diff --git a/.changelog/2206d6844c0c4e25b31a9c0e04bf5cf3.json b/.changelog/2206d6844c0c4e25b31a9c0e04bf5cf3.json new file mode 100644 index 00000000000..ca3ca24bed0 --- /dev/null +++ b/.changelog/2206d6844c0c4e25b31a9c0e04bf5cf3.json @@ -0,0 +1,8 @@ +{ + "id": "2206d684-4c0c-4e25-b31a-9c0e04bf5cf3", + "type": "feature", + "description": "Bug Fix: IVS does not support arns with the `svs` prefix", + "modules": [ + "service/ivs" + ] +} \ No newline at end of file diff --git a/.changelog/30557e8a3cd341c2a4fededb9b2db7b2.json b/.changelog/30557e8a3cd341c2a4fededb9b2db7b2.json new file mode 100644 index 00000000000..f4e78944811 --- /dev/null +++ b/.changelog/30557e8a3cd341c2a4fededb9b2db7b2.json @@ -0,0 +1,8 @@ +{ + "id": "30557e8a-3cd3-41c2-a4fe-dedb9b2db7b2", + "type": "feature", + "description": "UpdateGraphQLAPI documentation update and datasource introspection secret arn update", + "modules": [ + "service/appsync" + ] +} \ No newline at end of file diff --git a/.changelog/41575353444b40ffbf474f4155544f00.json b/.changelog/41575353444b40ffbf474f4155544f00.json new file mode 100644 index 00000000000..1cc0d8d6b2d --- /dev/null +++ b/.changelog/41575353444b40ffbf474f4155544f00.json @@ -0,0 +1,8 @@ +{ + "id": "41575353-444b-40ff-bf47-4f4155544f00", + "type": "release", + "description": "New AWS service client module", + "modules": [ + "internal/protocoltest/smithyrpcv2cbor" + ] +} \ No newline at end of file diff --git a/.changelog/4b186daacc854d01b88de2fc82a5348e.json b/.changelog/4b186daacc854d01b88de2fc82a5348e.json new file mode 100644 index 00000000000..fe8330756d2 --- /dev/null +++ b/.changelog/4b186daacc854d01b88de2fc82a5348e.json @@ -0,0 +1,8 @@ +{ + "id": "4b186daa-cc85-4d01-b88d-e2fc82a5348e", + "type": "feature", + "description": "Bug Fix: IVS Real Time does not support ARNs using the `svs` prefix.", + "modules": [ + "service/ivsrealtime" + ] +} \ No newline at end of file diff --git a/.changelog/6849a2c491834566ba758cedbaa17773.json b/.changelog/6849a2c491834566ba758cedbaa17773.json new file mode 100644 index 00000000000..2d35f12a8a6 --- /dev/null +++ b/.changelog/6849a2c491834566ba758cedbaa17773.json @@ -0,0 +1,8 @@ +{ + "id": "6849a2c4-9183-4566-ba75-8cedbaa17773", + "type": "feature", + "description": "AWS Firewall Manager adds support for network ACL policies to manage Amazon Virtual Private Cloud (VPC) network access control lists (ACLs) for accounts in your organization.", + "modules": [ + "service/fms" + ] +} \ No newline at end of file diff --git a/.changelog/8887a5541ce14a4390e0953af6eb3e59.json b/.changelog/8887a5541ce14a4390e0953af6eb3e59.json new file mode 100644 index 00000000000..7caf7083738 --- /dev/null +++ b/.changelog/8887a5541ce14a4390e0953af6eb3e59.json @@ -0,0 +1,8 @@ +{ + "id": "8887a554-1ce1-4a43-90e0-953af6eb3e59", + "type": "documentation", + "description": "Updates Amazon RDS documentation for setting local time zones for RDS for Db2 DB instances.", + "modules": [ + "service/rds" + ] +} \ No newline at end of file diff --git a/.changelog/eb68a799c51c437ab9813cd28aabeb19.json b/.changelog/eb68a799c51c437ab9813cd28aabeb19.json new file mode 100644 index 00000000000..cb7f2dee13e --- /dev/null +++ b/.changelog/eb68a799c51c437ab9813cd28aabeb19.json @@ -0,0 +1,8 @@ +{ + "id": "eb68a799-c51c-437a-b981-3cd28aabeb19", + "type": "feature", + "description": "Add new ValidateStateMachineDefinition operation, which performs syntax checking on the definition of a Amazon States Language (ASL) state machine.", + "modules": [ + "service/sfn" + ] +} \ No newline at end of file diff --git a/service/appsync/api_op_UpdateGraphqlApi.go b/service/appsync/api_op_UpdateGraphqlApi.go index e2f899a67d1..72ca3b3122b 100644 --- a/service/appsync/api_op_UpdateGraphqlApi.go +++ b/service/appsync/api_op_UpdateGraphqlApi.go @@ -34,6 +34,11 @@ type UpdateGraphqlApiInput struct { // This member is required. ApiId *string + // The new authentication type for the GraphqlApi object. + // + // This member is required. + AuthenticationType types.AuthenticationType + // The new name for the GraphqlApi object. // // This member is required. @@ -42,9 +47,6 @@ type UpdateGraphqlApiInput struct { // A list of additional authentication providers for the GraphqlApi API. AdditionalAuthenticationProviders []types.AdditionalAuthenticationProvider - // The new authentication type for the GraphqlApi object. - AuthenticationType types.AuthenticationType - // The enhancedMetricsConfig object. EnhancedMetricsConfig *types.EnhancedMetricsConfig diff --git a/service/appsync/validators.go b/service/appsync/validators.go index 67753d34591..977f8a62e37 100644 --- a/service/appsync/validators.go +++ b/service/appsync/validators.go @@ -2975,6 +2975,9 @@ func validateOpUpdateGraphqlApiInput(v *UpdateGraphqlApiInput) error { invalidParams.AddNested("LogConfig", err.(smithy.InvalidParamsError)) } } + if len(v.AuthenticationType) == 0 { + invalidParams.Add(smithy.NewErrParamRequired("AuthenticationType")) + } if v.UserPoolConfig != nil { if err := validateUserPoolConfig(v.UserPoolConfig); err != nil { invalidParams.AddNested("UserPoolConfig", err.(smithy.InvalidParamsError)) diff --git a/service/fms/api_op_GetAdminScope.go b/service/fms/api_op_GetAdminScope.go index 2fea6b73b67..60128bd6fb2 100644 --- a/service/fms/api_op_GetAdminScope.go +++ b/service/fms/api_op_GetAdminScope.go @@ -12,8 +12,8 @@ import ( ) // Returns information about the specified account's administrative scope. The -// admistrative scope defines the resources that an Firewall Manager administrator -// can manage. +// administrative scope defines the resources that an Firewall Manager +// administrator can manage. func (c *Client) GetAdminScope(ctx context.Context, params *GetAdminScopeInput, optFns ...func(*Options)) (*GetAdminScopeOutput, error) { if params == nil { params = &GetAdminScopeInput{} @@ -31,7 +31,7 @@ func (c *Client) GetAdminScope(ctx context.Context, params *GetAdminScopeInput, type GetAdminScopeInput struct { - // The administator account that you want to get the details for. + // The administrator account that you want to get the details for. // // This member is required. AdminAccount *string @@ -45,7 +45,7 @@ type GetAdminScopeOutput struct { AdminScope *types.AdminScope // The current status of the request to onboard a member account as an Firewall - // Manager administator. + // Manager administrator. // - ONBOARDING - The account is onboarding to Firewall Manager as an // administrator. // - ONBOARDING_COMPLETE - Firewall Manager The account is onboarded to Firewall diff --git a/service/fms/api_op_GetComplianceDetail.go b/service/fms/api_op_GetComplianceDetail.go index e3760c52777..e92f65c035a 100644 --- a/service/fms/api_op_GetComplianceDetail.go +++ b/service/fms/api_op_GetComplianceDetail.go @@ -13,19 +13,8 @@ import ( // Returns detailed compliance information about the specified member account. // Details include resources that are in and out of compliance with the specified -// policy. -// - Resources are considered noncompliant for WAF and Shield Advanced policies -// if the specified policy has not been applied to them. -// - Resources are considered noncompliant for security group policies if they -// are in scope of the policy, they violate one or more of the policy rules, and -// remediation is disabled or not possible. -// - Resources are considered noncompliant for Network Firewall policies if a -// firewall is missing in the VPC, if the firewall endpoint isn't set up in an -// expected Availability Zone and subnet, if a subnet created by the Firewall -// Manager doesn't have the expected route table, and for modifications to a -// firewall policy that violate the Firewall Manager policy's rules. -// - Resources are considered noncompliant for DNS Firewall policies if a DNS -// Firewall rule group is missing from the rule group associations for the VPC. +// policy. The reasons for resources being considered compliant depend on the +// Firewall Manager policy type. func (c *Client) GetComplianceDetail(ctx context.Context, params *GetComplianceDetailInput, optFns ...func(*Options)) (*GetComplianceDetailOutput, error) { if params == nil { params = &GetComplianceDetailInput{} diff --git a/service/fms/api_op_GetViolationDetails.go b/service/fms/api_op_GetViolationDetails.go index 8c9624872c7..2537fccf272 100644 --- a/service/fms/api_op_GetViolationDetails.go +++ b/service/fms/api_op_GetViolationDetails.go @@ -41,6 +41,7 @@ type GetViolationDetailsInput struct { // - Imported Network Firewall // - Network Firewall // - Security group content audit + // - Network ACL // - Third-party firewall // // This member is required. diff --git a/service/fms/api_op_PutPolicy.go b/service/fms/api_op_PutPolicy.go index 304894821c8..a7ee153ffbf 100644 --- a/service/fms/api_op_PutPolicy.go +++ b/service/fms/api_op_PutPolicy.go @@ -18,11 +18,17 @@ import ( // Organizations, Firewall Manager automatically applies the policy to the // resources in that account that are within scope of the policy. Firewall Manager // provides the following types of policies: +// - WAF policy - This policy applies WAF web ACL protections to specified +// accounts and resources. // - Shield Advanced policy - This policy applies Shield Advanced protection to // specified accounts and resources. // - Security Groups policy - This type of policy gives you control over // security groups that are in use throughout your organization in Organizations // and lets you enforce a baseline set of rules across your organization. +// - Network ACL policy - This type of policy gives you control over the network +// ACLs that are in use throughout your organization in Organizations and lets you +// enforce a baseline set of first and last network ACL rules across your +// organization. // - Network Firewall policy - This policy applies Network Firewall protection // to your organization's VPCs. // - DNS Firewall policy - This policy applies Amazon Route 53 Resolver DNS diff --git a/service/fms/deserializers.go b/service/fms/deserializers.go index 6346125cb6e..8b8fc54cf81 100644 --- a/service/fms/deserializers.go +++ b/service/fms/deserializers.go @@ -5801,6 +5801,119 @@ func awsAwsjson11_deserializeDocumentComplianceViolators(v *[]types.ComplianceVi return nil } +func awsAwsjson11_deserializeDocumentCreateNetworkAclAction(v **types.CreateNetworkAclAction, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.CreateNetworkAclAction + if *v == nil { + sv = &types.CreateNetworkAclAction{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Description": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.Description = ptr.String(jtv) + } + + case "FMSCanRemediate": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.FMSCanRemediate = jtv + } + + case "Vpc": + if err := awsAwsjson11_deserializeDocumentActionTarget(&sv.Vpc, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentCreateNetworkAclEntriesAction(v **types.CreateNetworkAclEntriesAction, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.CreateNetworkAclEntriesAction + if *v == nil { + sv = &types.CreateNetworkAclEntriesAction{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Description": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.Description = ptr.String(jtv) + } + + case "FMSCanRemediate": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.FMSCanRemediate = jtv + } + + case "NetworkAclEntriesToBeCreated": + if err := awsAwsjson11_deserializeDocumentEntriesDescription(&sv.NetworkAclEntriesToBeCreated, value); err != nil { + return err + } + + case "NetworkAclId": + if err := awsAwsjson11_deserializeDocumentActionTarget(&sv.NetworkAclId, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentCustomerPolicyScopeIdList(v *[]string, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -5871,6 +5984,65 @@ func awsAwsjson11_deserializeDocumentCustomerPolicyScopeMap(v *map[string][]stri return nil } +func awsAwsjson11_deserializeDocumentDeleteNetworkAclEntriesAction(v **types.DeleteNetworkAclEntriesAction, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.DeleteNetworkAclEntriesAction + if *v == nil { + sv = &types.DeleteNetworkAclEntriesAction{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Description": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.Description = ptr.String(jtv) + } + + case "FMSCanRemediate": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.FMSCanRemediate = jtv + } + + case "NetworkAclEntriesToBeDeleted": + if err := awsAwsjson11_deserializeDocumentEntriesDescription(&sv.NetworkAclEntriesToBeDeleted, value); err != nil { + return err + } + + case "NetworkAclId": + if err := awsAwsjson11_deserializeDocumentActionTarget(&sv.NetworkAclId, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentDiscoveredResource(v **types.DiscoveredResource, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -6630,7 +6802,7 @@ func awsAwsjson11_deserializeDocumentEC2ReplaceRouteTableAssociationAction(v **t return nil } -func awsAwsjson11_deserializeDocumentEvaluationResult(v **types.EvaluationResult, value interface{}) error { +func awsAwsjson11_deserializeDocumentEntriesDescription(v *[]types.EntryDescription, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -6638,61 +6810,33 @@ func awsAwsjson11_deserializeDocumentEvaluationResult(v **types.EvaluationResult return nil } - shape, ok := value.(map[string]interface{}) + shape, ok := value.([]interface{}) if !ok { return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.EvaluationResult + var cv []types.EntryDescription if *v == nil { - sv = &types.EvaluationResult{} + cv = []types.EntryDescription{} } else { - sv = *v + cv = *v } - for key, value := range shape { - switch key { - case "ComplianceStatus": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected PolicyComplianceStatusType to be of type string, got %T instead", value) - } - sv.ComplianceStatus = types.PolicyComplianceStatusType(jtv) - } - - case "EvaluationLimitExceeded": - if value != nil { - jtv, ok := value.(bool) - if !ok { - return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) - } - sv.EvaluationLimitExceeded = jtv - } - - case "ViolatorCount": - if value != nil { - jtv, ok := value.(json.Number) - if !ok { - return fmt.Errorf("expected ResourceCount to be json.Number, got %T instead", value) - } - i64, err := jtv.Int64() - if err != nil { - return err - } - sv.ViolatorCount = i64 - } - - default: - _, _ = key, value - + for _, value := range shape { + var col types.EntryDescription + destAddr := &col + if err := awsAwsjson11_deserializeDocumentEntryDescription(&destAddr, value); err != nil { + return err } + col = *destAddr + cv = append(cv, col) + } - *v = sv + *v = cv return nil } -func awsAwsjson11_deserializeDocumentEvaluationResults(v *[]types.EvaluationResult, value interface{}) error { +func awsAwsjson11_deserializeDocumentEntriesWithConflicts(v *[]types.EntryDescription, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -6705,17 +6849,17 @@ func awsAwsjson11_deserializeDocumentEvaluationResults(v *[]types.EvaluationResu return fmt.Errorf("unexpected JSON type %v", value) } - var cv []types.EvaluationResult + var cv []types.EntryDescription if *v == nil { - cv = []types.EvaluationResult{} + cv = []types.EntryDescription{} } else { cv = *v } for _, value := range shape { - var col types.EvaluationResult + var col types.EntryDescription destAddr := &col - if err := awsAwsjson11_deserializeDocumentEvaluationResult(&destAddr, value); err != nil { + if err := awsAwsjson11_deserializeDocumentEntryDescription(&destAddr, value); err != nil { return err } col = *destAddr @@ -6726,7 +6870,7 @@ func awsAwsjson11_deserializeDocumentEvaluationResults(v *[]types.EvaluationResu return nil } -func awsAwsjson11_deserializeDocumentExpectedRoute(v **types.ExpectedRoute, value interface{}) error { +func awsAwsjson11_deserializeDocumentEntryDescription(v **types.EntryDescription, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -6739,59 +6883,40 @@ func awsAwsjson11_deserializeDocumentExpectedRoute(v **types.ExpectedRoute, valu return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.ExpectedRoute + var sv *types.EntryDescription if *v == nil { - sv = &types.ExpectedRoute{} + sv = &types.EntryDescription{} } else { sv = *v } for key, value := range shape { switch key { - case "AllowedTargets": - if err := awsAwsjson11_deserializeDocumentLengthBoundedStringList(&sv.AllowedTargets, value); err != nil { + case "EntryDetail": + if err := awsAwsjson11_deserializeDocumentNetworkAclEntry(&sv.EntryDetail, value); err != nil { return err } - case "ContributingSubnets": - if err := awsAwsjson11_deserializeDocumentResourceIdList(&sv.ContributingSubnets, value); err != nil { - return err - } - - case "IpV4Cidr": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected CIDR to be of type string, got %T instead", value) - } - sv.IpV4Cidr = ptr.String(jtv) - } - - case "IpV6Cidr": + case "EntryRuleNumber": if value != nil { - jtv, ok := value.(string) + jtv, ok := value.(json.Number) if !ok { - return fmt.Errorf("expected CIDR to be of type string, got %T instead", value) + return fmt.Errorf("expected IntegerObjectMinimum0 to be json.Number, got %T instead", value) } - sv.IpV6Cidr = ptr.String(jtv) - } - - case "PrefixListId": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected CIDR to be of type string, got %T instead", value) + i64, err := jtv.Int64() + if err != nil { + return err } - sv.PrefixListId = ptr.String(jtv) + sv.EntryRuleNumber = int32(i64) } - case "RouteTableId": + case "EntryType": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + return fmt.Errorf("expected EntryType to be of type string, got %T instead", value) } - sv.RouteTableId = ptr.String(jtv) + sv.EntryType = types.EntryType(jtv) } default: @@ -6803,7 +6928,7 @@ func awsAwsjson11_deserializeDocumentExpectedRoute(v **types.ExpectedRoute, valu return nil } -func awsAwsjson11_deserializeDocumentExpectedRoutes(v *[]types.ExpectedRoute, value interface{}) error { +func awsAwsjson11_deserializeDocumentEntryViolation(v **types.EntryViolation, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -6811,33 +6936,68 @@ func awsAwsjson11_deserializeDocumentExpectedRoutes(v *[]types.ExpectedRoute, va return nil } - shape, ok := value.([]interface{}) + shape, ok := value.(map[string]interface{}) if !ok { return fmt.Errorf("unexpected JSON type %v", value) } - var cv []types.ExpectedRoute + var sv *types.EntryViolation if *v == nil { - cv = []types.ExpectedRoute{} + sv = &types.EntryViolation{} } else { - cv = *v + sv = *v } - for _, value := range shape { - var col types.ExpectedRoute - destAddr := &col - if err := awsAwsjson11_deserializeDocumentExpectedRoute(&destAddr, value); err != nil { - return err - } - col = *destAddr - cv = append(cv, col) + for key, value := range shape { + switch key { + case "ActualEvaluationOrder": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.ActualEvaluationOrder = ptr.String(jtv) + } + + case "EntriesWithConflicts": + if err := awsAwsjson11_deserializeDocumentEntriesWithConflicts(&sv.EntriesWithConflicts, value); err != nil { + return err + } + + case "EntryAtExpectedEvaluationOrder": + if err := awsAwsjson11_deserializeDocumentEntryDescription(&sv.EntryAtExpectedEvaluationOrder, value); err != nil { + return err + } + + case "EntryViolationReasons": + if err := awsAwsjson11_deserializeDocumentEntryViolationReasons(&sv.EntryViolationReasons, value); err != nil { + return err + } + + case "ExpectedEntry": + if err := awsAwsjson11_deserializeDocumentEntryDescription(&sv.ExpectedEntry, value); err != nil { + return err + } + + case "ExpectedEvaluationOrder": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.ExpectedEvaluationOrder = ptr.String(jtv) + } + + default: + _, _ = key, value + } } - *v = cv + *v = sv return nil } -func awsAwsjson11_deserializeDocumentFailedItem(v **types.FailedItem, value interface{}) error { +func awsAwsjson11_deserializeDocumentEntryViolationReasons(v *[]types.EntryViolationReason, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -6845,48 +7005,35 @@ func awsAwsjson11_deserializeDocumentFailedItem(v **types.FailedItem, value inte return nil } - shape, ok := value.(map[string]interface{}) + shape, ok := value.([]interface{}) if !ok { return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.FailedItem + var cv []types.EntryViolationReason if *v == nil { - sv = &types.FailedItem{} + cv = []types.EntryViolationReason{} } else { - sv = *v + cv = *v } - for key, value := range shape { - switch key { - case "Reason": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected FailedItemReason to be of type string, got %T instead", value) - } - sv.Reason = types.FailedItemReason(jtv) - } - - case "URI": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected Identifier to be of type string, got %T instead", value) - } - sv.URI = ptr.String(jtv) + for _, value := range shape { + var col types.EntryViolationReason + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected EntryViolationReason to be of type string, got %T instead", value) } - - default: - _, _ = key, value - + col = types.EntryViolationReason(jtv) } + cv = append(cv, col) + } - *v = sv + *v = cv return nil } -func awsAwsjson11_deserializeDocumentFailedItemList(v *[]types.FailedItem, value interface{}) error { +func awsAwsjson11_deserializeDocumentEntryViolations(v *[]types.EntryViolation, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -6899,17 +7046,17 @@ func awsAwsjson11_deserializeDocumentFailedItemList(v *[]types.FailedItem, value return fmt.Errorf("unexpected JSON type %v", value) } - var cv []types.FailedItem + var cv []types.EntryViolation if *v == nil { - cv = []types.FailedItem{} + cv = []types.EntryViolation{} } else { cv = *v } for _, value := range shape { - var col types.FailedItem + var col types.EntryViolation destAddr := &col - if err := awsAwsjson11_deserializeDocumentFailedItem(&destAddr, value); err != nil { + if err := awsAwsjson11_deserializeDocumentEntryViolation(&destAddr, value); err != nil { return err } col = *destAddr @@ -6920,7 +7067,7 @@ func awsAwsjson11_deserializeDocumentFailedItemList(v *[]types.FailedItem, value return nil } -func awsAwsjson11_deserializeDocumentFirewallSubnetIsOutOfScopeViolation(v **types.FirewallSubnetIsOutOfScopeViolation, value interface{}) error { +func awsAwsjson11_deserializeDocumentEvaluationResult(v **types.EvaluationResult, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -6933,58 +7080,44 @@ func awsAwsjson11_deserializeDocumentFirewallSubnetIsOutOfScopeViolation(v **typ return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.FirewallSubnetIsOutOfScopeViolation + var sv *types.EvaluationResult if *v == nil { - sv = &types.FirewallSubnetIsOutOfScopeViolation{} + sv = &types.EvaluationResult{} } else { sv = *v } for key, value := range shape { switch key { - case "FirewallSubnetId": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) - } - sv.FirewallSubnetId = ptr.String(jtv) - } - - case "SubnetAvailabilityZone": + case "ComplianceStatus": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + return fmt.Errorf("expected PolicyComplianceStatusType to be of type string, got %T instead", value) } - sv.SubnetAvailabilityZone = ptr.String(jtv) + sv.ComplianceStatus = types.PolicyComplianceStatusType(jtv) } - case "SubnetAvailabilityZoneId": + case "EvaluationLimitExceeded": if value != nil { - jtv, ok := value.(string) + jtv, ok := value.(bool) if !ok { - return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) } - sv.SubnetAvailabilityZoneId = ptr.String(jtv) + sv.EvaluationLimitExceeded = jtv } - case "VpcEndpointId": + case "ViolatorCount": if value != nil { - jtv, ok := value.(string) + jtv, ok := value.(json.Number) if !ok { - return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + return fmt.Errorf("expected ResourceCount to be json.Number, got %T instead", value) } - sv.VpcEndpointId = ptr.String(jtv) - } - - case "VpcId": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + i64, err := jtv.Int64() + if err != nil { + return err } - sv.VpcId = ptr.String(jtv) + sv.ViolatorCount = i64 } default: @@ -6996,7 +7129,41 @@ func awsAwsjson11_deserializeDocumentFirewallSubnetIsOutOfScopeViolation(v **typ return nil } -func awsAwsjson11_deserializeDocumentFirewallSubnetMissingVPCEndpointViolation(v **types.FirewallSubnetMissingVPCEndpointViolation, value interface{}) error { +func awsAwsjson11_deserializeDocumentEvaluationResults(v *[]types.EvaluationResult, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []types.EvaluationResult + if *v == nil { + cv = []types.EvaluationResult{} + } else { + cv = *v + } + + for _, value := range shape { + var col types.EvaluationResult + destAddr := &col + if err := awsAwsjson11_deserializeDocumentEvaluationResult(&destAddr, value); err != nil { + return err + } + col = *destAddr + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsAwsjson11_deserializeDocumentExpectedRoute(v **types.ExpectedRoute, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -7009,49 +7176,59 @@ func awsAwsjson11_deserializeDocumentFirewallSubnetMissingVPCEndpointViolation(v return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.FirewallSubnetMissingVPCEndpointViolation + var sv *types.ExpectedRoute if *v == nil { - sv = &types.FirewallSubnetMissingVPCEndpointViolation{} + sv = &types.ExpectedRoute{} } else { sv = *v } for key, value := range shape { switch key { - case "FirewallSubnetId": + case "AllowedTargets": + if err := awsAwsjson11_deserializeDocumentLengthBoundedStringList(&sv.AllowedTargets, value); err != nil { + return err + } + + case "ContributingSubnets": + if err := awsAwsjson11_deserializeDocumentResourceIdList(&sv.ContributingSubnets, value); err != nil { + return err + } + + case "IpV4Cidr": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + return fmt.Errorf("expected CIDR to be of type string, got %T instead", value) } - sv.FirewallSubnetId = ptr.String(jtv) + sv.IpV4Cidr = ptr.String(jtv) } - case "SubnetAvailabilityZone": + case "IpV6Cidr": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + return fmt.Errorf("expected CIDR to be of type string, got %T instead", value) } - sv.SubnetAvailabilityZone = ptr.String(jtv) + sv.IpV6Cidr = ptr.String(jtv) } - case "SubnetAvailabilityZoneId": + case "PrefixListId": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + return fmt.Errorf("expected CIDR to be of type string, got %T instead", value) } - sv.SubnetAvailabilityZoneId = ptr.String(jtv) + sv.PrefixListId = ptr.String(jtv) } - case "VpcId": + case "RouteTableId": if value != nil { jtv, ok := value.(string) if !ok { return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) } - sv.VpcId = ptr.String(jtv) + sv.RouteTableId = ptr.String(jtv) } default: @@ -7063,7 +7240,41 @@ func awsAwsjson11_deserializeDocumentFirewallSubnetMissingVPCEndpointViolation(v return nil } -func awsAwsjson11_deserializeDocumentFMSPolicyUpdateFirewallCreationConfigAction(v **types.FMSPolicyUpdateFirewallCreationConfigAction, value interface{}) error { +func awsAwsjson11_deserializeDocumentExpectedRoutes(v *[]types.ExpectedRoute, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []types.ExpectedRoute + if *v == nil { + cv = []types.ExpectedRoute{} + } else { + cv = *v + } + + for _, value := range shape { + var col types.ExpectedRoute + destAddr := &col + if err := awsAwsjson11_deserializeDocumentExpectedRoute(&destAddr, value); err != nil { + return err + } + col = *destAddr + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsAwsjson11_deserializeDocumentFailedItem(v **types.FailedItem, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -7076,31 +7287,31 @@ func awsAwsjson11_deserializeDocumentFMSPolicyUpdateFirewallCreationConfigAction return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.FMSPolicyUpdateFirewallCreationConfigAction + var sv *types.FailedItem if *v == nil { - sv = &types.FMSPolicyUpdateFirewallCreationConfigAction{} + sv = &types.FailedItem{} } else { sv = *v } for key, value := range shape { switch key { - case "Description": + case "Reason": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + return fmt.Errorf("expected FailedItemReason to be of type string, got %T instead", value) } - sv.Description = ptr.String(jtv) + sv.Reason = types.FailedItemReason(jtv) } - case "FirewallCreationConfig": + case "URI": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected ManagedServiceData to be of type string, got %T instead", value) + return fmt.Errorf("expected Identifier to be of type string, got %T instead", value) } - sv.FirewallCreationConfig = ptr.String(jtv) + sv.URI = ptr.String(jtv) } default: @@ -7112,7 +7323,7 @@ func awsAwsjson11_deserializeDocumentFMSPolicyUpdateFirewallCreationConfigAction return nil } -func awsAwsjson11_deserializeDocumentInternalErrorException(v **types.InternalErrorException, value interface{}) error { +func awsAwsjson11_deserializeDocumentFailedItemList(v *[]types.FailedItem, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -7120,16 +7331,242 @@ func awsAwsjson11_deserializeDocumentInternalErrorException(v **types.InternalEr return nil } - shape, ok := value.(map[string]interface{}) + shape, ok := value.([]interface{}) if !ok { return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.InternalErrorException + var cv []types.FailedItem if *v == nil { - sv = &types.InternalErrorException{} + cv = []types.FailedItem{} } else { - sv = *v + cv = *v + } + + for _, value := range shape { + var col types.FailedItem + destAddr := &col + if err := awsAwsjson11_deserializeDocumentFailedItem(&destAddr, value); err != nil { + return err + } + col = *destAddr + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsAwsjson11_deserializeDocumentFirewallSubnetIsOutOfScopeViolation(v **types.FirewallSubnetIsOutOfScopeViolation, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.FirewallSubnetIsOutOfScopeViolation + if *v == nil { + sv = &types.FirewallSubnetIsOutOfScopeViolation{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "FirewallSubnetId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + } + sv.FirewallSubnetId = ptr.String(jtv) + } + + case "SubnetAvailabilityZone": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.SubnetAvailabilityZone = ptr.String(jtv) + } + + case "SubnetAvailabilityZoneId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.SubnetAvailabilityZoneId = ptr.String(jtv) + } + + case "VpcEndpointId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + } + sv.VpcEndpointId = ptr.String(jtv) + } + + case "VpcId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + } + sv.VpcId = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentFirewallSubnetMissingVPCEndpointViolation(v **types.FirewallSubnetMissingVPCEndpointViolation, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.FirewallSubnetMissingVPCEndpointViolation + if *v == nil { + sv = &types.FirewallSubnetMissingVPCEndpointViolation{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "FirewallSubnetId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + } + sv.FirewallSubnetId = ptr.String(jtv) + } + + case "SubnetAvailabilityZone": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.SubnetAvailabilityZone = ptr.String(jtv) + } + + case "SubnetAvailabilityZoneId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.SubnetAvailabilityZoneId = ptr.String(jtv) + } + + case "VpcId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + } + sv.VpcId = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentFMSPolicyUpdateFirewallCreationConfigAction(v **types.FMSPolicyUpdateFirewallCreationConfigAction, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.FMSPolicyUpdateFirewallCreationConfigAction + if *v == nil { + sv = &types.FMSPolicyUpdateFirewallCreationConfigAction{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Description": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.Description = ptr.String(jtv) + } + + case "FirewallCreationConfig": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ManagedServiceData to be of type string, got %T instead", value) + } + sv.FirewallCreationConfig = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentInternalErrorException(v **types.InternalErrorException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InternalErrorException + if *v == nil { + sv = &types.InternalErrorException{} + } else { + sv = *v } for key, value := range shape { @@ -7188,11 +7625,381 @@ func awsAwsjson11_deserializeDocumentInvalidInputException(v **types.InvalidInpu } } - *v = sv + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentInvalidNetworkAclEntriesViolation(v **types.InvalidNetworkAclEntriesViolation, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InvalidNetworkAclEntriesViolation + if *v == nil { + sv = &types.InvalidNetworkAclEntriesViolation{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "CurrentAssociatedNetworkAcl": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + } + sv.CurrentAssociatedNetworkAcl = ptr.String(jtv) + } + + case "EntryViolations": + if err := awsAwsjson11_deserializeDocumentEntryViolations(&sv.EntryViolations, value); err != nil { + return err + } + + case "Subnet": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + } + sv.Subnet = ptr.String(jtv) + } + + case "SubnetAvailabilityZone": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.SubnetAvailabilityZone = ptr.String(jtv) + } + + case "Vpc": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceId to be of type string, got %T instead", value) + } + sv.Vpc = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentInvalidOperationException(v **types.InvalidOperationException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InvalidOperationException + if *v == nil { + sv = &types.InvalidOperationException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentInvalidTypeException(v **types.InvalidTypeException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InvalidTypeException + if *v == nil { + sv = &types.InvalidTypeException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentIssueInfoMap(v *map[string]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var mv map[string]string + if *v == nil { + mv = map[string]string{} + } else { + mv = *v + } + + for key, value := range shape { + var parsedVal string + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected DetailedInfo to be of type string, got %T instead", value) + } + parsedVal = jtv + } + mv[key] = parsedVal + + } + *v = mv + return nil +} + +func awsAwsjson11_deserializeDocumentLengthBoundedStringList(v *[]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []string + if *v == nil { + cv = []string{} + } else { + cv = *v + } + + for _, value := range shape { + var col string + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + col = jtv + } + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsAwsjson11_deserializeDocumentLimitExceededException(v **types.LimitExceededException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.LimitExceededException + if *v == nil { + sv = &types.LimitExceededException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentMemberAccounts(v *[]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []string + if *v == nil { + cv = []string{} + } else { + cv = *v + } + + for _, value := range shape { + var col string + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected AWSAccountId to be of type string, got %T instead", value) + } + col = jtv + } + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsAwsjson11_deserializeDocumentNetworkAclCommonPolicy(v **types.NetworkAclCommonPolicy, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.NetworkAclCommonPolicy + if *v == nil { + sv = &types.NetworkAclCommonPolicy{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "NetworkAclEntrySet": + if err := awsAwsjson11_deserializeDocumentNetworkAclEntrySet(&sv.NetworkAclEntrySet, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentNetworkAclEntries(v *[]types.NetworkAclEntry, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []types.NetworkAclEntry + if *v == nil { + cv = []types.NetworkAclEntry{} + } else { + cv = *v + } + + for _, value := range shape { + var col types.NetworkAclEntry + destAddr := &col + if err := awsAwsjson11_deserializeDocumentNetworkAclEntry(&destAddr, value); err != nil { + return err + } + col = *destAddr + cv = append(cv, col) + + } + *v = cv return nil } -func awsAwsjson11_deserializeDocumentInvalidOperationException(v **types.InvalidOperationException, value interface{}) error { +func awsAwsjson11_deserializeDocumentNetworkAclEntry(v **types.NetworkAclEntry, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -7205,62 +8012,68 @@ func awsAwsjson11_deserializeDocumentInvalidOperationException(v **types.Invalid return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.InvalidOperationException + var sv *types.NetworkAclEntry if *v == nil { - sv = &types.InvalidOperationException{} + sv = &types.NetworkAclEntry{} } else { sv = *v } for key, value := range shape { switch key { - case "Message": + case "CidrBlock": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + return fmt.Errorf("expected LengthBoundedNonEmptyString to be of type string, got %T instead", value) } - sv.Message = ptr.String(jtv) + sv.CidrBlock = ptr.String(jtv) } - default: - _, _ = key, value + case "Egress": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected BooleanObject to be of type *bool, got %T instead", value) + } + sv.Egress = ptr.Bool(jtv) + } - } - } - *v = sv - return nil -} + case "IcmpTypeCode": + if err := awsAwsjson11_deserializeDocumentNetworkAclIcmpTypeCode(&sv.IcmpTypeCode, value); err != nil { + return err + } -func awsAwsjson11_deserializeDocumentInvalidTypeException(v **types.InvalidTypeException, value interface{}) error { - if v == nil { - return fmt.Errorf("unexpected nil of type %T", v) - } - if value == nil { - return nil - } + case "Ipv6CidrBlock": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedNonEmptyString to be of type string, got %T instead", value) + } + sv.Ipv6CidrBlock = ptr.String(jtv) + } - shape, ok := value.(map[string]interface{}) - if !ok { - return fmt.Errorf("unexpected JSON type %v", value) - } + case "PortRange": + if err := awsAwsjson11_deserializeDocumentNetworkAclPortRange(&sv.PortRange, value); err != nil { + return err + } - var sv *types.InvalidTypeException - if *v == nil { - sv = &types.InvalidTypeException{} - } else { - sv = *v - } + case "Protocol": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.Protocol = ptr.String(jtv) + } - for key, value := range shape { - switch key { - case "Message": + case "RuleAction": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + return fmt.Errorf("expected NetworkAclRuleAction to be of type string, got %T instead", value) } - sv.Message = ptr.String(jtv) + sv.RuleAction = types.NetworkAclRuleAction(jtv) } default: @@ -7272,7 +8085,7 @@ func awsAwsjson11_deserializeDocumentInvalidTypeException(v **types.InvalidTypeE return nil } -func awsAwsjson11_deserializeDocumentIssueInfoMap(v *map[string]string, value interface{}) error { +func awsAwsjson11_deserializeDocumentNetworkAclEntrySet(v **types.NetworkAclEntrySet, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -7285,66 +8098,53 @@ func awsAwsjson11_deserializeDocumentIssueInfoMap(v *map[string]string, value in return fmt.Errorf("unexpected JSON type %v", value) } - var mv map[string]string + var sv *types.NetworkAclEntrySet if *v == nil { - mv = map[string]string{} + sv = &types.NetworkAclEntrySet{} } else { - mv = *v + sv = *v } for key, value := range shape { - var parsedVal string - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected DetailedInfo to be of type string, got %T instead", value) + switch key { + case "FirstEntries": + if err := awsAwsjson11_deserializeDocumentNetworkAclEntries(&sv.FirstEntries, value); err != nil { + return err } - parsedVal = jtv - } - mv[key] = parsedVal - } - *v = mv - return nil -} + case "ForceRemediateForFirstEntries": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected BooleanObject to be of type *bool, got %T instead", value) + } + sv.ForceRemediateForFirstEntries = ptr.Bool(jtv) + } -func awsAwsjson11_deserializeDocumentLengthBoundedStringList(v *[]string, value interface{}) error { - if v == nil { - return fmt.Errorf("unexpected nil of type %T", v) - } - if value == nil { - return nil - } + case "ForceRemediateForLastEntries": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected BooleanObject to be of type *bool, got %T instead", value) + } + sv.ForceRemediateForLastEntries = ptr.Bool(jtv) + } - shape, ok := value.([]interface{}) - if !ok { - return fmt.Errorf("unexpected JSON type %v", value) - } + case "LastEntries": + if err := awsAwsjson11_deserializeDocumentNetworkAclEntries(&sv.LastEntries, value); err != nil { + return err + } - var cv []string - if *v == nil { - cv = []string{} - } else { - cv = *v - } + default: + _, _ = key, value - for _, value := range shape { - var col string - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) - } - col = jtv } - cv = append(cv, col) - } - *v = cv + *v = sv return nil } -func awsAwsjson11_deserializeDocumentLimitExceededException(v **types.LimitExceededException, value interface{}) error { +func awsAwsjson11_deserializeDocumentNetworkAclIcmpTypeCode(v **types.NetworkAclIcmpTypeCode, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -7357,22 +8157,39 @@ func awsAwsjson11_deserializeDocumentLimitExceededException(v **types.LimitExcee return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.LimitExceededException + var sv *types.NetworkAclIcmpTypeCode if *v == nil { - sv = &types.LimitExceededException{} + sv = &types.NetworkAclIcmpTypeCode{} } else { sv = *v } for key, value := range shape { switch key { - case "Message": + case "Code": if value != nil { - jtv, ok := value.(string) + jtv, ok := value.(json.Number) if !ok { - return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + return fmt.Errorf("expected IntegerObject to be json.Number, got %T instead", value) } - sv.Message = ptr.String(jtv) + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.Code = ptr.Int32(int32(i64)) + } + + case "Type": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected IntegerObject to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.Type = ptr.Int32(int32(i64)) } default: @@ -7384,7 +8201,7 @@ func awsAwsjson11_deserializeDocumentLimitExceededException(v **types.LimitExcee return nil } -func awsAwsjson11_deserializeDocumentMemberAccounts(v *[]string, value interface{}) error { +func awsAwsjson11_deserializeDocumentNetworkAclPortRange(v **types.NetworkAclPortRange, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -7392,31 +8209,52 @@ func awsAwsjson11_deserializeDocumentMemberAccounts(v *[]string, value interface return nil } - shape, ok := value.([]interface{}) + shape, ok := value.(map[string]interface{}) if !ok { return fmt.Errorf("unexpected JSON type %v", value) } - var cv []string + var sv *types.NetworkAclPortRange if *v == nil { - cv = []string{} + sv = &types.NetworkAclPortRange{} } else { - cv = *v + sv = *v } - for _, value := range shape { - var col string - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected AWSAccountId to be of type string, got %T instead", value) + for key, value := range shape { + switch key { + case "From": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected IPPortNumberInteger to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.From = ptr.Int32(int32(i64)) + } + + case "To": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected IPPortNumberInteger to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.To = ptr.Int32(int32(i64)) } - col = jtv - } - cv = append(cv, col) + default: + _, _ = key, value + + } } - *v = cv + *v = sv return nil } @@ -8998,6 +9836,11 @@ func awsAwsjson11_deserializeDocumentPolicyOption(v **types.PolicyOption, value for key, value := range shape { switch key { + case "NetworkAclCommonPolicy": + if err := awsAwsjson11_deserializeDocumentNetworkAclCommonPolicy(&sv.NetworkAclCommonPolicy, value); err != nil { + return err + } + case "NetworkFirewallPolicy": if err := awsAwsjson11_deserializeDocumentNetworkFirewallPolicy(&sv.NetworkFirewallPolicy, value); err != nil { return err @@ -9700,6 +10543,21 @@ func awsAwsjson11_deserializeDocumentRemediationAction(v **types.RemediationActi for key, value := range shape { switch key { + case "CreateNetworkAclAction": + if err := awsAwsjson11_deserializeDocumentCreateNetworkAclAction(&sv.CreateNetworkAclAction, value); err != nil { + return err + } + + case "CreateNetworkAclEntriesAction": + if err := awsAwsjson11_deserializeDocumentCreateNetworkAclEntriesAction(&sv.CreateNetworkAclEntriesAction, value); err != nil { + return err + } + + case "DeleteNetworkAclEntriesAction": + if err := awsAwsjson11_deserializeDocumentDeleteNetworkAclEntriesAction(&sv.DeleteNetworkAclEntriesAction, value); err != nil { + return err + } + case "Description": if value != nil { jtv, ok := value.(string) @@ -9749,6 +10607,11 @@ func awsAwsjson11_deserializeDocumentRemediationAction(v **types.RemediationActi return err } + case "ReplaceNetworkAclAssociationAction": + if err := awsAwsjson11_deserializeDocumentReplaceNetworkAclAssociationAction(&sv.ReplaceNetworkAclAssociationAction, value); err != nil { + return err + } + default: _, _ = key, value @@ -9807,6 +10670,65 @@ func awsAwsjson11_deserializeDocumentRemediationActionWithOrder(v **types.Remedi return nil } +func awsAwsjson11_deserializeDocumentReplaceNetworkAclAssociationAction(v **types.ReplaceNetworkAclAssociationAction, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.ReplaceNetworkAclAssociationAction + if *v == nil { + sv = &types.ReplaceNetworkAclAssociationAction{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "AssociationId": + if err := awsAwsjson11_deserializeDocumentActionTarget(&sv.AssociationId, value); err != nil { + return err + } + + case "Description": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected LengthBoundedString to be of type string, got %T instead", value) + } + sv.Description = ptr.String(jtv) + } + + case "FMSCanRemediate": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.FMSCanRemediate = jtv + } + + case "NetworkAclId": + if err := awsAwsjson11_deserializeDocumentActionTarget(&sv.NetworkAclId, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentResource(v **types.Resource, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -10397,6 +11319,11 @@ func awsAwsjson11_deserializeDocumentResourceViolation(v **types.ResourceViolati return err } + case "InvalidNetworkAclEntriesViolation": + if err := awsAwsjson11_deserializeDocumentInvalidNetworkAclEntriesViolation(&sv.InvalidNetworkAclEntriesViolation, value); err != nil { + return err + } + case "NetworkFirewallBlackHoleRouteDetectedViolation": if err := awsAwsjson11_deserializeDocumentNetworkFirewallBlackHoleRouteDetectedViolation(&sv.NetworkFirewallBlackHoleRouteDetectedViolation, value); err != nil { return err diff --git a/service/fms/serializers.go b/service/fms/serializers.go index 6cc588512ff..5888a1ea9b0 100644 --- a/service/fms/serializers.go +++ b/service/fms/serializers.go @@ -2536,6 +2536,144 @@ func awsAwsjson11_serializeDocumentIdentifierList(v []string, value smithyjson.V return nil } +func awsAwsjson11_serializeDocumentNetworkAclCommonPolicy(v *types.NetworkAclCommonPolicy, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.NetworkAclEntrySet != nil { + ok := object.Key("NetworkAclEntrySet") + if err := awsAwsjson11_serializeDocumentNetworkAclEntrySet(v.NetworkAclEntrySet, ok); err != nil { + return err + } + } + + return nil +} + +func awsAwsjson11_serializeDocumentNetworkAclEntries(v []types.NetworkAclEntry, value smithyjson.Value) error { + array := value.Array() + defer array.Close() + + for i := range v { + av := array.Value() + if err := awsAwsjson11_serializeDocumentNetworkAclEntry(&v[i], av); err != nil { + return err + } + } + return nil +} + +func awsAwsjson11_serializeDocumentNetworkAclEntry(v *types.NetworkAclEntry, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.CidrBlock != nil { + ok := object.Key("CidrBlock") + ok.String(*v.CidrBlock) + } + + if v.Egress != nil { + ok := object.Key("Egress") + ok.Boolean(*v.Egress) + } + + if v.IcmpTypeCode != nil { + ok := object.Key("IcmpTypeCode") + if err := awsAwsjson11_serializeDocumentNetworkAclIcmpTypeCode(v.IcmpTypeCode, ok); err != nil { + return err + } + } + + if v.Ipv6CidrBlock != nil { + ok := object.Key("Ipv6CidrBlock") + ok.String(*v.Ipv6CidrBlock) + } + + if v.PortRange != nil { + ok := object.Key("PortRange") + if err := awsAwsjson11_serializeDocumentNetworkAclPortRange(v.PortRange, ok); err != nil { + return err + } + } + + if v.Protocol != nil { + ok := object.Key("Protocol") + ok.String(*v.Protocol) + } + + if len(v.RuleAction) > 0 { + ok := object.Key("RuleAction") + ok.String(string(v.RuleAction)) + } + + return nil +} + +func awsAwsjson11_serializeDocumentNetworkAclEntrySet(v *types.NetworkAclEntrySet, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.FirstEntries != nil { + ok := object.Key("FirstEntries") + if err := awsAwsjson11_serializeDocumentNetworkAclEntries(v.FirstEntries, ok); err != nil { + return err + } + } + + if v.ForceRemediateForFirstEntries != nil { + ok := object.Key("ForceRemediateForFirstEntries") + ok.Boolean(*v.ForceRemediateForFirstEntries) + } + + if v.ForceRemediateForLastEntries != nil { + ok := object.Key("ForceRemediateForLastEntries") + ok.Boolean(*v.ForceRemediateForLastEntries) + } + + if v.LastEntries != nil { + ok := object.Key("LastEntries") + if err := awsAwsjson11_serializeDocumentNetworkAclEntries(v.LastEntries, ok); err != nil { + return err + } + } + + return nil +} + +func awsAwsjson11_serializeDocumentNetworkAclIcmpTypeCode(v *types.NetworkAclIcmpTypeCode, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.Code != nil { + ok := object.Key("Code") + ok.Integer(*v.Code) + } + + if v.Type != nil { + ok := object.Key("Type") + ok.Integer(*v.Type) + } + + return nil +} + +func awsAwsjson11_serializeDocumentNetworkAclPortRange(v *types.NetworkAclPortRange, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.From != nil { + ok := object.Key("From") + ok.Integer(*v.From) + } + + if v.To != nil { + ok := object.Key("To") + ok.Integer(*v.To) + } + + return nil +} + func awsAwsjson11_serializeDocumentNetworkFirewallPolicy(v *types.NetworkFirewallPolicy, value smithyjson.Value) error { object := value.Object() defer object.Close() @@ -2681,6 +2819,13 @@ func awsAwsjson11_serializeDocumentPolicyOption(v *types.PolicyOption, value smi object := value.Object() defer object.Close() + if v.NetworkAclCommonPolicy != nil { + ok := object.Key("NetworkAclCommonPolicy") + if err := awsAwsjson11_serializeDocumentNetworkAclCommonPolicy(v.NetworkAclCommonPolicy, ok); err != nil { + return err + } + } + if v.NetworkFirewallPolicy != nil { ok := object.Key("NetworkFirewallPolicy") if err := awsAwsjson11_serializeDocumentNetworkFirewallPolicy(v.NetworkFirewallPolicy, ok); err != nil { diff --git a/service/fms/types/enums.go b/service/fms/types/enums.go index c9011b94767..5dd217feb00 100644 --- a/service/fms/types/enums.go +++ b/service/fms/types/enums.go @@ -104,6 +104,46 @@ func (DestinationType) Values() []DestinationType { } } +type EntryType string + +// Enum values for EntryType +const ( + EntryTypeFMSManagedFirstEntry EntryType = "FMS_MANAGED_FIRST_ENTRY" + EntryTypeFMSManagedLastEntry EntryType = "FMS_MANAGED_LAST_ENTRY" + EntryTypeCustomEntry EntryType = "CUSTOM_ENTRY" +) + +// Values returns all known values for EntryType. Note that this can be expanded +// in the future, and so it is only as up to date as the client. The ordering of +// this slice is not guaranteed to be stable across updates. +func (EntryType) Values() []EntryType { + return []EntryType{ + "FMS_MANAGED_FIRST_ENTRY", + "FMS_MANAGED_LAST_ENTRY", + "CUSTOM_ENTRY", + } +} + +type EntryViolationReason string + +// Enum values for EntryViolationReason +const ( + EntryViolationReasonMissingExpectedEntry EntryViolationReason = "MISSING_EXPECTED_ENTRY" + EntryViolationReasonIncorrectEntryOrder EntryViolationReason = "INCORRECT_ENTRY_ORDER" + EntryViolationReasonEntryConflict EntryViolationReason = "ENTRY_CONFLICT" +) + +// Values returns all known values for EntryViolationReason. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (EntryViolationReason) Values() []EntryViolationReason { + return []EntryViolationReason{ + "MISSING_EXPECTED_ENTRY", + "INCORRECT_ENTRY_ORDER", + "ENTRY_CONFLICT", + } +} + type FailedItemReason string // Enum values for FailedItemReason @@ -169,6 +209,24 @@ func (MarketplaceSubscriptionOnboardingStatus) Values() []MarketplaceSubscriptio } } +type NetworkAclRuleAction string + +// Enum values for NetworkAclRuleAction +const ( + NetworkAclRuleActionAllow NetworkAclRuleAction = "allow" + NetworkAclRuleActionDeny NetworkAclRuleAction = "deny" +) + +// Values returns all known values for NetworkAclRuleAction. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (NetworkAclRuleAction) Values() []NetworkAclRuleAction { + return []NetworkAclRuleAction{ + "allow", + "deny", + } +} + type NetworkFirewallOverrideAction string // Enum values for NetworkFirewallOverrideAction @@ -294,6 +352,7 @@ const ( SecurityServiceTypeDnsFirewall SecurityServiceType = "DNS_FIREWALL" SecurityServiceTypeThirdPartyFirewall SecurityServiceType = "THIRD_PARTY_FIREWALL" SecurityServiceTypeImportNetworkFirewall SecurityServiceType = "IMPORT_NETWORK_FIREWALL" + SecurityServiceTypeNetworkAclCommon SecurityServiceType = "NETWORK_ACL_COMMON" ) // Values returns all known values for SecurityServiceType. Note that this can be @@ -311,6 +370,7 @@ func (SecurityServiceType) Values() []SecurityServiceType { "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL", + "NETWORK_ACL_COMMON", } } @@ -423,6 +483,7 @@ const ( ViolationReasonResourceMissingDnsFirewall ViolationReason = "RESOURCE_MISSING_DNS_FIREWALL" ViolationReasonRouteHasOutOfScopeEndpoint ViolationReason = "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" ViolationReasonFirewallSubnetMissingVPCEndpoint ViolationReason = "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" + ViolationReasonInvalidNetworkAclEntry ViolationReason = "INVALID_NETWORK_ACL_ENTRY" ) // Values returns all known values for ViolationReason. Note that this can be @@ -458,5 +519,6 @@ func (ViolationReason) Values() []ViolationReason { "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT", + "INVALID_NETWORK_ACL_ENTRY", } } diff --git a/service/fms/types/types.go b/service/fms/types/types.go index 684900aff43..3f6de035e49 100644 --- a/service/fms/types/types.go +++ b/service/fms/types/types.go @@ -68,7 +68,7 @@ type AdminAccountSummary struct { DefaultAdmin bool // The current status of the request to onboard a member account as an Firewall - // Manager administator. + // Manager administrator. // - ONBOARDING - The account is onboarding to Firewall Manager as an // administrator. // - ONBOARDING_COMPLETE - Firewall Manager The account is onboarded to Firewall @@ -250,6 +250,66 @@ type ComplianceViolator struct { noSmithyDocumentSerde } +// Information about the CreateNetworkAcl action in Amazon EC2. This is a +// remediation option in RemediationAction . +type CreateNetworkAclAction struct { + + // Brief description of this remediation action. + Description *string + + // Indicates whether it is possible for Firewall Manager to perform this + // remediation action. A false value indicates that auto remediation is disabled or + // Firewall Manager is unable to perform the action due to a conflict of some kind. + FMSCanRemediate bool + + // The VPC that's associated with the remediation action. + Vpc *ActionTarget + + noSmithyDocumentSerde +} + +// Information about the CreateNetworkAclEntries action in Amazon EC2. This is a +// remediation option in RemediationAction . +type CreateNetworkAclEntriesAction struct { + + // Brief description of this remediation action. + Description *string + + // Indicates whether it is possible for Firewall Manager to perform this + // remediation action. A false value indicates that auto remediation is disabled or + // Firewall Manager is unable to perform the action due to a conflict of some kind. + FMSCanRemediate bool + + // Lists the entries that the remediation action would create. + NetworkAclEntriesToBeCreated []EntryDescription + + // The network ACL that's associated with the remediation action. + NetworkAclId *ActionTarget + + noSmithyDocumentSerde +} + +// Information about the DeleteNetworkAclEntries action in Amazon EC2. This is a +// remediation option in RemediationAction . +type DeleteNetworkAclEntriesAction struct { + + // Brief description of this remediation action. + Description *string + + // Indicates whether it is possible for Firewall Manager to perform this + // remediation action. A false value indicates that auto remediation is disabled or + // Firewall Manager is unable to perform the action due to a conflict of some kind. + FMSCanRemediate bool + + // Lists the entries that the remediation action would delete. + NetworkAclEntriesToBeDeleted []EntryDescription + + // The network ACL that's associated with the remediation action. + NetworkAclId *ActionTarget + + noSmithyDocumentSerde +} + // A resource in the organization that's available to be associated with a // Firewall Manager resource set. type DiscoveredResource struct { @@ -491,6 +551,64 @@ type EC2ReplaceRouteTableAssociationAction struct { noSmithyDocumentSerde } +// Describes a single rule in a network ACL. +type EntryDescription struct { + + // Describes a rule in a network ACL. Each network ACL has a set of numbered + // ingress rules and a separate set of numbered egress rules. When determining + // whether a packet should be allowed in or out of a subnet associated with the + // network ACL, Amazon Web Services processes the entries in the network ACL + // according to the rule numbers, in ascending order. When you manage an individual + // network ACL, you explicitly specify the rule numbers. When you specify the + // network ACL rules in a Firewall Manager policy, you provide the rules to run + // first, in the order that you want them to run, and the rules to run last, in the + // order that you want them to run. Firewall Manager assigns the rule numbers for + // you when you save the network ACL policy specification. + EntryDetail *NetworkAclEntry + + // The rule number for the entry. ACL entries are processed in ascending order by + // rule number. In a Firewall Manager network ACL policy, Firewall Manager assigns + // rule numbers. + EntryRuleNumber int32 + + // Specifies whether the entry is managed by Firewall Manager or by a user, and, + // for Firewall Manager-managed entries, specifies whether the entry is among those + // that run first in the network ACL or those that run last. + EntryType EntryType + + noSmithyDocumentSerde +} + +// Detailed information about an entry violation in a network ACL. The violation +// is against the network ACL specification inside the Firewall Manager network ACL +// policy. This data object is part of InvalidNetworkAclEntriesViolation . +type EntryViolation struct { + + // The evaluation location within the ordered list of entries where the + // ExpectedEntry is currently located. + ActualEvaluationOrder *string + + // The list of entries that are in conflict with ExpectedEntry . + EntriesWithConflicts []EntryDescription + + // The entry that's currently in the ExpectedEvaluationOrder location, in place of + // the expected entry. + EntryAtExpectedEvaluationOrder *EntryDescription + + // Descriptions of the violations that Firewall Manager found for these entries. + EntryViolationReasons []EntryViolationReason + + // The Firewall Manager-managed network ACL entry that is involved in the entry + // violation. + ExpectedEntry *EntryDescription + + // The evaluation location within the ordered list of entries where the + // ExpectedEntry should be, according to the network ACL policy specifications. + ExpectedEvaluationOrder *string + + noSmithyDocumentSerde +} + // Describes the compliance status for the account. An account is considered // noncompliant if it includes resources that are not protected by the specified // policy or that don't comply with the policy. @@ -608,6 +726,151 @@ type FMSPolicyUpdateFirewallCreationConfigAction struct { noSmithyDocumentSerde } +// Violation detail for the entries in a network ACL resource. +type InvalidNetworkAclEntriesViolation struct { + + // The network ACL containing the entry violations. + CurrentAssociatedNetworkAcl *string + + // Detailed information about the entry violations in the network ACL. + EntryViolations []EntryViolation + + // The subnet that's associated with the network ACL. + Subnet *string + + // The Availability Zone where the network ACL is in use. + SubnetAvailabilityZone *string + + // The VPC where the violation was found. + Vpc *string + + noSmithyDocumentSerde +} + +// Defines a Firewall Manager network ACL policy. This is used in the PolicyOption +// of a SecurityServicePolicyData for a Policy , when the SecurityServicePolicyData +// type is set to NETWORK_ACL_COMMON . For information about network ACLs, see +// Control traffic to subnets using network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon Virtual Private Cloud User Guide. +type NetworkAclCommonPolicy struct { + + // The definition of the first and last rules for the network ACL policy. + // + // This member is required. + NetworkAclEntrySet *NetworkAclEntrySet + + noSmithyDocumentSerde +} + +// Describes a rule in a network ACL. Each network ACL has a set of numbered +// ingress rules and a separate set of numbered egress rules. When determining +// whether a packet should be allowed in or out of a subnet associated with the +// network ACL, Amazon Web Services processes the entries in the network ACL +// according to the rule numbers, in ascending order. When you manage an individual +// network ACL, you explicitly specify the rule numbers. When you specify the +// network ACL rules in a Firewall Manager policy, you provide the rules to run +// first, in the order that you want them to run, and the rules to run last, in the +// order that you want them to run. Firewall Manager assigns the rule numbers for +// you when you save the network ACL policy specification. +type NetworkAclEntry struct { + + // Indicates whether the rule is an egress, or outbound, rule (applied to traffic + // leaving the subnet). If it's not an egress rule, then it's an ingress, or + // inbound, rule. + // + // This member is required. + Egress *bool + + // The protocol number. A value of "-1" means all protocols. + // + // This member is required. + Protocol *string + + // Indicates whether to allow or deny the traffic that matches the rule. + // + // This member is required. + RuleAction NetworkAclRuleAction + + // The IPv4 network range to allow or deny, in CIDR notation. + CidrBlock *string + + // ICMP protocol: The ICMP type and code. + IcmpTypeCode *NetworkAclIcmpTypeCode + + // The IPv6 network range to allow or deny, in CIDR notation. + Ipv6CidrBlock *string + + // TCP or UDP protocols: The range of ports the rule applies to. + PortRange *NetworkAclPortRange + + noSmithyDocumentSerde +} + +// The configuration of the first and last rules for the network ACL policy, and +// the remediation settings for each. +type NetworkAclEntrySet struct { + + // Applies only when remediation is enabled for the policy as a whole. Firewall + // Manager uses this setting when it finds policy violations that involve conflicts + // between the custom entries and the policy entries. If forced remediation is + // disabled, Firewall Manager marks the network ACL as noncompliant and does not + // try to remediate. For more information about the remediation behavior, see + // Network access control list (ACL) policies (https://docs.aws.amazon.com/waf/latest/developerguide/network-acl-policies.html) + // in the Firewall Manager Developer Guide. + // + // This member is required. + ForceRemediateForFirstEntries *bool + + // Applies only when remediation is enabled for the policy as a whole. Firewall + // Manager uses this setting when it finds policy violations that involve conflicts + // between the custom entries and the policy entries. If forced remediation is + // disabled, Firewall Manager marks the network ACL as noncompliant and does not + // try to remediate. For more information about the remediation behavior, see + // Network access control list (ACL) policies (https://docs.aws.amazon.com/waf/latest/developerguide/network-acl-policies.html) + // in the Firewall Manager Developer Guide. + // + // This member is required. + ForceRemediateForLastEntries *bool + + // The rules that you want to run first in the Firewall Manager managed network + // ACLs. Provide these in the order in which you want them to run. Firewall Manager + // will assign the specific rule numbers for you, in the network ACLs that it + // creates. + FirstEntries []NetworkAclEntry + + // The rules that you want to run last in the Firewall Manager managed network + // ACLs. Provide these in the order in which you want them to run. Firewall Manager + // will assign the specific rule numbers for you, in the network ACLs that it + // creates. + LastEntries []NetworkAclEntry + + noSmithyDocumentSerde +} + +// ICMP protocol: The ICMP type and code. +type NetworkAclIcmpTypeCode struct { + + // ICMP code. + Code *int32 + + // ICMP type. + Type *int32 + + noSmithyDocumentSerde +} + +// TCP or UDP protocols: The range of ports the rule applies to. +type NetworkAclPortRange struct { + + // The beginning port number of the range. + From *int32 + + // The ending port number of the range. + To *int32 + + noSmithyDocumentSerde +} + // Violation detail for an internet gateway route with an inactive state in the // customer subnet route table or Network Firewall subnet route table. type NetworkFirewallBlackHoleRouteDetectedViolation struct { @@ -1014,13 +1277,14 @@ type Policy struct { // . // - WAF - AWS::ApiGateway::Stage , AWS::ElasticLoadBalancingV2::LoadBalancer , // and AWS::CloudFront::Distribution . - // - DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC . // - Shield Advanced - AWS::ElasticLoadBalancingV2::LoadBalancer , // AWS::ElasticLoadBalancing::LoadBalancer , AWS::EC2::EIP , and // AWS::CloudFront::Distribution . + // - Network ACL - AWS::EC2::Subnet . + // - Security group usage audit - AWS::EC2::SecurityGroup . // - Security group content audit - AWS::EC2::SecurityGroup , // AWS::EC2::NetworkInterface , and AWS::EC2::Instance . - // - Security group usage audit - AWS::EC2::SecurityGroup . + // - DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC . // // This member is required. ResourceType *string @@ -1174,10 +1438,13 @@ type PolicyComplianceStatus struct { noSmithyDocumentSerde } -// Contains the Network Firewall firewall policy options to configure the policy's -// deployment model and third-party firewall policy settings. +// Contains the settings to configure a network ACL policy, a Network Firewall +// firewall policy deployment model, or a third-party firewall policy. type PolicyOption struct { + // Defines a Firewall Manager network ACL policy. + NetworkAclCommonPolicy *NetworkAclCommonPolicy + // Defines the deployment model to use for the firewall policy. NetworkFirewallPolicy *NetworkFirewallPolicy @@ -1221,14 +1488,7 @@ type PolicySummary struct { // The type of resource protected by or in scope of the policy. This is in the // format shown in the Amazon Web Services Resource Types Reference (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) - // . For WAF and Shield Advanced, examples include - // AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::CloudFront::Distribution . - // For a security group common policy, valid values are AWS::EC2::NetworkInterface - // and AWS::EC2::Instance . For a security group content audit policy, valid values - // are AWS::EC2::SecurityGroup , AWS::EC2::NetworkInterface , and - // AWS::EC2::Instance . For a security group usage audit policy, the value is - // AWS::EC2::SecurityGroup . For an Network Firewall policy or DNS Firewall policy, - // the value is AWS::EC2::VPC . + // . ResourceType *string // The service that the policy is using to protect the resources. This specifies @@ -1354,6 +1614,15 @@ type RegionScope struct { // Information about an individual action you can take to remediate a violation. type RemediationAction struct { + // Information about the CreateNetworkAcl action in Amazon EC2. + CreateNetworkAclAction *CreateNetworkAclAction + + // Information about the CreateNetworkAclEntries action in Amazon EC2. + CreateNetworkAclEntriesAction *CreateNetworkAclEntriesAction + + // Information about the DeleteNetworkAclEntries action in Amazon EC2. + DeleteNetworkAclEntriesAction *DeleteNetworkAclEntriesAction + // A description of a remediation action. Description *string @@ -1381,6 +1650,9 @@ type RemediationAction struct { // The remedial action to take when updating a firewall configuration. FMSPolicyUpdateFirewallCreationConfigAction *FMSPolicyUpdateFirewallCreationConfigAction + // Information about the ReplaceNetworkAclAssociation action in Amazon EC2. + ReplaceNetworkAclAssociationAction *ReplaceNetworkAclAssociationAction + noSmithyDocumentSerde } @@ -1396,6 +1668,27 @@ type RemediationActionWithOrder struct { noSmithyDocumentSerde } +// Information about the ReplaceNetworkAclAssociation action in Amazon EC2. This +// is a remediation option in RemediationAction . +type ReplaceNetworkAclAssociationAction struct { + + // Describes a remediation action target. + AssociationId *ActionTarget + + // Brief description of this remediation action. + Description *string + + // Indicates whether it is possible for Firewall Manager to perform this + // remediation action. A false value indicates that auto remediation is disabled or + // Firewall Manager is unable to perform the action due to a conflict of some kind. + FMSCanRemediate bool + + // The network ACL that's associated with the remediation action. + NetworkAclId *ActionTarget + + noSmithyDocumentSerde +} + // Details of a resource that is associated to an Firewall Manager resource set. type Resource struct { @@ -1547,6 +1840,9 @@ type ResourceViolation struct { // deleted. FirewallSubnetMissingVPCEndpointViolation *FirewallSubnetMissingVPCEndpointViolation + // Violation detail for the entries in a network ACL resource. + InvalidNetworkAclEntriesViolation *InvalidNetworkAclEntriesViolation + // Violation detail for an internet gateway route with an inactive state in the // customer subnet route table or Network Firewall subnet route table. NetworkFirewallBlackHoleRouteDetectedViolation *NetworkFirewallBlackHoleRouteDetectedViolation @@ -1784,7 +2080,7 @@ type SecurityServicePolicyData struct { // Firewall Manager won't be able to create the policy. When you enable // revertManualSecurityGroupChanges , Firewall Manager identifies and reports // when the security groups created by this policy become non-compliant. Firewall - // Manager won't distrubute system tags added by Amazon Web Services services into + // Manager won't distribute system tags added by Amazon Web Services services into // the replica security groups. System tags begin with the aws: prefix. // - Example: Shared VPCs. Apply the preceding policy to resources in shared // VPCs as well as to those in VPCs that the account owns @@ -1922,8 +2218,8 @@ type SecurityServicePolicyData struct { // {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}" ManagedServiceData *string - // Contains the Network Firewall firewall policy options to configure a - // centralized deployment model. + // Contains the settings to configure a network ACL policy, a Network Firewall + // firewall policy deployment model, or a third-party firewall policy. PolicyOption *PolicyOption noSmithyDocumentSerde diff --git a/service/fms/validators.go b/service/fms/validators.go index f857bbca1e5..a8b0edc10e0 100644 --- a/service/fms/validators.go +++ b/service/fms/validators.go @@ -867,6 +867,91 @@ func validateAppsListData(v *types.AppsListData) error { } } +func validateNetworkAclCommonPolicy(v *types.NetworkAclCommonPolicy) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "NetworkAclCommonPolicy"} + if v.NetworkAclEntrySet == nil { + invalidParams.Add(smithy.NewErrParamRequired("NetworkAclEntrySet")) + } else if v.NetworkAclEntrySet != nil { + if err := validateNetworkAclEntrySet(v.NetworkAclEntrySet); err != nil { + invalidParams.AddNested("NetworkAclEntrySet", err.(smithy.InvalidParamsError)) + } + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateNetworkAclEntries(v []types.NetworkAclEntry) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "NetworkAclEntries"} + for i := range v { + if err := validateNetworkAclEntry(&v[i]); err != nil { + invalidParams.AddNested(fmt.Sprintf("[%d]", i), err.(smithy.InvalidParamsError)) + } + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateNetworkAclEntry(v *types.NetworkAclEntry) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "NetworkAclEntry"} + if v.Protocol == nil { + invalidParams.Add(smithy.NewErrParamRequired("Protocol")) + } + if len(v.RuleAction) == 0 { + invalidParams.Add(smithy.NewErrParamRequired("RuleAction")) + } + if v.Egress == nil { + invalidParams.Add(smithy.NewErrParamRequired("Egress")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateNetworkAclEntrySet(v *types.NetworkAclEntrySet) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "NetworkAclEntrySet"} + if v.FirstEntries != nil { + if err := validateNetworkAclEntries(v.FirstEntries); err != nil { + invalidParams.AddNested("FirstEntries", err.(smithy.InvalidParamsError)) + } + } + if v.ForceRemediateForFirstEntries == nil { + invalidParams.Add(smithy.NewErrParamRequired("ForceRemediateForFirstEntries")) + } + if v.LastEntries != nil { + if err := validateNetworkAclEntries(v.LastEntries); err != nil { + invalidParams.AddNested("LastEntries", err.(smithy.InvalidParamsError)) + } + } + if v.ForceRemediateForLastEntries == nil { + invalidParams.Add(smithy.NewErrParamRequired("ForceRemediateForLastEntries")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validatePolicy(v *types.Policy) error { if v == nil { return nil @@ -897,6 +982,23 @@ func validatePolicy(v *types.Policy) error { } } +func validatePolicyOption(v *types.PolicyOption) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "PolicyOption"} + if v.NetworkAclCommonPolicy != nil { + if err := validateNetworkAclCommonPolicy(v.NetworkAclCommonPolicy); err != nil { + invalidParams.AddNested("NetworkAclCommonPolicy", err.(smithy.InvalidParamsError)) + } + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validatePreviousAppsList(v map[string][]types.App) error { if v == nil { return nil @@ -990,6 +1092,11 @@ func validateSecurityServicePolicyData(v *types.SecurityServicePolicyData) error if len(v.Type) == 0 { invalidParams.Add(smithy.NewErrParamRequired("Type")) } + if v.PolicyOption != nil { + if err := validatePolicyOption(v.PolicyOption); err != nil { + invalidParams.AddNested("PolicyOption", err.(smithy.InvalidParamsError)) + } + } if invalidParams.Len() > 0 { return invalidParams } else { diff --git a/service/ivs/types/types.go b/service/ivs/types/types.go index c184b5070a1..31bbe104e47 100644 --- a/service/ivs/types/types.go +++ b/service/ivs/types/types.go @@ -31,7 +31,7 @@ type AudioConfiguration struct { // Error related to a specific channel, specified by its ARN. type BatchError struct { - // Channel ARN. + // ARN of an IVS resource; e.g., channel. Arn *string // Error code. diff --git a/service/ivsrealtime/deserializers.go b/service/ivsrealtime/deserializers.go index 6c1103ad406..49587d1b3c6 100644 --- a/service/ivsrealtime/deserializers.go +++ b/service/ivsrealtime/deserializers.go @@ -3836,6 +3836,9 @@ func awsRestjson1_deserializeOpErrorUpdateStage(response *smithyhttp.Response, m case strings.EqualFold("AccessDeniedException", errorCode): return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + case strings.EqualFold("ConflictException", errorCode): + return awsRestjson1_deserializeErrorConflictException(response, errorBody) + case strings.EqualFold("PendingVerification", errorCode): return awsRestjson1_deserializeErrorPendingVerification(response, errorBody) diff --git a/service/licensemanagerusersubscriptions/internal/endpoints/endpoints.go b/service/licensemanagerusersubscriptions/internal/endpoints/endpoints.go index 7195209cc37..daf593f4302 100644 --- a/service/licensemanagerusersubscriptions/internal/endpoints/endpoints.go +++ b/service/licensemanagerusersubscriptions/internal/endpoints/endpoints.go @@ -438,5 +438,13 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsUsGov, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "us-gov-east-1", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "us-gov-west-1", + }: endpoints.Endpoint{}, + }, }, } diff --git a/service/pinpointemail/internal/endpoints/endpoints.go b/service/pinpointemail/internal/endpoints/endpoints.go index ceb72a89f11..fbbae7388e1 100644 --- a/service/pinpointemail/internal/endpoints/endpoints.go +++ b/service/pinpointemail/internal/endpoints/endpoints.go @@ -436,6 +436,15 @@ var defaultPartitions = endpoints.Partitions{ RegionRegex: partitionRegexp.AwsUsGov, IsRegionalized: true, Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "fips-us-gov-east-1", + }: endpoints.Endpoint{ + Hostname: "email-fips.us-gov-east-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: aws.TrueTernary, + }, endpoints.EndpointKey{ Region: "fips-us-gov-west-1", }: endpoints.Endpoint{ @@ -445,6 +454,15 @@ var defaultPartitions = endpoints.Partitions{ }, Deprecated: aws.TrueTernary, }, + endpoints.EndpointKey{ + Region: "us-gov-east-1", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "us-gov-east-1", + Variant: endpoints.FIPSVariant, + }: { + Hostname: "email-fips.us-gov-east-1.amazonaws.com", + }, endpoints.EndpointKey{ Region: "us-gov-west-1", }: endpoints.Endpoint{}, diff --git a/service/rds/api_op_CreateDBInstance.go b/service/rds/api_op_CreateDBInstance.go index df5d39c5dd6..a6a3f54ecf3 100644 --- a/service/rds/api_op_CreateDBInstance.go +++ b/service/rds/api_op_CreateDBInstance.go @@ -697,7 +697,8 @@ type CreateDBInstanceInput struct { TdeCredentialPassword *string // The time zone of the DB instance. The time zone parameter is currently - // supported only by Microsoft SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone) + // supported only by RDS for Db2 (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone) + // and RDS for SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone) // . Timezone *string diff --git a/service/rds/api_op_ModifyDBInstance.go b/service/rds/api_op_ModifyDBInstance.go index 8b009236e5b..200af1f996a 100644 --- a/service/rds/api_op_ModifyDBInstance.go +++ b/service/rds/api_op_ModifyDBInstance.go @@ -204,8 +204,8 @@ type ModifyDBInstanceInput struct { // information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Non-VPC2VPC) // in the Amazon RDS User Guide. Changing the subnet group causes an outage during // the change. The change is applied during the next maintenance window, unless you - // enable ApplyImmediately . This parameter doesn't apply to RDS Custom DB - // instances. Constraints: + // enable ApplyImmediately . This setting doesn't apply to RDS Custom DB instances. + // Constraints: // - If supplied, must match existing DB subnet group. // Example: mydbsubnetgroup DBSubnetGroupName *string @@ -216,7 +216,10 @@ type ModifyDBInstanceInput struct { // Specifies whether the DB instance has deletion protection enabled. The database // can't be deleted when deletion protection is enabled. By default, deletion // protection isn't enabled. For more information, see Deleting a DB Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html) - // . + // . This setting doesn't apply to Amazon Aurora DB instances. You can enable or + // disable deletion protection for the DB cluster. For more information, see + // ModifyDBCluster . DB instances in a DB cluster can be deleted even when deletion + // protection is enabled for the DB cluster. DeletionProtection *bool // Specifies whether to remove the DB instance from the Active Directory domain. diff --git a/service/rds/types/types.go b/service/rds/types/types.go index acb1bd86257..70bb4919584 100644 --- a/service/rds/types/types.go +++ b/service/rds/types/types.go @@ -1755,8 +1755,8 @@ type DBInstance struct { TdeCredentialArn *string // The time zone of the DB instance. In most cases, the Timezone element is empty. - // Timezone content appears only for Microsoft SQL Server DB instances that were - // created with a time zone specified. + // Timezone content appears only for RDS for Db2 and RDS for SQL Server DB + // instances that were created with a time zone specified. Timezone *string // The list of Amazon EC2 VPC security groups that the DB instance belongs to. diff --git a/service/ses/internal/endpoints/endpoints.go b/service/ses/internal/endpoints/endpoints.go index 60f4469c0dd..1880cc41b16 100644 --- a/service/ses/internal/endpoints/endpoints.go +++ b/service/ses/internal/endpoints/endpoints.go @@ -436,6 +436,15 @@ var defaultPartitions = endpoints.Partitions{ RegionRegex: partitionRegexp.AwsUsGov, IsRegionalized: true, Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "fips-us-gov-east-1", + }: endpoints.Endpoint{ + Hostname: "email-fips.us-gov-east-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: aws.TrueTernary, + }, endpoints.EndpointKey{ Region: "fips-us-gov-west-1", }: endpoints.Endpoint{ @@ -445,6 +454,15 @@ var defaultPartitions = endpoints.Partitions{ }, Deprecated: aws.TrueTernary, }, + endpoints.EndpointKey{ + Region: "us-gov-east-1", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "us-gov-east-1", + Variant: endpoints.FIPSVariant, + }: { + Hostname: "email-fips.us-gov-east-1.amazonaws.com", + }, endpoints.EndpointKey{ Region: "us-gov-west-1", }: endpoints.Endpoint{}, diff --git a/service/sesv2/internal/endpoints/endpoints.go b/service/sesv2/internal/endpoints/endpoints.go index 6be77f13c9b..e6dceef5715 100644 --- a/service/sesv2/internal/endpoints/endpoints.go +++ b/service/sesv2/internal/endpoints/endpoints.go @@ -436,6 +436,15 @@ var defaultPartitions = endpoints.Partitions{ RegionRegex: partitionRegexp.AwsUsGov, IsRegionalized: true, Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "fips-us-gov-east-1", + }: endpoints.Endpoint{ + Hostname: "email-fips.us-gov-east-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: aws.TrueTernary, + }, endpoints.EndpointKey{ Region: "fips-us-gov-west-1", }: endpoints.Endpoint{ @@ -445,6 +454,15 @@ var defaultPartitions = endpoints.Partitions{ }, Deprecated: aws.TrueTernary, }, + endpoints.EndpointKey{ + Region: "us-gov-east-1", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "us-gov-east-1", + Variant: endpoints.FIPSVariant, + }: { + Hostname: "email-fips.us-gov-east-1.amazonaws.com", + }, endpoints.EndpointKey{ Region: "us-gov-west-1", }: endpoints.Endpoint{}, diff --git a/service/sfn/api_op_ValidateStateMachineDefinition.go b/service/sfn/api_op_ValidateStateMachineDefinition.go new file mode 100644 index 00000000000..7017016ed18 --- /dev/null +++ b/service/sfn/api_op_ValidateStateMachineDefinition.go @@ -0,0 +1,163 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package sfn + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/service/sfn/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Validates the syntax of a state machine definition. You can validate that a +// state machine definition is correct without creating a state machine resource. +// Step Functions will implicitly perform the same syntax check when you invoke +// CreateStateMachine and UpdateStateMachine . State machine definitions are +// specified using a JSON-based, structured language. For more information on +// Amazon States Language see Amazon States Language (https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html) +// (ASL). Suggested uses for ValidateStateMachineDefinition : +// - Integrate automated checks into your code review or Continuous Integration +// (CI) process to validate state machine definitions before starting deployments. +// - Run the validation from a Git pre-commit hook to check your state machine +// definitions before committing them to your source repository. +// +// Errors found in the state machine definition will be returned in the response +// as a list of diagnostic elements, rather than raise an exception. +func (c *Client) ValidateStateMachineDefinition(ctx context.Context, params *ValidateStateMachineDefinitionInput, optFns ...func(*Options)) (*ValidateStateMachineDefinitionOutput, error) { + if params == nil { + params = &ValidateStateMachineDefinitionInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "ValidateStateMachineDefinition", params, optFns, c.addOperationValidateStateMachineDefinitionMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*ValidateStateMachineDefinitionOutput) + out.ResultMetadata = metadata + return out, nil +} + +type ValidateStateMachineDefinitionInput struct { + + // The Amazon States Language definition of the state machine. For more + // information, see Amazon States Language (https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html) + // (ASL). + // + // This member is required. + Definition *string + + // The target type of state machine for this definition. The default is STANDARD . + Type types.StateMachineType + + noSmithyDocumentSerde +} + +type ValidateStateMachineDefinitionOutput struct { + + // If the result is OK , this field will be empty. When there are errors, this + // field will contain an array of Diagnostic objects to help you troubleshoot. + // + // This member is required. + Diagnostics []types.ValidateStateMachineDefinitionDiagnostic + + // The result value will be OK when no syntax errors are found, or FAIL if the + // workflow definition does not pass verification. + // + // This member is required. + Result types.ValidateStateMachineDefinitionResultCode + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationValidateStateMachineDefinitionMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsAwsjson10_serializeOpValidateStateMachineDefinition{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsAwsjson10_deserializeOpValidateStateMachineDefinition{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "ValidateStateMachineDefinition"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = addClientRequestID(stack); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRetry(stack, options); err != nil { + return err + } + if err = addRawResponseToMetadata(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addOpValidateStateMachineDefinitionValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opValidateStateMachineDefinition(options.Region), middleware.Before); err != nil { + return err + } + if err = addRecursionDetection(stack); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opValidateStateMachineDefinition(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "ValidateStateMachineDefinition", + } +} diff --git a/service/sfn/deserializers.go b/service/sfn/deserializers.go index eaccb8e31b8..4d08e7acb87 100644 --- a/service/sfn/deserializers.go +++ b/service/sfn/deserializers.go @@ -2752,6 +2752,9 @@ func awsAwsjson10_deserializeOpErrorRedriveExecution(response *smithyhttp.Respon case strings.EqualFold("InvalidArn", errorCode): return awsAwsjson10_deserializeErrorInvalidArn(response, errorBody) + case strings.EqualFold("ValidationException", errorCode): + return awsAwsjson10_deserializeErrorValidationException(response, errorBody) + default: genericError := &smithy.GenericAPIError{ Code: errorCode, @@ -4172,6 +4175,113 @@ func awsAwsjson10_deserializeOpErrorUpdateStateMachineAlias(response *smithyhttp } } +type awsAwsjson10_deserializeOpValidateStateMachineDefinition struct { +} + +func (*awsAwsjson10_deserializeOpValidateStateMachineDefinition) ID() string { + return "OperationDeserializer" +} + +func (m *awsAwsjson10_deserializeOpValidateStateMachineDefinition) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsAwsjson10_deserializeOpErrorValidateStateMachineDefinition(response, &metadata) + } + output := &ValidateStateMachineDefinitionOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsAwsjson10_deserializeOpDocumentValidateStateMachineDefinitionOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + return out, metadata, err +} + +func awsAwsjson10_deserializeOpErrorValidateStateMachineDefinition(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + bodyInfo, err := getProtocolErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if typ, ok := resolveProtocolErrorType(headerCode, bodyInfo); ok { + errorCode = restjson.SanitizeErrorCode(typ) + } + if len(bodyInfo.Message) != 0 { + errorMessage = bodyInfo.Message + } + switch { + case strings.EqualFold("ValidationException", errorCode): + return awsAwsjson10_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + func awsAwsjson10_deserializeErrorActivityDoesNotExist(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -10200,6 +10310,107 @@ func awsAwsjson10_deserializeDocumentTracingConfiguration(v **types.TracingConfi return nil } +func awsAwsjson10_deserializeDocumentValidateStateMachineDefinitionDiagnostic(v **types.ValidateStateMachineDefinitionDiagnostic, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.ValidateStateMachineDefinitionDiagnostic + if *v == nil { + sv = &types.ValidateStateMachineDefinitionDiagnostic{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "code": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ValidateStateMachineDefinitionCode to be of type string, got %T instead", value) + } + sv.Code = ptr.String(jtv) + } + + case "location": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ValidateStateMachineDefinitionLocation to be of type string, got %T instead", value) + } + sv.Location = ptr.String(jtv) + } + + case "message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ValidateStateMachineDefinitionMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + case "severity": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ValidateStateMachineDefinitionSeverity to be of type string, got %T instead", value) + } + sv.Severity = types.ValidateStateMachineDefinitionSeverity(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson10_deserializeDocumentValidateStateMachineDefinitionDiagnosticList(v *[]types.ValidateStateMachineDefinitionDiagnostic, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []types.ValidateStateMachineDefinitionDiagnostic + if *v == nil { + cv = []types.ValidateStateMachineDefinitionDiagnostic{} + } else { + cv = *v + } + + for _, value := range shape { + var col types.ValidateStateMachineDefinitionDiagnostic + destAddr := &col + if err := awsAwsjson10_deserializeDocumentValidateStateMachineDefinitionDiagnostic(&destAddr, value); err != nil { + return err + } + col = *destAddr + cv = append(cv, col) + + } + *v = cv + return nil +} + func awsAwsjson10_deserializeDocumentValidationException(v **types.ValidationException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -12529,6 +12740,51 @@ func awsAwsjson10_deserializeOpDocumentUpdateStateMachineOutput(v **UpdateStateM return nil } +func awsAwsjson10_deserializeOpDocumentValidateStateMachineDefinitionOutput(v **ValidateStateMachineDefinitionOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *ValidateStateMachineDefinitionOutput + if *v == nil { + sv = &ValidateStateMachineDefinitionOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "diagnostics": + if err := awsAwsjson10_deserializeDocumentValidateStateMachineDefinitionDiagnosticList(&sv.Diagnostics, value); err != nil { + return err + } + + case "result": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ValidateStateMachineDefinitionResultCode to be of type string, got %T instead", value) + } + sv.Result = types.ValidateStateMachineDefinitionResultCode(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + type protocolErrorInfo struct { Type string `json:"__type"` Message string diff --git a/service/sfn/generated.json b/service/sfn/generated.json index 5273f2049f2..290a8138825 100644 --- a/service/sfn/generated.json +++ b/service/sfn/generated.json @@ -44,6 +44,7 @@ "api_op_UpdateMapRun.go", "api_op_UpdateStateMachine.go", "api_op_UpdateStateMachineAlias.go", + "api_op_ValidateStateMachineDefinition.go", "auth.go", "deserializers.go", "doc.go", diff --git a/service/sfn/serializers.go b/service/sfn/serializers.go index a625c55dd44..661b3622ec6 100644 --- a/service/sfn/serializers.go +++ b/service/sfn/serializers.go @@ -1995,6 +1995,61 @@ func (m *awsAwsjson10_serializeOpUpdateStateMachineAlias) HandleSerialize(ctx co return next.HandleSerialize(ctx, in) } + +type awsAwsjson10_serializeOpValidateStateMachineDefinition struct { +} + +func (*awsAwsjson10_serializeOpValidateStateMachineDefinition) ID() string { + return "OperationSerializer" +} + +func (m *awsAwsjson10_serializeOpValidateStateMachineDefinition) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*ValidateStateMachineDefinitionInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + operationPath := "/" + if len(request.Request.URL.Path) == 0 { + request.Request.URL.Path = operationPath + } else { + request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath) + if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' { + request.Request.URL.Path += "/" + } + } + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-amz-json-1.0") + httpBindingEncoder.SetHeader("X-Amz-Target").String("AWSStepFunctions.ValidateStateMachineDefinition") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsAwsjson10_serializeOpDocumentValidateStateMachineDefinitionInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + return next.HandleSerialize(ctx, in) +} func awsAwsjson10_serializeDocumentCloudWatchLogsLogGroup(v *types.CloudWatchLogsLogGroup, value smithyjson.Value) error { object := value.Object() defer object.Close() @@ -2905,3 +2960,20 @@ func awsAwsjson10_serializeOpDocumentUpdateStateMachineInput(v *UpdateStateMachi return nil } + +func awsAwsjson10_serializeOpDocumentValidateStateMachineDefinitionInput(v *ValidateStateMachineDefinitionInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.Definition != nil { + ok := object.Key("definition") + ok.String(*v.Definition) + } + + if len(v.Type) > 0 { + ok := object.Key("type") + ok.String(string(v.Type)) + } + + return nil +} diff --git a/service/sfn/snapshot_test.go b/service/sfn/snapshot_test.go index ed16f36954a..2791b263a2f 100644 --- a/service/sfn/snapshot_test.go +++ b/service/sfn/snapshot_test.go @@ -493,6 +493,18 @@ func TestCheckSnapshot_UpdateStateMachineAlias(t *testing.T) { t.Fatal(err) } } + +func TestCheckSnapshot_ValidateStateMachineDefinition(t *testing.T) { + svc := New(Options{}) + _, err := svc.ValidateStateMachineDefinition(context.Background(), nil, func(o *Options) { + o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error { + return testSnapshot(stack, "ValidateStateMachineDefinition") + }) + }) + if _, ok := err.(snapshotOK); !ok && err != nil { + t.Fatal(err) + } +} func TestUpdateSnapshot_CreateActivity(t *testing.T) { svc := New(Options{}) _, err := svc.CreateActivity(context.Background(), nil, func(o *Options) { @@ -924,3 +936,15 @@ func TestUpdateSnapshot_UpdateStateMachineAlias(t *testing.T) { t.Fatal(err) } } + +func TestUpdateSnapshot_ValidateStateMachineDefinition(t *testing.T) { + svc := New(Options{}) + _, err := svc.ValidateStateMachineDefinition(context.Background(), nil, func(o *Options) { + o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error { + return updateSnapshot(stack, "ValidateStateMachineDefinition") + }) + }) + if _, ok := err.(snapshotOK); !ok && err != nil { + t.Fatal(err) + } +} diff --git a/service/sfn/types/enums.go b/service/sfn/types/enums.go index 9fa8ace4e80..08f1a385dc1 100644 --- a/service/sfn/types/enums.go +++ b/service/sfn/types/enums.go @@ -344,6 +344,42 @@ func (TestExecutionStatus) Values() []TestExecutionStatus { } } +type ValidateStateMachineDefinitionResultCode string + +// Enum values for ValidateStateMachineDefinitionResultCode +const ( + ValidateStateMachineDefinitionResultCodeOk ValidateStateMachineDefinitionResultCode = "OK" + ValidateStateMachineDefinitionResultCodeFail ValidateStateMachineDefinitionResultCode = "FAIL" +) + +// Values returns all known values for ValidateStateMachineDefinitionResultCode. +// Note that this can be expanded in the future, and so it is only as up to date as +// the client. The ordering of this slice is not guaranteed to be stable across +// updates. +func (ValidateStateMachineDefinitionResultCode) Values() []ValidateStateMachineDefinitionResultCode { + return []ValidateStateMachineDefinitionResultCode{ + "OK", + "FAIL", + } +} + +type ValidateStateMachineDefinitionSeverity string + +// Enum values for ValidateStateMachineDefinitionSeverity +const ( + ValidateStateMachineDefinitionSeverityError ValidateStateMachineDefinitionSeverity = "ERROR" +) + +// Values returns all known values for ValidateStateMachineDefinitionSeverity. +// Note that this can be expanded in the future, and so it is only as up to date as +// the client. The ordering of this slice is not guaranteed to be stable across +// updates. +func (ValidateStateMachineDefinitionSeverity) Values() []ValidateStateMachineDefinitionSeverity { + return []ValidateStateMachineDefinitionSeverity{ + "ERROR", + } +} + type ValidationExceptionReason string // Enum values for ValidationExceptionReason diff --git a/service/sfn/types/types.go b/service/sfn/types/types.go index b462a8c3f27..d7e864292d1 100644 --- a/service/sfn/types/types.go +++ b/service/sfn/types/types.go @@ -1234,4 +1234,33 @@ type TracingConfiguration struct { noSmithyDocumentSerde } +// Describes an error found during validation. Validation errors found in the +// definition return in the response as diagnostic elements, rather than raise an +// exception. +type ValidateStateMachineDefinitionDiagnostic struct { + + // Identifying code for the diagnostic. + // + // This member is required. + Code *string + + // Message describing the diagnostic condition. + // + // This member is required. + Message *string + + // A value of ERROR means that you cannot create or update a state machine with + // this definition. + // + // This member is required. + Severity ValidateStateMachineDefinitionSeverity + + // Location of the issue in the state machine, if available. For errors specific + // to a field, the location could be in the format: /States// , for example: + // /States/FailState/ErrorPath . + Location *string + + noSmithyDocumentSerde +} + type noSmithyDocumentSerde = smithydocument.NoSerde diff --git a/service/sfn/validators.go b/service/sfn/validators.go index 9a7306d4f2b..b7402b3c216 100644 --- a/service/sfn/validators.go +++ b/service/sfn/validators.go @@ -670,6 +670,26 @@ func (m *validateOpUpdateStateMachine) HandleInitialize(ctx context.Context, in return next.HandleInitialize(ctx, in) } +type validateOpValidateStateMachineDefinition struct { +} + +func (*validateOpValidateStateMachineDefinition) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpValidateStateMachineDefinition) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*ValidateStateMachineDefinitionInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpValidateStateMachineDefinitionInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + func addOpCreateActivityValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpCreateActivity{}, middleware.After) } @@ -802,6 +822,10 @@ func addOpUpdateStateMachineValidationMiddleware(stack *middleware.Stack) error return stack.Initialize.Add(&validateOpUpdateStateMachine{}, middleware.After) } +func addOpValidateStateMachineDefinitionValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpValidateStateMachineDefinition{}, middleware.After) +} + func validateRoutingConfigurationList(v []types.RoutingConfigurationListItem) error { if v == nil { return nil @@ -1358,3 +1382,18 @@ func validateOpUpdateStateMachineInput(v *UpdateStateMachineInput) error { return nil } } + +func validateOpValidateStateMachineDefinitionInput(v *ValidateStateMachineDefinitionInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "ValidateStateMachineDefinitionInput"} + if v.Definition == nil { + invalidParams.Add(smithy.NewErrParamRequired("Definition")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +}