateSecretInput struct {
	_ struct{} `type:"structure"`

	// (Optional) If you want to add a new version to the secret, this parameter
	// specifies a unique identifier for the new version that helps ensure idempotency.
	//
	// If you use the AWS CLI or one of the AWS SDK to call this operation, then
	// you can leave this parameter empty. The CLI or SDK generates a random UUID
	// for you and includes that in the request. If you don't use the SDK and instead
	// generate a raw HTTP request to the Secrets Manager service endpoint, then
	// you must generate a ClientRequestToken yourself for new versions and include
	// that value in the request.
	//
	// You typically only need to interact with this value if you implement your
	// own retry logic and want to ensure that a given secret is not created twice.
	// We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value to ensure uniqueness within the specified secret.
	//
	// Secrets Manager uses this value to prevent the accidental creation of duplicate
	// versions if there are failures and retries during the Lambda rotation function's
	// processing.
	//
	//    * If the ClientRequestToken value isn't already associated with a version
	//    of the secret then a new version of the secret is created.
	//
	//    * If a version with this value already exists and that version's SecretString
	//    and SecretBinary values are the same as those in the request then the
	//    request is ignored (the operation is idempotent).
	//
	//    * If a version with this value already exists and that version's SecretString
	//    and SecretBinary values are different from the request then an error occurs
	//    because you cannot modify an existing secret value.
	//
	// This value becomes the SecretVersionId of the new version.
	ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`

	// (Optional) Specifies a user-provided description of the secret.
	Description *string `type:"string"`

	// (Optional) Specifies the ARN or alias of the KMS customer master key (CMK)
	// to be used to encrypt the protected text in the versions of this secret.
	//
	// If you don't specify this value, then Secrets Manager defaults to using the
	// default CMK in the account (the one named aws/secretsmanager). If a KMS CMK
	// with that name doesn't exist, then Secrets Manager creates it for you automatically
	// the first time it needs to encrypt a version's Plaintext or PlaintextString
	// fields.
	//
	// You can only use the account's default CMK to encrypt and decrypt if you
	// call this operation using credentials from the same account that owns the
	// secret. If the secret is in a different account, then you must create a custom
	// CMK and provide the ARN in this field.
	KmsKeyId *string `type:"string"`

	// (Optional) Specifies binary data that you want to encrypt and store in the
	// new version of the secret. To use this parameter in the command-line tools,
	// we recommend that you store your binary data in a file and then use the appropriate
	// technique for your tool to pass the contents of the file as a parameter.
	// Either SecretBinary or SecretString must have a value, but not both. They
	// cannot both be empty.
	//
	// This parameter is not accessible using the Secrets Manager console.
	//
	// SecretBinary is automatically base64 encoded/decoded by the SDK.
	SecretBinary []byte `type:"blob"`

	// Specifies the secret that you want to update or to which you want to add
	// a new version. You can specify either the Amazon Resource Name (ARN) or the
	// friendly name of the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// (Optional) Specifies text data that you want to encrypt and store in this
	// new version of the secret. Either SecretBinary or SecretString must have
	// a value, but not both. They cannot both be empty.
	//
	// If you create this secret by using the Secrets Manager console then Secrets
	// Manager puts the protected secret text in only the SecretString parameter.
	// The Secrets Manager console stores the information as a JSON structure of
	// key/value pairs that the default Lambda rotation function knows how to parse.
	//
	// For storing multiple values, we recommend that you use a JSON text string
	// argument and specify key/value pairs. For information on how to format a
	// JSON parameter for the various command line tool environments, see Using
	// JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
	// in the AWS CLI User Guide. For example:
	//
	// [{"username":"bob"},{"password":"abc123xyz456"}]
	//
	// If your command-line tool or SDK requires quotation marks around the parameter,
	// you should use single quotes to avoid confusion with the double quotes required
	// in the JSON text.
	SecretString *string `type:"string"`
}

// String returns the string representation
func (s UpdateSecretInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSecretInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSecretInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "UpdateSecretInput"}
	if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 {
		invalidParams.Add(aws.NewErrParamMinLen("ClientRequestToken", 32))
	}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretResponse
type UpdateSecretOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The ARN of this secret.
	//
	// Secrets Manager automatically adds several random characters to the name
	// at the end of the ARN when you initially create a secret. This affects only
	// the ARN and not the actual friendly name. This ensures that if you create
	// a new secret with the same name as an old secret that you previously deleted,
	// then users with access to the old secret don't automatically get access to
	// the new secret because the ARNs are different.
	ARN *string `min:"20" type:"string"`

	// The friendly name of this secret.
	Name *string `min:"1" type:"string"`

	// If a version of the secret was created or updated by this operation, then
	// its unique identifier is returned.
	VersionId *string `min:"32" type:"string"`
}

// String returns the string representation
func (s UpdateSecretOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSecretOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s UpdateSecretOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageRequest
type UpdateSecretVersionStageInput struct {
	_ struct{} `type:"structure"`

	// (Optional) The secret version ID that you want to add the staging labels
	// to.
	//
	// If any of the staging labels are already attached to a different version
	// of the secret, then they are removed from that version before adding them
	// to this version.
	MoveToVersionId *string `min:"32" type:"string"`

	// (Optional) Specifies the secret version ID of the version that the staging
	// labels are to be removed from.
	//
	// If you want to move a label to a new version, you do not have to explicitly
	// remove it with this parameter. Adding a label using the MoveToVersionId parameter
	// automatically removes it from the old version. However, if you do include
	// both the "MoveTo" and "RemoveFrom" parameters, then the move is successful
	// only if the staging labels are actually present on the "RemoveFrom" version.
	// If a staging label was on a different version than "RemoveFrom", then the
	// request fails.
	RemoveFromVersionId *string `min:"32" type:"string"`

	// Specifies the secret with the version whose list of staging labels you want
	// to modify. You can specify either the Amazon Resource Name (ARN) or the friendly
	// name of the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// The list of staging labels to add to this version.
	//
	// VersionStage is a required field
	VersionStage *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s UpdateSecretVersionStageInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSecretVersionStageInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSecretVersionStageInput) Validate() error {
	invalidParams := aws.ErrInvalidParams{Context: "UpdateSecretVersionStageInput"}
	if s.MoveToVersionId != nil && len(*s.MoveToVersionId) < 32 {
		invalidParams.Add(aws.NewErrParamMinLen("MoveToVersionId", 32))
	}
	if s.RemoveFromVersionId != nil && len(*s.RemoveFromVersionId) < 32 {
		invalidParams.Add(aws.NewErrParamMinLen("RemoveFromVersionId", 32))
	}

	if s.SecretId == nil {
		invalidParams.Add(aws.NewErrParamRequired("SecretId"))
	}
	if s.SecretId != nil && len(*s.SecretId) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("SecretId", 1))
	}

	if s.VersionStage == nil {
		invalidParams.Add(aws.NewErrParamRequired("VersionStage"))
	}
	if s.VersionStage != nil && len(*s.VersionStage) < 1 {
		invalidParams.Add(aws.NewErrParamMinLen("VersionStage", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Please also see https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageResponse
type UpdateSecretVersionStageOutput struct {
	_ struct{} `type:"structure"`

	responseMetadata aws.Response

	// The ARN of the secret with the staging labels that were modified.
	ARN *string `min:"20" type:"string"`

	// The friendly name of the secret with the staging labels that were modified.
	Name *string `min:"1" type:"string"`
}

// String returns the string representation
func (s UpdateSecretVersionStageOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSecretVersionStageOutput) GoString() string {
	return s.String()
}

// SDKResponseMetdata return sthe response metadata for the API.
func (s UpdateSecretVersionStageOutput) SDKResponseMetadata() aws.Response {
	return s.responseMetadata
}