diff --git a/.changelog/70d3436e6b5648fbac39888c670d4551.json b/.changelog/70d3436e6b5648fbac39888c670d4551.json new file mode 100644 index 00000000000..31d21d4038b --- /dev/null +++ b/.changelog/70d3436e6b5648fbac39888c670d4551.json @@ -0,0 +1,8 @@ +{ + "id": "70d3436e-6b56-48fb-ac39-888c670d4551", + "type": "feature", + "description": "CodePipeline now supports overriding S3 Source Object Key during StartPipelineExecution, as part of Source Overrides.", + "modules": [ + "service/codepipeline" + ] +} \ No newline at end of file diff --git a/.changelog/75fd0b05c29a4595aa378b628aae5ab0.json b/.changelog/75fd0b05c29a4595aa378b628aae5ab0.json new file mode 100644 index 00000000000..386b0e8e0ba --- /dev/null +++ b/.changelog/75fd0b05c29a4595aa378b628aae5ab0.json @@ -0,0 +1,8 @@ +{ + "id": "75fd0b05-c29a-4595-aa37-8b628aae5ab0", + "type": "feature", + "description": "New feature: common controls. When creating custom controls, you can now use pre-grouped AWS data sources based on common compliance themes. Also, the awsServices parameter is deprecated because we now manage services in scope for you. If used, the input is ignored and an empty list is returned.", + "modules": [ + "service/auditmanager" + ] +} \ No newline at end of file diff --git a/.changelog/ba0cd226df224dccb70b723e3eafc3f5.json b/.changelog/ba0cd226df224dccb70b723e3eafc3f5.json new file mode 100644 index 00000000000..0bafc409d7b --- /dev/null +++ b/.changelog/ba0cd226df224dccb70b723e3eafc3f5.json @@ -0,0 +1,8 @@ +{ + "id": "ba0cd226-df22-4dcc-b70b-723e3eafc3f5", + "type": "feature", + "description": "This release introduces a new optional parameter: InferenceAmiVersion, in ProductionVariant.", + "modules": [ + "service/sagemaker" + ] +} \ No newline at end of file diff --git a/.changelog/cb529d4887024732b24b6425a7bdb64f.json b/.changelog/cb529d4887024732b24b6425a7bdb64f.json new file mode 100644 index 00000000000..5ece254dcdb --- /dev/null +++ b/.changelog/cb529d4887024732b24b6425a7bdb64f.json @@ -0,0 +1,8 @@ +{ + "id": "cb529d48-8702-4732-b24b-6425a7bdb64f", + "type": "feature", + "description": "This release adds OpenIdConnect (OIDC) configuration support for IdentitySources, allowing for external IDPs to be used in authorization requests.", + "modules": [ + "service/verifiedpermissions" + ] +} \ No newline at end of file diff --git a/.changelog/e784f679495946748187bb933cf1305a.json b/.changelog/e784f679495946748187bb933cf1305a.json new file mode 100644 index 00000000000..40247190d3e --- /dev/null +++ b/.changelog/e784f679495946748187bb933cf1305a.json @@ -0,0 +1,8 @@ +{ + "id": "e784f679-4959-4674-8187-bb933cf1305a", + "type": "feature", + "description": "Added exceptions to B2Bi List operations and ConflictException to B2Bi StartTransformerJob operation. Also made capabilities field explicitly required when creating a Partnership.", + "modules": [ + "service/b2bi" + ] +} \ No newline at end of file diff --git a/feature/dynamodbstreams/attributevalue/go_module_metadata.go b/feature/dynamodbstreams/attributevalue/go_module_metadata.go index d352c29f7ba..5baf38738cf 100644 --- a/feature/dynamodbstreams/attributevalue/go_module_metadata.go +++ b/feature/dynamodbstreams/attributevalue/go_module_metadata.go @@ -3,4 +3,4 @@ package attributevalue // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.23" +const goModuleVersion = "1.14.0" diff --git a/service/account/api_op_AcceptPrimaryEmailUpdate.go b/service/account/api_op_AcceptPrimaryEmailUpdate.go index 5a16ec56c59..d1d6fba8f9b 100644 --- a/service/account/api_op_AcceptPrimaryEmailUpdate.go +++ b/service/account/api_op_AcceptPrimaryEmailUpdate.go @@ -131,6 +131,9 @@ func (c *Client) addOperationAcceptPrimaryEmailUpdateMiddlewares(stack *middlewa if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addTimeOffsetBuild(stack, c); err != nil { + return err + } if err = addOpAcceptPrimaryEmailUpdateValidationMiddleware(stack); err != nil { return err } diff --git a/service/account/api_op_GetPrimaryEmail.go b/service/account/api_op_GetPrimaryEmail.go index 4f3695a0daa..8f4195a9852 100644 --- a/service/account/api_op_GetPrimaryEmail.go +++ b/service/account/api_op_GetPrimaryEmail.go @@ -117,6 +117,9 @@ func (c *Client) addOperationGetPrimaryEmailMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addTimeOffsetBuild(stack, c); err != nil { + return err + } if err = addOpGetPrimaryEmailValidationMiddleware(stack); err != nil { return err } diff --git a/service/account/api_op_StartPrimaryEmailUpdate.go b/service/account/api_op_StartPrimaryEmailUpdate.go index 1a157edcc97..2f918afa85a 100644 --- a/service/account/api_op_StartPrimaryEmailUpdate.go +++ b/service/account/api_op_StartPrimaryEmailUpdate.go @@ -125,6 +125,9 @@ func (c *Client) addOperationStartPrimaryEmailUpdateMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addTimeOffsetBuild(stack, c); err != nil { + return err + } if err = addOpStartPrimaryEmailUpdateValidationMiddleware(stack); err != nil { return err } diff --git a/service/account/snapshot/api_op_AcceptPrimaryEmailUpdate.go.snap b/service/account/snapshot/api_op_AcceptPrimaryEmailUpdate.go.snap index 37171ed2965..f6283104189 100644 --- a/service/account/snapshot/api_op_AcceptPrimaryEmailUpdate.go.snap +++ b/service/account/snapshot/api_op_AcceptPrimaryEmailUpdate.go.snap @@ -12,6 +12,7 @@ AcceptPrimaryEmailUpdate ClientRequestID ComputeContentLength UserAgent + AddTimeOffsetMiddleware RecursionDetection Finalize stack step ResolveAuthScheme @@ -30,5 +31,6 @@ AcceptPrimaryEmailUpdate ResponseErrorWrapper RequestIDRetriever OperationDeserializer + AddTimeOffsetMiddleware RecordResponseTiming RequestResponseLogger diff --git a/service/account/snapshot/api_op_GetPrimaryEmail.go.snap b/service/account/snapshot/api_op_GetPrimaryEmail.go.snap index d989e90ffd7..d3b783c33c1 100644 --- a/service/account/snapshot/api_op_GetPrimaryEmail.go.snap +++ b/service/account/snapshot/api_op_GetPrimaryEmail.go.snap @@ -12,6 +12,7 @@ GetPrimaryEmail ClientRequestID ComputeContentLength UserAgent + AddTimeOffsetMiddleware RecursionDetection Finalize stack step ResolveAuthScheme @@ -30,5 +31,6 @@ GetPrimaryEmail ResponseErrorWrapper RequestIDRetriever OperationDeserializer + AddTimeOffsetMiddleware RecordResponseTiming RequestResponseLogger diff --git a/service/account/snapshot/api_op_StartPrimaryEmailUpdate.go.snap b/service/account/snapshot/api_op_StartPrimaryEmailUpdate.go.snap index 1113c07c35c..f377740ea03 100644 --- a/service/account/snapshot/api_op_StartPrimaryEmailUpdate.go.snap +++ b/service/account/snapshot/api_op_StartPrimaryEmailUpdate.go.snap @@ -12,6 +12,7 @@ StartPrimaryEmailUpdate ClientRequestID ComputeContentLength UserAgent + AddTimeOffsetMiddleware RecursionDetection Finalize stack step ResolveAuthScheme @@ -30,5 +31,6 @@ StartPrimaryEmailUpdate ResponseErrorWrapper RequestIDRetriever OperationDeserializer + AddTimeOffsetMiddleware RecordResponseTiming RequestResponseLogger diff --git a/service/auditmanager/api_op_CreateAssessment.go b/service/auditmanager/api_op_CreateAssessment.go index b3944044ebd..4b4ff4c0504 100644 --- a/service/auditmanager/api_op_CreateAssessment.go +++ b/service/auditmanager/api_op_CreateAssessment.go @@ -50,8 +50,18 @@ type CreateAssessmentInput struct { // This member is required. Roles []types.Role - // The wrapper that contains the Amazon Web Services accounts and services that - // are in scope for the assessment. + // The wrapper that contains the Amazon Web Services accounts that are in scope + // for the assessment. + // + // You no longer need to specify which Amazon Web Services are in scope when you + // create or update an assessment. Audit Manager infers the services in scope by + // examining your assessment controls and their data sources, and then mapping this + // information to the relevant Amazon Web Services. + // + // If an underlying data source changes for your assessment, we automatically + // update the services scope as needed to reflect the correct Amazon Web Services. + // This ensures that your assessment collects accurate and comprehensive evidence + // about all of the relevant services in your AWS environment. // // This member is required. Scope *types.Scope diff --git a/service/auditmanager/api_op_GetServicesInScope.go b/service/auditmanager/api_op_GetServicesInScope.go index 9cb4ee6d328..d558cdf663e 100644 --- a/service/auditmanager/api_op_GetServicesInScope.go +++ b/service/auditmanager/api_op_GetServicesInScope.go @@ -11,12 +11,18 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Gets a list of all of the Amazon Web Services that you can choose to include in -// your assessment. When you [create an assessment], specify which of these services you want to include -// to narrow the assessment's [scope]. +// Gets a list of the Amazon Web Services from which Audit Manager can collect +// evidence. // -// [create an assessment]: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_CreateAssessment.html -// [scope]: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_Scope.html +// Audit Manager defines which Amazon Web Services are in scope for an assessment. +// Audit Manager infers this scope by examining the assessment’s controls and their +// data sources, and then mapping this information to one or more of the +// corresponding Amazon Web Services that are in this list. +// +// For information about why it's no longer possible to specify services in scope +// manually, see [I can't edit the services in scope for my assessment]in the Troubleshooting section of the Audit Manager user guide. +// +// [I can't edit the services in scope for my assessment]: https://docs.aws.amazon.com/audit-manager/latest/userguide/evidence-collection-issues.html#unable-to-edit-services func (c *Client) GetServicesInScope(ctx context.Context, params *GetServicesInScopeInput, optFns ...func(*Options)) (*GetServicesInScopeOutput, error) { if params == nil { params = &GetServicesInScopeInput{} diff --git a/service/auditmanager/api_op_ListAssessmentControlInsightsByControlDomain.go b/service/auditmanager/api_op_ListAssessmentControlInsightsByControlDomain.go index b0e0100f8d2..02c4feca9d3 100644 --- a/service/auditmanager/api_op_ListAssessmentControlInsightsByControlDomain.go +++ b/service/auditmanager/api_op_ListAssessmentControlInsightsByControlDomain.go @@ -42,6 +42,13 @@ type ListAssessmentControlInsightsByControlDomainInput struct { // The unique identifier for the control domain. // + // Audit Manager supports the control domains that are provided by Amazon Web + // Services Control Catalog. For information about how to find a list of available + // control domains, see [ListDomains]ListDomains in the Amazon Web Services Control Catalog API + // Reference. + // + // [ListDomains]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html + // // This member is required. ControlDomainId *string diff --git a/service/auditmanager/api_op_ListControlDomainInsights.go b/service/auditmanager/api_op_ListControlDomainInsights.go index 2050fefc1f8..62dff6f717f 100644 --- a/service/auditmanager/api_op_ListControlDomainInsights.go +++ b/service/auditmanager/api_op_ListControlDomainInsights.go @@ -14,9 +14,16 @@ import ( // Lists the latest analytics data for control domains across all of your active // assessments. // +// Audit Manager supports the control domains that are provided by Amazon Web +// Services Control Catalog. For information about how to find a list of available +// control domains, see [ListDomains]ListDomains in the Amazon Web Services Control Catalog API +// Reference. +// // A control domain is listed only if at least one of the controls within that // domain collected evidence on the lastUpdated date of controlDomainInsights . If // this condition isn’t met, no data is listed for that control domain. +// +// [ListDomains]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html func (c *Client) ListControlDomainInsights(ctx context.Context, params *ListControlDomainInsightsInput, optFns ...func(*Options)) (*ListControlDomainInsightsOutput, error) { if params == nil { params = &ListControlDomainInsightsInput{} diff --git a/service/auditmanager/api_op_ListControlDomainInsightsByAssessment.go b/service/auditmanager/api_op_ListControlDomainInsightsByAssessment.go index a84223cb712..8858d3690da 100644 --- a/service/auditmanager/api_op_ListControlDomainInsightsByAssessment.go +++ b/service/auditmanager/api_op_ListControlDomainInsightsByAssessment.go @@ -13,9 +13,16 @@ import ( // Lists analytics data for control domains within a specified active assessment. // +// Audit Manager supports the control domains that are provided by Amazon Web +// Services Control Catalog. For information about how to find a list of available +// control domains, see [ListDomains]ListDomains in the Amazon Web Services Control Catalog API +// Reference. +// // A control domain is listed only if at least one of the controls within that // domain collected evidence on the lastUpdated date of controlDomainInsights . If // this condition isn’t met, no data is listed for that domain. +// +// [ListDomains]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html func (c *Client) ListControlDomainInsightsByAssessment(ctx context.Context, params *ListControlDomainInsightsByAssessmentInput, optFns ...func(*Options)) (*ListControlDomainInsightsByAssessmentOutput, error) { if params == nil { params = &ListControlDomainInsightsByAssessmentInput{} diff --git a/service/auditmanager/api_op_ListControlInsightsByControlDomain.go b/service/auditmanager/api_op_ListControlInsightsByControlDomain.go index 4d530004607..209fd574cb0 100644 --- a/service/auditmanager/api_op_ListControlInsightsByControlDomain.go +++ b/service/auditmanager/api_op_ListControlInsightsByControlDomain.go @@ -37,6 +37,13 @@ type ListControlInsightsByControlDomainInput struct { // The unique identifier for the control domain. // + // Audit Manager supports the control domains that are provided by Amazon Web + // Services Control Catalog. For information about how to find a list of available + // control domains, see [ListDomains]ListDomains in the Amazon Web Services Control Catalog API + // Reference. + // + // [ListDomains]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html + // // This member is required. ControlDomainId *string diff --git a/service/auditmanager/api_op_ListControls.go b/service/auditmanager/api_op_ListControls.go index 0ab3509e22c..392aa94a3ed 100644 --- a/service/auditmanager/api_op_ListControls.go +++ b/service/auditmanager/api_op_ListControls.go @@ -29,15 +29,37 @@ func (c *Client) ListControls(ctx context.Context, params *ListControlsInput, op type ListControlsInput struct { - // The type of control, such as a standard control or a custom control. + // A filter that narrows the list of controls to a specific type. // // This member is required. ControlType types.ControlType - // Represents the maximum number of results on a page or for an API request call. + // A filter that narrows the list of controls to a specific resource from the + // Amazon Web Services Control Catalog. + // + // To use this parameter, specify the ARN of the Control Catalog resource. You can + // specify either a control domain, a control objective, or a common control. For + // information about how to find the ARNs for these resources, see [ListDomains]ListDomains , [ListObjectives] + // ListObjectives , and [ListCommonControls]ListCommonControls . + // + // You can only filter by one Control Catalog resource at a time. Specifying + // multiple resource ARNs isn’t currently supported. If you want to filter by more + // than one ARN, we recommend that you run the ListControls operation separately + // for each ARN. + // + // Alternatively, specify UNCATEGORIZED to list controls that aren't mapped to a + // Control Catalog resource. For example, this operation might return a list of + // custom controls that don't belong to any control domain or control objective. + // + // [ListCommonControls]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListCommonControls.html + // [ListDomains]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html + // [ListObjectives]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListObjectives.html + ControlCatalogId *string + + // The maximum number of results on a page or for an API request call. MaxResults *int32 - // The pagination token that's used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string noSmithyDocumentSerde @@ -48,7 +70,7 @@ type ListControlsOutput struct { // A list of metadata that the ListControls API returns for each control. ControlMetadataList []types.ControlMetadata - // The pagination token that's used to fetch the next set of results. + // The pagination token that's used to fetch the next set of results. NextToken *string // Metadata pertaining to the operation's result. @@ -148,7 +170,7 @@ var _ ListControlsAPIClient = (*Client)(nil) // ListControlsPaginatorOptions is the paginator options for ListControls type ListControlsPaginatorOptions struct { - // Represents the maximum number of results on a page or for an API request call. + // The maximum number of results on a page or for an API request call. Limit int32 // Set to true if pagination should stop if the service returns a pagination token diff --git a/service/auditmanager/api_op_ListKeywordsForDataSource.go b/service/auditmanager/api_op_ListKeywordsForDataSource.go index 2bcd70d17e1..22482e28670 100644 --- a/service/auditmanager/api_op_ListKeywordsForDataSource.go +++ b/service/auditmanager/api_op_ListKeywordsForDataSource.go @@ -11,8 +11,7 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns a list of keywords that are pre-mapped to the specified control data -// +// Returns a list of keywords that are pre-mapped to the specified control data // source. func (c *Client) ListKeywordsForDataSource(ctx context.Context, params *ListKeywordsForDataSourceInput, optFns ...func(*Options)) (*ListKeywordsForDataSourceOutput, error) { if params == nil { @@ -31,10 +30,10 @@ func (c *Client) ListKeywordsForDataSource(ctx context.Context, params *ListKeyw type ListKeywordsForDataSourceInput struct { - // The control mapping data source that the keywords apply to. + // The control mapping data source that the keywords apply to. // // This member is required. - Source types.SourceType + Source types.DataSourceType // Represents the maximum number of results on a page or for an API request call. MaxResults *int32 @@ -47,7 +46,7 @@ type ListKeywordsForDataSourceInput struct { type ListKeywordsForDataSourceOutput struct { - // The list of keywords for the event mapping source. + // The list of keywords for the control mapping source. Keywords []string // The pagination token that's used to fetch the next set of results. diff --git a/service/auditmanager/deserializers.go b/service/auditmanager/deserializers.go index 1342bd170f3..0186ff5d16a 100644 --- a/service/auditmanager/deserializers.go +++ b/service/auditmanager/deserializers.go @@ -1028,6 +1028,9 @@ func awsRestjson1_deserializeOpErrorCreateAssessment(response *smithyhttp.Respon case strings.EqualFold("ServiceQuotaExceededException", errorCode): return awsRestjson1_deserializeErrorServiceQuotaExceededException(response, errorBody) + case strings.EqualFold("ThrottlingException", errorCode): + return awsRestjson1_deserializeErrorThrottlingException(response, errorBody) + case strings.EqualFold("ValidationException", errorCode): return awsRestjson1_deserializeErrorValidationException(response, errorBody) @@ -7936,6 +7939,9 @@ func awsRestjson1_deserializeOpErrorUpdateAssessment(response *smithyhttp.Respon case strings.EqualFold("ResourceNotFoundException", errorCode): return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) + case strings.EqualFold("ThrottlingException", errorCode): + return awsRestjson1_deserializeErrorThrottlingException(response, errorBody) + case strings.EqualFold("ValidationException", errorCode): return awsRestjson1_deserializeErrorValidationException(response, errorBody) @@ -11909,6 +11915,15 @@ func awsRestjson1_deserializeDocumentControl(v **types.Control, value interface{ sv.Name = ptr.String(jtv) } + case "state": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ControlState to be of type string, got %T instead", value) + } + sv.State = types.ControlState(jtv) + } + case "tags": if err := awsRestjson1_deserializeDocumentTagMap(&sv.Tags, value); err != nil { return err @@ -12084,7 +12099,7 @@ func awsRestjson1_deserializeDocumentControlDomainInsights(v **types.ControlDoma if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected UUID to be of type string, got %T instead", value) + return fmt.Errorf("expected ControlDomainId to be of type string, got %T instead", value) } sv.Id = ptr.String(jtv) } @@ -12109,7 +12124,7 @@ func awsRestjson1_deserializeDocumentControlDomainInsights(v **types.ControlDoma if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected NonEmptyString to be of type string, got %T instead", value) + return fmt.Errorf("expected String to be of type string, got %T instead", value) } sv.Name = ptr.String(jtv) } @@ -12278,7 +12293,7 @@ func awsRestjson1_deserializeDocumentControlInsightsMetadataByAssessmentItem(v * if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected UUID to be of type string, got %T instead", value) + return fmt.Errorf("expected ControlDomainId to be of type string, got %T instead", value) } sv.Id = ptr.String(jtv) } @@ -12303,7 +12318,7 @@ func awsRestjson1_deserializeDocumentControlInsightsMetadataByAssessmentItem(v * if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected NonEmptyString to be of type string, got %T instead", value) + return fmt.Errorf("expected String to be of type string, got %T instead", value) } sv.Name = ptr.String(jtv) } @@ -12348,7 +12363,7 @@ func awsRestjson1_deserializeDocumentControlInsightsMetadataItem(v **types.Contr if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected UUID to be of type string, got %T instead", value) + return fmt.Errorf("expected ControlDomainId to be of type string, got %T instead", value) } sv.Id = ptr.String(jtv) } @@ -12373,7 +12388,7 @@ func awsRestjson1_deserializeDocumentControlInsightsMetadataItem(v **types.Contr if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected NonEmptyString to be of type string, got %T instead", value) + return fmt.Errorf("expected String to be of type string, got %T instead", value) } sv.Name = ptr.String(jtv) } diff --git a/service/auditmanager/endpoints.go b/service/auditmanager/endpoints.go index 2803dfafef3..174762f82ed 100644 --- a/service/auditmanager/endpoints.go +++ b/service/auditmanager/endpoints.go @@ -373,7 +373,7 @@ func (r *resolver) ResolveEndpoint( } } if _UseFIPS == true { - if true == _PartitionResult.SupportsFIPS { + if _PartitionResult.SupportsFIPS == true { uriString := func() string { var out strings.Builder out.WriteString("https://auditmanager-fips.") diff --git a/service/auditmanager/serializers.go b/service/auditmanager/serializers.go index 98f2713477d..214d3c25e6e 100644 --- a/service/auditmanager/serializers.go +++ b/service/auditmanager/serializers.go @@ -3387,6 +3387,10 @@ func awsRestjson1_serializeOpHttpBindingsListControlsInput(v *ListControlsInput, return fmt.Errorf("unsupported serialization of nil %T", v) } + if v.ControlCatalogId != nil { + encoder.SetQuery("controlCatalogId").String(*v.ControlCatalogId) + } + if len(v.ControlType) > 0 { encoder.SetQuery("controlType").String(string(v.ControlType)) } diff --git a/service/auditmanager/types/enums.go b/service/auditmanager/types/enums.go index 8f8e43fa16d..8492c29e6b8 100644 --- a/service/auditmanager/types/enums.go +++ b/service/auditmanager/types/enums.go @@ -156,6 +156,25 @@ func (ControlSetStatus) Values() []ControlSetStatus { } } +type ControlState string + +// Enum values for ControlState +const ( + ControlStateActive ControlState = "ACTIVE" + ControlStateEndOfSupport ControlState = "END_OF_SUPPORT" +) + +// Values returns all known values for ControlState. Note that this can be +// expanded in the future, and so it is only as up to date as the client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (ControlState) Values() []ControlState { + return []ControlState{ + "ACTIVE", + "END_OF_SUPPORT", + } +} + type ControlStatus string // Enum values for ControlStatus @@ -183,6 +202,7 @@ type ControlType string const ( ControlTypeStandard ControlType = "Standard" ControlTypeCustom ControlType = "Custom" + ControlTypeCore ControlType = "Core" ) // Values returns all known values for ControlType. Note that this can be expanded @@ -193,6 +213,32 @@ func (ControlType) Values() []ControlType { return []ControlType{ "Standard", "Custom", + "Core", + } +} + +type DataSourceType string + +// Enum values for DataSourceType +const ( + DataSourceTypeAwsCloudtrail DataSourceType = "AWS_Cloudtrail" + DataSourceTypeAwsConfig DataSourceType = "AWS_Config" + DataSourceTypeAwsSecurityHub DataSourceType = "AWS_Security_Hub" + DataSourceTypeAwsApiCall DataSourceType = "AWS_API_Call" + DataSourceTypeManual DataSourceType = "MANUAL" +) + +// Values returns all known values for DataSourceType. Note that this can be +// expanded in the future, and so it is only as up to date as the client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (DataSourceType) Values() []DataSourceType { + return []DataSourceType{ + "AWS_Cloudtrail", + "AWS_Config", + "AWS_Security_Hub", + "AWS_API_Call", + "MANUAL", } } @@ -534,6 +580,8 @@ const ( SourceTypeAwsSecurityHub SourceType = "AWS_Security_Hub" SourceTypeAwsApiCall SourceType = "AWS_API_Call" SourceTypeManual SourceType = "MANUAL" + SourceTypeCommonControl SourceType = "Common_Control" + SourceTypeCoreControl SourceType = "Core_Control" ) // Values returns all known values for SourceType. Note that this can be expanded @@ -547,6 +595,8 @@ func (SourceType) Values() []SourceType { "AWS_Security_Hub", "AWS_API_Call", "MANUAL", + "Common_Control", + "Core_Control", } } diff --git a/service/auditmanager/types/types.go b/service/auditmanager/types/types.go index aa5b62354ce..59d68f47e2c 100644 --- a/service/auditmanager/types/types.go +++ b/service/auditmanager/types/types.go @@ -601,6 +601,12 @@ type Control struct { // The name of the control. Name *string + // The state of the control. The END_OF_SUPPORT state is applicable to standard + // controls only. This state indicates that the standard control can still be used + // to collect evidence, but Audit Manager is no longer updating or maintaining that + // control. + State ControlState + // The tags associated with the control. Tags map[string]string @@ -645,7 +651,12 @@ type ControlDomainInsights struct { // with the control domain. EvidenceInsights *EvidenceInsights - // The unique identifier for the control domain. + // The unique identifier for the control domain. Audit Manager supports the + // control domains that are provided by Amazon Web Services Control Catalog. For + // information about how to find a list of available control domains, see [ListDomains] + // ListDomains in the Amazon Web Services Control Catalog API Reference. + // + // [ListDomains]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html Id *string // The time when the control domain insights were last updated. @@ -751,11 +762,19 @@ type ControlMappingSource struct { // The name of the source. SourceName *string - // The setup option for the data source. This option reflects if the evidence - // collection is automated or manual. + // The setup option for the data source. This option reflects if the evidence + // collection method is automated or manual. If you don’t provide a value for + // sourceSetUpOption , Audit Manager automatically infers and populates the correct + // value based on the sourceType that you specify. SourceSetUpOption SourceSetUpOption - // Specifies one of the five data source types for evidence collection. + // Specifies which type of data source is used to collect evidence. + // + // - The source can be an individual data source type, such as AWS_Cloudtrail , + // AWS_Config , AWS_Security_Hub , AWS_API_Call , or MANUAL . + // + // - The source can also be a managed grouping of data sources, such as a + // Core_Control or a Common_Control . SourceType SourceType // The instructions for troubleshooting the control. @@ -835,8 +854,7 @@ type CreateAssessmentFrameworkControlSet struct { noSmithyDocumentSerde } -// The control mapping fields that represent the source for evidence collection, -// +// The mapping attributes that determine the evidence source for a given control, // along with related parameters and metadata. This doesn't contain mappingID . type CreateControlMappingSource struct { @@ -875,11 +893,19 @@ type CreateControlMappingSource struct { // The name of the control mapping data source. SourceName *string - // The setup option for the data source, which reflects if the evidence - // collection is automated or manual. + // The setup option for the data source. This option reflects if the evidence + // collection method is automated or manual. If you don’t provide a value for + // sourceSetUpOption , Audit Manager automatically infers and populates the correct + // value based on the sourceType that you specify. SourceSetUpOption SourceSetUpOption - // Specifies one of the five types of data sources for evidence collection. + // Specifies which type of data source is used to collect evidence. + // + // - The source can be an individual data source type, such as AWS_Cloudtrail , + // AWS_Config , AWS_Security_Hub , AWS_API_Call , or MANUAL . + // + // - The source can also be a managed grouping of data sources, such as a + // Core_Control or a Common_Control . SourceType SourceType // The instructions for troubleshooting the control. @@ -1479,9 +1505,19 @@ type Role struct { noSmithyDocumentSerde } -// The wrapper that contains the Amazon Web Services accounts and services that +// The wrapper that contains the Amazon Web Services accounts that are in scope +// +// for the assessment. +// +// You no longer need to specify which Amazon Web Services are in scope when you +// create or update an assessment. Audit Manager infers the services in scope by +// examining your assessment controls and their data sources, and then mapping this +// information to the relevant Amazon Web Services. // -// are in scope for the assessment. +// If an underlying data source changes for your assessment, we automatically +// update the services scope as needed to reflect the correct Amazon Web Services. +// This ensures that your assessment collects accurate and comprehensive evidence +// about all of the relevant services in your AWS environment. type Scope struct { // The Amazon Web Services accounts that are included in the scope of the @@ -1490,6 +1526,15 @@ type Scope struct { // The Amazon Web Services services that are included in the scope of the // assessment. + // + // This API parameter is no longer supported. If you use this parameter to specify + // one or more Amazon Web Services, Audit Manager ignores this input. Instead, the + // value for awsServices will show as empty. + // + // Deprecated: You can't specify services in scope when creating/updating an + // assessment. If you use the parameter to specify one or more AWS services, Audit + // Manager ignores the input. Instead the value of the parameter will show as empty + // indicating that the services are defined and managed by Audit Manager. AwsServices []AWSService noSmithyDocumentSerde diff --git a/service/b2bi/api_op_CreatePartnership.go b/service/b2bi/api_op_CreatePartnership.go index 070edd90f05..18061592ca4 100644 --- a/service/b2bi/api_op_CreatePartnership.go +++ b/service/b2bi/api_op_CreatePartnership.go @@ -33,6 +33,11 @@ func (c *Client) CreatePartnership(ctx context.Context, params *CreatePartnershi type CreatePartnershipInput struct { + // Specifies a list of the capabilities associated with this partnership. + // + // This member is required. + Capabilities []string + // Specifies the email address associated with this trading partner. // // This member is required. @@ -49,9 +54,6 @@ type CreatePartnershipInput struct { // This member is required. ProfileId *string - // Specifies a list of the capabilities associated with this partnership. - Capabilities []string - // Reserved for future use. ClientToken *string diff --git a/service/b2bi/deserializers.go b/service/b2bi/deserializers.go index 6702c15166f..3a3e1f6d5b3 100644 --- a/service/b2bi/deserializers.go +++ b/service/b2bi/deserializers.go @@ -1618,6 +1618,18 @@ func awsAwsjson10_deserializeOpErrorListCapabilities(response *smithyhttp.Respon errorMessage = bodyInfo.Message } switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsAwsjson10_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsAwsjson10_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ThrottlingException", errorCode): + return awsAwsjson10_deserializeErrorThrottlingException(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsAwsjson10_deserializeErrorValidationException(response, errorBody) + default: genericError := &smithy.GenericAPIError{ Code: errorCode, @@ -1841,6 +1853,18 @@ func awsAwsjson10_deserializeOpErrorListProfiles(response *smithyhttp.Response, errorMessage = bodyInfo.Message } switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsAwsjson10_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsAwsjson10_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ThrottlingException", errorCode): + return awsAwsjson10_deserializeErrorThrottlingException(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsAwsjson10_deserializeErrorValidationException(response, errorBody) + default: genericError := &smithy.GenericAPIError{ Code: errorCode, @@ -2058,6 +2082,18 @@ func awsAwsjson10_deserializeOpErrorListTransformers(response *smithyhttp.Respon errorMessage = bodyInfo.Message } switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsAwsjson10_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsAwsjson10_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ThrottlingException", errorCode): + return awsAwsjson10_deserializeErrorThrottlingException(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsAwsjson10_deserializeErrorValidationException(response, errorBody) + default: genericError := &smithy.GenericAPIError{ Code: errorCode, @@ -2165,6 +2201,9 @@ func awsAwsjson10_deserializeOpErrorStartTransformerJob(response *smithyhttp.Res case strings.EqualFold("AccessDeniedException", errorCode): return awsAwsjson10_deserializeErrorAccessDeniedException(response, errorBody) + case strings.EqualFold("ConflictException", errorCode): + return awsAwsjson10_deserializeErrorConflictException(response, errorBody) + case strings.EqualFold("InternalServerException", errorCode): return awsAwsjson10_deserializeErrorInternalServerException(response, errorBody) diff --git a/service/b2bi/validators.go b/service/b2bi/validators.go index 2ab556f7e48..708e0c64e7d 100644 --- a/service/b2bi/validators.go +++ b/service/b2bi/validators.go @@ -684,6 +684,9 @@ func validateOpCreatePartnershipInput(v *CreatePartnershipInput) error { if v.Email == nil { invalidParams.Add(smithy.NewErrParamRequired("Email")) } + if v.Capabilities == nil { + invalidParams.Add(smithy.NewErrParamRequired("Capabilities")) + } if v.Tags != nil { if err := validateTagList(v.Tags); err != nil { invalidParams.AddNested("Tags", err.(smithy.InvalidParamsError)) diff --git a/service/bedrock/internal/endpoints/endpoints.go b/service/bedrock/internal/endpoints/endpoints.go index 627a24baefd..a74b6932f26 100644 --- a/service/bedrock/internal/endpoints/endpoints.go +++ b/service/bedrock/internal/endpoints/endpoints.go @@ -183,6 +183,14 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-southeast-2", }, }, + endpoints.EndpointKey{ + Region: "bedrock-ca-central-1", + }: endpoints.Endpoint{ + Hostname: "bedrock.ca-central-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "ca-central-1", + }, + }, endpoints.EndpointKey{ Region: "bedrock-eu-central-1", }: endpoints.Endpoint{ @@ -199,6 +207,14 @@ var defaultPartitions = endpoints.Partitions{ Region: "eu-west-1", }, }, + endpoints.EndpointKey{ + Region: "bedrock-eu-west-2", + }: endpoints.Endpoint{ + Hostname: "bedrock.eu-west-2.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "eu-west-2", + }, + }, endpoints.EndpointKey{ Region: "bedrock-eu-west-3", }: endpoints.Endpoint{ @@ -255,6 +271,14 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-southeast-2", }, }, + endpoints.EndpointKey{ + Region: "bedrock-runtime-ca-central-1", + }: endpoints.Endpoint{ + Hostname: "bedrock-runtime.ca-central-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "ca-central-1", + }, + }, endpoints.EndpointKey{ Region: "bedrock-runtime-eu-central-1", }: endpoints.Endpoint{ @@ -271,6 +295,14 @@ var defaultPartitions = endpoints.Partitions{ Region: "eu-west-1", }, }, + endpoints.EndpointKey{ + Region: "bedrock-runtime-eu-west-2", + }: endpoints.Endpoint{ + Hostname: "bedrock-runtime.eu-west-2.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "eu-west-2", + }, + }, endpoints.EndpointKey{ Region: "bedrock-runtime-eu-west-3", }: endpoints.Endpoint{ @@ -295,6 +327,14 @@ var defaultPartitions = endpoints.Partitions{ Region: "us-west-2", }, }, + endpoints.EndpointKey{ + Region: "bedrock-runtime-sa-east-1", + }: endpoints.Endpoint{ + Hostname: "bedrock-runtime.sa-east-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "sa-east-1", + }, + }, endpoints.EndpointKey{ Region: "bedrock-runtime-us-east-1", }: endpoints.Endpoint{ @@ -311,6 +351,14 @@ var defaultPartitions = endpoints.Partitions{ Region: "us-west-2", }, }, + endpoints.EndpointKey{ + Region: "bedrock-sa-east-1", + }: endpoints.Endpoint{ + Hostname: "bedrock.sa-east-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "sa-east-1", + }, + }, endpoints.EndpointKey{ Region: "bedrock-us-east-1", }: endpoints.Endpoint{ @@ -327,15 +375,24 @@ var defaultPartitions = endpoints.Partitions{ Region: "us-west-2", }, }, + endpoints.EndpointKey{ + Region: "ca-central-1", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "eu-central-1", }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "eu-west-1", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "eu-west-2", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "eu-west-3", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "sa-east-1", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "us-east-1", }: endpoints.Endpoint{}, diff --git a/service/codepipeline/api_op_ListActionExecutions.go b/service/codepipeline/api_op_ListActionExecutions.go index a6b13a419f6..88073115c0c 100644 --- a/service/codepipeline/api_op_ListActionExecutions.go +++ b/service/codepipeline/api_op_ListActionExecutions.go @@ -41,9 +41,6 @@ type ListActionExecutionsInput struct { // remaining results, make another call with the returned nextToken value. Action // execution history is retained for up to 12 months, based on action execution // start times. Default value is 100. - // - // Detailed execution history is available for executions run on or after February - // 21, 2019. MaxResults *int32 // The token that was returned from the previous ListActionExecutions call, which @@ -166,9 +163,6 @@ type ListActionExecutionsPaginatorOptions struct { // remaining results, make another call with the returned nextToken value. Action // execution history is retained for up to 12 months, based on action execution // start times. Default value is 100. - // - // Detailed execution history is available for executions run on or after February - // 21, 2019. Limit int32 // Set to true if pagination should stop if the service returns a pagination token diff --git a/service/codepipeline/api_op_ListPipelineExecutions.go b/service/codepipeline/api_op_ListPipelineExecutions.go index 40394d8006e..993b3165503 100644 --- a/service/codepipeline/api_op_ListPipelineExecutions.go +++ b/service/codepipeline/api_op_ListPipelineExecutions.go @@ -12,6 +12,10 @@ import ( ) // Gets a summary of the most recent executions for a pipeline. +// +// When applying the filter for pipeline executions that have succeeded in the +// stage, the operation returns all executions in the current pipeline version +// beginning on February 1, 2024. func (c *Client) ListPipelineExecutions(ctx context.Context, params *ListPipelineExecutionsInput, optFns ...func(*Options)) (*ListPipelineExecutionsOutput, error) { if params == nil { params = &ListPipelineExecutionsInput{} diff --git a/service/codepipeline/types/enums.go b/service/codepipeline/types/enums.go index f63924a5338..b4898cc4600 100644 --- a/service/codepipeline/types/enums.go +++ b/service/codepipeline/types/enums.go @@ -407,6 +407,7 @@ const ( SourceRevisionTypeCommitId SourceRevisionType = "COMMIT_ID" SourceRevisionTypeImageDigest SourceRevisionType = "IMAGE_DIGEST" SourceRevisionTypeS3ObjectVersionId SourceRevisionType = "S3_OBJECT_VERSION_ID" + SourceRevisionTypeS3ObjectKey SourceRevisionType = "S3_OBJECT_KEY" ) // Values returns all known values for SourceRevisionType. Note that this can be @@ -418,6 +419,7 @@ func (SourceRevisionType) Values() []SourceRevisionType { "COMMIT_ID", "IMAGE_DIGEST", "S3_OBJECT_VERSION_ID", + "S3_OBJECT_KEY", } } diff --git a/service/codepipeline/types/types.go b/service/codepipeline/types/types.go index ddac45ce979..dbdc59b2300 100644 --- a/service/codepipeline/types/types.go +++ b/service/codepipeline/types/types.go @@ -1748,6 +1748,10 @@ type SourceRevision struct { // pipeline execution that's being started. A source revision is the version with // all the changes to your application code, or source artifact, for the pipeline // execution. +// +// For the S3_OBJECT_VERSION_ID and S3_OBJECT_KEY types of source revisions, +// either of the types can be used independently, or they can be used together to +// override the source with a specific ObjectKey and VersionID. type SourceRevisionOverride struct { // The name of the action where the override will be applied. diff --git a/service/connectcases/internal/endpoints/endpoints.go b/service/connectcases/internal/endpoints/endpoints.go index 2da64d2412f..e6087c873df 100644 --- a/service/connectcases/internal/endpoints/endpoints.go +++ b/service/connectcases/internal/endpoints/endpoints.go @@ -139,6 +139,12 @@ var defaultPartitions = endpoints.Partitions{ RegionRegex: partitionRegexp.Aws, IsRegionalized: true, Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "ap-northeast-1", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ap-northeast-2", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-southeast-1", }: endpoints.Endpoint{}, diff --git a/service/kendra/internal/endpoints/endpoints.go b/service/kendra/internal/endpoints/endpoints.go index 872c08d9566..c46b6ee04a7 100644 --- a/service/kendra/internal/endpoints/endpoints.go +++ b/service/kendra/internal/endpoints/endpoints.go @@ -154,12 +154,27 @@ var defaultPartitions = endpoints.Partitions{ endpoints.EndpointKey{ Region: "ca-central-1", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ca-central-1", + Variant: endpoints.FIPSVariant, + }: { + Hostname: "kendra-fips.ca-central-1.amazonaws.com", + }, endpoints.EndpointKey{ Region: "eu-west-1", }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "eu-west-2", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "fips-ca-central-1", + }: endpoints.Endpoint{ + Hostname: "kendra-fips.ca-central-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "ca-central-1", + }, + Deprecated: aws.TrueTernary, + }, endpoints.EndpointKey{ Region: "fips-us-east-1", }: endpoints.Endpoint{ diff --git a/service/location/api_op_ForecastGeofenceEvents.go b/service/location/api_op_ForecastGeofenceEvents.go index 3544286018d..b3e418689e7 100644 --- a/service/location/api_op_ForecastGeofenceEvents.go +++ b/service/location/api_op_ForecastGeofenceEvents.go @@ -163,6 +163,9 @@ func (c *Client) addOperationForecastGeofenceEventsMiddlewares(stack *middleware if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addTimeOffsetBuild(stack, c); err != nil { + return err + } if err = addEndpointPrefix_opForecastGeofenceEventsMiddleware(stack); err != nil { return err } diff --git a/service/location/api_op_VerifyDevicePosition.go b/service/location/api_op_VerifyDevicePosition.go index 73ff2fd3ef2..85f3ffdd70b 100644 --- a/service/location/api_op_VerifyDevicePosition.go +++ b/service/location/api_op_VerifyDevicePosition.go @@ -146,6 +146,9 @@ func (c *Client) addOperationVerifyDevicePositionMiddlewares(stack *middleware.S if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addTimeOffsetBuild(stack, c); err != nil { + return err + } if err = addEndpointPrefix_opVerifyDevicePositionMiddleware(stack); err != nil { return err } diff --git a/service/location/snapshot/api_op_ForecastGeofenceEvents.go.snap b/service/location/snapshot/api_op_ForecastGeofenceEvents.go.snap index 36221313b5e..b4f08ebc121 100644 --- a/service/location/snapshot/api_op_ForecastGeofenceEvents.go.snap +++ b/service/location/snapshot/api_op_ForecastGeofenceEvents.go.snap @@ -12,6 +12,7 @@ ForecastGeofenceEvents ClientRequestID ComputeContentLength UserAgent + AddTimeOffsetMiddleware RecursionDetection Finalize stack step ResolveAuthScheme @@ -31,5 +32,6 @@ ForecastGeofenceEvents ResponseErrorWrapper RequestIDRetriever OperationDeserializer + AddTimeOffsetMiddleware RecordResponseTiming RequestResponseLogger diff --git a/service/location/snapshot/api_op_VerifyDevicePosition.go.snap b/service/location/snapshot/api_op_VerifyDevicePosition.go.snap index 09181b99def..e892ccb4249 100644 --- a/service/location/snapshot/api_op_VerifyDevicePosition.go.snap +++ b/service/location/snapshot/api_op_VerifyDevicePosition.go.snap @@ -12,6 +12,7 @@ VerifyDevicePosition ClientRequestID ComputeContentLength UserAgent + AddTimeOffsetMiddleware RecursionDetection Finalize stack step ResolveAuthScheme @@ -31,5 +32,6 @@ VerifyDevicePosition ResponseErrorWrapper RequestIDRetriever OperationDeserializer + AddTimeOffsetMiddleware RecordResponseTiming RequestResponseLogger diff --git a/service/sagemaker/api_op_CreateModelPackage.go b/service/sagemaker/api_op_CreateModelPackage.go index 2cf3f0f155d..ca736e476fd 100644 --- a/service/sagemaker/api_op_CreateModelPackage.go +++ b/service/sagemaker/api_op_CreateModelPackage.go @@ -105,9 +105,10 @@ type CreateModelPackageInput struct { // schema is simplified compared to the schema of ModelCard . The // ModelPackageModelCard schema does not include model_package_details , and // model_overview is composed of the model_creator and model_artifact properties. - // For more information about the model card associated with the model package, see - // [View the Details of a Model Version]. + // For more information about the model package model card schema, see [Model package model card schema]. For more + // information about the model card associated with the model package, see [View the Details of a Model Version]. // + // [Model package model card schema]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema // [View the Details of a Model Version]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html ModelCard *types.ModelPackageModelCard diff --git a/service/sagemaker/api_op_DescribeModelPackage.go b/service/sagemaker/api_op_DescribeModelPackage.go index 5bafd06c1a9..19848e52ca6 100644 --- a/service/sagemaker/api_op_DescribeModelPackage.go +++ b/service/sagemaker/api_op_DescribeModelPackage.go @@ -130,9 +130,10 @@ type DescribeModelPackageOutput struct { // schema is simplified compared to the schema of ModelCard . The // ModelPackageModelCard schema does not include model_package_details , and // model_overview is composed of the model_creator and model_artifact properties. - // For more information about the model card associated with the model package, see - // [View the Details of a Model Version]. + // For more information about the model package model card schema, see [Model package model card schema]. For more + // information about the model card associated with the model package, see [View the Details of a Model Version]. // + // [Model package model card schema]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema // [View the Details of a Model Version]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html ModelCard *types.ModelPackageModelCard diff --git a/service/sagemaker/api_op_UpdateModelPackage.go b/service/sagemaker/api_op_UpdateModelPackage.go index d0968b726d8..1c91e7fb702 100644 --- a/service/sagemaker/api_op_UpdateModelPackage.go +++ b/service/sagemaker/api_op_UpdateModelPackage.go @@ -72,9 +72,10 @@ type UpdateModelPackageInput struct { // schema is simplified compared to the schema of ModelCard . The // ModelPackageModelCard schema does not include model_package_details , and // model_overview is composed of the model_creator and model_artifact properties. - // For more information about the model card associated with the model package, see - // [View the Details of a Model Version]. + // For more information about the model package model card schema, see [Model package model card schema]. For more + // information about the model card associated with the model package, see [View the Details of a Model Version]. // + // [Model package model card schema]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema // [View the Details of a Model Version]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html ModelCard *types.ModelPackageModelCard diff --git a/service/sagemaker/deserializers.go b/service/sagemaker/deserializers.go index 619e8fcb4ea..145d4fb543f 100644 --- a/service/sagemaker/deserializers.go +++ b/service/sagemaker/deserializers.go @@ -66260,6 +66260,15 @@ func awsAwsjson11_deserializeDocumentProductionVariant(v **types.ProductionVaria sv.EnableSSMAccess = ptr.Bool(jtv) } + case "InferenceAmiVersion": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ProductionVariantInferenceAmiVersion to be of type string, got %T instead", value) + } + sv.InferenceAmiVersion = types.ProductionVariantInferenceAmiVersion(jtv) + } + case "InitialInstanceCount": if value != nil { jtv, ok := value.(json.Number) diff --git a/service/sagemaker/serializers.go b/service/sagemaker/serializers.go index 6bf034e81bb..e543b4f599e 100644 --- a/service/sagemaker/serializers.go +++ b/service/sagemaker/serializers.go @@ -25250,6 +25250,11 @@ func awsAwsjson11_serializeDocumentProductionVariant(v *types.ProductionVariant, ok.Boolean(*v.EnableSSMAccess) } + if len(v.InferenceAmiVersion) > 0 { + ok := object.Key("InferenceAmiVersion") + ok.String(string(v.InferenceAmiVersion)) + } + if v.InitialInstanceCount != nil { ok := object.Key("InitialInstanceCount") ok.Integer(*v.InitialInstanceCount) diff --git a/service/sagemaker/types/enums.go b/service/sagemaker/types/enums.go index e0a8c18fad3..f9e090f7c6f 100644 --- a/service/sagemaker/types/enums.go +++ b/service/sagemaker/types/enums.go @@ -5009,6 +5009,24 @@ func (ProductionVariantAcceleratorType) Values() []ProductionVariantAcceleratorT } } +type ProductionVariantInferenceAmiVersion string + +// Enum values for ProductionVariantInferenceAmiVersion +const ( + ProductionVariantInferenceAmiVersionAl2Gpu2 ProductionVariantInferenceAmiVersion = "al2-ami-sagemaker-inference-gpu-2" +) + +// Values returns all known values for ProductionVariantInferenceAmiVersion. Note +// that this can be expanded in the future, and so it is only as up to date as the +// client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (ProductionVariantInferenceAmiVersion) Values() []ProductionVariantInferenceAmiVersion { + return []ProductionVariantInferenceAmiVersion{ + "al2-ami-sagemaker-inference-gpu-2", + } +} + type ProductionVariantInstanceType string // Enum values for ProductionVariantInstanceType diff --git a/service/sagemaker/types/types.go b/service/sagemaker/types/types.go index 8ec943ac481..2bd39327677 100644 --- a/service/sagemaker/types/types.go +++ b/service/sagemaker/types/types.go @@ -10809,9 +10809,10 @@ type ModelPackage struct { // schema is simplified compared to the schema of ModelCard . The // ModelPackageModelCard schema does not include model_package_details , and // model_overview is composed of the model_creator and model_artifact properties. - // For more information about the model card associated with the model package, see - // [View the Details of a Model Version]. + // For more information about the model package model card schema, see [Model package model card schema]. For more + // information about the model card associated with the model package, see [View the Details of a Model Version]. // + // [Model package model card schema]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema // [View the Details of a Model Version]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html ModelCard *ModelPackageModelCard @@ -11023,13 +11024,16 @@ type ModelPackageGroupSummary struct { // schema is simplified compared to the schema of ModelCard . The // ModelPackageModelCard schema does not include model_package_details , and // model_overview is composed of the model_creator and model_artifact properties. -// For more information about the model card associated with the model package, see -// [View the Details of a Model Version]. +// For more information about the model package model card schema, see [Model package model card schema]. For more +// information about the model card associated with the model package, see [View the Details of a Model Version]. // +// [Model package model card schema]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema // [View the Details of a Model Version]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html type ModelPackageModelCard struct { - // The content of the model card. + // The content of the model card. The content must follow the schema described in [Model Package Model Card Schema]. + // + // [Model Package Model Card Schema]: https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema ModelCardContent *string // The approval status of the model card within your organization. Different @@ -13625,6 +13629,16 @@ type ProductionVariant struct { // endpoint by creating a new endpoint configuration and calling UpdateEndpoint . EnableSSMAccess *bool + // Specifies an option from a collection of preconfigured Amazon Machine Image + // (AMI) images. Each image is configured by Amazon Web Services with a set of + // software and driver versions. Amazon Web Services optimizes these configurations + // for different machine learning workloads. + // + // By selecting an AMI version, you can ensure that your inference environment is + // compatible with specific software requirements, such as CUDA driver versions, + // Linux kernel versions, or Amazon Web Services Neuron driver versions. + InferenceAmiVersion ProductionVariantInferenceAmiVersion + // Number of instances to launch initially. InitialInstanceCount *int32 diff --git a/service/storagegateway/internal/endpoints/endpoints.go b/service/storagegateway/internal/endpoints/endpoints.go index 64c888b6750..cccbe56e859 100644 --- a/service/storagegateway/internal/endpoints/endpoints.go +++ b/service/storagegateway/internal/endpoints/endpoints.go @@ -190,6 +190,24 @@ var defaultPartitions = endpoints.Partitions{ }, Deprecated: aws.TrueTernary, }, + endpoints.EndpointKey{ + Region: "ca-west-1", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ca-west-1", + Variant: endpoints.FIPSVariant, + }: { + Hostname: "storagegateway-fips.ca-west-1.amazonaws.com", + }, + endpoints.EndpointKey{ + Region: "ca-west-1-fips", + }: endpoints.Endpoint{ + Hostname: "storagegateway-fips.ca-west-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "ca-west-1", + }, + Deprecated: aws.TrueTernary, + }, endpoints.EndpointKey{ Region: "eu-central-1", }: endpoints.Endpoint{}, diff --git a/service/verifiedpermissions/api_op_CreateIdentitySource.go b/service/verifiedpermissions/api_op_CreateIdentitySource.go index 24f65966f55..fbafb063559 100644 --- a/service/verifiedpermissions/api_op_CreateIdentitySource.go +++ b/service/verifiedpermissions/api_op_CreateIdentitySource.go @@ -12,32 +12,31 @@ import ( "time" ) -// Creates a reference to an Amazon Cognito user pool as an external identity -// provider (IdP). +// Adds an identity source to a policy store–an Amazon Cognito user pool or OpenID +// Connect (OIDC) identity provider (IdP). // // After you create an identity source, you can use the identities provided by the -// IdP as proxies for the principal in authorization queries that use the [IsAuthorizedWithToken] -// operation. These identities take the form of tokens that contain claims about -// the user, such as IDs, attributes and group memberships. Amazon Cognito provides -// both identity tokens and access tokens, and Verified Permissions can use either -// or both. Any combination of identity and access tokens results in the same Cedar -// principal. Verified Permissions automatically translates the information about -// the identities into the standard Cedar attributes that can be evaluated by your -// policies. Because the Amazon Cognito identity and access tokens can contain -// different information, the tokens you choose to use determine which principal -// attributes are available to access when evaluating Cedar policies. +// IdP as proxies for the principal in authorization queries that use the [IsAuthorizedWithToken]or [BatchIsAuthorizedWithToken] API +// operations. These identities take the form of tokens that contain claims about +// the user, such as IDs, attributes and group memberships. Identity sources +// provide identity (ID) tokens and access tokens. Verified Permissions derives +// information about your user and session from token claims. Access tokens provide +// action context to your policies, and ID tokens provide principal Attributes . // -// If you delete a Amazon Cognito user pool or user, tokens from that deleted pool -// or that deleted user continue to be usable until they expire. +// Tokens from an identity source user continue to be usable until they expire. +// Token revocation and resource deletion have no effect on the validity of a token +// in your policy store // -// To reference a user from this identity source in your Cedar policies, use the -// following syntax. +// To reference a user from this identity source in your Cedar policies, refer to +// the following syntax examples. // -// IdentityType::"| +// - Amazon Cognito user pool: Namespace::[Entity type]::[User pool ID]|[user +// principal attribute] , for example +// MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 . // -// Where IdentityType is the string that you provide to the PrincipalEntityType -// parameter for this operation. The CognitoUserPoolId and CognitoClientId are -// defined by the Amazon Cognito user pool. +// - OpenID Connect (OIDC) provider: Namespace::[Entity +// type]::[principalIdClaim]|[user principal attribute] , for example +// MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222 . // // Verified Permissions is [eventually consistent] . It can take a few seconds for a new or changed // element to propagate through the service and be visible in the results of other @@ -45,6 +44,7 @@ import ( // // [IsAuthorizedWithToken]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html // [eventually consistent]: https://wikipedia.org/wiki/Eventual_consistency +// [BatchIsAuthorizedWithToken]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorizedWithToken.html func (c *Client) CreateIdentitySource(ctx context.Context, params *CreateIdentitySourceInput, optFns ...func(*Options)) (*CreateIdentitySourceOutput, error) { if params == nil { params = &CreateIdentitySourceInput{} @@ -65,11 +65,6 @@ type CreateIdentitySourceInput struct { // Specifies the details required to communicate with the identity provider (IdP) // associated with this identity source. // - // At this time, the only valid member of this structure is a Amazon Cognito user - // pool configuration. - // - // You must specify a UserPoolArn , and optionally, a ClientId . - // // This member is required. Configuration types.Configuration diff --git a/service/verifiedpermissions/api_op_IsAuthorizedWithToken.go b/service/verifiedpermissions/api_op_IsAuthorizedWithToken.go index c44e9f5879a..4ce4867eaa5 100644 --- a/service/verifiedpermissions/api_op_IsAuthorizedWithToken.go +++ b/service/verifiedpermissions/api_op_IsAuthorizedWithToken.go @@ -24,8 +24,9 @@ import ( // Verified Permissions validates each token that is specified in a request by // checking its expiration date and its signature. // -// If you delete a Amazon Cognito user pool or user, tokens from that deleted pool -// or that deleted user continue to be usable until they expire. +// Tokens from an identity source user continue to be usable until they expire. +// Token revocation and resource deletion have no effect on the validity of a token +// in your policy store // // [JSON web token (JWT)]: https://wikipedia.org/wiki/JSON_Web_Token func (c *Client) IsAuthorizedWithToken(ctx context.Context, params *IsAuthorizedWithTokenInput, optFns ...func(*Options)) (*IsAuthorizedWithTokenOutput, error) { diff --git a/service/verifiedpermissions/api_op_UpdateIdentitySource.go b/service/verifiedpermissions/api_op_UpdateIdentitySource.go index 8e236dbd9a1..8f9074735ca 100644 --- a/service/verifiedpermissions/api_op_UpdateIdentitySource.go +++ b/service/verifiedpermissions/api_op_UpdateIdentitySource.go @@ -12,9 +12,9 @@ import ( "time" ) -// Updates the specified identity source to use a new identity provider (IdP) -// source, or to change the mapping of identities from the IdP to a different -// principal entity type. +// Updates the specified identity source to use a new identity provider (IdP), or +// to change the mapping of identities from the IdP to a different principal entity +// type. // // Verified Permissions is [eventually consistent] . It can take a few seconds for a new or changed // element to propagate through the service and be visible in the results of other diff --git a/service/verifiedpermissions/deserializers.go b/service/verifiedpermissions/deserializers.go index 9325a427757..d3590dd5d64 100644 --- a/service/verifiedpermissions/deserializers.go +++ b/service/verifiedpermissions/deserializers.go @@ -3631,6 +3631,42 @@ loop: return nil } +func awsAwsjson10_deserializeDocumentAudiences(v *[]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []string + if *v == nil { + cv = []string{} + } else { + cv = *v + } + + for _, value := range shape { + var col string + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Audience to be of type string, got %T instead", value) + } + col = jtv + } + cv = append(cv, col) + + } + *v = cv + return nil +} + func awsAwsjson10_deserializeDocumentBatchIsAuthorizedInputItem(v **types.BatchIsAuthorizedInputItem, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -4170,6 +4206,16 @@ loop: uv = &types.ConfigurationDetailMemberCognitoUserPoolConfiguration{Value: mv} break loop + case "openIdConnectConfiguration": + var mv types.OpenIdConnectConfigurationDetail + destAddr := &mv + if err := awsAwsjson10_deserializeDocumentOpenIdConnectConfigurationDetail(&destAddr, value); err != nil { + return err + } + mv = *destAddr + uv = &types.ConfigurationDetailMemberOpenIdConnectConfiguration{Value: mv} + break loop + default: uv = &types.UnknownUnionMember{Tag: key} break loop @@ -4210,6 +4256,16 @@ loop: uv = &types.ConfigurationItemMemberCognitoUserPoolConfiguration{Value: mv} break loop + case "openIdConnectConfiguration": + var mv types.OpenIdConnectConfigurationItem + destAddr := &mv + if err := awsAwsjson10_deserializeDocumentOpenIdConnectConfigurationItem(&destAddr, value); err != nil { + return err + } + mv = *destAddr + uv = &types.ConfigurationItemMemberOpenIdConnectConfiguration{Value: mv} + break loop + default: uv = &types.UnknownUnionMember{Tag: key} break loop @@ -4864,6 +4920,502 @@ func awsAwsjson10_deserializeDocumentNamespaceList(v *[]string, value interface{ return nil } +func awsAwsjson10_deserializeDocumentOpenIdConnectAccessTokenConfigurationDetail(v **types.OpenIdConnectAccessTokenConfigurationDetail, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.OpenIdConnectAccessTokenConfigurationDetail + if *v == nil { + sv = &types.OpenIdConnectAccessTokenConfigurationDetail{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "audiences": + if err := awsAwsjson10_deserializeDocumentAudiences(&sv.Audiences, value); err != nil { + return err + } + + case "principalIdClaim": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Claim to be of type string, got %T instead", value) + } + sv.PrincipalIdClaim = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectAccessTokenConfigurationItem(v **types.OpenIdConnectAccessTokenConfigurationItem, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.OpenIdConnectAccessTokenConfigurationItem + if *v == nil { + sv = &types.OpenIdConnectAccessTokenConfigurationItem{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "audiences": + if err := awsAwsjson10_deserializeDocumentAudiences(&sv.Audiences, value); err != nil { + return err + } + + case "principalIdClaim": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Claim to be of type string, got %T instead", value) + } + sv.PrincipalIdClaim = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectConfigurationDetail(v **types.OpenIdConnectConfigurationDetail, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.OpenIdConnectConfigurationDetail + if *v == nil { + sv = &types.OpenIdConnectConfigurationDetail{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "entityIdPrefix": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected EntityIdPrefix to be of type string, got %T instead", value) + } + sv.EntityIdPrefix = ptr.String(jtv) + } + + case "groupConfiguration": + if err := awsAwsjson10_deserializeDocumentOpenIdConnectGroupConfigurationDetail(&sv.GroupConfiguration, value); err != nil { + return err + } + + case "issuer": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Issuer to be of type string, got %T instead", value) + } + sv.Issuer = ptr.String(jtv) + } + + case "tokenSelection": + if err := awsAwsjson10_deserializeDocumentOpenIdConnectTokenSelectionDetail(&sv.TokenSelection, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectConfigurationItem(v **types.OpenIdConnectConfigurationItem, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.OpenIdConnectConfigurationItem + if *v == nil { + sv = &types.OpenIdConnectConfigurationItem{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "entityIdPrefix": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected EntityIdPrefix to be of type string, got %T instead", value) + } + sv.EntityIdPrefix = ptr.String(jtv) + } + + case "groupConfiguration": + if err := awsAwsjson10_deserializeDocumentOpenIdConnectGroupConfigurationItem(&sv.GroupConfiguration, value); err != nil { + return err + } + + case "issuer": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Issuer to be of type string, got %T instead", value) + } + sv.Issuer = ptr.String(jtv) + } + + case "tokenSelection": + if err := awsAwsjson10_deserializeDocumentOpenIdConnectTokenSelectionItem(&sv.TokenSelection, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectGroupConfigurationDetail(v **types.OpenIdConnectGroupConfigurationDetail, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.OpenIdConnectGroupConfigurationDetail + if *v == nil { + sv = &types.OpenIdConnectGroupConfigurationDetail{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "groupClaim": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Claim to be of type string, got %T instead", value) + } + sv.GroupClaim = ptr.String(jtv) + } + + case "groupEntityType": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected GroupEntityType to be of type string, got %T instead", value) + } + sv.GroupEntityType = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectGroupConfigurationItem(v **types.OpenIdConnectGroupConfigurationItem, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.OpenIdConnectGroupConfigurationItem + if *v == nil { + sv = &types.OpenIdConnectGroupConfigurationItem{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "groupClaim": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Claim to be of type string, got %T instead", value) + } + sv.GroupClaim = ptr.String(jtv) + } + + case "groupEntityType": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected GroupEntityType to be of type string, got %T instead", value) + } + sv.GroupEntityType = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectIdentityTokenConfigurationDetail(v **types.OpenIdConnectIdentityTokenConfigurationDetail, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.OpenIdConnectIdentityTokenConfigurationDetail + if *v == nil { + sv = &types.OpenIdConnectIdentityTokenConfigurationDetail{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "clientIds": + if err := awsAwsjson10_deserializeDocumentClientIds(&sv.ClientIds, value); err != nil { + return err + } + + case "principalIdClaim": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Claim to be of type string, got %T instead", value) + } + sv.PrincipalIdClaim = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectIdentityTokenConfigurationItem(v **types.OpenIdConnectIdentityTokenConfigurationItem, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.OpenIdConnectIdentityTokenConfigurationItem + if *v == nil { + sv = &types.OpenIdConnectIdentityTokenConfigurationItem{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "clientIds": + if err := awsAwsjson10_deserializeDocumentClientIds(&sv.ClientIds, value); err != nil { + return err + } + + case "principalIdClaim": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Claim to be of type string, got %T instead", value) + } + sv.PrincipalIdClaim = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectTokenSelectionDetail(v *types.OpenIdConnectTokenSelectionDetail, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var uv types.OpenIdConnectTokenSelectionDetail +loop: + for key, value := range shape { + if value == nil { + continue + } + switch key { + case "accessTokenOnly": + var mv types.OpenIdConnectAccessTokenConfigurationDetail + destAddr := &mv + if err := awsAwsjson10_deserializeDocumentOpenIdConnectAccessTokenConfigurationDetail(&destAddr, value); err != nil { + return err + } + mv = *destAddr + uv = &types.OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly{Value: mv} + break loop + + case "identityTokenOnly": + var mv types.OpenIdConnectIdentityTokenConfigurationDetail + destAddr := &mv + if err := awsAwsjson10_deserializeDocumentOpenIdConnectIdentityTokenConfigurationDetail(&destAddr, value); err != nil { + return err + } + mv = *destAddr + uv = &types.OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly{Value: mv} + break loop + + default: + uv = &types.UnknownUnionMember{Tag: key} + break loop + + } + } + *v = uv + return nil +} + +func awsAwsjson10_deserializeDocumentOpenIdConnectTokenSelectionItem(v *types.OpenIdConnectTokenSelectionItem, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var uv types.OpenIdConnectTokenSelectionItem +loop: + for key, value := range shape { + if value == nil { + continue + } + switch key { + case "accessTokenOnly": + var mv types.OpenIdConnectAccessTokenConfigurationItem + destAddr := &mv + if err := awsAwsjson10_deserializeDocumentOpenIdConnectAccessTokenConfigurationItem(&destAddr, value); err != nil { + return err + } + mv = *destAddr + uv = &types.OpenIdConnectTokenSelectionItemMemberAccessTokenOnly{Value: mv} + break loop + + case "identityTokenOnly": + var mv types.OpenIdConnectIdentityTokenConfigurationItem + destAddr := &mv + if err := awsAwsjson10_deserializeDocumentOpenIdConnectIdentityTokenConfigurationItem(&destAddr, value); err != nil { + return err + } + mv = *destAddr + uv = &types.OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly{Value: mv} + break loop + + default: + uv = &types.UnknownUnionMember{Tag: key} + break loop + + } + } + *v = uv + return nil +} + func awsAwsjson10_deserializeDocumentPolicyDefinitionDetail(v *types.PolicyDefinitionDetail, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/service/verifiedpermissions/serializers.go b/service/verifiedpermissions/serializers.go index 21259b90922..3ed95c154db 100644 --- a/service/verifiedpermissions/serializers.go +++ b/service/verifiedpermissions/serializers.go @@ -1503,6 +1503,17 @@ func awsAwsjson10_serializeDocumentAttributeValue(v types.AttributeValue, value return nil } +func awsAwsjson10_serializeDocumentAudiences(v []string, value smithyjson.Value) error { + array := value.Array() + defer array.Close() + + for i := range v { + av := array.Value() + av.String(v[i]) + } + return nil +} + func awsAwsjson10_serializeDocumentBatchIsAuthorizedInputItem(v *types.BatchIsAuthorizedInputItem, value smithyjson.Value) error { object := value.Object() defer object.Close() @@ -1652,6 +1663,12 @@ func awsAwsjson10_serializeDocumentConfiguration(v types.Configuration, value sm return err } + case *types.ConfigurationMemberOpenIdConnectConfiguration: + av := object.Key("openIdConnectConfiguration") + if err := awsAwsjson10_serializeDocumentOpenIdConnectConfiguration(&uv.Value, av); err != nil { + return err + } + default: return fmt.Errorf("attempted to serialize unknown member type %T for union %T", uv, v) @@ -1832,6 +1849,116 @@ func awsAwsjson10_serializeDocumentIdentitySourceFilters(v []types.IdentitySourc return nil } +func awsAwsjson10_serializeDocumentOpenIdConnectAccessTokenConfiguration(v *types.OpenIdConnectAccessTokenConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.Audiences != nil { + ok := object.Key("audiences") + if err := awsAwsjson10_serializeDocumentAudiences(v.Audiences, ok); err != nil { + return err + } + } + + if v.PrincipalIdClaim != nil { + ok := object.Key("principalIdClaim") + ok.String(*v.PrincipalIdClaim) + } + + return nil +} + +func awsAwsjson10_serializeDocumentOpenIdConnectConfiguration(v *types.OpenIdConnectConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.EntityIdPrefix != nil { + ok := object.Key("entityIdPrefix") + ok.String(*v.EntityIdPrefix) + } + + if v.GroupConfiguration != nil { + ok := object.Key("groupConfiguration") + if err := awsAwsjson10_serializeDocumentOpenIdConnectGroupConfiguration(v.GroupConfiguration, ok); err != nil { + return err + } + } + + if v.Issuer != nil { + ok := object.Key("issuer") + ok.String(*v.Issuer) + } + + if v.TokenSelection != nil { + ok := object.Key("tokenSelection") + if err := awsAwsjson10_serializeDocumentOpenIdConnectTokenSelection(v.TokenSelection, ok); err != nil { + return err + } + } + + return nil +} + +func awsAwsjson10_serializeDocumentOpenIdConnectGroupConfiguration(v *types.OpenIdConnectGroupConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.GroupClaim != nil { + ok := object.Key("groupClaim") + ok.String(*v.GroupClaim) + } + + if v.GroupEntityType != nil { + ok := object.Key("groupEntityType") + ok.String(*v.GroupEntityType) + } + + return nil +} + +func awsAwsjson10_serializeDocumentOpenIdConnectIdentityTokenConfiguration(v *types.OpenIdConnectIdentityTokenConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.ClientIds != nil { + ok := object.Key("clientIds") + if err := awsAwsjson10_serializeDocumentClientIds(v.ClientIds, ok); err != nil { + return err + } + } + + if v.PrincipalIdClaim != nil { + ok := object.Key("principalIdClaim") + ok.String(*v.PrincipalIdClaim) + } + + return nil +} + +func awsAwsjson10_serializeDocumentOpenIdConnectTokenSelection(v types.OpenIdConnectTokenSelection, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + switch uv := v.(type) { + case *types.OpenIdConnectTokenSelectionMemberAccessTokenOnly: + av := object.Key("accessTokenOnly") + if err := awsAwsjson10_serializeDocumentOpenIdConnectAccessTokenConfiguration(&uv.Value, av); err != nil { + return err + } + + case *types.OpenIdConnectTokenSelectionMemberIdentityTokenOnly: + av := object.Key("identityTokenOnly") + if err := awsAwsjson10_serializeDocumentOpenIdConnectIdentityTokenConfiguration(&uv.Value, av); err != nil { + return err + } + + default: + return fmt.Errorf("attempted to serialize unknown member type %T for union %T", uv, v) + + } + return nil +} + func awsAwsjson10_serializeDocumentParentList(v []types.EntityIdentifier, value smithyjson.Value) error { array := value.Array() defer array.Close() @@ -2040,6 +2167,122 @@ func awsAwsjson10_serializeDocumentUpdateConfiguration(v types.UpdateConfigurati return err } + case *types.UpdateConfigurationMemberOpenIdConnectConfiguration: + av := object.Key("openIdConnectConfiguration") + if err := awsAwsjson10_serializeDocumentUpdateOpenIdConnectConfiguration(&uv.Value, av); err != nil { + return err + } + + default: + return fmt.Errorf("attempted to serialize unknown member type %T for union %T", uv, v) + + } + return nil +} + +func awsAwsjson10_serializeDocumentUpdateOpenIdConnectAccessTokenConfiguration(v *types.UpdateOpenIdConnectAccessTokenConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.Audiences != nil { + ok := object.Key("audiences") + if err := awsAwsjson10_serializeDocumentAudiences(v.Audiences, ok); err != nil { + return err + } + } + + if v.PrincipalIdClaim != nil { + ok := object.Key("principalIdClaim") + ok.String(*v.PrincipalIdClaim) + } + + return nil +} + +func awsAwsjson10_serializeDocumentUpdateOpenIdConnectConfiguration(v *types.UpdateOpenIdConnectConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.EntityIdPrefix != nil { + ok := object.Key("entityIdPrefix") + ok.String(*v.EntityIdPrefix) + } + + if v.GroupConfiguration != nil { + ok := object.Key("groupConfiguration") + if err := awsAwsjson10_serializeDocumentUpdateOpenIdConnectGroupConfiguration(v.GroupConfiguration, ok); err != nil { + return err + } + } + + if v.Issuer != nil { + ok := object.Key("issuer") + ok.String(*v.Issuer) + } + + if v.TokenSelection != nil { + ok := object.Key("tokenSelection") + if err := awsAwsjson10_serializeDocumentUpdateOpenIdConnectTokenSelection(v.TokenSelection, ok); err != nil { + return err + } + } + + return nil +} + +func awsAwsjson10_serializeDocumentUpdateOpenIdConnectGroupConfiguration(v *types.UpdateOpenIdConnectGroupConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.GroupClaim != nil { + ok := object.Key("groupClaim") + ok.String(*v.GroupClaim) + } + + if v.GroupEntityType != nil { + ok := object.Key("groupEntityType") + ok.String(*v.GroupEntityType) + } + + return nil +} + +func awsAwsjson10_serializeDocumentUpdateOpenIdConnectIdentityTokenConfiguration(v *types.UpdateOpenIdConnectIdentityTokenConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.ClientIds != nil { + ok := object.Key("clientIds") + if err := awsAwsjson10_serializeDocumentClientIds(v.ClientIds, ok); err != nil { + return err + } + } + + if v.PrincipalIdClaim != nil { + ok := object.Key("principalIdClaim") + ok.String(*v.PrincipalIdClaim) + } + + return nil +} + +func awsAwsjson10_serializeDocumentUpdateOpenIdConnectTokenSelection(v types.UpdateOpenIdConnectTokenSelection, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + switch uv := v.(type) { + case *types.UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly: + av := object.Key("accessTokenOnly") + if err := awsAwsjson10_serializeDocumentUpdateOpenIdConnectAccessTokenConfiguration(&uv.Value, av); err != nil { + return err + } + + case *types.UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly: + av := object.Key("identityTokenOnly") + if err := awsAwsjson10_serializeDocumentUpdateOpenIdConnectIdentityTokenConfiguration(&uv.Value, av); err != nil { + return err + } + default: return fmt.Errorf("attempted to serialize unknown member type %T for union %T", uv, v) diff --git a/service/verifiedpermissions/types/types.go b/service/verifiedpermissions/types/types.go index b7d08791895..ccd389b1f53 100644 --- a/service/verifiedpermissions/types/types.go +++ b/service/verifiedpermissions/types/types.go @@ -297,8 +297,7 @@ type CognitoGroupConfigurationItem struct { // The configuration for an identity source that represents a connection to an // Amazon Cognito user pool used as an identity provider for Verified Permissions. // -// This data type is used as a field that is part of an [Configuration] structure that is used as -// a parameter to [CreateIdentitySource]. +// This data type part of a [Configuration] structure that is used as a parameter to [CreateIdentitySource]. // // Example: // "CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": @@ -435,16 +434,12 @@ type CognitoUserPoolConfigurationItem struct { // Contains configuration information used when creating a new identity source. // -// At this time, the only valid member of this structure is a Amazon Cognito user -// pool configuration. -// -// Specifies a userPoolArn , a groupConfiguration , and a ClientId . -// // This data type is used as a request parameter for the [CreateIdentitySource] operation. // // The following types satisfy this interface: // // ConfigurationMemberCognitoUserPoolConfiguration +// ConfigurationMemberOpenIdConnectConfiguration // // [CreateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html type Configuration interface { @@ -470,6 +465,21 @@ type ConfigurationMemberCognitoUserPoolConfiguration struct { func (*ConfigurationMemberCognitoUserPoolConfiguration) isConfiguration() {} +// Contains configuration details of an OpenID Connect (OIDC) identity provider, +// or identity source, that Verified Permissions can use to generate entities from +// authenticated identities. It specifies the issuer URL, token type that you want +// to use, and policy store entity details. +// +// Example: +// "configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}} +type ConfigurationMemberOpenIdConnectConfiguration struct { + Value OpenIdConnectConfiguration + + noSmithyDocumentSerde +} + +func (*ConfigurationMemberOpenIdConnectConfiguration) isConfiguration() {} + // Contains configuration information about an identity source. // // This data type is a response parameter to the [GetIdentitySource] operation. @@ -477,6 +487,7 @@ func (*ConfigurationMemberCognitoUserPoolConfiguration) isConfiguration() {} // The following types satisfy this interface: // // ConfigurationDetailMemberCognitoUserPoolConfiguration +// ConfigurationDetailMemberOpenIdConnectConfiguration // // [GetIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html type ConfigurationDetail interface { @@ -502,6 +513,21 @@ type ConfigurationDetailMemberCognitoUserPoolConfiguration struct { func (*ConfigurationDetailMemberCognitoUserPoolConfiguration) isConfigurationDetail() {} +// Contains configuration details of an OpenID Connect (OIDC) identity provider, +// or identity source, that Verified Permissions can use to generate entities from +// authenticated identities. It specifies the issuer URL, token type that you want +// to use, and policy store entity details. +// +// Example: +// "configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}} +type ConfigurationDetailMemberOpenIdConnectConfiguration struct { + Value OpenIdConnectConfigurationDetail + + noSmithyDocumentSerde +} + +func (*ConfigurationDetailMemberOpenIdConnectConfiguration) isConfigurationDetail() {} + // Contains configuration information about an identity source. // // This data type is a response parameter to the [ListIdentitySources] operation. @@ -509,6 +535,7 @@ func (*ConfigurationDetailMemberCognitoUserPoolConfiguration) isConfigurationDet // The following types satisfy this interface: // // ConfigurationItemMemberCognitoUserPoolConfiguration +// ConfigurationItemMemberOpenIdConnectConfiguration // // [ListIdentitySources]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html type ConfigurationItem interface { @@ -534,6 +561,21 @@ type ConfigurationItemMemberCognitoUserPoolConfiguration struct { func (*ConfigurationItemMemberCognitoUserPoolConfiguration) isConfigurationItem() {} +// Contains configuration details of an OpenID Connect (OIDC) identity provider, +// or identity source, that Verified Permissions can use to generate entities from +// authenticated identities. It specifies the issuer URL, token type that you want +// to use, and policy store entity details. +// +// Example: +// "configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}} +type ConfigurationItemMemberOpenIdConnectConfiguration struct { + Value OpenIdConnectConfigurationItem + + noSmithyDocumentSerde +} + +func (*ConfigurationItemMemberOpenIdConnectConfiguration) isConfigurationItem() {} + // Contains additional details about the context of the request. Verified // Permissions evaluates this information in an authorization request as part of // the when and unless clauses in a policy. @@ -667,7 +709,14 @@ type EntityItem struct { // A list of attributes for the entity. Attributes map[string]AttributeValue - // The parents in the hierarchy that contains the entity. + // The parent entities in the hierarchy that contains the entity. A principal or + // resource entity can be defined with at most 99 transitive parents per + // authorization request. + // + // A transitive parent is an entity in the hierarchy of entities including all + // direct parents, and parents of parents. For example, a user can be a member of + // 91 groups if one of those groups is a member of eight groups, for a total of + // 100: one entity, 91 entity parents, and eight parents of parents. Parents []EntityIdentifier noSmithyDocumentSerde @@ -878,6 +927,446 @@ type IdentitySourceItemDetails struct { noSmithyDocumentSerde } +// The configuration of an OpenID Connect (OIDC) identity source for handling +// access token claims. Contains the claim that you want to identify as the +// principal in an authorization request, and the values of the aud claim, or +// audiences, that you want to accept. +// +// This data type is part of a [OpenIdConnectTokenSelection] structure, which is a parameter of [CreateIdentitySource]. +// +// [OpenIdConnectTokenSelection]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html +// [CreateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html +type OpenIdConnectAccessTokenConfiguration struct { + + // The access token aud claim values that you want to accept in your policy store. + // For example, https://myapp.example.com, https://myapp2.example.com . + Audiences []string + + // The claim that determines the principal in OIDC access tokens. For example, sub . + PrincipalIdClaim *string + + noSmithyDocumentSerde +} + +// The configuration of an OpenID Connect (OIDC) identity source for handling +// access token claims. Contains the claim that you want to identify as the +// principal in an authorization request, and the values of the aud claim, or +// audiences, that you want to accept. +// +// This data type is part of a [OpenIdConnectTokenSelectionDetail] structure, which is a parameter of [GetIdentitySource]. +// +// [OpenIdConnectTokenSelectionDetail]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html +// [GetIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html +type OpenIdConnectAccessTokenConfigurationDetail struct { + + // The access token aud claim values that you want to accept in your policy store. + // For example, https://myapp.example.com, https://myapp2.example.com . + Audiences []string + + // The claim that determines the principal in OIDC access tokens. For example, sub . + PrincipalIdClaim *string + + noSmithyDocumentSerde +} + +// The configuration of an OpenID Connect (OIDC) identity source for handling +// access token claims. Contains the claim that you want to identify as the +// principal in an authorization request, and the values of the aud claim, or +// audiences, that you want to accept. +// +// This data type is part of a [OpenIdConnectTokenSelectionItem] structure, which is a parameter of [ListIdentitySources]. +// +// [OpenIdConnectTokenSelectionItem]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html +// [ListIdentitySources]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html +type OpenIdConnectAccessTokenConfigurationItem struct { + + // The access token aud claim values that you want to accept in your policy store. + // For example, https://myapp.example.com, https://myapp2.example.com . + Audiences []string + + // The claim that determines the principal in OIDC access tokens. For example, sub . + PrincipalIdClaim *string + + noSmithyDocumentSerde +} + +// Contains configuration details of an OpenID Connect (OIDC) identity provider, +// or identity source, that Verified Permissions can use to generate entities from +// authenticated identities. It specifies the issuer URL, token type that you want +// to use, and policy store entity details. +// +// This data type is part of a [Configuration] structure, which is a parameter to [CreateIdentitySource]. +// +// [Configuration]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html +// [CreateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html +type OpenIdConnectConfiguration struct { + + // The issuer URL of an OIDC identity provider. This URL must have an OIDC + // discovery endpoint at the path .well-known/openid-configuration . + // + // This member is required. + Issuer *string + + // The token type that you want to process from your OIDC identity provider. Your + // policy store can process either identity (ID) or access tokens from a given OIDC + // identity source. + // + // This member is required. + TokenSelection OpenIdConnectTokenSelection + + // A descriptive string that you want to prefix to user entities from your OIDC + // identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider , + // you can reference principals in your policies in the format + // MyCorp::User::MyOIDCProvider|Carlos . + EntityIdPrefix *string + + // The claim in OIDC identity provider tokens that indicates a user's group + // membership, and the entity type that you want to map it to. For example, this + // object can map the contents of a groups claim to MyCorp::UserGroup . + GroupConfiguration *OpenIdConnectGroupConfiguration + + noSmithyDocumentSerde +} + +// Contains configuration details of an OpenID Connect (OIDC) identity provider, +// or identity source, that Verified Permissions can use to generate entities from +// authenticated identities. It specifies the issuer URL, token type that you want +// to use, and policy store entity details. +// +// This data type is part of a [ConfigurationDetail] structure, which is a parameter to [GetIdentitySource]. +// +// [GetIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html +// [ConfigurationDetail]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html +type OpenIdConnectConfigurationDetail struct { + + // The issuer URL of an OIDC identity provider. This URL must have an OIDC + // discovery endpoint at the path .well-known/openid-configuration . + // + // This member is required. + Issuer *string + + // The token type that you want to process from your OIDC identity provider. Your + // policy store can process either identity (ID) or access tokens from a given OIDC + // identity source. + // + // This member is required. + TokenSelection OpenIdConnectTokenSelectionDetail + + // A descriptive string that you want to prefix to user entities from your OIDC + // identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider , + // you can reference principals in your policies in the format + // MyCorp::User::MyOIDCProvider|Carlos . + EntityIdPrefix *string + + // The claim in OIDC identity provider tokens that indicates a user's group + // membership, and the entity type that you want to map it to. For example, this + // object can map the contents of a groups claim to MyCorp::UserGroup . + GroupConfiguration *OpenIdConnectGroupConfigurationDetail + + noSmithyDocumentSerde +} + +// Contains configuration details of an OpenID Connect (OIDC) identity provider, +// or identity source, that Verified Permissions can use to generate entities from +// authenticated identities. It specifies the issuer URL, token type that you want +// to use, and policy store entity details. +// +// This data type is part of a [ConfigurationItem] structure, which is a parameter to [ListIdentitySources]. +// +// [ConfigurationItem]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html +// [ListIdentitySources]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html +type OpenIdConnectConfigurationItem struct { + + // The issuer URL of an OIDC identity provider. This URL must have an OIDC + // discovery endpoint at the path .well-known/openid-configuration . + // + // This member is required. + Issuer *string + + // The token type that you want to process from your OIDC identity provider. Your + // policy store can process either identity (ID) or access tokens from a given OIDC + // identity source. + // + // This member is required. + TokenSelection OpenIdConnectTokenSelectionItem + + // A descriptive string that you want to prefix to user entities from your OIDC + // identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider , + // you can reference principals in your policies in the format + // MyCorp::User::MyOIDCProvider|Carlos . + EntityIdPrefix *string + + // The claim in OIDC identity provider tokens that indicates a user's group + // membership, and the entity type that you want to map it to. For example, this + // object can map the contents of a groups claim to MyCorp::UserGroup . + GroupConfiguration *OpenIdConnectGroupConfigurationItem + + noSmithyDocumentSerde +} + +// The claim in OIDC identity provider tokens that indicates a user's group +// membership, and the entity type that you want to map it to. For example, this +// object can map the contents of a groups claim to MyCorp::UserGroup . +// +// This data type is part of a [OpenIdConnectConfiguration] structure, which is a parameter of [CreateIdentitySource]. +// +// [OpenIdConnectConfiguration]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html +// [CreateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html +type OpenIdConnectGroupConfiguration struct { + + // The token claim that you want Verified Permissions to interpret as group + // membership. For example, groups . + // + // This member is required. + GroupClaim *string + + // The policy store entity type that you want to map your users' group claim to. + // For example, MyCorp::UserGroup . A group entity type is an entity that can have + // a user entity type as a member. + // + // This member is required. + GroupEntityType *string + + noSmithyDocumentSerde +} + +// The claim in OIDC identity provider tokens that indicates a user's group +// membership, and the entity type that you want to map it to. For example, this +// object can map the contents of a groups claim to MyCorp::UserGroup . +// +// This data type is part of a [OpenIdConnectConfigurationDetail] structure, which is a parameter of [GetIdentitySource]. +// +// [GetIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html +// [OpenIdConnectConfigurationDetail]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationDetail.html +type OpenIdConnectGroupConfigurationDetail struct { + + // The token claim that you want Verified Permissions to interpret as group + // membership. For example, groups . + // + // This member is required. + GroupClaim *string + + // The policy store entity type that you want to map your users' group claim to. + // For example, MyCorp::UserGroup . A group entity type is an entity that can have + // a user entity type as a member. + // + // This member is required. + GroupEntityType *string + + noSmithyDocumentSerde +} + +// The claim in OIDC identity provider tokens that indicates a user's group +// membership, and the entity type that you want to map it to. For example, this +// object can map the contents of a groups claim to MyCorp::UserGroup . +// +// This data type is part of a [OpenIdConnectConfigurationItem] structure, which is a parameter of [ListIdentitySourcea]. +// +// [ListIdentitySourcea]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html +// [OpenIdConnectConfigurationItem]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationItem.html +type OpenIdConnectGroupConfigurationItem struct { + + // The token claim that you want Verified Permissions to interpret as group + // membership. For example, groups . + // + // This member is required. + GroupClaim *string + + // The policy store entity type that you want to map your users' group claim to. + // For example, MyCorp::UserGroup . A group entity type is an entity that can have + // a user entity type as a member. + // + // This member is required. + GroupEntityType *string + + noSmithyDocumentSerde +} + +// The configuration of an OpenID Connect (OIDC) identity source for handling +// identity (ID) token claims. Contains the claim that you want to identify as the +// principal in an authorization request, and the values of the aud claim, or +// audiences, that you want to accept. +// +// This data type is part of a [OpenIdConnectTokenSelection] structure, which is a parameter of [CreateIdentitySource]. +// +// [OpenIdConnectTokenSelection]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html +// [CreateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html +type OpenIdConnectIdentityTokenConfiguration struct { + + // The ID token audience, or client ID, claim values that you want to accept in + // your policy store from an OIDC identity provider. For example, + // 1example23456789, 2example10111213 . + ClientIds []string + + // The claim that determines the principal in OIDC access tokens. For example, sub . + PrincipalIdClaim *string + + noSmithyDocumentSerde +} + +// The configuration of an OpenID Connect (OIDC) identity source for handling +// identity (ID) token claims. Contains the claim that you want to identify as the +// principal in an authorization request, and the values of the aud claim, or +// audiences, that you want to accept. +// +// This data type is part of a [OpenIdConnectTokenSelectionDetail] structure, which is a parameter of [GetIdentitySource]. +// +// [OpenIdConnectTokenSelectionDetail]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html +// [GetIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html +type OpenIdConnectIdentityTokenConfigurationDetail struct { + + // The ID token audience, or client ID, claim values that you want to accept in + // your policy store from an OIDC identity provider. For example, + // 1example23456789, 2example10111213 . + ClientIds []string + + // The claim that determines the principal in OIDC access tokens. For example, sub . + PrincipalIdClaim *string + + noSmithyDocumentSerde +} + +// The configuration of an OpenID Connect (OIDC) identity source for handling +// identity (ID) token claims. Contains the claim that you want to identify as the +// principal in an authorization request, and the values of the aud claim, or +// audiences, that you want to accept. +// +// This data type is part of a [OpenIdConnectTokenSelectionItem] structure, which is a parameter of [ListIdentitySources]. +// +// [OpenIdConnectTokenSelectionItem]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html +// [ListIdentitySources]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html +type OpenIdConnectIdentityTokenConfigurationItem struct { + + // The ID token audience, or client ID, claim values that you want to accept in + // your policy store from an OIDC identity provider. For example, + // 1example23456789, 2example10111213 . + ClientIds []string + + // The claim that determines the principal in OIDC access tokens. For example, sub . + PrincipalIdClaim *string + + noSmithyDocumentSerde +} + +// The token type that you want to process from your OIDC identity provider. Your +// policy store can process either identity (ID) or access tokens from a given OIDC +// identity source. +// +// This data type is part of a [OpenIdConnectConfiguration] structure, which is a parameter of [CreateIdentitySource]. +// +// The following types satisfy this interface: +// +// OpenIdConnectTokenSelectionMemberAccessTokenOnly +// OpenIdConnectTokenSelectionMemberIdentityTokenOnly +// +// [OpenIdConnectConfiguration]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html +// [CreateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html +type OpenIdConnectTokenSelection interface { + isOpenIdConnectTokenSelection() +} + +// The OIDC configuration for processing access tokens. Contains allowed audience +// claims, for example https://auth.example.com , and the claim that you want to +// map to the principal, for example sub . +type OpenIdConnectTokenSelectionMemberAccessTokenOnly struct { + Value OpenIdConnectAccessTokenConfiguration + + noSmithyDocumentSerde +} + +func (*OpenIdConnectTokenSelectionMemberAccessTokenOnly) isOpenIdConnectTokenSelection() {} + +// The OIDC configuration for processing identity (ID) tokens. Contains allowed +// client ID claims, for example 1example23456789 , and the claim that you want to +// map to the principal, for example sub . +type OpenIdConnectTokenSelectionMemberIdentityTokenOnly struct { + Value OpenIdConnectIdentityTokenConfiguration + + noSmithyDocumentSerde +} + +func (*OpenIdConnectTokenSelectionMemberIdentityTokenOnly) isOpenIdConnectTokenSelection() {} + +// The token type that you want to process from your OIDC identity provider. Your +// policy store can process either identity (ID) or access tokens from a given OIDC +// identity source. +// +// This data type is part of a [OpenIdConnectConfigurationDetail] structure, which is a parameter of [GetIdentitySource]. +// +// The following types satisfy this interface: +// +// OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly +// OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly +// +// [GetIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html +// [OpenIdConnectConfigurationDetail]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationDetail.html +type OpenIdConnectTokenSelectionDetail interface { + isOpenIdConnectTokenSelectionDetail() +} + +// The OIDC configuration for processing access tokens. Contains allowed audience +// claims, for example https://auth.example.com , and the claim that you want to +// map to the principal, for example sub . +type OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly struct { + Value OpenIdConnectAccessTokenConfigurationDetail + + noSmithyDocumentSerde +} + +func (*OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly) isOpenIdConnectTokenSelectionDetail() { +} + +// The OIDC configuration for processing identity (ID) tokens. Contains allowed +// client ID claims, for example 1example23456789 , and the claim that you want to +// map to the principal, for example sub . +type OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly struct { + Value OpenIdConnectIdentityTokenConfigurationDetail + + noSmithyDocumentSerde +} + +func (*OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly) isOpenIdConnectTokenSelectionDetail() { +} + +// The token type that you want to process from your OIDC identity provider. Your +// policy store can process either identity (ID) or access tokens from a given OIDC +// identity source. +// +// This data type is part of a [OpenIdConnectConfigurationItem] structure, which is a parameter of [ListIdentitySources]. +// +// The following types satisfy this interface: +// +// OpenIdConnectTokenSelectionItemMemberAccessTokenOnly +// OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly +// +// [OpenIdConnectConfigurationItem]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationItem.html +// [ListIdentitySources]: http://amazonaws.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html +type OpenIdConnectTokenSelectionItem interface { + isOpenIdConnectTokenSelectionItem() +} + +// The OIDC configuration for processing access tokens. Contains allowed audience +// claims, for example https://auth.example.com , and the claim that you want to +// map to the principal, for example sub . +type OpenIdConnectTokenSelectionItemMemberAccessTokenOnly struct { + Value OpenIdConnectAccessTokenConfigurationItem + + noSmithyDocumentSerde +} + +func (*OpenIdConnectTokenSelectionItemMemberAccessTokenOnly) isOpenIdConnectTokenSelectionItem() {} + +// The OIDC configuration for processing identity (ID) tokens. Contains allowed +// client ID claims, for example 1example23456789 , and the claim that you want to +// map to the principal, for example sub . +type OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly struct { + Value OpenIdConnectIdentityTokenConfigurationItem + + noSmithyDocumentSerde +} + +func (*OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly) isOpenIdConnectTokenSelectionItem() {} + // A structure that contains the details for a Cedar policy definition. It // includes the policy type, a description, and a policy body. This is a top level // data type used to create a policy. @@ -1334,17 +1823,12 @@ type UpdateCognitoUserPoolConfiguration struct { noSmithyDocumentSerde } -// Contains an updated configuration to replace the configuration in an existing -// identity source. -// -// At this time, the only valid member of this structure is a Amazon Cognito user -// pool configuration. -// -// You must specify a userPoolArn , and optionally, a ClientId . +// Contains an update to replace the configuration in an existing identity source. // // The following types satisfy this interface: // // UpdateConfigurationMemberCognitoUserPoolConfiguration +// UpdateConfigurationMemberOpenIdConnectConfiguration type UpdateConfiguration interface { isUpdateConfiguration() } @@ -1358,6 +1842,166 @@ type UpdateConfigurationMemberCognitoUserPoolConfiguration struct { func (*UpdateConfigurationMemberCognitoUserPoolConfiguration) isUpdateConfiguration() {} +// Contains configuration details of an OpenID Connect (OIDC) identity provider, +// or identity source, that Verified Permissions can use to generate entities from +// authenticated identities. It specifies the issuer URL, token type that you want +// to use, and policy store entity details. +type UpdateConfigurationMemberOpenIdConnectConfiguration struct { + Value UpdateOpenIdConnectConfiguration + + noSmithyDocumentSerde +} + +func (*UpdateConfigurationMemberOpenIdConnectConfiguration) isUpdateConfiguration() {} + +// The configuration of an OpenID Connect (OIDC) identity source for handling +// access token claims. Contains the claim that you want to identify as the +// principal in an authorization request, and the values of the aud claim, or +// audiences, that you want to accept. +// +// This data type is part of a [UpdateOpenIdConnectTokenSelection] structure, which is a parameter to [UpdateIdentitySource]. +// +// [UpdateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html +// [UpdateOpenIdConnectTokenSelection]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectTokenSelection.html +type UpdateOpenIdConnectAccessTokenConfiguration struct { + + // The access token aud claim values that you want to accept in your policy store. + // For example, https://myapp.example.com, https://myapp2.example.com . + Audiences []string + + // The claim that determines the principal in OIDC access tokens. For example, sub . + PrincipalIdClaim *string + + noSmithyDocumentSerde +} + +// Contains configuration details of an OpenID Connect (OIDC) identity provider, +// or identity source, that Verified Permissions can use to generate entities from +// authenticated identities. It specifies the issuer URL, token type that you want +// to use, and policy store entity details. +// +// This data type is part of a [UpdateConfiguration] structure, which is a parameter to [UpdateIdentitySource]. +// +// [UpdateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html +// [UpdateConfiguration]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateConfiguration.html +type UpdateOpenIdConnectConfiguration struct { + + // The issuer URL of an OIDC identity provider. This URL must have an OIDC + // discovery endpoint at the path .well-known/openid-configuration . + // + // This member is required. + Issuer *string + + // The token type that you want to process from your OIDC identity provider. Your + // policy store can process either identity (ID) or access tokens from a given OIDC + // identity source. + // + // This member is required. + TokenSelection UpdateOpenIdConnectTokenSelection + + // A descriptive string that you want to prefix to user entities from your OIDC + // identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider , + // you can reference principals in your policies in the format + // MyCorp::User::MyOIDCProvider|Carlos . + EntityIdPrefix *string + + // The claim in OIDC identity provider tokens that indicates a user's group + // membership, and the entity type that you want to map it to. For example, this + // object can map the contents of a groups claim to MyCorp::UserGroup . + GroupConfiguration *UpdateOpenIdConnectGroupConfiguration + + noSmithyDocumentSerde +} + +// The claim in OIDC identity provider tokens that indicates a user's group +// membership, and the entity type that you want to map it to. For example, this +// object can map the contents of a groups claim to MyCorp::UserGroup . +// +// This data type is part of a [UpdateOpenIdConnectConfiguration] structure, which is a parameter to [UpdateIdentitySource]. +// +// [UpdateOpenIdConnectConfiguration]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectConfiguration.html +// [UpdateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html +type UpdateOpenIdConnectGroupConfiguration struct { + + // The token claim that you want Verified Permissions to interpret as group + // membership. For example, groups . + // + // This member is required. + GroupClaim *string + + // The policy store entity type that you want to map your users' group claim to. + // For example, MyCorp::UserGroup . A group entity type is an entity that can have + // a user entity type as a member. + // + // This member is required. + GroupEntityType *string + + noSmithyDocumentSerde +} + +// The configuration of an OpenID Connect (OIDC) identity source for handling +// identity (ID) token claims. Contains the claim that you want to identify as the +// principal in an authorization request, and the values of the aud claim, or +// audiences, that you want to accept. +// +// This data type is part of a [UpdateOpenIdConnectTokenSelection] structure, which is a parameter to [UpdateIdentitySource]. +// +// [UpdateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html +// [UpdateOpenIdConnectTokenSelection]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectTokenSelection.html +type UpdateOpenIdConnectIdentityTokenConfiguration struct { + + // The ID token audience, or client ID, claim values that you want to accept in + // your policy store from an OIDC identity provider. For example, + // 1example23456789, 2example10111213 . + ClientIds []string + + // The claim that determines the principal in OIDC access tokens. For example, sub . + PrincipalIdClaim *string + + noSmithyDocumentSerde +} + +// The token type that you want to process from your OIDC identity provider. Your +// policy store can process either identity (ID) or access tokens from a given OIDC +// identity source. +// +// This data type is part of a [UpdateOpenIdConnectConfiguration] structure, which is a parameter to [UpdateIdentitySource]. +// +// The following types satisfy this interface: +// +// UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly +// UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly +// +// [UpdateOpenIdConnectConfiguration]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectConfiguration.html +// [UpdateIdentitySource]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html +type UpdateOpenIdConnectTokenSelection interface { + isUpdateOpenIdConnectTokenSelection() +} + +// The OIDC configuration for processing access tokens. Contains allowed audience +// claims, for example https://auth.example.com , and the claim that you want to +// map to the principal, for example sub . +type UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly struct { + Value UpdateOpenIdConnectAccessTokenConfiguration + + noSmithyDocumentSerde +} + +func (*UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly) isUpdateOpenIdConnectTokenSelection() { +} + +// The OIDC configuration for processing identity (ID) tokens. Contains allowed +// client ID claims, for example 1example23456789 , and the claim that you want to +// map to the principal, for example sub . +type UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly struct { + Value UpdateOpenIdConnectIdentityTokenConfiguration + + noSmithyDocumentSerde +} + +func (*UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly) isUpdateOpenIdConnectTokenSelection() { +} + // Contains information about updates to be applied to a policy. // // This data type is used as a request parameter in the [UpdatePolicy] operation. @@ -1474,16 +2118,20 @@ type UnknownUnionMember struct { noSmithyDocumentSerde } -func (*UnknownUnionMember) isAttributeValue() {} -func (*UnknownUnionMember) isConfiguration() {} -func (*UnknownUnionMember) isConfigurationDetail() {} -func (*UnknownUnionMember) isConfigurationItem() {} -func (*UnknownUnionMember) isContextDefinition() {} -func (*UnknownUnionMember) isEntitiesDefinition() {} -func (*UnknownUnionMember) isEntityReference() {} -func (*UnknownUnionMember) isPolicyDefinition() {} -func (*UnknownUnionMember) isPolicyDefinitionDetail() {} -func (*UnknownUnionMember) isPolicyDefinitionItem() {} -func (*UnknownUnionMember) isSchemaDefinition() {} -func (*UnknownUnionMember) isUpdateConfiguration() {} -func (*UnknownUnionMember) isUpdatePolicyDefinition() {} +func (*UnknownUnionMember) isAttributeValue() {} +func (*UnknownUnionMember) isConfiguration() {} +func (*UnknownUnionMember) isConfigurationDetail() {} +func (*UnknownUnionMember) isConfigurationItem() {} +func (*UnknownUnionMember) isContextDefinition() {} +func (*UnknownUnionMember) isEntitiesDefinition() {} +func (*UnknownUnionMember) isEntityReference() {} +func (*UnknownUnionMember) isOpenIdConnectTokenSelection() {} +func (*UnknownUnionMember) isOpenIdConnectTokenSelectionDetail() {} +func (*UnknownUnionMember) isOpenIdConnectTokenSelectionItem() {} +func (*UnknownUnionMember) isPolicyDefinition() {} +func (*UnknownUnionMember) isPolicyDefinitionDetail() {} +func (*UnknownUnionMember) isPolicyDefinitionItem() {} +func (*UnknownUnionMember) isSchemaDefinition() {} +func (*UnknownUnionMember) isUpdateConfiguration() {} +func (*UnknownUnionMember) isUpdateOpenIdConnectTokenSelection() {} +func (*UnknownUnionMember) isUpdatePolicyDefinition() {} diff --git a/service/verifiedpermissions/types/types_exported_test.go b/service/verifiedpermissions/types/types_exported_test.go index b906f6b904c..e8fae6e2f37 100644 --- a/service/verifiedpermissions/types/types_exported_test.go +++ b/service/verifiedpermissions/types/types_exported_test.go @@ -52,6 +52,9 @@ func ExampleConfiguration_outputUsage() { case *types.ConfigurationMemberCognitoUserPoolConfiguration: _ = v.Value // Value is types.CognitoUserPoolConfiguration + case *types.ConfigurationMemberOpenIdConnectConfiguration: + _ = v.Value // Value is types.OpenIdConnectConfiguration + case *types.UnknownUnionMember: fmt.Println("unknown tag:", v.Tag) @@ -62,6 +65,7 @@ func ExampleConfiguration_outputUsage() { } var _ *types.CognitoUserPoolConfiguration +var _ *types.OpenIdConnectConfiguration func ExampleConfigurationDetail_outputUsage() { var union types.ConfigurationDetail @@ -70,6 +74,9 @@ func ExampleConfigurationDetail_outputUsage() { case *types.ConfigurationDetailMemberCognitoUserPoolConfiguration: _ = v.Value // Value is types.CognitoUserPoolConfigurationDetail + case *types.ConfigurationDetailMemberOpenIdConnectConfiguration: + _ = v.Value // Value is types.OpenIdConnectConfigurationDetail + case *types.UnknownUnionMember: fmt.Println("unknown tag:", v.Tag) @@ -80,6 +87,7 @@ func ExampleConfigurationDetail_outputUsage() { } var _ *types.CognitoUserPoolConfigurationDetail +var _ *types.OpenIdConnectConfigurationDetail func ExampleConfigurationItem_outputUsage() { var union types.ConfigurationItem @@ -88,6 +96,9 @@ func ExampleConfigurationItem_outputUsage() { case *types.ConfigurationItemMemberCognitoUserPoolConfiguration: _ = v.Value // Value is types.CognitoUserPoolConfigurationItem + case *types.ConfigurationItemMemberOpenIdConnectConfiguration: + _ = v.Value // Value is types.OpenIdConnectConfigurationItem + case *types.UnknownUnionMember: fmt.Println("unknown tag:", v.Tag) @@ -97,6 +108,7 @@ func ExampleConfigurationItem_outputUsage() { } } +var _ *types.OpenIdConnectConfigurationItem var _ *types.CognitoUserPoolConfigurationItem func ExampleContextDefinition_outputUsage() { @@ -157,6 +169,72 @@ func ExampleEntityReference_outputUsage() { var _ *types.EntityIdentifier var _ *bool +func ExampleOpenIdConnectTokenSelection_outputUsage() { + var union types.OpenIdConnectTokenSelection + // type switches can be used to check the union value + switch v := union.(type) { + case *types.OpenIdConnectTokenSelectionMemberAccessTokenOnly: + _ = v.Value // Value is types.OpenIdConnectAccessTokenConfiguration + + case *types.OpenIdConnectTokenSelectionMemberIdentityTokenOnly: + _ = v.Value // Value is types.OpenIdConnectIdentityTokenConfiguration + + case *types.UnknownUnionMember: + fmt.Println("unknown tag:", v.Tag) + + default: + fmt.Println("union is nil or unknown type") + + } +} + +var _ *types.OpenIdConnectIdentityTokenConfiguration +var _ *types.OpenIdConnectAccessTokenConfiguration + +func ExampleOpenIdConnectTokenSelectionDetail_outputUsage() { + var union types.OpenIdConnectTokenSelectionDetail + // type switches can be used to check the union value + switch v := union.(type) { + case *types.OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly: + _ = v.Value // Value is types.OpenIdConnectAccessTokenConfigurationDetail + + case *types.OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly: + _ = v.Value // Value is types.OpenIdConnectIdentityTokenConfigurationDetail + + case *types.UnknownUnionMember: + fmt.Println("unknown tag:", v.Tag) + + default: + fmt.Println("union is nil or unknown type") + + } +} + +var _ *types.OpenIdConnectIdentityTokenConfigurationDetail +var _ *types.OpenIdConnectAccessTokenConfigurationDetail + +func ExampleOpenIdConnectTokenSelectionItem_outputUsage() { + var union types.OpenIdConnectTokenSelectionItem + // type switches can be used to check the union value + switch v := union.(type) { + case *types.OpenIdConnectTokenSelectionItemMemberAccessTokenOnly: + _ = v.Value // Value is types.OpenIdConnectAccessTokenConfigurationItem + + case *types.OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly: + _ = v.Value // Value is types.OpenIdConnectIdentityTokenConfigurationItem + + case *types.UnknownUnionMember: + fmt.Println("unknown tag:", v.Tag) + + default: + fmt.Println("union is nil or unknown type") + + } +} + +var _ *types.OpenIdConnectIdentityTokenConfigurationItem +var _ *types.OpenIdConnectAccessTokenConfigurationItem + func ExamplePolicyDefinition_outputUsage() { var union types.PolicyDefinition // type switches can be used to check the union value @@ -248,6 +326,9 @@ func ExampleUpdateConfiguration_outputUsage() { case *types.UpdateConfigurationMemberCognitoUserPoolConfiguration: _ = v.Value // Value is types.UpdateCognitoUserPoolConfiguration + case *types.UpdateConfigurationMemberOpenIdConnectConfiguration: + _ = v.Value // Value is types.UpdateOpenIdConnectConfiguration + case *types.UnknownUnionMember: fmt.Println("unknown tag:", v.Tag) @@ -258,6 +339,29 @@ func ExampleUpdateConfiguration_outputUsage() { } var _ *types.UpdateCognitoUserPoolConfiguration +var _ *types.UpdateOpenIdConnectConfiguration + +func ExampleUpdateOpenIdConnectTokenSelection_outputUsage() { + var union types.UpdateOpenIdConnectTokenSelection + // type switches can be used to check the union value + switch v := union.(type) { + case *types.UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly: + _ = v.Value // Value is types.UpdateOpenIdConnectAccessTokenConfiguration + + case *types.UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly: + _ = v.Value // Value is types.UpdateOpenIdConnectIdentityTokenConfiguration + + case *types.UnknownUnionMember: + fmt.Println("unknown tag:", v.Tag) + + default: + fmt.Println("union is nil or unknown type") + + } +} + +var _ *types.UpdateOpenIdConnectAccessTokenConfiguration +var _ *types.UpdateOpenIdConnectIdentityTokenConfiguration func ExampleUpdatePolicyDefinition_outputUsage() { var union types.UpdatePolicyDefinition diff --git a/service/verifiedpermissions/validators.go b/service/verifiedpermissions/validators.go index c1616e7189f..2eaa1de86f9 100644 --- a/service/verifiedpermissions/validators.go +++ b/service/verifiedpermissions/validators.go @@ -796,6 +796,11 @@ func validateConfiguration(v types.Configuration) error { invalidParams.AddNested("[cognitoUserPoolConfiguration]", err.(smithy.InvalidParamsError)) } + case *types.ConfigurationMemberOpenIdConnectConfiguration: + if err := validateOpenIdConnectConfiguration(&uv.Value); err != nil { + invalidParams.AddNested("[openIdConnectConfiguration]", err.(smithy.InvalidParamsError)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -959,6 +964,47 @@ func validateEntityReference(v types.EntityReference) error { } } +func validateOpenIdConnectConfiguration(v *types.OpenIdConnectConfiguration) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "OpenIdConnectConfiguration"} + if v.Issuer == nil { + invalidParams.Add(smithy.NewErrParamRequired("Issuer")) + } + if v.GroupConfiguration != nil { + if err := validateOpenIdConnectGroupConfiguration(v.GroupConfiguration); err != nil { + invalidParams.AddNested("GroupConfiguration", err.(smithy.InvalidParamsError)) + } + } + if v.TokenSelection == nil { + invalidParams.Add(smithy.NewErrParamRequired("TokenSelection")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateOpenIdConnectGroupConfiguration(v *types.OpenIdConnectGroupConfiguration) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "OpenIdConnectGroupConfiguration"} + if v.GroupClaim == nil { + invalidParams.Add(smithy.NewErrParamRequired("GroupClaim")) + } + if v.GroupEntityType == nil { + invalidParams.Add(smithy.NewErrParamRequired("GroupEntityType")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateParentList(v []types.EntityIdentifier) error { if v == nil { return nil @@ -1142,6 +1188,52 @@ func validateUpdateConfiguration(v types.UpdateConfiguration) error { invalidParams.AddNested("[cognitoUserPoolConfiguration]", err.(smithy.InvalidParamsError)) } + case *types.UpdateConfigurationMemberOpenIdConnectConfiguration: + if err := validateUpdateOpenIdConnectConfiguration(&uv.Value); err != nil { + invalidParams.AddNested("[openIdConnectConfiguration]", err.(smithy.InvalidParamsError)) + } + + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateUpdateOpenIdConnectConfiguration(v *types.UpdateOpenIdConnectConfiguration) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "UpdateOpenIdConnectConfiguration"} + if v.Issuer == nil { + invalidParams.Add(smithy.NewErrParamRequired("Issuer")) + } + if v.GroupConfiguration != nil { + if err := validateUpdateOpenIdConnectGroupConfiguration(v.GroupConfiguration); err != nil { + invalidParams.AddNested("GroupConfiguration", err.(smithy.InvalidParamsError)) + } + } + if v.TokenSelection == nil { + invalidParams.Add(smithy.NewErrParamRequired("TokenSelection")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateUpdateOpenIdConnectGroupConfiguration(v *types.UpdateOpenIdConnectGroupConfiguration) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "UpdateOpenIdConnectGroupConfiguration"} + if v.GroupClaim == nil { + invalidParams.Add(smithy.NewErrParamRequired("GroupClaim")) + } + if v.GroupEntityType == nil { + invalidParams.Add(smithy.NewErrParamRequired("GroupEntityType")) } if invalidParams.Len() > 0 { return invalidParams