From 009d501735257856fd8613fc3204b483a17682cd Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Sun, 18 Jun 2017 20:38:46 -0400 Subject: [PATCH 01/16] Add resource to create an AWS Organization. --- aws/config.go | 3 + aws/provider.go | 1 + aws/resource_aws_organization.go | 104 + aws/resource_aws_organization_test.go | 89 + .../aws-sdk-go/service/organizations/api.go | 12242 ++++++++++++++++ .../aws-sdk-go/service/organizations/doc.go | 191 + .../service/organizations/errors.go | 398 + .../service/organizations/service.go | 95 + vendor/vendor.json | 8 + website/docs/r/organization.html.markdown | 33 + 10 files changed, 13164 insertions(+) create mode 100644 aws/resource_aws_organization.go create mode 100644 aws/resource_aws_organization_test.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/organizations/api.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/organizations/doc.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/organizations/service.go create mode 100644 website/docs/r/organization.html.markdown diff --git a/aws/config.go b/aws/config.go index dd1149b910f4..76ecabbb892d 100644 --- a/aws/config.go +++ b/aws/config.go @@ -54,6 +54,7 @@ import ( "github.com/aws/aws-sdk-go/service/lambda" "github.com/aws/aws-sdk-go/service/lightsail" "github.com/aws/aws-sdk-go/service/opsworks" + "github.com/aws/aws-sdk-go/service/organizations" "github.com/aws/aws-sdk-go/service/rds" "github.com/aws/aws-sdk-go/service/redshift" "github.com/aws/aws-sdk-go/service/route53" @@ -165,6 +166,7 @@ type AWSClient struct { lambdaconn *lambda.Lambda lightsailconn *lightsail.Lightsail opsworksconn *opsworks.OpsWorks + orgsconn *organizations.Organizations glacierconn *glacier.Glacier codebuildconn *codebuild.CodeBuild codedeployconn *codedeploy.CodeDeploy @@ -369,6 +371,7 @@ func (c *Config) Client() (interface{}, error) { client.lambdaconn = lambda.New(sess) client.lightsailconn = lightsail.New(sess) client.opsworksconn = opsworks.New(sess) + client.orgsconn = organizations.New(sess) client.r53conn = route53.New(r53Sess) client.rdsconn = rds.New(awsRdsSess) client.redshiftconn = redshift.New(sess) diff --git a/aws/provider.go b/aws/provider.go index d5880d730791..d09eeb39c2e1 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -393,6 +393,7 @@ func Provider() terraform.ResourceProvider { "aws_opsworks_user_profile": resourceAwsOpsworksUserProfile(), "aws_opsworks_permission": resourceAwsOpsworksPermission(), "aws_opsworks_rds_db_instance": resourceAwsOpsworksRdsDbInstance(), + "aws_organization": resourceAwsOrganization(), "aws_placement_group": resourceAwsPlacementGroup(), "aws_proxy_protocol_policy": resourceAwsProxyProtocolPolicy(), "aws_rds_cluster": resourceAwsRDSCluster(), diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organization.go new file mode 100644 index 000000000000..8a02e9218c13 --- /dev/null +++ b/aws/resource_aws_organization.go @@ -0,0 +1,104 @@ +package aws + +import ( + "fmt" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/organizations" + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/helper/validation" + "log" +) + +func resourceAwsOrganization() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsOrganizationCreate, + Read: resourceAwsOrganizationRead, + Update: resourceAwsOrganizationUpdate, + Delete: resourceAwsOrganizationDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "arn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "master_account_arn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "master_account_email": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "master_account_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "feature_set": { + Type: schema.TypeString, + Optional: true, + Default: "ALL", + ValidateFunc: validation.StringInSlice([]string{"ALL", "CONSOLIDATED_BILLING"}, true), + }, + }, + } +} + +func resourceAwsOrganizationCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).orgsconn + + // Create the organization + createOpts := &organizations.CreateOrganizationInput{ + FeatureSet: aws.String(d.Get("feature_set").(string)), + } + log.Printf("[DEBUG] Organization create config: %#v", createOpts) + + resp, err := conn.CreateOrganization(createOpts) + if err != nil { + return fmt.Errorf("Error creating organization: %s", err) + } + + // Get the ID and store it + org := resp.Organization + d.SetId(*org.Id) + log.Printf("[INFO] Organization ID: %s", d.Id()) + + return resourceAwsOrganizationUpdate(d, meta) +} + +func resourceAwsOrganizationRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).orgsconn + org, err := conn.DescribeOrganization(&organizations.DescribeOrganizationInput{}) + if err != nil { + if orgerr, ok := err.(awserr.Error); ok && orgerr.Code() == "AWSOrganizationsNotInUseException" { + d.SetId("") + return nil + } + return err + } + + d.Set("arn", org.Organization.Arn) + d.Set("feature_set", org.Organization.FeatureSet) + d.Set("master_account_arn", org.Organization.MasterAccountArn) + d.Set("master_account_email", org.Organization.MasterAccountEmail) + d.Set("master_account_id", org.Organization.MasterAccountId) + return nil +} + +func resourceAwsOrganizationUpdate(d *schema.ResourceData, meta interface{}) error { + return resourceAwsOrganizationRead(d, meta) +} + +func resourceAwsOrganizationDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).orgsconn + _, err := conn.DeleteOrganization(&organizations.DeleteOrganizationInput{}) + if err != nil { + return err + } + + return nil + +} diff --git a/aws/resource_aws_organization_test.go b/aws/resource_aws_organization_test.go new file mode 100644 index 000000000000..3c8ff1672e55 --- /dev/null +++ b/aws/resource_aws_organization_test.go @@ -0,0 +1,89 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/service/organizations" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAWSOrganization_basic(t *testing.T) { + var organization organizations.Organization + + feature_set := "CONSOLIDATED_BILLING" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSOrganizationDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSOrganizationConfig(feature_set), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSOrganizationExists("aws_organization.test", &organization), + ), + }, + }, + }) +} + +func testAccCheckAWSOrganizationDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).orgsconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_organization" { + continue + } + + params := &organizations.DescribeOrganizationInput{} + + resp, err := conn.DescribeOrganization(params) + + if err != nil || resp == nil { + return nil + } + + if resp.Organization != nil { + return fmt.Errorf("Bad: Organization still exists: %q", rs.Primary.ID) + } + } + + return nil + +} + +func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + conn := testAccProvider.Meta().(*AWSClient).orgsconn + params := &organizations.DescribeOrganizationInput{} + + resp, err := conn.DescribeOrganization(params) + + if err != nil || resp == nil { + return nil + } + + if resp.Organization == nil { + return fmt.Errorf("Bad: Organization %q does not exist", rs.Primary.ID) + } + + a = resp.Organization + + return nil + } +} + +func testAccAWSOrganizationConfig(feature_set string) string { + return fmt.Sprintf(` +resource "aws_organization" "test" { + feature_set = "%s" +} +`, feature_set) +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go new file mode 100644 index 000000000000..b732cc76d4da --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go @@ -0,0 +1,12242 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package organizations + +import ( + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +const opAcceptHandshake = "AcceptHandshake" + +// AcceptHandshakeRequest generates a "aws/request.Request" representing the +// client's request for the AcceptHandshake operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See AcceptHandshake for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the AcceptHandshake method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the AcceptHandshakeRequest method. +// req, resp := client.AcceptHandshakeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake +func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) { + op := &request.Operation{ + Name: opAcceptHandshake, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AcceptHandshakeInput{} + } + + output = &AcceptHandshakeOutput{} + req = c.newRequest(op, input, output) + return +} + +// AcceptHandshake API operation for AWS Organizations. +// +// Sends a response to the originator of a handshake agreeing to the action +// proposed by the handshake request. +// +// This operation can be called only by the following principals when they also +// have the relevant IAM permissions: +// +// * Invitation to join or Approve all features request handshakes: only +// a principal from the member account. +// +// * Enable all features final confirmation handshake: only a principal from +// the master account. +// +// For more information about invitations, see Inviting an AWS Account to Join +// Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html) +// in the AWS Organizations User Guide. For more information about requests +// to enable all features in the organization, see Enabling All Features +// in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) +// in the AWS Organizations User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation AcceptHandshake for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" +// The requested operation would violate the constraint identified in the reason +// code. +// +// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on +// the number of accounts in an organization. Note: deleted and closed accounts +// still count toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because +// the invited account is already a member of an organization. +// +// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid +// because the organization has already enabled all features. +// +// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You cannot issue new invitations +// to join an organization while it is in the process of enabling all features. +// You can resume inviting accounts after you finalize the process when all +// accounts have agreed to the change. +// +// * PAYMENT_INSTRUMENT_REQUIRED: You cannot complete the operation with +// an account that does not have a payment instrument, such as a credit card, +// associated with it. +// +// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because +// the account is from a different marketplace than the accounts in the organization. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be from the same +// marketplace. +// +// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to +// change the membership of an account too quickly after its previous change. +// +// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" +// We can't find a handshake with the HandshakeId that you specified. +// +// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" +// You can't perform the operation on the handshake in its current state. For +// example, you can't cancel a handshake that was already accepted, or accept +// a handshake that was already declined. +// +// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" +// The specified handshake is already in the requested state. For example, you +// can't accept a handshake that was already accepted. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake +func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) { + req, out := c.AcceptHandshakeRequest(input) + return out, req.Send() +} + +// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of +// the ability to pass a context and additional request options. +// +// See AcceptHandshake for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) { + req, out := c.AcceptHandshakeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opAttachPolicy = "AttachPolicy" + +// AttachPolicyRequest generates a "aws/request.Request" representing the +// client's request for the AttachPolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See AttachPolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the AttachPolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the AttachPolicyRequest method. +// req, resp := client.AttachPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy +func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) { + op := &request.Operation{ + Name: opAttachPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AttachPolicyInput{} + } + + output = &AttachPolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// AttachPolicy API operation for AWS Organizations. +// +// Attaches a policy to a root, an organizational unit, or an individual account. +// How the policy affects accounts depends on the type of policy: +// +// * Service control policy (SCP) - An SCP specifies what permissions can +// be delegated to users in affected member accounts. The scope of influence +// for a policy depends on what you attach the policy to: +// +// If you attach an SCP to a root, it affects all accounts in the organization. +// +// If you attach an SCP to an OU, it affects all accounts in that OU and in +// any child OUs. +// +// If you attach the policy directly to an account, then it affects only that +// account. +// +// SCPs essentially are permission "filters". When you attach one SCP to a higher +// level root or OU, and you also attach a different SCP to a child OU or +// to an account, the child policy can further restrict only the permissions +// that pass through the parent filter and are available to the child. An +// SCP that is attached to a child cannot grant a permission that is not +// already granted by the parent. For example, imagine that the parent SCP +// allows permissions A, B, C, D, and E. The child SCP allows C, D, E, F, +// and G. The result is that the accounts affected by the child SCP are allowed +// to use only C, D, and E. They cannot use A or B because they were filtered +// out by the child OU. They also cannot use F and G because they were filtered +// out by the parent OU. They cannot be granted back by the child SCP; child +// SCPs can only filter the permissions they receive from the parent SCP. +// +// AWS Organizations attaches a default SCP named "FullAWSAccess to every root, +// OU, and account. This default SCP allows all services and actions, enabling +// any new child OU or account to inherit the permissions of the parent root +// or OU. If you detach the default policy, you must replace it with a policy +// that specifies the permissions that you want to allow in that OU or account. +// +// For more information about how Organizations policies permissions work, see +// Using Service Control Policies (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) +// in the AWS Organizations User Guide. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation AttachPolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeDuplicatePolicyAttachmentException "DuplicatePolicyAttachmentException" +// The selected policy is already attached to the specified target. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodePolicyNotFoundException "PolicyNotFoundException" +// We can't find a policy with the PolicyId that you specified. +// +// * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException" +// The specified policy type is not currently enabled in this root. You cannot +// attach policies of the specified type to entities in a root until you enable +// that type in the root. For more information, see Enabling All Features in +// Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) +// in the AWS Organizations User Guide. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTargetNotFoundException "TargetNotFoundException" +// We can't find a root, OU, or account with the TargetId that you specified. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy +func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) { + req, out := c.AttachPolicyRequest(input) + return out, req.Send() +} + +// AttachPolicyWithContext is the same as AttachPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See AttachPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) { + req, out := c.AttachPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCancelHandshake = "CancelHandshake" + +// CancelHandshakeRequest generates a "aws/request.Request" representing the +// client's request for the CancelHandshake operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CancelHandshake for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CancelHandshake method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CancelHandshakeRequest method. +// req, resp := client.CancelHandshakeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake +func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) { + op := &request.Operation{ + Name: opCancelHandshake, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CancelHandshakeInput{} + } + + output = &CancelHandshakeOutput{} + req = c.newRequest(op, input, output) + return +} + +// CancelHandshake API operation for AWS Organizations. +// +// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED. +// +// This operation can be called only from the account that originated the handshake. +// The recipient of the handshake can't cancel it, but can use DeclineHandshake +// instead. After a handshake is canceled, the recipient can no longer respond +// to that handshake. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation CancelHandshake for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" +// We can't find a handshake with the HandshakeId that you specified. +// +// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" +// You can't perform the operation on the handshake in its current state. For +// example, you can't cancel a handshake that was already accepted, or accept +// a handshake that was already declined. +// +// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" +// The specified handshake is already in the requested state. For example, you +// can't accept a handshake that was already accepted. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake +func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) { + req, out := c.CancelHandshakeRequest(input) + return out, req.Send() +} + +// CancelHandshakeWithContext is the same as CancelHandshake with the addition of +// the ability to pass a context and additional request options. +// +// See CancelHandshake for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) { + req, out := c.CancelHandshakeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateAccount = "CreateAccount" + +// CreateAccountRequest generates a "aws/request.Request" representing the +// client's request for the CreateAccount operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateAccount for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateAccount method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateAccountRequest method. +// req, resp := client.CreateAccountRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount +func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) { + op := &request.Operation{ + Name: opCreateAccount, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateAccountInput{} + } + + output = &CreateAccountOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateAccount API operation for AWS Organizations. +// +// Creates an AWS account that is automatically a member of the organization +// whose credentials made the request. This is an asynchronous request that +// AWS performs in the background. If you want to check the status of the request +// later, you need the OperationId response element from this operation to provide +// as a parameter to the DescribeCreateAccountStatus operation. +// +// AWS Organizations preconfigures the new member account with a role (named +// OrganizationAccountAccessRole by default) that grants administrator permissions +// to the new account. Principals in the master account can assume the role. +// AWS Organizations clones the company name and address information for the +// new account from the organization's master account. +// +// For more information about creating accounts, see Creating an AWS Account +// in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) +// in the AWS Organizations User Guide. +// +// You cannot remove accounts that are created with this operation from an organization. +// That also means that you cannot delete an organization that contains an account +// that is created with this operation. +// +// When you create a member account with this operation, you can choose whether +// to create the account with the IAM User and Role Access to Billing Information +// switch enabled. If you enable it, IAM users and roles that have appropriate +// permissions can view billing information for the account. If you disable +// this, then only the account root user can access billing information. For +// information about how to disable this for an account, see Granting Access +// to Your Billing Information and Tools (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation CreateAccount for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException" +// AWS Organizations could not finalize the creation of your organization. Try +// again later. If this persists, contact AWS customer support. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount +func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) { + req, out := c.CreateAccountRequest(input) + return out, req.Send() +} + +// CreateAccountWithContext is the same as CreateAccount with the addition of +// the ability to pass a context and additional request options. +// +// See CreateAccount for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) { + req, out := c.CreateAccountRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateOrganization = "CreateOrganization" + +// CreateOrganizationRequest generates a "aws/request.Request" representing the +// client's request for the CreateOrganization operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateOrganization for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateOrganization method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateOrganizationRequest method. +// req, resp := client.CreateOrganizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization +func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) { + op := &request.Operation{ + Name: opCreateOrganization, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateOrganizationInput{} + } + + output = &CreateOrganizationOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateOrganization API operation for AWS Organizations. +// +// Creates an AWS organization. The account whose user is calling the CreateOrganization +// operation automatically becomes the master account (http://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account) +// of the new organization. +// +// This operation must be called using credentials from the account that is +// to become the new organization's master account. The principal must also +// have the relevant IAM permissions. +// +// By default (or if you set the FeatureSet parameter to ALL), the new organization +// is created with all features enabled and service control policies automatically +// enabled in the root. If you instead choose to create the organization supporting +// only the consolidated billing features by setting the FeatureSet parameter +// to CONSOLIDATED_BILLING", then no policy types are enabled by default and +// you cannot use organization policies. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation CreateOrganization for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAlreadyInOrganizationException "AlreadyInOrganizationException" +// This account is already a member of an organization. An account can belong +// to only one organization at a time. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization +func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) { + req, out := c.CreateOrganizationRequest(input) + return out, req.Send() +} + +// CreateOrganizationWithContext is the same as CreateOrganization with the addition of +// the ability to pass a context and additional request options. +// +// See CreateOrganization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) { + req, out := c.CreateOrganizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateOrganizationalUnit = "CreateOrganizationalUnit" + +// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the +// client's request for the CreateOrganizationalUnit operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateOrganizationalUnit for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateOrganizationalUnit method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateOrganizationalUnitRequest method. +// req, resp := client.CreateOrganizationalUnitRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit +func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) { + op := &request.Operation{ + Name: opCreateOrganizationalUnit, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateOrganizationalUnitInput{} + } + + output = &CreateOrganizationalUnitOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateOrganizationalUnit API operation for AWS Organizations. +// +// Creates an organizational unit (OU) within a root or parent OU. An OU is +// a container for accounts that enables you to organize your accounts to apply +// policies according to your business requirements. The number of levels deep +// that you can nest OUs is dependent upon the policy types enabled for that +// root. For service control policies, the limit is five. +// +// For more information about OUs, see Managing Organizational Units (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html) +// in the AWS Organizations User Guide. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation CreateOrganizationalUnit for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException" +// An organizational unit (OU) with the same name already exists. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeParentNotFoundException "ParentNotFoundException" +// We can't find a root or organizational unit (OU) with the ParentId that you +// specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit +func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) { + req, out := c.CreateOrganizationalUnitRequest(input) + return out, req.Send() +} + +// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of +// the ability to pass a context and additional request options. +// +// See CreateOrganizationalUnit for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) { + req, out := c.CreateOrganizationalUnitRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreatePolicy = "CreatePolicy" + +// CreatePolicyRequest generates a "aws/request.Request" representing the +// client's request for the CreatePolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreatePolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreatePolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreatePolicyRequest method. +// req, resp := client.CreatePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy +func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) { + op := &request.Operation{ + Name: opCreatePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreatePolicyInput{} + } + + output = &CreatePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreatePolicy API operation for AWS Organizations. +// +// Creates a policy of a specified type that you can attach to a root, an organizational +// unit (OU), or an individual AWS account. +// +// For more information about policies and their use, see Managing Organization +// Policies (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html). +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation CreatePolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeDuplicatePolicyException "DuplicatePolicyException" +// A policy with the same name already exists. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" +// The provided policy document does not meet the requirements of the specified +// policy type. For example, the syntax might be incorrect. For details about +// service control policy syntax, see Service Control Policy Syntax (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) +// in the AWS Organizations User Guide. +// +// * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException" +// You can't use the specified policy type with the feature set currently enabled +// for this organization. For example, you can enable service control policies +// (SCPs) only after you enable all features in the organization. For more information, +// see Enabling and Disabling a Policy Type on a Root (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root) +// in the AWS Organizations User Guide. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy +func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) { + req, out := c.CreatePolicyRequest(input) + return out, req.Send() +} + +// CreatePolicyWithContext is the same as CreatePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See CreatePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) { + req, out := c.CreatePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeclineHandshake = "DeclineHandshake" + +// DeclineHandshakeRequest generates a "aws/request.Request" representing the +// client's request for the DeclineHandshake operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeclineHandshake for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeclineHandshake method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeclineHandshakeRequest method. +// req, resp := client.DeclineHandshakeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake +func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) { + op := &request.Operation{ + Name: opDeclineHandshake, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeclineHandshakeInput{} + } + + output = &DeclineHandshakeOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeclineHandshake API operation for AWS Organizations. +// +// Declines a handshake request. This sets the handshake state to DECLINED and +// effectively deactivates the request. +// +// This operation can be called only from the account that received the handshake. +// The originator of the handshake can use CancelHandshake instead. The originator +// can't reactivate a declined request, but can re-initiate the process with +// a new handshake request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DeclineHandshake for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" +// We can't find a handshake with the HandshakeId that you specified. +// +// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" +// You can't perform the operation on the handshake in its current state. For +// example, you can't cancel a handshake that was already accepted, or accept +// a handshake that was already declined. +// +// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" +// The specified handshake is already in the requested state. For example, you +// can't accept a handshake that was already accepted. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake +func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) { + req, out := c.DeclineHandshakeRequest(input) + return out, req.Send() +} + +// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of +// the ability to pass a context and additional request options. +// +// See DeclineHandshake for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) { + req, out := c.DeclineHandshakeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteOrganization = "DeleteOrganization" + +// DeleteOrganizationRequest generates a "aws/request.Request" representing the +// client's request for the DeleteOrganization operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteOrganization for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteOrganization method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteOrganizationRequest method. +// req, resp := client.DeleteOrganizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization +func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) { + op := &request.Operation{ + Name: opDeleteOrganization, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteOrganizationInput{} + } + + output = &DeleteOrganizationOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteOrganization API operation for AWS Organizations. +// +// Deletes the organization. You can delete an organization only by using credentials +// from the master account. The organization must be empty of member accounts, +// OUs, and policies. +// +// If you create any accounts using Organizations operations or the Organizations +// console, you can't remove those accounts from the organization, which means +// that you can't delete the organization. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DeleteOrganization for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeOrganizationNotEmptyException "OrganizationNotEmptyException" +// The organization isn't empty. To delete an organization, you must first remove +// all accounts except the master account, delete all organizational units (OUs), +// and delete all policies. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization +func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) { + req, out := c.DeleteOrganizationRequest(input) + return out, req.Send() +} + +// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteOrganization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) { + req, out := c.DeleteOrganizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit" + +// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the +// client's request for the DeleteOrganizationalUnit operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteOrganizationalUnit for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteOrganizationalUnit method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteOrganizationalUnitRequest method. +// req, resp := client.DeleteOrganizationalUnitRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit +func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) { + op := &request.Operation{ + Name: opDeleteOrganizationalUnit, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteOrganizationalUnitInput{} + } + + output = &DeleteOrganizationalUnitOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteOrganizationalUnit API operation for AWS Organizations. +// +// Deletes an organizational unit from a root or another OU. You must first +// remove all accounts and child OUs from the OU that you want to delete. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DeleteOrganizationalUnit for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeOrganizationalUnitNotEmptyException "OrganizationalUnitNotEmptyException" +// The specified organizational unit (OU) is not empty. Move all accounts to +// another root or to other OUs, remove all child OUs, and then try the operation +// again. +// +// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" +// We can't find an organizational unit (OU) with the OrganizationalUnitId that +// you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit +func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) { + req, out := c.DeleteOrganizationalUnitRequest(input) + return out, req.Send() +} + +// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteOrganizationalUnit for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) { + req, out := c.DeleteOrganizationalUnitRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeletePolicy = "DeletePolicy" + +// DeletePolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeletePolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeletePolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeletePolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeletePolicyRequest method. +// req, resp := client.DeletePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy +func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { + op := &request.Operation{ + Name: opDeletePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeletePolicyInput{} + } + + output = &DeletePolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeletePolicy API operation for AWS Organizations. +// +// Deletes the specified policy from your organization. Before you perform this +// operation, you must first detach the policy from all OUs, roots, and accounts. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DeletePolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodePolicyInUseException "PolicyInUseException" +// The policy is attached to one or more entities. You must detach it from all +// roots, organizational units (OUs), and accounts before performing this operation. +// +// * ErrCodePolicyNotFoundException "PolicyNotFoundException" +// We can't find a policy with the PolicyId that you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy +func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { + req, out := c.DeletePolicyRequest(input) + return out, req.Send() +} + +// DeletePolicyWithContext is the same as DeletePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See DeletePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { + req, out := c.DeletePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDescribeAccount = "DescribeAccount" + +// DescribeAccountRequest generates a "aws/request.Request" representing the +// client's request for the DescribeAccount operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DescribeAccount for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DescribeAccount method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DescribeAccountRequest method. +// req, resp := client.DescribeAccountRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount +func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) { + op := &request.Operation{ + Name: opDescribeAccount, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeAccountInput{} + } + + output = &DescribeAccountOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeAccount API operation for AWS Organizations. +// +// Retrieves Organizations-related information about the specified account. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DescribeAccount for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAccountNotFoundException "AccountNotFoundException" +// We can't find an AWS account with the AccountId that you specified, or the +// account whose credentials you used to make this request is not a member of +// an organization. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount +func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) { + req, out := c.DescribeAccountRequest(input) + return out, req.Send() +} + +// DescribeAccountWithContext is the same as DescribeAccount with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeAccount for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) { + req, out := c.DescribeAccountRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus" + +// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the +// client's request for the DescribeCreateAccountStatus operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DescribeCreateAccountStatus for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DescribeCreateAccountStatus method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DescribeCreateAccountStatusRequest method. +// req, resp := client.DescribeCreateAccountStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus +func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) { + op := &request.Operation{ + Name: opDescribeCreateAccountStatus, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeCreateAccountStatusInput{} + } + + output = &DescribeCreateAccountStatusOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeCreateAccountStatus API operation for AWS Organizations. +// +// Retrieves the current status of an asynchronous request to create an account. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DescribeCreateAccountStatus for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeCreateAccountStatusNotFoundException "CreateAccountStatusNotFoundException" +// We can't find an create account request with the CreateAccountRequestId that +// you specified. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus +func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) { + req, out := c.DescribeCreateAccountStatusRequest(input) + return out, req.Send() +} + +// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeCreateAccountStatus for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) { + req, out := c.DescribeCreateAccountStatusRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDescribeHandshake = "DescribeHandshake" + +// DescribeHandshakeRequest generates a "aws/request.Request" representing the +// client's request for the DescribeHandshake operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DescribeHandshake for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DescribeHandshake method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DescribeHandshakeRequest method. +// req, resp := client.DescribeHandshakeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake +func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) { + op := &request.Operation{ + Name: opDescribeHandshake, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeHandshakeInput{} + } + + output = &DescribeHandshakeOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeHandshake API operation for AWS Organizations. +// +// Retrieves information about a previously requested handshake. The handshake +// ID comes from the response to the original InviteAccountToOrganization operation +// that generated the handshake. +// +// This operation can be called from any account in the organization. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DescribeHandshake for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" +// We can't find a handshake with the HandshakeId that you specified. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake +func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) { + req, out := c.DescribeHandshakeRequest(input) + return out, req.Send() +} + +// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeHandshake for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) { + req, out := c.DescribeHandshakeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDescribeOrganization = "DescribeOrganization" + +// DescribeOrganizationRequest generates a "aws/request.Request" representing the +// client's request for the DescribeOrganization operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DescribeOrganization for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DescribeOrganization method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DescribeOrganizationRequest method. +// req, resp := client.DescribeOrganizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization +func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) { + op := &request.Operation{ + Name: opDescribeOrganization, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeOrganizationInput{} + } + + output = &DescribeOrganizationOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeOrganization API operation for AWS Organizations. +// +// Retrieves information about the organization that the user's account belongs +// to. +// +// This operation can be called from any account in the organization. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DescribeOrganization for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization +func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) { + req, out := c.DescribeOrganizationRequest(input) + return out, req.Send() +} + +// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeOrganization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) { + req, out := c.DescribeOrganizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit" + +// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the +// client's request for the DescribeOrganizationalUnit operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DescribeOrganizationalUnit for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DescribeOrganizationalUnit method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DescribeOrganizationalUnitRequest method. +// req, resp := client.DescribeOrganizationalUnitRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit +func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) { + op := &request.Operation{ + Name: opDescribeOrganizationalUnit, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeOrganizationalUnitInput{} + } + + output = &DescribeOrganizationalUnitOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeOrganizationalUnit API operation for AWS Organizations. +// +// Retrieves information about an organizational unit (OU). +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DescribeOrganizationalUnit for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" +// We can't find an organizational unit (OU) with the OrganizationalUnitId that +// you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit +func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) { + req, out := c.DescribeOrganizationalUnitRequest(input) + return out, req.Send() +} + +// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeOrganizationalUnit for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) { + req, out := c.DescribeOrganizationalUnitRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDescribePolicy = "DescribePolicy" + +// DescribePolicyRequest generates a "aws/request.Request" representing the +// client's request for the DescribePolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DescribePolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DescribePolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DescribePolicyRequest method. +// req, resp := client.DescribePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy +func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) { + op := &request.Operation{ + Name: opDescribePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribePolicyInput{} + } + + output = &DescribePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribePolicy API operation for AWS Organizations. +// +// Retrieves information about a policy. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DescribePolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodePolicyNotFoundException "PolicyNotFoundException" +// We can't find a policy with the PolicyId that you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy +func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) { + req, out := c.DescribePolicyRequest(input) + return out, req.Send() +} + +// DescribePolicyWithContext is the same as DescribePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See DescribePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) { + req, out := c.DescribePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDetachPolicy = "DetachPolicy" + +// DetachPolicyRequest generates a "aws/request.Request" representing the +// client's request for the DetachPolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DetachPolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DetachPolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DetachPolicyRequest method. +// req, resp := client.DetachPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy +func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) { + op := &request.Operation{ + Name: opDetachPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DetachPolicyInput{} + } + + output = &DetachPolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// DetachPolicy API operation for AWS Organizations. +// +// Detaches a policy from a target root, organizational unit, or account. If +// the policy being detached is a service control policy (SCP), the changes +// to permissions for IAM users and roles in affected accounts are immediate. +// +// Note: Every root, OU, and account must have at least one SCP attached. If +// you want to replace the default FullAWSAccess policy with one that limits +// the permissions that can be delegated, then you must attach the replacement +// policy before you can remove the default one. This is the authorization strategy +// of whitelisting (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_whitelist). +// If you instead attach a second SCP and leave the FullAWSAccess SCP still +// attached, and specify "Effect": "Deny" in the second SCP to override the +// "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), +// then you are using the authorization strategy of blacklisting (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_blacklist). +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DetachPolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodePolicyNotAttachedException "PolicyNotAttachedException" +// The policy isn't attached to the specified target in the specified root. +// +// * ErrCodePolicyNotFoundException "PolicyNotFoundException" +// We can't find a policy with the PolicyId that you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTargetNotFoundException "TargetNotFoundException" +// We can't find a root, OU, or account with the TargetId that you specified. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy +func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) { + req, out := c.DetachPolicyRequest(input) + return out, req.Send() +} + +// DetachPolicyWithContext is the same as DetachPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See DetachPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) { + req, out := c.DetachPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDisablePolicyType = "DisablePolicyType" + +// DisablePolicyTypeRequest generates a "aws/request.Request" representing the +// client's request for the DisablePolicyType operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DisablePolicyType for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DisablePolicyType method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DisablePolicyTypeRequest method. +// req, resp := client.DisablePolicyTypeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType +func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) { + op := &request.Operation{ + Name: opDisablePolicyType, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisablePolicyTypeInput{} + } + + output = &DisablePolicyTypeOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisablePolicyType API operation for AWS Organizations. +// +// Disables an organizational control policy type in a root. A poicy of a certain +// type can be attached to entities in a root only if that type is enabled in +// the root. After you perform this operation, you no longer can attach policies +// of the specified type to that root or to any OU or account in that root. +// You can undo this by using the EnablePolicyType operation. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation DisablePolicyType for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException" +// The specified policy type is not currently enabled in this root. You cannot +// attach policies of the specified type to entities in a root until you enable +// that type in the root. For more information, see Enabling All Features in +// Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) +// in the AWS Organizations User Guide. +// +// * ErrCodeRootNotFoundException "RootNotFoundException" +// We can't find a root with the RootId that you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType +func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) { + req, out := c.DisablePolicyTypeRequest(input) + return out, req.Send() +} + +// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of +// the ability to pass a context and additional request options. +// +// See DisablePolicyType for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) { + req, out := c.DisablePolicyTypeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opEnableAllFeatures = "EnableAllFeatures" + +// EnableAllFeaturesRequest generates a "aws/request.Request" representing the +// client's request for the EnableAllFeatures operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See EnableAllFeatures for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the EnableAllFeatures method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the EnableAllFeaturesRequest method. +// req, resp := client.EnableAllFeaturesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures +func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) { + op := &request.Operation{ + Name: opEnableAllFeatures, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableAllFeaturesInput{} + } + + output = &EnableAllFeaturesOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableAllFeatures API operation for AWS Organizations. +// +// Enables all features in an organization. This enables the use of organization +// policies that can restrict the services and actions that can be called in +// each account. Until you enable all features, you have access only to consolidated +// billing, and you can't use any of the advanced account administration features +// that AWS Organizations supports. For more information, see Enabling All Features +// in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) +// in the AWS Organizations User Guide. +// +// This operation is required only for organizations that were created explicitly +// with only the consolidated billing features enabled, or that were migrated +// from a Consolidated Billing account family to Organizations. Calling this +// operation sends a handshake to every invited account in the organization. +// The feature set change can be finalized and the additional features enabled +// only after all administrators in the invited accounts approve the change +// by accepting the handshake. +// +// After all invited member accounts accept the handshake, you finalize the +// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES". +// This completes the change. +// +// After you enable all features in your organization, the master account in +// the organization can apply policies on all member accounts. These policies +// can restrict what users and even administrators in those accounts can do. +// The master account can apply policies that prevent accounts from leaving +// the organization. Ensure that your account administrators are aware of this. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation EnableAllFeatures for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" +// The requested operation would violate the constraint identified in the reason +// code. +// +// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on +// the number of accounts in an organization. Note: deleted and closed accounts +// still count toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because +// the invited account is already a member of an organization. +// +// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid +// because the organization has already enabled all features. +// +// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You cannot issue new invitations +// to join an organization while it is in the process of enabling all features. +// You can resume inviting accounts after you finalize the process when all +// accounts have agreed to the change. +// +// * PAYMENT_INSTRUMENT_REQUIRED: You cannot complete the operation with +// an account that does not have a payment instrument, such as a credit card, +// associated with it. +// +// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because +// the account is from a different marketplace than the accounts in the organization. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be from the same +// marketplace. +// +// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to +// change the membership of an account too quickly after its previous change. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures +func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) { + req, out := c.EnableAllFeaturesRequest(input) + return out, req.Send() +} + +// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of +// the ability to pass a context and additional request options. +// +// See EnableAllFeatures for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) { + req, out := c.EnableAllFeaturesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opEnablePolicyType = "EnablePolicyType" + +// EnablePolicyTypeRequest generates a "aws/request.Request" representing the +// client's request for the EnablePolicyType operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See EnablePolicyType for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the EnablePolicyType method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the EnablePolicyTypeRequest method. +// req, resp := client.EnablePolicyTypeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType +func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) { + op := &request.Operation{ + Name: opEnablePolicyType, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnablePolicyTypeInput{} + } + + output = &EnablePolicyTypeOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnablePolicyType API operation for AWS Organizations. +// +// Enables a policy type in a root. After you enable a policy type in a root, +// you can attach policies of that type to the root, any OU, or account in that +// root. You can undo this by using the DisablePolicyType operation. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation EnablePolicyType for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodePolicyTypeAlreadyEnabledException "PolicyTypeAlreadyEnabledException" +// The specified policy type is already enabled in the specified root. +// +// * ErrCodeRootNotFoundException "RootNotFoundException" +// We can't find a root with the RootId that you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException" +// You can't use the specified policy type with the feature set currently enabled +// for this organization. For example, you can enable service control policies +// (SCPs) only after you enable all features in the organization. For more information, +// see Enabling and Disabling a Policy Type on a Root (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root) +// in the AWS Organizations User Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType +func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) { + req, out := c.EnablePolicyTypeRequest(input) + return out, req.Send() +} + +// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of +// the ability to pass a context and additional request options. +// +// See EnablePolicyType for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) { + req, out := c.EnablePolicyTypeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opInviteAccountToOrganization = "InviteAccountToOrganization" + +// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the +// client's request for the InviteAccountToOrganization operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See InviteAccountToOrganization for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the InviteAccountToOrganization method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the InviteAccountToOrganizationRequest method. +// req, resp := client.InviteAccountToOrganizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization +func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) { + op := &request.Operation{ + Name: opInviteAccountToOrganization, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &InviteAccountToOrganizationInput{} + } + + output = &InviteAccountToOrganizationOutput{} + req = c.newRequest(op, input, output) + return +} + +// InviteAccountToOrganization API operation for AWS Organizations. +// +// Sends an invitation to another account to join your organization as a member +// account. Organizations sends email on your behalf to the email address that +// is associated with the other account's owner. The invitation is implemented +// as a Handshake whose details are in the response. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation InviteAccountToOrganization for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" +// The requested operation would violate the constraint identified in the reason +// code. +// +// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on +// the number of accounts in an organization. Note: deleted and closed accounts +// still count toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because +// the invited account is already a member of an organization. +// +// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid +// because the organization has already enabled all features. +// +// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You cannot issue new invitations +// to join an organization while it is in the process of enabling all features. +// You can resume inviting accounts after you finalize the process when all +// accounts have agreed to the change. +// +// * PAYMENT_INSTRUMENT_REQUIRED: You cannot complete the operation with +// an account that does not have a payment instrument, such as a credit card, +// associated with it. +// +// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because +// the account is from a different marketplace than the accounts in the organization. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be from the same +// marketplace. +// +// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to +// change the membership of an account too quickly after its previous change. +// +// * ErrCodeDuplicateHandshakeException "DuplicateHandshakeException" +// A handshake with the same action and target already exists. For example, +// if you invited an account to join your organization, the invited account +// might already have a pending invitation from this organization. If you intend +// to resend an invitation to an account, ensure that existing handshakes that +// might be considered duplicates are canceled or declined. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException" +// AWS Organizations could not finalize the creation of your organization. Try +// again later. If this persists, contact AWS customer support. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization +func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) { + req, out := c.InviteAccountToOrganizationRequest(input) + return out, req.Send() +} + +// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of +// the ability to pass a context and additional request options. +// +// See InviteAccountToOrganization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) { + req, out := c.InviteAccountToOrganizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opLeaveOrganization = "LeaveOrganization" + +// LeaveOrganizationRequest generates a "aws/request.Request" representing the +// client's request for the LeaveOrganization operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See LeaveOrganization for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the LeaveOrganization method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the LeaveOrganizationRequest method. +// req, resp := client.LeaveOrganizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization +func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) { + op := &request.Operation{ + Name: opLeaveOrganization, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &LeaveOrganizationInput{} + } + + output = &LeaveOrganizationOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// LeaveOrganization API operation for AWS Organizations. +// +// Removes a member account from its parent organization. This version of the +// operation is performed by the account that wants to leave. To remove a member +// account as a user in the master account, use RemoveAccountFromOrganization +// instead. +// +// This operation can be called only from a member account in the organization. +// +// The master account in an organization with all features enabled can set service +// control policies (SCPs) that can restrict what administrators of member accounts +// can do, including preventing them from successfully calling LeaveOrganization +// and leaving the organization. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation LeaveOrganization for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAccountNotFoundException "AccountNotFoundException" +// We can't find an AWS account with the AccountId that you specified, or the +// account whose credentials you used to make this request is not a member of +// an organization. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeMasterCannotLeaveOrganizationException "MasterCannotLeaveOrganizationException" +// You can't remove a master account from an organization. If you want the master +// account to become a member account in another organization, you must first +// delete the current organization of the master account. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization +func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) { + req, out := c.LeaveOrganizationRequest(input) + return out, req.Send() +} + +// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of +// the ability to pass a context and additional request options. +// +// See LeaveOrganization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) { + req, out := c.LeaveOrganizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListAccounts = "ListAccounts" + +// ListAccountsRequest generates a "aws/request.Request" representing the +// client's request for the ListAccounts operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListAccounts for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListAccounts method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListAccountsRequest method. +// req, resp := client.ListAccountsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts +func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) { + op := &request.Operation{ + Name: opListAccounts, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAccountsInput{} + } + + output = &ListAccountsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListAccounts API operation for AWS Organizations. +// +// Lists all the accounts in the organization. To request only the accounts +// in a root or OU, use the ListAccountsForParent operation instead. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListAccounts for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts +func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) { + req, out := c.ListAccountsRequest(input) + return out, req.Send() +} + +// ListAccountsWithContext is the same as ListAccounts with the addition of +// the ability to pass a context and additional request options. +// +// See ListAccounts for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) { + req, out := c.ListAccountsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAccountsPages iterates over the pages of a ListAccounts operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAccounts method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAccounts operation. +// pageNum := 0 +// err := client.ListAccountsPages(params, +// func(page *ListAccountsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error { + return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAccountsPagesWithContext same as ListAccountsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListAccountsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAccountsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListAccountsForParent = "ListAccountsForParent" + +// ListAccountsForParentRequest generates a "aws/request.Request" representing the +// client's request for the ListAccountsForParent operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListAccountsForParent for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListAccountsForParent method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListAccountsForParentRequest method. +// req, resp := client.ListAccountsForParentRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent +func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) { + op := &request.Operation{ + Name: opListAccountsForParent, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAccountsForParentInput{} + } + + output = &ListAccountsForParentOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListAccountsForParent API operation for AWS Organizations. +// +// Lists the accounts in an organization that are contained by the specified +// target root or organizational unit (OU). If you specify the root, you get +// a list of all the accounts that are not in any OU. If you specify an OU, +// you get a list of all the accounts in only that OU, and not in any child +// OUs. To get a list of all accounts in the organization, use the ListAccounts +// operation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListAccountsForParent for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeParentNotFoundException "ParentNotFoundException" +// We can't find a root or organizational unit (OU) with the ParentId that you +// specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent +func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) { + req, out := c.ListAccountsForParentRequest(input) + return out, req.Send() +} + +// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of +// the ability to pass a context and additional request options. +// +// See ListAccountsForParent for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) { + req, out := c.ListAccountsForParentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAccountsForParent method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAccountsForParent operation. +// pageNum := 0 +// err := client.ListAccountsForParentPages(params, +// func(page *ListAccountsForParentOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error { + return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListAccountsForParentInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAccountsForParentRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListChildren = "ListChildren" + +// ListChildrenRequest generates a "aws/request.Request" representing the +// client's request for the ListChildren operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListChildren for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListChildren method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListChildrenRequest method. +// req, resp := client.ListChildrenRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren +func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) { + op := &request.Operation{ + Name: opListChildren, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListChildrenInput{} + } + + output = &ListChildrenOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListChildren API operation for AWS Organizations. +// +// Lists all of the OUs or accounts that are contained in the specified parent +// OU or root. This operation, along with ListParents enables you to traverse +// the tree structure that makes up this root. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListChildren for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeParentNotFoundException "ParentNotFoundException" +// We can't find a root or organizational unit (OU) with the ParentId that you +// specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren +func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) { + req, out := c.ListChildrenRequest(input) + return out, req.Send() +} + +// ListChildrenWithContext is the same as ListChildren with the addition of +// the ability to pass a context and additional request options. +// +// See ListChildren for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) { + req, out := c.ListChildrenRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListChildrenPages iterates over the pages of a ListChildren operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListChildren method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListChildren operation. +// pageNum := 0 +// err := client.ListChildrenPages(params, +// func(page *ListChildrenOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error { + return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListChildrenPagesWithContext same as ListChildrenPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListChildrenInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListChildrenRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListCreateAccountStatus = "ListCreateAccountStatus" + +// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the +// client's request for the ListCreateAccountStatus operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListCreateAccountStatus for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListCreateAccountStatus method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListCreateAccountStatusRequest method. +// req, resp := client.ListCreateAccountStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus +func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) { + op := &request.Operation{ + Name: opListCreateAccountStatus, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListCreateAccountStatusInput{} + } + + output = &ListCreateAccountStatusOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListCreateAccountStatus API operation for AWS Organizations. +// +// Lists the account creation requests that match the specified status that +// is currently being tracked for the organization. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListCreateAccountStatus for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus +func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) { + req, out := c.ListCreateAccountStatusRequest(input) + return out, req.Send() +} + +// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of +// the ability to pass a context and additional request options. +// +// See ListCreateAccountStatus for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) { + req, out := c.ListCreateAccountStatusRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListCreateAccountStatus method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListCreateAccountStatus operation. +// pageNum := 0 +// err := client.ListCreateAccountStatusPages(params, +// func(page *ListCreateAccountStatusOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error { + return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListCreateAccountStatusInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListCreateAccountStatusRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListHandshakesForAccount = "ListHandshakesForAccount" + +// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the +// client's request for the ListHandshakesForAccount operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListHandshakesForAccount for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListHandshakesForAccount method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListHandshakesForAccountRequest method. +// req, resp := client.ListHandshakesForAccountRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount +func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) { + op := &request.Operation{ + Name: opListHandshakesForAccount, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListHandshakesForAccountInput{} + } + + output = &ListHandshakesForAccountOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListHandshakesForAccount API operation for AWS Organizations. +// +// Lists the current handshakes that are associated with the account of the +// requesting user. +// +// This operation can be called from any account in the organization. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListHandshakesForAccount for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount +func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) { + req, out := c.ListHandshakesForAccountRequest(input) + return out, req.Send() +} + +// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of +// the ability to pass a context and additional request options. +// +// See ListHandshakesForAccount for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) { + req, out := c.ListHandshakesForAccountRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListHandshakesForAccount method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListHandshakesForAccount operation. +// pageNum := 0 +// err := client.ListHandshakesForAccountPages(params, +// func(page *ListHandshakesForAccountOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error { + return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListHandshakesForAccountInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListHandshakesForAccountRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListHandshakesForOrganization = "ListHandshakesForOrganization" + +// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the +// client's request for the ListHandshakesForOrganization operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListHandshakesForOrganization for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListHandshakesForOrganization method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListHandshakesForOrganizationRequest method. +// req, resp := client.ListHandshakesForOrganizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization +func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) { + op := &request.Operation{ + Name: opListHandshakesForOrganization, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListHandshakesForOrganizationInput{} + } + + output = &ListHandshakesForOrganizationOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListHandshakesForOrganization API operation for AWS Organizations. +// +// Lists the handshakes that are associated with the organization that the requesting +// user is part of. The ListHandshakesForOrganization operation returns a list +// of handshake structures. Each structure contains details and status about +// a handshake. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListHandshakesForOrganization for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization +func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) { + req, out := c.ListHandshakesForOrganizationRequest(input) + return out, req.Send() +} + +// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of +// the ability to pass a context and additional request options. +// +// See ListHandshakesForOrganization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) { + req, out := c.ListHandshakesForOrganizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListHandshakesForOrganization method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation. +// pageNum := 0 +// err := client.ListHandshakesForOrganizationPages(params, +// func(page *ListHandshakesForOrganizationOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error { + return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListHandshakesForOrganizationInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListHandshakesForOrganizationRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent" + +// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the +// client's request for the ListOrganizationalUnitsForParent operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListOrganizationalUnitsForParent for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListOrganizationalUnitsForParent method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListOrganizationalUnitsForParentRequest method. +// req, resp := client.ListOrganizationalUnitsForParentRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent +func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) { + op := &request.Operation{ + Name: opListOrganizationalUnitsForParent, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListOrganizationalUnitsForParentInput{} + } + + output = &ListOrganizationalUnitsForParentOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListOrganizationalUnitsForParent API operation for AWS Organizations. +// +// Lists the organizational units (OUs) in a parent organizational unit or root. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListOrganizationalUnitsForParent for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeParentNotFoundException "ParentNotFoundException" +// We can't find a root or organizational unit (OU) with the ParentId that you +// specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent +func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) { + req, out := c.ListOrganizationalUnitsForParentRequest(input) + return out, req.Send() +} + +// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of +// the ability to pass a context and additional request options. +// +// See ListOrganizationalUnitsForParent for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) { + req, out := c.ListOrganizationalUnitsForParentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListOrganizationalUnitsForParent method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation. +// pageNum := 0 +// err := client.ListOrganizationalUnitsForParentPages(params, +// func(page *ListOrganizationalUnitsForParentOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error { + return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListOrganizationalUnitsForParentInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListParents = "ListParents" + +// ListParentsRequest generates a "aws/request.Request" representing the +// client's request for the ListParents operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListParents for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListParents method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListParentsRequest method. +// req, resp := client.ListParentsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents +func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) { + op := &request.Operation{ + Name: opListParents, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListParentsInput{} + } + + output = &ListParentsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListParents API operation for AWS Organizations. +// +// Lists the root or organizational units (OUs) that serve as the immediate +// parent of the specified child OU or account. This operation, along with ListChildren +// enables you to traverse the tree structure that makes up this root. +// +// This operation can be called only from the organization's master account. +// +// In the current release, a child can have only a single parent. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListParents for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeChildNotFoundException "ChildNotFoundException" +// We can't find an organizational unit (OU) or AWS account with the ChildId +// that you specified. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents +func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) { + req, out := c.ListParentsRequest(input) + return out, req.Send() +} + +// ListParentsWithContext is the same as ListParents with the addition of +// the ability to pass a context and additional request options. +// +// See ListParents for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) { + req, out := c.ListParentsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListParentsPages iterates over the pages of a ListParents operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListParents method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListParents operation. +// pageNum := 0 +// err := client.ListParentsPages(params, +// func(page *ListParentsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error { + return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListParentsPagesWithContext same as ListParentsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListParentsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListParentsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListPolicies = "ListPolicies" + +// ListPoliciesRequest generates a "aws/request.Request" representing the +// client's request for the ListPolicies operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListPolicies for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListPolicies method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListPoliciesRequest method. +// req, resp := client.ListPoliciesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies +func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) { + op := &request.Operation{ + Name: opListPolicies, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListPoliciesInput{} + } + + output = &ListPoliciesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListPolicies API operation for AWS Organizations. +// +// Retrieves the list of all policies in an organization of a specified type. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListPolicies for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies +func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) { + req, out := c.ListPoliciesRequest(input) + return out, req.Send() +} + +// ListPoliciesWithContext is the same as ListPolicies with the addition of +// the ability to pass a context and additional request options. +// +// See ListPolicies for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) { + req, out := c.ListPoliciesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListPoliciesPages iterates over the pages of a ListPolicies operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListPolicies method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListPolicies operation. +// pageNum := 0 +// err := client.ListPoliciesPages(params, +// func(page *ListPoliciesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error { + return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListPoliciesPagesWithContext same as ListPoliciesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListPoliciesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListPoliciesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListPoliciesForTarget = "ListPoliciesForTarget" + +// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the +// client's request for the ListPoliciesForTarget operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListPoliciesForTarget for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListPoliciesForTarget method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListPoliciesForTargetRequest method. +// req, resp := client.ListPoliciesForTargetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget +func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) { + op := &request.Operation{ + Name: opListPoliciesForTarget, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListPoliciesForTargetInput{} + } + + output = &ListPoliciesForTargetOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListPoliciesForTarget API operation for AWS Organizations. +// +// Lists the policies that are directly attached to the specified target root, +// organizational unit (OU), or account. You must specify the policy type that +// you want included in the returned list. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListPoliciesForTarget for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTargetNotFoundException "TargetNotFoundException" +// We can't find a root, OU, or account with the TargetId that you specified. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget +func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) { + req, out := c.ListPoliciesForTargetRequest(input) + return out, req.Send() +} + +// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of +// the ability to pass a context and additional request options. +// +// See ListPoliciesForTarget for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) { + req, out := c.ListPoliciesForTargetRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListPoliciesForTarget method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListPoliciesForTarget operation. +// pageNum := 0 +// err := client.ListPoliciesForTargetPages(params, +// func(page *ListPoliciesForTargetOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error { + return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListPoliciesForTargetInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListPoliciesForTargetRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListRoots = "ListRoots" + +// ListRootsRequest generates a "aws/request.Request" representing the +// client's request for the ListRoots operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListRoots for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListRoots method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListRootsRequest method. +// req, resp := client.ListRootsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots +func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) { + op := &request.Operation{ + Name: opListRoots, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListRootsInput{} + } + + output = &ListRootsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListRoots API operation for AWS Organizations. +// +// Lists the roots that are defined in the current organization. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListRoots for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots +func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) { + req, out := c.ListRootsRequest(input) + return out, req.Send() +} + +// ListRootsWithContext is the same as ListRoots with the addition of +// the ability to pass a context and additional request options. +// +// See ListRoots for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) { + req, out := c.ListRootsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListRootsPages iterates over the pages of a ListRoots operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListRoots method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListRoots operation. +// pageNum := 0 +// err := client.ListRootsPages(params, +// func(page *ListRootsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error { + return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListRootsPagesWithContext same as ListRootsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListRootsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListRootsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListTargetsForPolicy = "ListTargetsForPolicy" + +// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the +// client's request for the ListTargetsForPolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListTargetsForPolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListTargetsForPolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListTargetsForPolicyRequest method. +// req, resp := client.ListTargetsForPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy +func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) { + op := &request.Operation{ + Name: opListTargetsForPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListTargetsForPolicyInput{} + } + + output = &ListTargetsForPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTargetsForPolicy API operation for AWS Organizations. +// +// Lists all the roots, OUs, and accounts to which the specified policy is attached. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation ListTargetsForPolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodePolicyNotFoundException "PolicyNotFoundException" +// We can't find a policy with the PolicyId that you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy +func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) { + req, out := c.ListTargetsForPolicyRequest(input) + return out, req.Send() +} + +// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See ListTargetsForPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) { + req, out := c.ListTargetsForPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListTargetsForPolicy method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListTargetsForPolicy operation. +// pageNum := 0 +// err := client.ListTargetsForPolicyPages(params, +// func(page *ListTargetsForPolicyOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error { + return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListTargetsForPolicyInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListTargetsForPolicyRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opMoveAccount = "MoveAccount" + +// MoveAccountRequest generates a "aws/request.Request" representing the +// client's request for the MoveAccount operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See MoveAccount for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the MoveAccount method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the MoveAccountRequest method. +// req, resp := client.MoveAccountRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount +func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) { + op := &request.Operation{ + Name: opMoveAccount, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &MoveAccountInput{} + } + + output = &MoveAccountOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// MoveAccount API operation for AWS Organizations. +// +// Moves an account from its current source parent root or OU to the specified +// destination parent root or OU. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation MoveAccount for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeSourceParentNotFoundException "SourceParentNotFoundException" +// We can't find a source root or OU with the ParentId that you specified. +// +// * ErrCodeDestinationParentNotFoundException "DestinationParentNotFoundException" +// We can't find the destination container (a root or OU) with the ParentId +// that you specified. +// +// * ErrCodeDuplicateAccountException "DuplicateAccountException" +// That account is already present in the specified destination. +// +// * ErrCodeAccountNotFoundException "AccountNotFoundException" +// We can't find an AWS account with the AccountId that you specified, or the +// account whose credentials you used to make this request is not a member of +// an organization. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount +func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) { + req, out := c.MoveAccountRequest(input) + return out, req.Send() +} + +// MoveAccountWithContext is the same as MoveAccount with the addition of +// the ability to pass a context and additional request options. +// +// See MoveAccount for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) { + req, out := c.MoveAccountRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization" + +// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the +// client's request for the RemoveAccountFromOrganization operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See RemoveAccountFromOrganization for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the RemoveAccountFromOrganization method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the RemoveAccountFromOrganizationRequest method. +// req, resp := client.RemoveAccountFromOrganizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization +func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) { + op := &request.Operation{ + Name: opRemoveAccountFromOrganization, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RemoveAccountFromOrganizationInput{} + } + + output = &RemoveAccountFromOrganizationOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// RemoveAccountFromOrganization API operation for AWS Organizations. +// +// Removes the specified account from the organization. +// +// The removed account becomes a stand-alone account that is not a member of +// any organization. It is no longer subject to any policies and is responsible +// for its own bill payments. The organization's master account is no longer +// charged for any expenses accrued by the member account after it is removed +// from the organization. +// +// This operation can be called only from the organization's master account. +// Member accounts can remove themselves with LeaveOrganization instead. +// +// You can remove only existing accounts that were invited to join the organization. +// You cannot remove accounts that were created by AWS Organizations. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation RemoveAccountFromOrganization for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAccountNotFoundException "AccountNotFoundException" +// We can't find an AWS account with the AccountId that you specified, or the +// account whose credentials you used to make this request is not a member of +// an organization. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeMasterCannotLeaveOrganizationException "MasterCannotLeaveOrganizationException" +// You can't remove a master account from an organization. If you want the master +// account to become a member account in another organization, you must first +// delete the current organization of the master account. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization +func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) { + req, out := c.RemoveAccountFromOrganizationRequest(input) + return out, req.Send() +} + +// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of +// the ability to pass a context and additional request options. +// +// See RemoveAccountFromOrganization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) { + req, out := c.RemoveAccountFromOrganizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit" + +// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the +// client's request for the UpdateOrganizationalUnit operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateOrganizationalUnit for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateOrganizationalUnit method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateOrganizationalUnitRequest method. +// req, resp := client.UpdateOrganizationalUnitRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit +func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) { + op := &request.Operation{ + Name: opUpdateOrganizationalUnit, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateOrganizationalUnitInput{} + } + + output = &UpdateOrganizationalUnitOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateOrganizationalUnit API operation for AWS Organizations. +// +// Renames the specified organizational unit (OU). The ID and ARN do not change. +// The child OUs and accounts remain in place, and any attached policies of +// the OU remain attached. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation UpdateOrganizationalUnit for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException" +// An organizational unit (OU) with the same name already exists. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" +// We can't find an organizational unit (OU) with the OrganizationalUnitId that +// you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit +func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) { + req, out := c.UpdateOrganizationalUnitRequest(input) + return out, req.Send() +} + +// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateOrganizationalUnit for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) { + req, out := c.UpdateOrganizationalUnitRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdatePolicy = "UpdatePolicy" + +// UpdatePolicyRequest generates a "aws/request.Request" representing the +// client's request for the UpdatePolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdatePolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdatePolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdatePolicyRequest method. +// req, resp := client.UpdatePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy +func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) { + op := &request.Operation{ + Name: opUpdatePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdatePolicyInput{} + } + + output = &UpdatePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdatePolicy API operation for AWS Organizations. +// +// Updates an existing policy with a new name, description, or content. If any +// parameter is not supplied, that value remains unchanged. Note that you cannot +// change a policy's type. +// +// This operation can be called only from the organization's master account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Organizations's +// API operation UpdatePolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeAccessDeniedException "AccessDeniedException" +// You don't have permissions to perform the requested operation. The user or +// role that is making the request must have at least one IAM permissions policy +// attached that grants the required permissions. For more information, see +// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) +// in the IAM User Guide. +// +// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" +// Your account is not a member of an organization. To make this request, you +// must use the credentials of an account that belongs to an organization. +// +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// +// * ErrCodeConstraintViolationException "ConstraintViolationException" +// Performing this operation violates a minimum or maximum value limit. For +// example, attempting to removing the last SCP from an OU or root, inviting +// or creating too many accounts to the organization, or attaching too many +// policies to an account, OU, or root. This exception includes a reason that +// contains additional information about the violated limit: +// +// ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number +// of accounts in an organization. Note: deleted and closed accounts still count +// toward your limit. +// +// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of +// handshakes you can send in one day. +// +// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational +// units you can have in an organization. +// +// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit +// tree that is too many levels deep. +// +// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of +// policies that you can have in an organization. +// +// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the +// number of policies of a certain type that can be attached to an entity +// at one time. +// +// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a +// policy from an entity that would cause the entity to have fewer than the +// minimum number of policies of a certain type required. +// +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account +// from an organization that was created from within organizations. +// +// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization +// with this account, you first must associate a payment instrument, such +// as a credit card, with the account. +// +// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation +// with this member account, you first must associate a payment instrument, +// such as a credit card, with the account. +// +// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number +// of accounts that you can create in one day. +// +// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account +// in this organization, you first must migrate the organization's master +// account to the marketplace that corresponds to the master account's address. +// For example, accounts with India addresses must be associated with the +// AISPL marketplace. All accounts in an organization must be associated +// with the same marketplace. +// +// * ErrCodeDuplicatePolicyException "DuplicatePolicyException" +// A policy with the same name already exists. +// +// * ErrCodeInvalidInputException "InvalidInputException" +// The requested operation failed because you provided invalid values for one +// or more of the request parameters. This exception includes a reason that +// contains additional information about the violated limit: +// +// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, +// organization, or email) as a party. +// +// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the +// organization. +// +// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. +// +// * INVALID_ENUM: You specified a value that is not valid for that parameter. +// +// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains +// at least one invalid value. +// +// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer +// than allowed. +// +// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger +// value than allowed. +// +// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter +// than allowed. +// +// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller +// value than allowed. +// +// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and +// cannot be modified. +// +// * INVALID_PATTERN: You provided a value that doesn't match the required +// pattern. +// +// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't +// match the required pattern. +// +// * INPUT_REQUIRED: You must include a value for all required parameters. +// +// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter +// from the response to a previous call of the operation. +// +// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter +// for the operation. +// +// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only +// between entities in the same root. +// +// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" +// The provided policy document does not meet the requirements of the specified +// policy type. For example, the syntax might be incorrect. For details about +// service control policy syntax, see Service Control Policy Syntax (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) +// in the AWS Organizations User Guide. +// +// * ErrCodePolicyNotFoundException "PolicyNotFoundException" +// We can't find a policy with the PolicyId that you specified. +// +// * ErrCodeServiceException "ServiceException" +// AWS Organizations can't complete your request because of an internal service +// error. Try again later. +// +// * ErrCodeTooManyRequestsException "TooManyRequestsException" +// You've sent too many requests in too short a period of time. The limit helps +// protect against denial-of-service attacks. Try again later. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy +func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) { + req, out := c.UpdatePolicyRequest(input) + return out, req.Send() +} + +// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See UpdatePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) { + req, out := c.UpdatePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshakeRequest +type AcceptHandshakeInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the handshake that you want to accept. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string + // requires "h-" followed by from 8 to 32 lower-case letters or digits. + // + // HandshakeId is a required field + HandshakeId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s AcceptHandshakeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AcceptHandshakeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AcceptHandshakeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"} + if s.HandshakeId == nil { + invalidParams.Add(request.NewErrParamRequired("HandshakeId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHandshakeId sets the HandshakeId field's value. +func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput { + s.HandshakeId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshakeResponse +type AcceptHandshakeOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the accepted handshake. + Handshake *Handshake `type:"structure"` +} + +// String returns the string representation +func (s AcceptHandshakeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AcceptHandshakeOutput) GoString() string { + return s.String() +} + +// SetHandshake sets the Handshake field's value. +func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput { + s.Handshake = v + return s +} + +// Contains information about an AWS account that is a member of an organization. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Account +type Account struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the account. + // + // For more information about ARNs in Organizations, see ARN Formats Supported + // by Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) + // in the AWS Organizations User Guide. + Arn *string `type:"string"` + + // The email address associated with the AWS account. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is + // a string of characters that represents a standard Internet email address. + Email *string `min:"6" type:"string"` + + // The unique identifier (ID) of the account. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string + // requires exactly 12 digits. + Id *string `type:"string"` + + // The method by which the account joined the organization. + JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` + + // The date the account became a part of the organization. + JoinedTimestamp *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The friendly name of the account. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of any of the characters in the ASCII character + // range. + Name *string `min:"1" type:"string"` + + // The status of the account in the organization. + Status *string `type:"string" enum:"AccountStatus"` +} + +// String returns the string representation +func (s Account) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Account) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *Account) SetArn(v string) *Account { + s.Arn = &v + return s +} + +// SetEmail sets the Email field's value. +func (s *Account) SetEmail(v string) *Account { + s.Email = &v + return s +} + +// SetId sets the Id field's value. +func (s *Account) SetId(v string) *Account { + s.Id = &v + return s +} + +// SetJoinedMethod sets the JoinedMethod field's value. +func (s *Account) SetJoinedMethod(v string) *Account { + s.JoinedMethod = &v + return s +} + +// SetJoinedTimestamp sets the JoinedTimestamp field's value. +func (s *Account) SetJoinedTimestamp(v time.Time) *Account { + s.JoinedTimestamp = &v + return s +} + +// SetName sets the Name field's value. +func (s *Account) SetName(v string) *Account { + s.Name = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *Account) SetStatus(v string) *Account { + s.Status = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicyRequest +type AttachPolicyInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the policy that you want to attach to the target. + // You can get the ID for the policy by calling the ListPolicies operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string + // requires "p-" followed by from 8 to 128 lower-case letters or digits. + // + // PolicyId is a required field + PolicyId *string `type:"string" required:"true"` + + // The unique identifier (ID) of the root, OU, or account that you want to attach + // the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, + // or ListAccounts operations. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Account: a string that consists of exactly 12 digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // TargetId is a required field + TargetId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s AttachPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AttachPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AttachPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"} + if s.PolicyId == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyId")) + } + if s.TargetId == nil { + invalidParams.Add(request.NewErrParamRequired("TargetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicyId sets the PolicyId field's value. +func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput { + s.PolicyId = &v + return s +} + +// SetTargetId sets the TargetId field's value. +func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput { + s.TargetId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicyOutput +type AttachPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s AttachPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AttachPolicyOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshakeRequest +type CancelHandshakeInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the handshake that you want to cancel. You + // can get the ID from the ListHandshakesForOrganization operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string + // requires "h-" followed by from 8 to 32 lower-case letters or digits. + // + // HandshakeId is a required field + HandshakeId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CancelHandshakeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CancelHandshakeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CancelHandshakeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"} + if s.HandshakeId == nil { + invalidParams.Add(request.NewErrParamRequired("HandshakeId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHandshakeId sets the HandshakeId field's value. +func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput { + s.HandshakeId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshakeResponse +type CancelHandshakeOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the handshake that you canceled. + Handshake *Handshake `type:"structure"` +} + +// String returns the string representation +func (s CancelHandshakeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CancelHandshakeOutput) GoString() string { + return s.String() +} + +// SetHandshake sets the Handshake field's value. +func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput { + s.Handshake = v + return s +} + +// Contains a list of child entities, either OUs or accounts. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Child +type Child struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of this child entity. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string + // requires one of the following: + // + // * Account: a string that consists of exactly 12 digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that contains + // the OU) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + Id *string `type:"string"` + + // The type of this child entity. + Type *string `type:"string" enum:"ChildType"` +} + +// String returns the string representation +func (s Child) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Child) GoString() string { + return s.String() +} + +// SetId sets the Id field's value. +func (s *Child) SetId(v string) *Child { + s.Id = &v + return s +} + +// SetType sets the Type field's value. +func (s *Child) SetType(v string) *Child { + s.Type = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountRequest +type CreateAccountInput struct { + _ struct{} `type:"structure"` + + // The friendly name of the member account. + // + // AccountName is a required field + AccountName *string `min:"1" type:"string" required:"true"` + + // The email address of the owner to assign to the new member account. This + // email address must not already be associated with another AWS account. + // + // Email is a required field + Email *string `min:"6" type:"string" required:"true"` + + // If set to ALLOW, the new account enables IAM users to access account billing + // information if they have the required permissions. If set to DENY, then only + // the root user of the new account can access account billing information. + // For more information, see Activating Access to the Billing and Cost Management + // Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) + // in the AWS Billing and Cost Management User Guide. + // + // If you do not specify this parameter, the value defaults to ALLOW, and IAM + // users and roles with the required permissions can access billing information + // for the new account. + IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` + + // (Optional) + // + // The name of an IAM role that Organizations automatically preconfigures in + // the new member account. This role trusts the master account, allowing users + // in the master account to assume the role, as permitted by the master account + // administrator. The role has administrator permissions in the new member account. + // + // If you do not specify this parameter, the role name defaults to OrganizationAccountAccessRole. + // + // For more information about how to use this role to access the member account, + // see Accessing and Administering the Member Accounts in Your Organization + // (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) + // in the AWS Organizations User Guide, and steps 2 and 3 in Tutorial: Delegate + // Access Across AWS Accounts Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) + // in the IAM User Guide. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of characters that can consist of uppercase letters, + // lowercase letters, digits with no spaces, and any of the following characters: + // =,.@- + RoleName *string `type:"string"` +} + +// String returns the string representation +func (s CreateAccountInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateAccountInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateAccountInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"} + if s.AccountName == nil { + invalidParams.Add(request.NewErrParamRequired("AccountName")) + } + if s.AccountName != nil && len(*s.AccountName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) + } + if s.Email == nil { + invalidParams.Add(request.NewErrParamRequired("Email")) + } + if s.Email != nil && len(*s.Email) < 6 { + invalidParams.Add(request.NewErrParamMinLen("Email", 6)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountName sets the AccountName field's value. +func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput { + s.AccountName = &v + return s +} + +// SetEmail sets the Email field's value. +func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput { + s.Email = &v + return s +} + +// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. +func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput { + s.IamUserAccessToBilling = &v + return s +} + +// SetRoleName sets the RoleName field's value. +func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput { + s.RoleName = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountResponse +type CreateAccountOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the request to create an account. + // This response structure might not be fully populated when you first receive + // it because account creation is an asynchronous process. You can pass the + // returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus + // to get status about the progress of the request at later times. + CreateAccountStatus *CreateAccountStatus `type:"structure"` +} + +// String returns the string representation +func (s CreateAccountOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateAccountOutput) GoString() string { + return s.String() +} + +// SetCreateAccountStatus sets the CreateAccountStatus field's value. +func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput { + s.CreateAccountStatus = v + return s +} + +// Contains the status about a CreateAccount request to create an AWS account +// in an organization. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus +type CreateAccountStatus struct { + _ struct{} `type:"structure"` + + // If the account was created successfully, the unique identifier (ID) of the + // new account. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string + // requires exactly 12 digits. + AccountId *string `type:"string"` + + // The account name given to the account when it was created. + AccountName *string `min:"1" type:"string"` + + // The date and time that the account was created and the request completed. + CompletedTimestamp *time.Time `type:"timestamp" timestampFormat:"unix"` + + // If the request failed, a description of the reason for the failure. + // + // * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you + // have reached the limit on the number of accounts in your organization. + // + // * EMAIL_ALREADY_EXISTS: The account could not be created because another + // AWS account with that email address already exists. + // + // * INVALID_ADDRESS: The account could not be created because the address + // you provided is not valid. + // + // * INVALID_EMAIL: The account could not be created because the email address + // you provided is not valid. + // + // * INTERNAL_FAILURE: The account could not be created because of an internal + // failure. Try again later. If the problem persists, contact Customer Support. + FailureReason *string `type:"string" enum:"CreateAccountFailureReason"` + + // The unique identifier (ID) that references this request. You get this value + // from the response of the initial CreateAccount request to create the account. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an create account + // request ID string requires "car-" followed by from 8 to 32 lower-case letters + // or digits. + Id *string `type:"string"` + + // The date and time that the request was made for the account creation. + RequestedTimestamp *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The status of the request. + State *string `type:"string" enum:"CreateAccountState"` +} + +// String returns the string representation +func (s CreateAccountStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateAccountStatus) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus { + s.AccountId = &v + return s +} + +// SetAccountName sets the AccountName field's value. +func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus { + s.AccountName = &v + return s +} + +// SetCompletedTimestamp sets the CompletedTimestamp field's value. +func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus { + s.CompletedTimestamp = &v + return s +} + +// SetFailureReason sets the FailureReason field's value. +func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus { + s.FailureReason = &v + return s +} + +// SetId sets the Id field's value. +func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus { + s.Id = &v + return s +} + +// SetRequestedTimestamp sets the RequestedTimestamp field's value. +func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus { + s.RequestedTimestamp = &v + return s +} + +// SetState sets the State field's value. +func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus { + s.State = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationRequest +type CreateOrganizationInput struct { + _ struct{} `type:"structure"` + + // Specifies the feature set supported by the new organization. Each feature + // set supports different levels of functionality. + // + // * CONSOLIDATED_BILLING: All member accounts have their bills consolidated + // to and paid by the master account. For more information, see Consolidated + // Billing (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) + // in the AWS Organizations User Guide. + // + // * ALL: In addition to all the features supported by the consolidated billing + // feature set, the master account can also apply any type of policy to any + // member account in the organization. For more information, see All features + // (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) + // in the AWS Organizations User Guide. + FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` +} + +// String returns the string representation +func (s CreateOrganizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateOrganizationInput) GoString() string { + return s.String() +} + +// SetFeatureSet sets the FeatureSet field's value. +func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput { + s.FeatureSet = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationResponse +type CreateOrganizationOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the newly created organization. + Organization *Organization `type:"structure"` +} + +// String returns the string representation +func (s CreateOrganizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateOrganizationOutput) GoString() string { + return s.String() +} + +// SetOrganization sets the Organization field's value. +func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput { + s.Organization = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnitRequest +type CreateOrganizationalUnitInput struct { + _ struct{} `type:"structure"` + + // The friendly name to assign to the new OU. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` + + // The unique identifier (ID) of the parent root or OU in which you want to + // create the new OU. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // ParentId is a required field + ParentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateOrganizationalUnitInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateOrganizationalUnitInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateOrganizationalUnitInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.ParentId == nil { + invalidParams.Add(request.NewErrParamRequired("ParentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput { + s.Name = &v + return s +} + +// SetParentId sets the ParentId field's value. +func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput { + s.ParentId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnitResponse +type CreateOrganizationalUnitOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the newly created OU. + OrganizationalUnit *OrganizationalUnit `type:"structure"` +} + +// String returns the string representation +func (s CreateOrganizationalUnitOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateOrganizationalUnitOutput) GoString() string { + return s.String() +} + +// SetOrganizationalUnit sets the OrganizationalUnit field's value. +func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput { + s.OrganizationalUnit = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest +type CreatePolicyInput struct { + _ struct{} `type:"structure"` + + // The policy content to add to the new policy. For example, if you create a + // service control policy (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) + // (SCP), this string must be JSON text that specifies the permissions that + // admins in attached accounts can delegate to their users, groups, and roles. + // For more information about the SCP syntax, see Service Control Policy Syntax + // (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) + // in the AWS Organizations User Guide. + // + // Content is a required field + Content *string `min:"1" type:"string" required:"true"` + + // An optional description to assign to the policy. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // The friendly name to assign to the policy. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of any of the characters in the ASCII character + // range. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` + + // The type of policy to create. + // + // In the current release, the only type of policy that you can create is a + // service control policy (SCP). + // + // Type is a required field + Type *string `type:"string" required:"true" enum:"PolicyType"` +} + +// String returns the string representation +func (s CreatePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreatePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreatePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"} + if s.Content == nil { + invalidParams.Add(request.NewErrParamRequired("Content")) + } + if s.Content != nil && len(*s.Content) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Content", 1)) + } + if s.Description == nil { + invalidParams.Add(request.NewErrParamRequired("Description")) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.Type == nil { + invalidParams.Add(request.NewErrParamRequired("Type")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetContent sets the Content field's value. +func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput { + s.Content = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput { + s.Description = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput { + s.Name = &v + return s +} + +// SetType sets the Type field's value. +func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput { + s.Type = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyResponse +type CreatePolicyOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the newly created policy. + Policy *Policy `type:"structure"` +} + +// String returns the string representation +func (s CreatePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreatePolicyOutput) GoString() string { + return s.String() +} + +// SetPolicy sets the Policy field's value. +func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput { + s.Policy = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshakeRequest +type DeclineHandshakeInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the handshake that you want to decline. You + // can get the ID from the ListHandshakesForAccount operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string + // requires "h-" followed by from 8 to 32 lower-case letters or digits. + // + // HandshakeId is a required field + HandshakeId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeclineHandshakeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeclineHandshakeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeclineHandshakeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"} + if s.HandshakeId == nil { + invalidParams.Add(request.NewErrParamRequired("HandshakeId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHandshakeId sets the HandshakeId field's value. +func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput { + s.HandshakeId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshakeResponse +type DeclineHandshakeOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the declined handshake. The state + // is updated to show the value DECLINED. + Handshake *Handshake `type:"structure"` +} + +// String returns the string representation +func (s DeclineHandshakeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeclineHandshakeOutput) GoString() string { + return s.String() +} + +// SetHandshake sets the Handshake field's value. +func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput { + s.Handshake = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationInput +type DeleteOrganizationInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteOrganizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteOrganizationInput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationOutput +type DeleteOrganizationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteOrganizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteOrganizationOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnitRequest +type DeleteOrganizationalUnitInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the organizational unit that you want to delete. + // You can get the ID from the ListOrganizationalUnitsForParent operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational + // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters + // or digits (the ID of the root that contains the OU) followed by a second + // "-" dash and from 8 to 32 additional lower-case letters or digits. + // + // OrganizationalUnitId is a required field + OrganizationalUnitId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteOrganizationalUnitInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteOrganizationalUnitInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteOrganizationalUnitInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"} + if s.OrganizationalUnitId == nil { + invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. +func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput { + s.OrganizationalUnitId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnitOutput +type DeleteOrganizationalUnitOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteOrganizationalUnitOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteOrganizationalUnitOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicyRequest +type DeletePolicyInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the policy that you want to delete. You can + // get the ID from the ListPolicies or ListPoliciesForTarget operations. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string + // requires "p-" followed by from 8 to 128 lower-case letters or digits. + // + // PolicyId is a required field + PolicyId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeletePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeletePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeletePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} + if s.PolicyId == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicyId sets the PolicyId field's value. +func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput { + s.PolicyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicyOutput +type DeletePolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeletePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeletePolicyOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccountRequest +type DescribeAccountInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the AWS account that you want information about. + // You can get the ID from the ListAccounts or ListAccountsForParent operations. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string + // requires exactly 12 digits. + // + // AccountId is a required field + AccountId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DescribeAccountInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeAccountInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeAccountInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"} + if s.AccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AccountId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountId sets the AccountId field's value. +func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput { + s.AccountId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccountResponse +type DescribeAccountOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains information about the requested account. + Account *Account `type:"structure"` +} + +// String returns the string representation +func (s DescribeAccountOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeAccountOutput) GoString() string { + return s.String() +} + +// SetAccount sets the Account field's value. +func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput { + s.Account = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatusRequest +type DescribeCreateAccountStatusInput struct { + _ struct{} `type:"structure"` + + // Specifies the operationId that uniquely identifies the request. You can get + // the ID from the response to an earlier CreateAccount request, or from the + // ListCreateAccountStatus operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an create account + // request ID string requires "car-" followed by from 8 to 32 lower-case letters + // or digits. + // + // CreateAccountRequestId is a required field + CreateAccountRequestId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DescribeCreateAccountStatusInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeCreateAccountStatusInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeCreateAccountStatusInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"} + if s.CreateAccountRequestId == nil { + invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCreateAccountRequestId sets the CreateAccountRequestId field's value. +func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput { + s.CreateAccountRequestId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatusResponse +type DescribeCreateAccountStatusOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains the current status of an account creation request. + CreateAccountStatus *CreateAccountStatus `type:"structure"` +} + +// String returns the string representation +func (s DescribeCreateAccountStatusOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeCreateAccountStatusOutput) GoString() string { + return s.String() +} + +// SetCreateAccountStatus sets the CreateAccountStatus field's value. +func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput { + s.CreateAccountStatus = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshakeRequest +type DescribeHandshakeInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the handshake that you want information about. + // You can get the ID from the original call to InviteAccountToOrganization, + // or from a call to ListHandshakesForAccount or ListHandshakesForOrganization. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string + // requires "h-" followed by from 8 to 32 lower-case letters or digits. + // + // HandshakeId is a required field + HandshakeId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DescribeHandshakeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeHandshakeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeHandshakeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"} + if s.HandshakeId == nil { + invalidParams.Add(request.NewErrParamRequired("HandshakeId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHandshakeId sets the HandshakeId field's value. +func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput { + s.HandshakeId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshakeResponse +type DescribeHandshakeOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains information about the specified handshake. + Handshake *Handshake `type:"structure"` +} + +// String returns the string representation +func (s DescribeHandshakeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeHandshakeOutput) GoString() string { + return s.String() +} + +// SetHandshake sets the Handshake field's value. +func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput { + s.Handshake = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationInput +type DescribeOrganizationInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DescribeOrganizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeOrganizationInput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationResponse +type DescribeOrganizationOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains information about the organization. + Organization *Organization `type:"structure"` +} + +// String returns the string representation +func (s DescribeOrganizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeOrganizationOutput) GoString() string { + return s.String() +} + +// SetOrganization sets the Organization field's value. +func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput { + s.Organization = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnitRequest +type DescribeOrganizationalUnitInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the organizational unit that you want details + // about. You can get the ID from the ListOrganizationalUnitsForParent operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational + // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters + // or digits (the ID of the root that contains the OU) followed by a second + // "-" dash and from 8 to 32 additional lower-case letters or digits. + // + // OrganizationalUnitId is a required field + OrganizationalUnitId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DescribeOrganizationalUnitInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeOrganizationalUnitInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeOrganizationalUnitInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"} + if s.OrganizationalUnitId == nil { + invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. +func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput { + s.OrganizationalUnitId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnitResponse +type DescribeOrganizationalUnitOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the specified OU. + OrganizationalUnit *OrganizationalUnit `type:"structure"` +} + +// String returns the string representation +func (s DescribeOrganizationalUnitOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeOrganizationalUnitOutput) GoString() string { + return s.String() +} + +// SetOrganizationalUnit sets the OrganizationalUnit field's value. +func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput { + s.OrganizationalUnit = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicyRequest +type DescribePolicyInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the policy that you want details about. You + // can get the ID from the ListPolicies or ListPoliciesForTarget operations. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string + // requires "p-" followed by from 8 to 128 lower-case letters or digits. + // + // PolicyId is a required field + PolicyId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DescribePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"} + if s.PolicyId == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicyId sets the PolicyId field's value. +func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput { + s.PolicyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicyResponse +type DescribePolicyOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the specified policy. + Policy *Policy `type:"structure"` +} + +// String returns the string representation +func (s DescribePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribePolicyOutput) GoString() string { + return s.String() +} + +// SetPolicy sets the Policy field's value. +func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput { + s.Policy = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicyRequest +type DetachPolicyInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the policy you want to detach. You can get + // the ID from the ListPolicies or ListPoliciesForTarget operations. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string + // requires "p-" followed by from 8 to 128 lower-case letters or digits. + // + // PolicyId is a required field + PolicyId *string `type:"string" required:"true"` + + // The unique identifier (ID) of the root, OU, or account from which you want + // to detach the policy. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, + // or ListAccounts operations. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Account: a string that consists of exactly 12 digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // TargetId is a required field + TargetId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DetachPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DetachPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DetachPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"} + if s.PolicyId == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyId")) + } + if s.TargetId == nil { + invalidParams.Add(request.NewErrParamRequired("TargetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicyId sets the PolicyId field's value. +func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput { + s.PolicyId = &v + return s +} + +// SetTargetId sets the TargetId field's value. +func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput { + s.TargetId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicyOutput +type DetachPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DetachPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DetachPolicyOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyTypeRequest +type DisablePolicyTypeInput struct { + _ struct{} `type:"structure"` + + // The policy type that you want to disable in this root. + // + // PolicyType is a required field + PolicyType *string `type:"string" required:"true" enum:"PolicyType"` + + // The unique identifier (ID) of the root in which you want to disable a policy + // type. You can get the ID from the ListPolicies operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string + // requires "r-" followed by from 4 to 32 lower-case letters or digits. + // + // RootId is a required field + RootId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DisablePolicyTypeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisablePolicyTypeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisablePolicyTypeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"} + if s.PolicyType == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyType")) + } + if s.RootId == nil { + invalidParams.Add(request.NewErrParamRequired("RootId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicyType sets the PolicyType field's value. +func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput { + s.PolicyType = &v + return s +} + +// SetRootId sets the RootId field's value. +func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput { + s.RootId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyTypeResponse +type DisablePolicyTypeOutput struct { + _ struct{} `type:"structure"` + + // A structure that shows the root with the updated list of enabled policy types. + Root *Root `type:"structure"` +} + +// String returns the string representation +func (s DisablePolicyTypeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisablePolicyTypeOutput) GoString() string { + return s.String() +} + +// SetRoot sets the Root field's value. +func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput { + s.Root = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeaturesRequest +type EnableAllFeaturesInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s EnableAllFeaturesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableAllFeaturesInput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeaturesResponse +type EnableAllFeaturesOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the handshake created to support + // this request to enable all features in the organization. + Handshake *Handshake `type:"structure"` +} + +// String returns the string representation +func (s EnableAllFeaturesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableAllFeaturesOutput) GoString() string { + return s.String() +} + +// SetHandshake sets the Handshake field's value. +func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput { + s.Handshake = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyTypeRequest +type EnablePolicyTypeInput struct { + _ struct{} `type:"structure"` + + // The policy type that you want to enable. + // + // PolicyType is a required field + PolicyType *string `type:"string" required:"true" enum:"PolicyType"` + + // The unique identifier (ID) of the root in which you want to enable a policy + // type. You can get the ID from the ListRoots operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string + // requires "r-" followed by from 4 to 32 lower-case letters or digits. + // + // RootId is a required field + RootId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s EnablePolicyTypeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnablePolicyTypeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnablePolicyTypeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"} + if s.PolicyType == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyType")) + } + if s.RootId == nil { + invalidParams.Add(request.NewErrParamRequired("RootId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicyType sets the PolicyType field's value. +func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput { + s.PolicyType = &v + return s +} + +// SetRootId sets the RootId field's value. +func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput { + s.RootId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyTypeResponse +type EnablePolicyTypeOutput struct { + _ struct{} `type:"structure"` + + // A structure that shows the root with the updated list of enabled policy types. + Root *Root `type:"structure"` +} + +// String returns the string representation +func (s EnablePolicyTypeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnablePolicyTypeOutput) GoString() string { + return s.String() +} + +// SetRoot sets the Root field's value. +func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput { + s.Root = v + return s +} + +// Contains information that must be exchanged to securely establish a relationship +// between two accounts (an originator and a recipient). For example, when a +// master account (the originator) invites another account (the recipient) to +// join its organization, the two accounts exchange information as a series +// of handshake requests and responses. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Handshake +type Handshake struct { + _ struct{} `type:"structure"` + + // The type of handshake, indicating what action occurs when the recipient accepts + // the handshake. + Action *string `type:"string" enum:"ActionType"` + + // The Amazon Resource Name (ARN) of a handshake. + // + // For more information about ARNs in Organizations, see ARN Formats Supported + // by Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) + // in the AWS Organizations User Guide. + Arn *string `type:"string"` + + // The date and time that the handshake expires. If the recipient of the handshake + // request fails to respond before the specified date and time, the handshake + // becomes inactive and is no longer valid. + ExpirationTimestamp *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The unique identifier (ID) of a handshake. The originating account creates + // the ID when it initiates the handshake. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string + // requires "h-" followed by from 8 to 32 lower-case letters or digits. + Id *string `type:"string"` + + // Information about the two accounts that are participating in the handshake. + Parties []*HandshakeParty `type:"list"` + + // The date and time that the handshake request was made. + RequestedTimestamp *time.Time `type:"timestamp" timestampFormat:"unix"` + + // Additional information that is needed to process the handshake. + Resources []*HandshakeResource `type:"list"` + + // The current state of the handshake. Use the state to trace the flow of the + // handshake through the process from its creation to its acceptance. The meaning + // of each of the valid values is as follows: + // + // * REQUESTED: This handshake was sent to multiple recipients (applicable + // to only some handshake types) and not all recipients have responded yet. + // The request stays in this state until all recipients respond. + // + // * OPEN: This handshake was sent to multiple recipients (applicable to + // only some policy types) and all recipients have responded, allowing the + // originator to complete the handshake action. + // + // * CANCELED: This handshake is no longer active because it was canceled + // by the originating account. + // + // * ACCEPTED: This handshake is complete because it has been accepted by + // the recipient. + // + // * DECLINED: This handshake is no longer active because it was declined + // by the recipient account. + // + // * EXPIRED: This handshake is no longer active because the originator did + // not receive a response of any kind from the recipient before the expiration + // time (15 days). + State *string `type:"string" enum:"HandshakeState"` +} + +// String returns the string representation +func (s Handshake) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Handshake) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *Handshake) SetAction(v string) *Handshake { + s.Action = &v + return s +} + +// SetArn sets the Arn field's value. +func (s *Handshake) SetArn(v string) *Handshake { + s.Arn = &v + return s +} + +// SetExpirationTimestamp sets the ExpirationTimestamp field's value. +func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake { + s.ExpirationTimestamp = &v + return s +} + +// SetId sets the Id field's value. +func (s *Handshake) SetId(v string) *Handshake { + s.Id = &v + return s +} + +// SetParties sets the Parties field's value. +func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake { + s.Parties = v + return s +} + +// SetRequestedTimestamp sets the RequestedTimestamp field's value. +func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake { + s.RequestedTimestamp = &v + return s +} + +// SetResources sets the Resources field's value. +func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake { + s.Resources = v + return s +} + +// SetState sets the State field's value. +func (s *Handshake) SetState(v string) *Handshake { + s.State = &v + return s +} + +// Specifies the criteria that are used to select the handshakes for the operation. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/HandshakeFilter +type HandshakeFilter struct { + _ struct{} `type:"structure"` + + // Specifies the type of handshake action. + // + // If you specify ActionType, you cannot also specify ParentHandshakeId. + ActionType *string `type:"string" enum:"ActionType"` + + // Specifies the parent handshake. Only used for handshake types that are a + // child of another type. + // + // If you specify ParentHandshakeId, you cannot also specify ActionType. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string + // requires "h-" followed by from 8 to 32 lower-case letters or digits. + ParentHandshakeId *string `type:"string"` +} + +// String returns the string representation +func (s HandshakeFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s HandshakeFilter) GoString() string { + return s.String() +} + +// SetActionType sets the ActionType field's value. +func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter { + s.ActionType = &v + return s +} + +// SetParentHandshakeId sets the ParentHandshakeId field's value. +func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter { + s.ParentHandshakeId = &v + return s +} + +// Identifies a participant in a handshake. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/HandshakeParty +type HandshakeParty struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) for the party. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string + // requires "h-" followed by from 8 to 32 lower-case letters or digits. + Id *string `min:"1" type:"string"` + + // The type of party. + Type *string `type:"string" enum:"HandshakePartyType"` +} + +// String returns the string representation +func (s HandshakeParty) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s HandshakeParty) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *HandshakeParty) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"} + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetId sets the Id field's value. +func (s *HandshakeParty) SetId(v string) *HandshakeParty { + s.Id = &v + return s +} + +// SetType sets the Type field's value. +func (s *HandshakeParty) SetType(v string) *HandshakeParty { + s.Type = &v + return s +} + +// Contains additional data that is needed to process a handshake. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/HandshakeResource +type HandshakeResource struct { + _ struct{} `type:"structure"` + + // When needed, contains an additional array of HandshakeResource objects. + Resources []*HandshakeResource `type:"list"` + + // The type of information being passed, specifying how the value is to be interpreted + // by the other party: + // + // * ACCOUNT - Specifies an AWS account ID number. + // + // * ORGANIZATION - Specifies an organization ID number. + // + // * EMAIL - Specifies the email address that is associated with the account + // that receives the handshake. + // + // * OWNER_EMAIL - Specifies the email address associated with the master + // account. Included as information about an organization. + // + // * OWNER_NAME - Specifies the name associated with the master account. + // Included as information about an organization. + // + // * NOTES - Additional text provided by the handshake initiator and intended + // for the recipient to read. + Type *string `type:"string" enum:"HandshakeResourceType"` + + // The information that is passed to the other party in the handshake. The format + // of the value string must match the requirements of the specified type. + Value *string `type:"string"` +} + +// String returns the string representation +func (s HandshakeResource) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s HandshakeResource) GoString() string { + return s.String() +} + +// SetResources sets the Resources field's value. +func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource { + s.Resources = v + return s +} + +// SetType sets the Type field's value. +func (s *HandshakeResource) SetType(v string) *HandshakeResource { + s.Type = &v + return s +} + +// SetValue sets the Value field's value. +func (s *HandshakeResource) SetValue(v string) *HandshakeResource { + s.Value = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganizationRequest +type InviteAccountToOrganizationInput struct { + _ struct{} `type:"structure"` + + // Additional information that you want to include in the generated email to + // the recipient account owner. + Notes *string `type:"string"` + + // The identifier (ID) of the AWS account that you want to invite to join your + // organization. This is a JSON object that contains the following elements: + // + // { "Type": "ACCOUNT", "Id": "" } + // + // If you use the AWS CLI, you can submit this as a single string, similar to + // the following example: + // + // --target id=123456789012,type=ACCOUNT + // + // If you specify "Type": "ACCOUNT", then you must provide the AWS account ID + // number as the Id. If you specify "Type": "EMAIL", then you must specify the + // email address that is associated with the account. + // + // --target id=bill@example.com,type=EMAIL + // + // Target is a required field + Target *HandshakeParty `type:"structure" required:"true"` +} + +// String returns the string representation +func (s InviteAccountToOrganizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InviteAccountToOrganizationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *InviteAccountToOrganizationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"} + if s.Target == nil { + invalidParams.Add(request.NewErrParamRequired("Target")) + } + if s.Target != nil { + if err := s.Target.Validate(); err != nil { + invalidParams.AddNested("Target", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNotes sets the Notes field's value. +func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput { + s.Notes = &v + return s +} + +// SetTarget sets the Target field's value. +func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput { + s.Target = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganizationResponse +type InviteAccountToOrganizationOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the handshake that is created to + // support this invitation request. + Handshake *Handshake `type:"structure"` +} + +// String returns the string representation +func (s InviteAccountToOrganizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InviteAccountToOrganizationOutput) GoString() string { + return s.String() +} + +// SetHandshake sets the Handshake field's value. +func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput { + s.Handshake = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganizationInput +type LeaveOrganizationInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s LeaveOrganizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LeaveOrganizationInput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganizationOutput +type LeaveOrganizationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s LeaveOrganizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LeaveOrganizationOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParentRequest +type ListAccountsForParentInput struct { + _ struct{} `type:"structure"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` + + // The unique identifier (ID) for the parent root or organization unit (OU) + // whose accounts you want to list. + // + // ParentId is a required field + ParentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ListAccountsForParentInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccountsForParentInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAccountsForParentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.ParentId == nil { + invalidParams.Add(request.NewErrParamRequired("ParentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput { + s.NextToken = &v + return s +} + +// SetParentId sets the ParentId field's value. +func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput { + s.ParentId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParentResponse +type ListAccountsForParentOutput struct { + _ struct{} `type:"structure"` + + // A list of the accounts in the specified root or OU. + Accounts []*Account `type:"list"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListAccountsForParentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccountsForParentOutput) GoString() string { + return s.String() +} + +// SetAccounts sets the Accounts field's value. +func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput { + s.Accounts = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsRequest +type ListAccountsInput struct { + _ struct{} `type:"structure"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListAccountsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccountsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAccountsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsResponse +type ListAccountsOutput struct { + _ struct{} `type:"structure"` + + // A list of objects in the organization. + Accounts []*Account `type:"list"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListAccountsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccountsOutput) GoString() string { + return s.String() +} + +// SetAccounts sets the Accounts field's value. +func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput { + s.Accounts = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildrenRequest +type ListChildrenInput struct { + _ struct{} `type:"structure"` + + // Filters the output to include only the specified child type. + // + // ChildType is a required field + ChildType *string `type:"string" required:"true" enum:"ChildType"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` + + // The unique identifier (ID) for the parent root or OU whose children you want + // to list. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // ParentId is a required field + ParentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ListChildrenInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListChildrenInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListChildrenInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"} + if s.ChildType == nil { + invalidParams.Add(request.NewErrParamRequired("ChildType")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.ParentId == nil { + invalidParams.Add(request.NewErrParamRequired("ParentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetChildType sets the ChildType field's value. +func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput { + s.ChildType = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput { + s.NextToken = &v + return s +} + +// SetParentId sets the ParentId field's value. +func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput { + s.ParentId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildrenResponse +type ListChildrenOutput struct { + _ struct{} `type:"structure"` + + // The list of children of the specified parent container. + Children []*Child `type:"list"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListChildrenOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListChildrenOutput) GoString() string { + return s.String() +} + +// SetChildren sets the Children field's value. +func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput { + s.Children = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatusRequest +type ListCreateAccountStatusInput struct { + _ struct{} `type:"structure"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` + + // A list of one or more states that you want included in the response. If this + // parameter is not present, then all requests are included in the response. + States []*string `type:"list"` +} + +// String returns the string representation +func (s ListCreateAccountStatusInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListCreateAccountStatusInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListCreateAccountStatusInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput { + s.NextToken = &v + return s +} + +// SetStates sets the States field's value. +func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput { + s.States = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatusResponse +type ListCreateAccountStatusOutput struct { + _ struct{} `type:"structure"` + + // A list of objects with details about the requests. Certain elements, such + // as the accountId number, are present in the output only after the account + // has been successfully created. + CreateAccountStatuses []*CreateAccountStatus `type:"list"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListCreateAccountStatusOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListCreateAccountStatusOutput) GoString() string { + return s.String() +} + +// SetCreateAccountStatuses sets the CreateAccountStatuses field's value. +func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput { + s.CreateAccountStatuses = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccountRequest +type ListHandshakesForAccountInput struct { + _ struct{} `type:"structure"` + + // Filters the handshakes that you want included in the response. The default + // is all types. Use the ActionType element to limit the output to only a specified + // type, such as INVITE, ENABLE-FULL-CONTROL, or APPROVE-FULL-CONTROL. Alternatively, + // for the ENABLE-FULL-CONTROL handshake that generates a separate child handshake + // for each member account, you can specify ParentHandshakeId to see only the + // handshakes that were generated by that parent request. + Filter *HandshakeFilter `type:"structure"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListHandshakesForAccountInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListHandshakesForAccountInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListHandshakesForAccountInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilter sets the Filter field's value. +func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput { + s.Filter = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccountResponse +type ListHandshakesForAccountOutput struct { + _ struct{} `type:"structure"` + + // A list of Handshake objects with details about each of the handshakes that + // is associated with the specified account. + Handshakes []*Handshake `type:"list"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListHandshakesForAccountOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListHandshakesForAccountOutput) GoString() string { + return s.String() +} + +// SetHandshakes sets the Handshakes field's value. +func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput { + s.Handshakes = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganizationRequest +type ListHandshakesForOrganizationInput struct { + _ struct{} `type:"structure"` + + // A filter of the handshakes that you want included in the response. The default + // is all types. Use the ActionType element to limit the output to only a specified + // type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively, + // for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake + // for each member account, you can specify the ParentHandshakeId to see only + // the handshakes that were generated by that parent request. + Filter *HandshakeFilter `type:"structure"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListHandshakesForOrganizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListHandshakesForOrganizationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListHandshakesForOrganizationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilter sets the Filter field's value. +func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput { + s.Filter = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganizationResponse +type ListHandshakesForOrganizationOutput struct { + _ struct{} `type:"structure"` + + // A list of Handshake objects with details about each of the handshakes that + // are associated with an organization. + Handshakes []*Handshake `type:"list"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListHandshakesForOrganizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListHandshakesForOrganizationOutput) GoString() string { + return s.String() +} + +// SetHandshakes sets the Handshakes field's value. +func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput { + s.Handshakes = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParentRequest +type ListOrganizationalUnitsForParentInput struct { + _ struct{} `type:"structure"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` + + // The unique identifier (ID) of the root or OU whose child OUs you want to + // list. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // ParentId is a required field + ParentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ListOrganizationalUnitsForParentInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListOrganizationalUnitsForParentInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListOrganizationalUnitsForParentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.ParentId == nil { + invalidParams.Add(request.NewErrParamRequired("ParentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput { + s.NextToken = &v + return s +} + +// SetParentId sets the ParentId field's value. +func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput { + s.ParentId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParentResponse +type ListOrganizationalUnitsForParentOutput struct { + _ struct{} `type:"structure"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` + + // A list of the OUs in the specified root or parent OU. + OrganizationalUnits []*OrganizationalUnit `type:"list"` +} + +// String returns the string representation +func (s ListOrganizationalUnitsForParentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListOrganizationalUnitsForParentOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput { + s.NextToken = &v + return s +} + +// SetOrganizationalUnits sets the OrganizationalUnits field's value. +func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput { + s.OrganizationalUnits = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParentsRequest +type ListParentsInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the OU or account whose parent containers you + // want to list. Do not specify a root. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string + // requires one of the following: + // + // * Account: a string that consists of exactly 12 digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that contains + // the OU) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // ChildId is a required field + ChildId *string `type:"string" required:"true"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListParentsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListParentsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListParentsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"} + if s.ChildId == nil { + invalidParams.Add(request.NewErrParamRequired("ChildId")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetChildId sets the ChildId field's value. +func (s *ListParentsInput) SetChildId(v string) *ListParentsInput { + s.ChildId = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParentsResponse +type ListParentsOutput struct { + _ struct{} `type:"structure"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` + + // A list of parents for the specified child account or OU. + Parents []*Parent `type:"list"` +} + +// String returns the string representation +func (s ListParentsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListParentsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput { + s.NextToken = &v + return s +} + +// SetParents sets the Parents field's value. +func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput { + s.Parents = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTargetRequest +type ListPoliciesForTargetInput struct { + _ struct{} `type:"structure"` + + // The type of policy that you want to include in the returned list. + // + // Filter is a required field + Filter *string `type:"string" required:"true" enum:"PolicyType"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` + + // The unique identifier (ID) of the root, organizational unit, or account whose + // policies you want to list. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Account: a string that consists of exactly 12 digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // TargetId is a required field + TargetId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ListPoliciesForTargetInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListPoliciesForTargetInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListPoliciesForTargetInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"} + if s.Filter == nil { + invalidParams.Add(request.NewErrParamRequired("Filter")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.TargetId == nil { + invalidParams.Add(request.NewErrParamRequired("TargetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilter sets the Filter field's value. +func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput { + s.Filter = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput { + s.NextToken = &v + return s +} + +// SetTargetId sets the TargetId field's value. +func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput { + s.TargetId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTargetResponse +type ListPoliciesForTargetOutput struct { + _ struct{} `type:"structure"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` + + // The list of policies that match the criteria in the request. + Policies []*PolicySummary `type:"list"` +} + +// String returns the string representation +func (s ListPoliciesForTargetOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListPoliciesForTargetOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput { + s.NextToken = &v + return s +} + +// SetPolicies sets the Policies field's value. +func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput { + s.Policies = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesRequest +type ListPoliciesInput struct { + _ struct{} `type:"structure"` + + // Specifies the type of policy that you want to include in the response. + // + // Filter is a required field + Filter *string `type:"string" required:"true" enum:"PolicyType"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListPoliciesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListPoliciesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListPoliciesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"} + if s.Filter == nil { + invalidParams.Add(request.NewErrParamRequired("Filter")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilter sets the Filter field's value. +func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput { + s.Filter = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesResponse +type ListPoliciesOutput struct { + _ struct{} `type:"structure"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` + + // A list of policies that match the filter criteria in the request. The output + // list does not include the policy contents. To see the content for a policy, + // see DescribePolicy. + Policies []*PolicySummary `type:"list"` +} + +// String returns the string representation +func (s ListPoliciesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListPoliciesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput { + s.NextToken = &v + return s +} + +// SetPolicies sets the Policies field's value. +func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput { + s.Policies = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRootsRequest +type ListRootsInput struct { + _ struct{} `type:"structure"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListRootsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListRootsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListRootsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput { + s.NextToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRootsResponse +type ListRootsOutput struct { + _ struct{} `type:"structure"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` + + // A list of roots that are defined in an organization. + Roots []*Root `type:"list"` +} + +// String returns the string representation +func (s ListRootsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListRootsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput { + s.NextToken = &v + return s +} + +// SetRoots sets the Roots field's value. +func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput { + s.Roots = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicyRequest +type ListTargetsForPolicyInput struct { + _ struct{} `type:"structure"` + + // (Optional) Use this to limit the number of results you want included in the + // response. If you do not include this parameter, it defaults to a value that + // is specific to the operation. If additional items exist beyond the maximum + // you specify, the NextToken response element is present and has a value (is + // not null). Include that value as the NextToken request parameter in the next + // call to the operation to get the next part of the results. Note that Organizations + // might return fewer results than the maximum even when there are more results + // available. You should check NextToken after every operation to ensure that + // you receive all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter if you receive a NextToken response in a previous request + // that indicates that there is more output available. Set it to the value of + // the previous call's NextToken response to indicate where the output should + // continue from. + NextToken *string `type:"string"` + + // The unique identifier (ID) of the policy for which you want to know its attachments. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string + // requires "p-" followed by from 8 to 128 lower-case letters or digits. + // + // PolicyId is a required field + PolicyId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ListTargetsForPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListTargetsForPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListTargetsForPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.PolicyId == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput { + s.NextToken = &v + return s +} + +// SetPolicyId sets the PolicyId field's value. +func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput { + s.PolicyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicyResponse +type ListTargetsForPolicyOutput struct { + _ struct{} `type:"structure"` + + // If present, this value indicates that there is more output available than + // is included in the current response. Use this value in the NextToken request + // parameter in a subsequent call to the operation to get the next part of the + // output. You should repeat this until the NextToken response element comes + // back as null. + NextToken *string `type:"string"` + + // A list of structures, each of which contains details about one of the entities + // to which the specified policy is attached. + Targets []*PolicyTargetSummary `type:"list"` +} + +// String returns the string representation +func (s ListTargetsForPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListTargetsForPolicyOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput { + s.NextToken = &v + return s +} + +// SetTargets sets the Targets field's value. +func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput { + s.Targets = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccountRequest +type MoveAccountInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the account that you want to move. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string + // requires exactly 12 digits. + // + // AccountId is a required field + AccountId *string `type:"string" required:"true"` + + // The unique identifier (ID) of the root or organizational unit that you want + // to move the account to. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // DestinationParentId is a required field + DestinationParentId *string `type:"string" required:"true"` + + // The unique identifier (ID) of the root or organizational unit that you want + // to move the account from. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + // + // SourceParentId is a required field + SourceParentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s MoveAccountInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s MoveAccountInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MoveAccountInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"} + if s.AccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AccountId")) + } + if s.DestinationParentId == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationParentId")) + } + if s.SourceParentId == nil { + invalidParams.Add(request.NewErrParamRequired("SourceParentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountId sets the AccountId field's value. +func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput { + s.AccountId = &v + return s +} + +// SetDestinationParentId sets the DestinationParentId field's value. +func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput { + s.DestinationParentId = &v + return s +} + +// SetSourceParentId sets the SourceParentId field's value. +func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput { + s.SourceParentId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccountOutput +type MoveAccountOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s MoveAccountOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s MoveAccountOutput) GoString() string { + return s.String() +} + +// Contains details about an organization. An organization is a collection of +// accounts that are centrally managed together using consolidated billing, +// organized hierarchically with organizational units (OUs), and controlled +// with policies . +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Organization +type Organization struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of an organization. + // + // For more information about ARNs in Organizations, see ARN Formats Supported + // by Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) + // in the AWS Organizations User Guide. + Arn *string `type:"string"` + + // A list of policy types that are enabled for this organization. For example, + // if your organization has all features enabled, then service control policies + // (SCPs) are included in the list. + AvailablePolicyTypes []*PolicyTypeSummary `type:"list"` + + // Specifies the functionality that currently is available to the organization. + // If set to "ALL", then all features are enabled and policies can be applied + // to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only + // consolidated billing functionality is available. For more information, see + // Enabling All Features in Your Organization (http://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_manage_org_support-all-features.html) + // in the AWS Organizations User Guide. + FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` + + // The unique identifier (ID) of an organization. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID + // string requires "o-" followed by from 10 to 32 lower-case letters or digits. + Id *string `type:"string"` + + // The Amazon Resource Name (ARN) of the account that is designated as the master + // account for the organization. + // + // For more information about ARNs in Organizations, see ARN Formats Supported + // by Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) + // in the AWS Organizations User Guide. + MasterAccountArn *string `type:"string"` + + // The email address that is associated with the AWS account that is designated + // as the master account for the organization. + MasterAccountEmail *string `min:"6" type:"string"` + + // The unique identifier (ID) of the master account of an organization. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string + // requires exactly 12 digits. + MasterAccountId *string `type:"string"` +} + +// String returns the string representation +func (s Organization) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Organization) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *Organization) SetArn(v string) *Organization { + s.Arn = &v + return s +} + +// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value. +func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization { + s.AvailablePolicyTypes = v + return s +} + +// SetFeatureSet sets the FeatureSet field's value. +func (s *Organization) SetFeatureSet(v string) *Organization { + s.FeatureSet = &v + return s +} + +// SetId sets the Id field's value. +func (s *Organization) SetId(v string) *Organization { + s.Id = &v + return s +} + +// SetMasterAccountArn sets the MasterAccountArn field's value. +func (s *Organization) SetMasterAccountArn(v string) *Organization { + s.MasterAccountArn = &v + return s +} + +// SetMasterAccountEmail sets the MasterAccountEmail field's value. +func (s *Organization) SetMasterAccountEmail(v string) *Organization { + s.MasterAccountEmail = &v + return s +} + +// SetMasterAccountId sets the MasterAccountId field's value. +func (s *Organization) SetMasterAccountId(v string) *Organization { + s.MasterAccountId = &v + return s +} + +// Contains details about an organizational unit (OU). An OU is a container +// of AWS accounts within a root of an organization. Policies that are attached +// to an OU apply to all accounts contained in that OU and in any child OUs. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/OrganizationalUnit +type OrganizationalUnit struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of this OU. + // + // For more information about ARNs in Organizations, see ARN Formats Supported + // by Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) + // in the AWS Organizations User Guide. + Arn *string `type:"string"` + + // The unique identifier (ID) associated with this OU. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational + // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters + // or digits (the ID of the root that contains the OU) followed by a second + // "-" dash and from 8 to 32 additional lower-case letters or digits. + Id *string `type:"string"` + + // The friendly name of this OU. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of any of the characters in the ASCII character + // range. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s OrganizationalUnit) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s OrganizationalUnit) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit { + s.Arn = &v + return s +} + +// SetId sets the Id field's value. +func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit { + s.Id = &v + return s +} + +// SetName sets the Name field's value. +func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit { + s.Name = &v + return s +} + +// Contains information about either a root or an organizational unit (OU) that +// can contain OUs or accounts in an organization. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Parent +type Parent struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the parent entity. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + Id *string `type:"string"` + + // The type of the parent entity. + Type *string `type:"string" enum:"ParentType"` +} + +// String returns the string representation +func (s Parent) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Parent) GoString() string { + return s.String() +} + +// SetId sets the Id field's value. +func (s *Parent) SetId(v string) *Parent { + s.Id = &v + return s +} + +// SetType sets the Type field's value. +func (s *Parent) SetType(v string) *Parent { + s.Type = &v + return s +} + +// Contains rules to be applied to the affected accounts. Policies can be attached +// directly to accounts, or to roots and OUs to affect all accounts in those +// hierarchies. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Policy +type Policy struct { + _ struct{} `type:"structure"` + + // The text content of the policy. + Content *string `min:"1" type:"string"` + + // A structure that contains additional details about the policy. + PolicySummary *PolicySummary `type:"structure"` +} + +// String returns the string representation +func (s Policy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Policy) GoString() string { + return s.String() +} + +// SetContent sets the Content field's value. +func (s *Policy) SetContent(v string) *Policy { + s.Content = &v + return s +} + +// SetPolicySummary sets the PolicySummary field's value. +func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy { + s.PolicySummary = v + return s +} + +// Contains information about a policy, but does not include the content. To +// see the content of a policy, see DescribePolicy. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/PolicySummary +type PolicySummary struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the policy. + // + // For more information about ARNs in Organizations, see ARN Formats Supported + // by Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) + // in the AWS Organizations User Guide. + Arn *string `type:"string"` + + // A boolean value that indicates whether the specified policy is an AWS managed + // policy. If true, then you can attach the policy to roots, OUs, or accounts, + // but you cannot edit it. + AwsManaged *bool `type:"boolean"` + + // The description of the policy. + Description *string `type:"string"` + + // The unique identifier (ID) of the policy. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string + // requires "p-" followed by from 8 to 128 lower-case letters or digits. + Id *string `type:"string"` + + // The friendly name of the policy. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of any of the characters in the ASCII character + // range. + Name *string `min:"1" type:"string"` + + // The type of policy. + Type *string `type:"string" enum:"PolicyType"` +} + +// String returns the string representation +func (s PolicySummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PolicySummary) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *PolicySummary) SetArn(v string) *PolicySummary { + s.Arn = &v + return s +} + +// SetAwsManaged sets the AwsManaged field's value. +func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary { + s.AwsManaged = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *PolicySummary) SetDescription(v string) *PolicySummary { + s.Description = &v + return s +} + +// SetId sets the Id field's value. +func (s *PolicySummary) SetId(v string) *PolicySummary { + s.Id = &v + return s +} + +// SetName sets the Name field's value. +func (s *PolicySummary) SetName(v string) *PolicySummary { + s.Name = &v + return s +} + +// SetType sets the Type field's value. +func (s *PolicySummary) SetType(v string) *PolicySummary { + s.Type = &v + return s +} + +// Contains information about a root, OU, or account that a policy is attached +// to. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/PolicyTargetSummary +type PolicyTargetSummary struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the policy target. + // + // For more information about ARNs in Organizations, see ARN Formats Supported + // by Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) + // in the AWS Organizations User Guide. + Arn *string `type:"string"` + + // The friendly name of the policy target. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of any of the characters in the ASCII character + // range. + Name *string `min:"1" type:"string"` + + // The unique identifier (ID) of the policy target. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string + // requires one of the following: + // + // * Root: a string that begins with "r-" followed by from 4 to 32 lower-case + // letters or digits. + // + // * Account: a string that consists of exactly 12 digits. + // + // * Organizational unit (OU): a string that begins with "ou-" followed by + // from 4 to 32 lower-case letters or digits (the ID of the root that the + // OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case + // letters or digits. + TargetId *string `type:"string"` + + // The type of the policy target. + Type *string `type:"string" enum:"TargetType"` +} + +// String returns the string representation +func (s PolicyTargetSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PolicyTargetSummary) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary { + s.Arn = &v + return s +} + +// SetName sets the Name field's value. +func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary { + s.Name = &v + return s +} + +// SetTargetId sets the TargetId field's value. +func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary { + s.TargetId = &v + return s +} + +// SetType sets the Type field's value. +func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary { + s.Type = &v + return s +} + +// Contains information about a policy type and its status in the associated +// root. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/PolicyTypeSummary +type PolicyTypeSummary struct { + _ struct{} `type:"structure"` + + // The status of the policy type as it relates to the associated root. To attach + // a policy of the specified type to a root or to an OU or account in that root, + // it must be available in the organization and enabled for that root. + Status *string `type:"string" enum:"PolicyTypeStatus"` + + // The name of the policy type. + Type *string `type:"string" enum:"PolicyType"` +} + +// String returns the string representation +func (s PolicyTypeSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PolicyTypeSummary) GoString() string { + return s.String() +} + +// SetStatus sets the Status field's value. +func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary { + s.Status = &v + return s +} + +// SetType sets the Type field's value. +func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary { + s.Type = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganizationRequest +type RemoveAccountFromOrganizationInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the member account that you want to remove + // from the organization. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string + // requires exactly 12 digits. + // + // AccountId is a required field + AccountId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s RemoveAccountFromOrganizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RemoveAccountFromOrganizationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RemoveAccountFromOrganizationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"} + if s.AccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AccountId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountId sets the AccountId field's value. +func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput { + s.AccountId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganizationOutput +type RemoveAccountFromOrganizationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s RemoveAccountFromOrganizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RemoveAccountFromOrganizationOutput) GoString() string { + return s.String() +} + +// Contains details about a root. A root is a top-level parent node in the hierarchy +// of an organization that can contain organizational units (OUs) and accounts. +// Every root contains every AWS account in the organization. Each root enables +// the accounts to be organized in a different way and to have different policy +// types enabled for use in that root. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Root +type Root struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the root. + // + // For more information about ARNs in Organizations, see ARN Formats Supported + // by Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) + // in the AWS Organizations User Guide. + Arn *string `type:"string"` + + // The unique identifier (ID) for the root. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string + // requires "r-" followed by from 4 to 32 lower-case letters or digits. + Id *string `type:"string"` + + // The friendly name of the root. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of any of the characters in the ASCII character + // range. + Name *string `min:"1" type:"string"` + + // The types of policies that are currently enabled for the root and therefore + // can be attached to the root or to its OUs or accounts. + PolicyTypes []*PolicyTypeSummary `type:"list"` +} + +// String returns the string representation +func (s Root) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Root) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *Root) SetArn(v string) *Root { + s.Arn = &v + return s +} + +// SetId sets the Id field's value. +func (s *Root) SetId(v string) *Root { + s.Id = &v + return s +} + +// SetName sets the Name field's value. +func (s *Root) SetName(v string) *Root { + s.Name = &v + return s +} + +// SetPolicyTypes sets the PolicyTypes field's value. +func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root { + s.PolicyTypes = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnitRequest +type UpdateOrganizationalUnitInput struct { + _ struct{} `type:"structure"` + + // The new name that you want to assign to the OU. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of any of the characters in the ASCII character + // range. + Name *string `min:"1" type:"string"` + + // The unique identifier (ID) of the OU that you want to rename. You can get + // the ID from the ListOrganizationalUnitsForParent operation. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational + // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters + // or digits (the ID of the root that contains the OU) followed by a second + // "-" dash and from 8 to 32 additional lower-case letters or digits. + // + // OrganizationalUnitId is a required field + OrganizationalUnitId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s UpdateOrganizationalUnitInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateOrganizationalUnitInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateOrganizationalUnitInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"} + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.OrganizationalUnitId == nil { + invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput { + s.Name = &v + return s +} + +// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. +func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput { + s.OrganizationalUnitId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnitResponse +type UpdateOrganizationalUnitOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains the details about the specified OU, including its + // new name. + OrganizationalUnit *OrganizationalUnit `type:"structure"` +} + +// String returns the string representation +func (s UpdateOrganizationalUnitOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateOrganizationalUnitOutput) GoString() string { + return s.String() +} + +// SetOrganizationalUnit sets the OrganizationalUnit field's value. +func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput { + s.OrganizationalUnit = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicyRequest +type UpdatePolicyInput struct { + _ struct{} `type:"structure"` + + // If provided, the new content for the policy. The text must be correctly formatted + // JSON that complies with the syntax for the policy's type. For more information, + // see Service Control Policy Syntax (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) + // in the AWS Organizations User Guide. + Content *string `min:"1" type:"string"` + + // If provided, the new description for the policy. + Description *string `type:"string"` + + // If provided, the new name for the policy. + // + // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate + // this parameter is a string of any of the characters in the ASCII character + // range. + Name *string `min:"1" type:"string"` + + // The unique identifier (ID) of the policy that you want to update. + // + // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string + // requires "p-" followed by from 8 to 128 lower-case letters or digits. + // + // PolicyId is a required field + PolicyId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s UpdatePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdatePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdatePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"} + if s.Content != nil && len(*s.Content) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Content", 1)) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.PolicyId == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetContent sets the Content field's value. +func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput { + s.Content = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput { + s.Description = &v + return s +} + +// SetName sets the Name field's value. +func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput { + s.Name = &v + return s +} + +// SetPolicyId sets the PolicyId field's value. +func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput { + s.PolicyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicyResponse +type UpdatePolicyOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains details about the updated policy, showing the requested + // changes. + Policy *Policy `type:"structure"` +} + +// String returns the string representation +func (s UpdatePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdatePolicyOutput) GoString() string { + return s.String() +} + +// SetPolicy sets the Policy field's value. +func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput { + s.Policy = v + return s +} + +const ( + // AccountJoinedMethodInvited is a AccountJoinedMethod enum value + AccountJoinedMethodInvited = "INVITED" + + // AccountJoinedMethodCreated is a AccountJoinedMethod enum value + AccountJoinedMethodCreated = "CREATED" +) + +const ( + // AccountStatusActive is a AccountStatus enum value + AccountStatusActive = "ACTIVE" + + // AccountStatusSuspended is a AccountStatus enum value + AccountStatusSuspended = "SUSPENDED" +) + +const ( + // ActionTypeInvite is a ActionType enum value + ActionTypeInvite = "INVITE" + + // ActionTypeEnableAllFeatures is a ActionType enum value + ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES" + + // ActionTypeApproveAllFeatures is a ActionType enum value + ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES" +) + +const ( + // ChildTypeAccount is a ChildType enum value + ChildTypeAccount = "ACCOUNT" + + // ChildTypeOrganizationalUnit is a ChildType enum value + ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" +) + +const ( + // ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" + + // ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" + + // ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED" + + // ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED" + + // ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED" + + // ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" + + // ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" + + // ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION" + + // ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" + + // ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" + + // ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED" + + // ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE" +) + +const ( + // CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value + CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED" + + // CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value + CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS" + + // CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value + CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS" + + // CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value + CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL" + + // CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value + CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE" +) + +const ( + // CreateAccountStateInProgress is a CreateAccountState enum value + CreateAccountStateInProgress = "IN_PROGRESS" + + // CreateAccountStateSucceeded is a CreateAccountState enum value + CreateAccountStateSucceeded = "SUCCEEDED" + + // CreateAccountStateFailed is a CreateAccountState enum value + CreateAccountStateFailed = "FAILED" +) + +const ( + // HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value + HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" + + // HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value + HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" + + // HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value + HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION" + + // HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value + HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES" + + // HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value + HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES" + + // HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value + HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED" + + // HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value + HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD" + + // HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value + HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED" +) + +const ( + // HandshakePartyTypeAccount is a HandshakePartyType enum value + HandshakePartyTypeAccount = "ACCOUNT" + + // HandshakePartyTypeOrganization is a HandshakePartyType enum value + HandshakePartyTypeOrganization = "ORGANIZATION" + + // HandshakePartyTypeEmail is a HandshakePartyType enum value + HandshakePartyTypeEmail = "EMAIL" +) + +const ( + // HandshakeResourceTypeAccount is a HandshakeResourceType enum value + HandshakeResourceTypeAccount = "ACCOUNT" + + // HandshakeResourceTypeOrganization is a HandshakeResourceType enum value + HandshakeResourceTypeOrganization = "ORGANIZATION" + + // HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value + HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET" + + // HandshakeResourceTypeEmail is a HandshakeResourceType enum value + HandshakeResourceTypeEmail = "EMAIL" + + // HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value + HandshakeResourceTypeMasterEmail = "MASTER_EMAIL" + + // HandshakeResourceTypeMasterName is a HandshakeResourceType enum value + HandshakeResourceTypeMasterName = "MASTER_NAME" + + // HandshakeResourceTypeNotes is a HandshakeResourceType enum value + HandshakeResourceTypeNotes = "NOTES" + + // HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value + HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE" +) + +const ( + // HandshakeStateRequested is a HandshakeState enum value + HandshakeStateRequested = "REQUESTED" + + // HandshakeStateOpen is a HandshakeState enum value + HandshakeStateOpen = "OPEN" + + // HandshakeStateCanceled is a HandshakeState enum value + HandshakeStateCanceled = "CANCELED" + + // HandshakeStateAccepted is a HandshakeState enum value + HandshakeStateAccepted = "ACCEPTED" + + // HandshakeStateDeclined is a HandshakeState enum value + HandshakeStateDeclined = "DECLINED" + + // HandshakeStateExpired is a HandshakeState enum value + HandshakeStateExpired = "EXPIRED" +) + +const ( + // IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value + IAMUserAccessToBillingAllow = "ALLOW" + + // IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value + IAMUserAccessToBillingDeny = "DENY" +) + +const ( + // InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET" + + // InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN" + + // InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID" + + // InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM" + + // InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER" + + // InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED" + + // InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED" + + // InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED" + + // InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED" + + // InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY" + + // InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN" + + // InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID" + + // InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED" + + // InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN" + + // InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER" + + // InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS" +) + +const ( + // OrganizationFeatureSetAll is a OrganizationFeatureSet enum value + OrganizationFeatureSetAll = "ALL" + + // OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value + OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING" +) + +const ( + // ParentTypeRoot is a ParentType enum value + ParentTypeRoot = "ROOT" + + // ParentTypeOrganizationalUnit is a ParentType enum value + ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" +) + +const ( + // PolicyTypeServiceControlPolicy is a PolicyType enum value + PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY" +) + +const ( + // PolicyTypeStatusEnabled is a PolicyTypeStatus enum value + PolicyTypeStatusEnabled = "ENABLED" + + // PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value + PolicyTypeStatusPendingEnable = "PENDING_ENABLE" + + // PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value + PolicyTypeStatusPendingDisable = "PENDING_DISABLE" +) + +const ( + // TargetTypeAccount is a TargetType enum value + TargetTypeAccount = "ACCOUNT" + + // TargetTypeOrganizationalUnit is a TargetType enum value + TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" + + // TargetTypeRoot is a TargetType enum value + TargetTypeRoot = "ROOT" +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/doc.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/doc.go new file mode 100644 index 000000000000..4adb150cf733 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/doc.go @@ -0,0 +1,191 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package organizations provides the client and types for making API +// requests to AWS Organizations. +// +// AWS Organizations is a web service that enables you to consolidate your multiple +// AWS accounts into an organization and centrally manage your accounts and +// their resources. +// +// This guide provides descriptions of the Organizations API. For more information +// about using this service, see the AWS Organizations User Guide (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html). +// +// API Version +// +// This version of the Organizations API Reference documents the Organizations +// API version 2016-11-28. +// +// As an alternative to using the API directly, you can use one of the AWS SDKs, +// which consist of libraries and sample code for various programming languages +// and platforms (Java, Ruby, .NET, iOS, Android, and more). The SDKs provide +// a convenient way to create programmatic access to AWS Organizations. For +// example, the SDKs take care of cryptographically signing requests, managing +// errors, and retrying requests automatically. For more information about the +// AWS SDKs, including how to download and install them, see Tools for Amazon +// Web Services (http://aws.amazon.com/tools/). +// +// We recommend that you use the AWS SDKs to make programmatic API calls to +// Organizations. However, you also can use the Organizations Query API to make +// direct calls to the Organizations web service. To learn more about the Organizations +// Query API, see Making Query Requests (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_query-requests.html) +// in the AWS Organizations User Guide. Organizations supports GET and POST +// requests for all actions. That is, the API does not require you to use GET +// for some actions and POST for others. However, GET requests are subject to +// the limitation size of a URL. Therefore, for operations that require larger +// sizes, use a POST request. +// +// Signing Requests +// +// When you send HTTP requests to AWS, you must sign the requests so that AWS +// can identify who sent them. You sign requests with your AWS access key, which +// consists of an access key ID and a secret access key. We strongly recommend +// that you do not create an access key for your root account. Anyone who has +// the access key for your root account has unrestricted access to all the resources +// in your account. Instead, create an access key for an IAM user account that +// has administrative privileges. As another option, use AWS Security Token +// Service to generate temporary security credentials, and use those credentials +// to sign requests. +// +// To sign requests, we recommend that you use Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). +// If you have an existing application that uses Signature Version 2, you do +// not have to update it to use Signature Version 4. However, some operations +// now require Signature Version 4. The documentation for operations that require +// version 4 indicate this requirement. +// +// When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs +// to make requests to AWS, these tools automatically sign the requests for +// you with the access key that you specify when you configure the tools. +// +// In this release, each organization can have only one root. In a future release, +// a single organization will support multiple roots. +// +// Support and Feedback for AWS Organizations +// +// We welcome your feedback. Send your comments to feedback-awsorganizations@amazon.com +// (mailto:feedback-awsorganizations@amazon.com) or post your feedback and questions +// in our private AWS Organizations support forum (http://forums.aws.amazon.com/forum.jspa?forumID=219). +// If you don't have access to the forum, send a request for access to the email +// address, along with your forum user ID. For more information about the AWS +// support forums, see Forums Help (http://forums.aws.amazon.com/help.jspa). +// +// Endpoint to Call When Using the CLI or the AWS API +// +// For the current release of Organizations, you must specify the us-east-1 +// region for all AWS API and CLI calls. You can do this in the CLI by using +// these parameters and commands: +// +// * Use the following parameter with each command to specify both the endpoint +// and its region: +// +// --endpoint-url https://organizations.us-east-1.amazonaws.com +// +// * Use the default endpoint, but configure your default region with this +// command: +// +// aws configure set default.region us-east-1 +// +// * Use the following parameter with each command to specify the endpoint: +// +// --region us-east-1 +// +// For the various SDKs used to call the APIs, see the documentation for the +// SDK of interest to learn how to direct the requests to a specific endpoint. +// For more information, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region) +// in the AWS General Reference. +// +// How examples are presented +// +// The JSON returned by the AWS Organizations service as response to your requests +// is returned as a single long string without line breaks or formatting whitespace. +// Both line breaks and whitespace are included in the examples in this guide +// to improve readability. When example input parameters also would result in +// long strings that would extend beyond the screen, we insert line breaks to +// enhance readability. You should always submit the input as a single JSON +// text string. +// +// Recording API Requests +// +// AWS Organizations supports AWS CloudTrail, a service that records AWS API +// calls for your AWS account and delivers log files to an Amazon S3 bucket. +// By using information collected by AWS CloudTrail, you can determine which +// requests were successfully made to Organizations, who made the request, when +// it was made, and so on. For more about AWS Organizations and its support +// for AWS CloudTrail, see Logging AWS Organizations Events with AWS CloudTrail +// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_cloudtrail-integration.html) +// in the AWS Organizations User Guide. To learn more about CloudTrail, including +// how to turn it on and find your log files, see the AWS CloudTrail User Guide +// (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). +// +// See https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28 for more information on this service. +// +// See organizations package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/organizations/ +// +// Using the Client +// +// To use the client for AWS Organizations you will first need +// to create a new instance of it. +// +// When creating a client for an AWS service you'll first need to have a Session +// already created. The Session provides configuration that can be shared +// between multiple service clients. Additional configuration can be applied to +// the Session and service's client when they are constructed. The aws package's +// Config type contains several fields such as Region for the AWS Region the +// client should make API requests too. The optional Config value can be provided +// as the variadic argument for Sessions and client creation. +// +// Once the service's client is created you can use it to make API requests the +// AWS service. These clients are safe to use concurrently. +// +// // Create a session to share configuration, and load external configuration. +// sess := session.Must(session.NewSession()) +// +// // Create the service's client with the session. +// svc := organizations.New(sess) +// +// See the SDK's documentation for more information on how to use service clients. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws package's Config type for more information on configuration options. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the AWS Organizations client Organizations for more +// information on creating the service's client. +// https://docs.aws.amazon.com/sdk-for-go/api/service/organizations/#New +// +// Once the client is created you can make an API request to the service. +// Each API method takes a input parameter, and returns the service response +// and an error. +// +// The API method will document which error codes the service can be returned +// by the operation if the service models the API operation's errors. These +// errors will also be available as const strings prefixed with "ErrCode". +// +// result, err := svc.AcceptHandshake(params) +// if err != nil { +// // Cast err to awserr.Error to handle specific error codes. +// aerr, ok := err.(awserr.Error) +// if ok && aerr.Code() == { +// // Specific error code handling +// } +// return err +// } +// +// fmt.Println("AcceptHandshake result:") +// fmt.Println(result) +// +// Using the Client with Context +// +// The service's client also provides methods to make API requests with a Context +// value. This allows you to control the timeout, and cancellation of pending +// requests. These methods also take request Option as variadic parameter to apply +// additional configuration to the API request. +// +// ctx := context.Background() +// +// result, err := svc.AcceptHandshakeWithContext(ctx, params) +// +// See the request package documentation for more information on using Context pattern +// with the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/request/ +package organizations diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go new file mode 100644 index 000000000000..af7c2d646d64 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go @@ -0,0 +1,398 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package organizations + +const ( + + // ErrCodeAWSOrganizationsNotInUseException for service response error code + // "AWSOrganizationsNotInUseException". + // + // Your account is not a member of an organization. To make this request, you + // must use the credentials of an account that belongs to an organization. + ErrCodeAWSOrganizationsNotInUseException = "AWSOrganizationsNotInUseException" + + // ErrCodeAccessDeniedException for service response error code + // "AccessDeniedException". + // + // You don't have permissions to perform the requested operation. The user or + // role that is making the request must have at least one IAM permissions policy + // attached that grants the required permissions. For more information, see + // Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) + // in the IAM User Guide. + ErrCodeAccessDeniedException = "AccessDeniedException" + + // ErrCodeAccountNotFoundException for service response error code + // "AccountNotFoundException". + // + // We can't find an AWS account with the AccountId that you specified, or the + // account whose credentials you used to make this request is not a member of + // an organization. + ErrCodeAccountNotFoundException = "AccountNotFoundException" + + // ErrCodeAlreadyInOrganizationException for service response error code + // "AlreadyInOrganizationException". + // + // This account is already a member of an organization. An account can belong + // to only one organization at a time. + ErrCodeAlreadyInOrganizationException = "AlreadyInOrganizationException" + + // ErrCodeChildNotFoundException for service response error code + // "ChildNotFoundException". + // + // We can't find an organizational unit (OU) or AWS account with the ChildId + // that you specified. + ErrCodeChildNotFoundException = "ChildNotFoundException" + + // ErrCodeConcurrentModificationException for service response error code + // "ConcurrentModificationException". + // + // The target of the operation is currently being modified by a different request. + // Try again later. + ErrCodeConcurrentModificationException = "ConcurrentModificationException" + + // ErrCodeConstraintViolationException for service response error code + // "ConstraintViolationException". + // + // Performing this operation violates a minimum or maximum value limit. For + // example, attempting to removing the last SCP from an OU or root, inviting + // or creating too many accounts to the organization, or attaching too many + // policies to an account, OU, or root. This exception includes a reason that + // contains additional information about the violated limit: + // + // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number + // of accounts in an organization. Note: deleted and closed accounts still count + // toward your limit. + // + // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of + // handshakes you can send in one day. + // + // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational + // units you can have in an organization. + // + // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit + // tree that is too many levels deep. + // + // * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of + // policies that you can have in an organization. + // + // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the + // number of policies of a certain type that can be attached to an entity + // at one time. + // + // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a + // policy from an entity that would cause the entity to have fewer than the + // minimum number of policies of a certain type required. + // + // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account + // from an organization that was created from within organizations. + // + // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization + // with this account, you first must associate a payment instrument, such + // as a credit card, with the account. + // + // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation + // with this member account, you first must associate a payment instrument, + // such as a credit card, with the account. + // + // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number + // of accounts that you can create in one day. + // + // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account + // in this organization, you first must migrate the organization's master + // account to the marketplace that corresponds to the master account's address. + // For example, accounts with India addresses must be associated with the + // AISPL marketplace. All accounts in an organization must be associated + // with the same marketplace. + ErrCodeConstraintViolationException = "ConstraintViolationException" + + // ErrCodeCreateAccountStatusNotFoundException for service response error code + // "CreateAccountStatusNotFoundException". + // + // We can't find an create account request with the CreateAccountRequestId that + // you specified. + ErrCodeCreateAccountStatusNotFoundException = "CreateAccountStatusNotFoundException" + + // ErrCodeDestinationParentNotFoundException for service response error code + // "DestinationParentNotFoundException". + // + // We can't find the destination container (a root or OU) with the ParentId + // that you specified. + ErrCodeDestinationParentNotFoundException = "DestinationParentNotFoundException" + + // ErrCodeDuplicateAccountException for service response error code + // "DuplicateAccountException". + // + // That account is already present in the specified destination. + ErrCodeDuplicateAccountException = "DuplicateAccountException" + + // ErrCodeDuplicateHandshakeException for service response error code + // "DuplicateHandshakeException". + // + // A handshake with the same action and target already exists. For example, + // if you invited an account to join your organization, the invited account + // might already have a pending invitation from this organization. If you intend + // to resend an invitation to an account, ensure that existing handshakes that + // might be considered duplicates are canceled or declined. + ErrCodeDuplicateHandshakeException = "DuplicateHandshakeException" + + // ErrCodeDuplicateOrganizationalUnitException for service response error code + // "DuplicateOrganizationalUnitException". + // + // An organizational unit (OU) with the same name already exists. + ErrCodeDuplicateOrganizationalUnitException = "DuplicateOrganizationalUnitException" + + // ErrCodeDuplicatePolicyAttachmentException for service response error code + // "DuplicatePolicyAttachmentException". + // + // The selected policy is already attached to the specified target. + ErrCodeDuplicatePolicyAttachmentException = "DuplicatePolicyAttachmentException" + + // ErrCodeDuplicatePolicyException for service response error code + // "DuplicatePolicyException". + // + // A policy with the same name already exists. + ErrCodeDuplicatePolicyException = "DuplicatePolicyException" + + // ErrCodeFinalizingOrganizationException for service response error code + // "FinalizingOrganizationException". + // + // AWS Organizations could not finalize the creation of your organization. Try + // again later. If this persists, contact AWS customer support. + ErrCodeFinalizingOrganizationException = "FinalizingOrganizationException" + + // ErrCodeHandshakeAlreadyInStateException for service response error code + // "HandshakeAlreadyInStateException". + // + // The specified handshake is already in the requested state. For example, you + // can't accept a handshake that was already accepted. + ErrCodeHandshakeAlreadyInStateException = "HandshakeAlreadyInStateException" + + // ErrCodeHandshakeConstraintViolationException for service response error code + // "HandshakeConstraintViolationException". + // + // The requested operation would violate the constraint identified in the reason + // code. + // + // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on + // the number of accounts in an organization. Note: deleted and closed accounts + // still count toward your limit. + // + // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of + // handshakes you can send in one day. + // + // * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because + // the invited account is already a member of an organization. + // + // * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid + // because the organization has already enabled all features. + // + // * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You cannot issue new invitations + // to join an organization while it is in the process of enabling all features. + // You can resume inviting accounts after you finalize the process when all + // accounts have agreed to the change. + // + // * PAYMENT_INSTRUMENT_REQUIRED: You cannot complete the operation with + // an account that does not have a payment instrument, such as a credit card, + // associated with it. + // + // * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because + // the account is from a different marketplace than the accounts in the organization. + // For example, accounts with India addresses must be associated with the + // AISPL marketplace. All accounts in an organization must be from the same + // marketplace. + // + // * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to + // change the membership of an account too quickly after its previous change. + ErrCodeHandshakeConstraintViolationException = "HandshakeConstraintViolationException" + + // ErrCodeHandshakeNotFoundException for service response error code + // "HandshakeNotFoundException". + // + // We can't find a handshake with the HandshakeId that you specified. + ErrCodeHandshakeNotFoundException = "HandshakeNotFoundException" + + // ErrCodeInvalidHandshakeTransitionException for service response error code + // "InvalidHandshakeTransitionException". + // + // You can't perform the operation on the handshake in its current state. For + // example, you can't cancel a handshake that was already accepted, or accept + // a handshake that was already declined. + ErrCodeInvalidHandshakeTransitionException = "InvalidHandshakeTransitionException" + + // ErrCodeInvalidInputException for service response error code + // "InvalidInputException". + // + // The requested operation failed because you provided invalid values for one + // or more of the request parameters. This exception includes a reason that + // contains additional information about the violated limit: + // + // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, + // organization, or email) as a party. + // + // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the + // organization. + // + // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. + // + // * INVALID_ENUM: You specified a value that is not valid for that parameter. + // + // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains + // at least one invalid value. + // + // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer + // than allowed. + // + // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger + // value than allowed. + // + // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter + // than allowed. + // + // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller + // value than allowed. + // + // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and + // cannot be modified. + // + // * INVALID_PATTERN: You provided a value that doesn't match the required + // pattern. + // + // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't + // match the required pattern. + // + // * INPUT_REQUIRED: You must include a value for all required parameters. + // + // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter + // from the response to a previous call of the operation. + // + // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter + // for the operation. + // + // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only + // between entities in the same root. + ErrCodeInvalidInputException = "InvalidInputException" + + // ErrCodeMalformedPolicyDocumentException for service response error code + // "MalformedPolicyDocumentException". + // + // The provided policy document does not meet the requirements of the specified + // policy type. For example, the syntax might be incorrect. For details about + // service control policy syntax, see Service Control Policy Syntax (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) + // in the AWS Organizations User Guide. + ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocumentException" + + // ErrCodeMasterCannotLeaveOrganizationException for service response error code + // "MasterCannotLeaveOrganizationException". + // + // You can't remove a master account from an organization. If you want the master + // account to become a member account in another organization, you must first + // delete the current organization of the master account. + ErrCodeMasterCannotLeaveOrganizationException = "MasterCannotLeaveOrganizationException" + + // ErrCodeOrganizationNotEmptyException for service response error code + // "OrganizationNotEmptyException". + // + // The organization isn't empty. To delete an organization, you must first remove + // all accounts except the master account, delete all organizational units (OUs), + // and delete all policies. + ErrCodeOrganizationNotEmptyException = "OrganizationNotEmptyException" + + // ErrCodeOrganizationalUnitNotEmptyException for service response error code + // "OrganizationalUnitNotEmptyException". + // + // The specified organizational unit (OU) is not empty. Move all accounts to + // another root or to other OUs, remove all child OUs, and then try the operation + // again. + ErrCodeOrganizationalUnitNotEmptyException = "OrganizationalUnitNotEmptyException" + + // ErrCodeOrganizationalUnitNotFoundException for service response error code + // "OrganizationalUnitNotFoundException". + // + // We can't find an organizational unit (OU) with the OrganizationalUnitId that + // you specified. + ErrCodeOrganizationalUnitNotFoundException = "OrganizationalUnitNotFoundException" + + // ErrCodeParentNotFoundException for service response error code + // "ParentNotFoundException". + // + // We can't find a root or organizational unit (OU) with the ParentId that you + // specified. + ErrCodeParentNotFoundException = "ParentNotFoundException" + + // ErrCodePolicyInUseException for service response error code + // "PolicyInUseException". + // + // The policy is attached to one or more entities. You must detach it from all + // roots, organizational units (OUs), and accounts before performing this operation. + ErrCodePolicyInUseException = "PolicyInUseException" + + // ErrCodePolicyNotAttachedException for service response error code + // "PolicyNotAttachedException". + // + // The policy isn't attached to the specified target in the specified root. + ErrCodePolicyNotAttachedException = "PolicyNotAttachedException" + + // ErrCodePolicyNotFoundException for service response error code + // "PolicyNotFoundException". + // + // We can't find a policy with the PolicyId that you specified. + ErrCodePolicyNotFoundException = "PolicyNotFoundException" + + // ErrCodePolicyTypeAlreadyEnabledException for service response error code + // "PolicyTypeAlreadyEnabledException". + // + // The specified policy type is already enabled in the specified root. + ErrCodePolicyTypeAlreadyEnabledException = "PolicyTypeAlreadyEnabledException" + + // ErrCodePolicyTypeNotAvailableForOrganizationException for service response error code + // "PolicyTypeNotAvailableForOrganizationException". + // + // You can't use the specified policy type with the feature set currently enabled + // for this organization. For example, you can enable service control policies + // (SCPs) only after you enable all features in the organization. For more information, + // see Enabling and Disabling a Policy Type on a Root (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root) + // in the AWS Organizations User Guide. + ErrCodePolicyTypeNotAvailableForOrganizationException = "PolicyTypeNotAvailableForOrganizationException" + + // ErrCodePolicyTypeNotEnabledException for service response error code + // "PolicyTypeNotEnabledException". + // + // The specified policy type is not currently enabled in this root. You cannot + // attach policies of the specified type to entities in a root until you enable + // that type in the root. For more information, see Enabling All Features in + // Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) + // in the AWS Organizations User Guide. + ErrCodePolicyTypeNotEnabledException = "PolicyTypeNotEnabledException" + + // ErrCodeRootNotFoundException for service response error code + // "RootNotFoundException". + // + // We can't find a root with the RootId that you specified. + ErrCodeRootNotFoundException = "RootNotFoundException" + + // ErrCodeServiceException for service response error code + // "ServiceException". + // + // AWS Organizations can't complete your request because of an internal service + // error. Try again later. + ErrCodeServiceException = "ServiceException" + + // ErrCodeSourceParentNotFoundException for service response error code + // "SourceParentNotFoundException". + // + // We can't find a source root or OU with the ParentId that you specified. + ErrCodeSourceParentNotFoundException = "SourceParentNotFoundException" + + // ErrCodeTargetNotFoundException for service response error code + // "TargetNotFoundException". + // + // We can't find a root, OU, or account with the TargetId that you specified. + ErrCodeTargetNotFoundException = "TargetNotFoundException" + + // ErrCodeTooManyRequestsException for service response error code + // "TooManyRequestsException". + // + // You've sent too many requests in too short a period of time. The limit helps + // protect against denial-of-service attacks. Try again later. + ErrCodeTooManyRequestsException = "TooManyRequestsException" +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/service.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/service.go new file mode 100644 index 000000000000..0ca4f04f13d2 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/service.go @@ -0,0 +1,95 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package organizations + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +// Organizations provides the API operation methods for making requests to +// AWS Organizations. See this package's package overview docs +// for details on the service. +// +// Organizations methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type Organizations struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "organizations" // Service endpoint prefix API calls made to. + EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata. +) + +// New creates a new instance of the Organizations client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// // Create a Organizations client from just a session. +// svc := organizations.New(mySession) +// +// // Create a Organizations client with additional configuration +// svc := organizations.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *Organizations { + c := p.ClientConfig(EndpointsID, cfgs...) + return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *Organizations { + svc := &Organizations{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + SigningName: signingName, + SigningRegion: signingRegion, + Endpoint: endpoint, + APIVersion: "2016-11-28", + JSONVersion: "1.1", + TargetPrefix: "AWSOrganizationsV20161128", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a Organizations operation and runs any +// custom request initialization. +func (c *Organizations) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/vendor.json b/vendor/vendor.json index aa2c663ea184..8cb0168f3602 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -570,6 +570,14 @@ "version": "v1.8.41", "versionExact": "v1.8.41" }, + { + "checksumSHA1": "oj67eX/Zr0m9J4VEvm+oSGipqcc=", + "path": "github.com/aws/aws-sdk-go/service/organizations", + "revision": "47ba3b0518c83189f3a1c95d20fc22f267e02ed3", + "revisionTime": "2017-06-13T17:42:44Z", + "version": "v1.8.41", + "versionExact": "v1.8.41" + }, { "checksumSHA1": "gCTZVPwRzFgt+Ve9KKtp7SAgzx4=", "path": "github.com/aws/aws-sdk-go/service/rds", diff --git a/website/docs/r/organization.html.markdown b/website/docs/r/organization.html.markdown new file mode 100644 index 000000000000..d6616ff4e1f7 --- /dev/null +++ b/website/docs/r/organization.html.markdown @@ -0,0 +1,33 @@ +--- +layout: "aws" +page_title: "AWS: aws_organization +sidebar_current: "docs-aws-resource-organization|" +description: |- + Provides a resource to create an organization. +--- + +# aws\_organization + +Provides a resource to create an organization. + +## Example Usage: + +```hcl +resource "aws_organization" "org" { + feature_set = "ALL" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `feature_set` - (Optional) Specify "ALL" (default) or "CONSOLIDATED_BILLING. + +## Import + +The AWS organization can be imported by using the `account_id`, e.g. + +``` +$ terraform import aws_organization.my_org 111111111111 +``` From a46370887a0466959a7a853708ec1be69b927da3 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 27 Jun 2017 06:54:23 -0400 Subject: [PATCH 02/16] Style fixes. --- aws/resource_aws_organization.go | 1 - aws/resource_aws_organization_test.go | 1 - website/docs/r/organization.html.markdown | 2 +- 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organization.go index 8a02e9218c13..86d64d17499b 100644 --- a/aws/resource_aws_organization.go +++ b/aws/resource_aws_organization.go @@ -100,5 +100,4 @@ func resourceAwsOrganizationDelete(d *schema.ResourceData, meta interface{}) err } return nil - } diff --git a/aws/resource_aws_organization_test.go b/aws/resource_aws_organization_test.go index 3c8ff1672e55..f57ea2f6f523 100644 --- a/aws/resource_aws_organization_test.go +++ b/aws/resource_aws_organization_test.go @@ -51,7 +51,6 @@ func testAccCheckAWSOrganizationDestroy(s *terraform.State) error { } return nil - } func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) resource.TestCheckFunc { diff --git a/website/docs/r/organization.html.markdown b/website/docs/r/organization.html.markdown index d6616ff4e1f7..2094032262bb 100644 --- a/website/docs/r/organization.html.markdown +++ b/website/docs/r/organization.html.markdown @@ -22,7 +22,7 @@ resource "aws_organization" "org" { The following arguments are supported: -* `feature_set` - (Optional) Specify "ALL" (default) or "CONSOLIDATED_BILLING. +* `feature_set` - (Optional) Specify "ALL" (default) or "CONSOLIDATED_BILLING". ## Import From 878b1c3e9eaa91f6d225175eb725ccc50221afc7 Mon Sep 17 00:00:00 2001 From: Ninir Date: Tue, 11 Jul 2017 21:53:19 +0200 Subject: [PATCH 03/16] Added more debug, fixed CS issues, added missing ERB section --- aws/config.go | 4 +-- aws/resource_aws_organization.go | 30 ++++++++++------- aws/resource_aws_organization_test.go | 46 +++++++++++++++++++++++---- website/aws.erb | 10 ++++++ 4 files changed, 70 insertions(+), 20 deletions(-) diff --git a/aws/config.go b/aws/config.go index 76ecabbb892d..ba0bbd4c89d7 100644 --- a/aws/config.go +++ b/aws/config.go @@ -166,7 +166,7 @@ type AWSClient struct { lambdaconn *lambda.Lambda lightsailconn *lightsail.Lightsail opsworksconn *opsworks.OpsWorks - orgsconn *organizations.Organizations + organizationsconn *organizations.Organizations glacierconn *glacier.Glacier codebuildconn *codebuild.CodeBuild codedeployconn *codedeploy.CodeDeploy @@ -371,7 +371,7 @@ func (c *Config) Client() (interface{}, error) { client.lambdaconn = lambda.New(sess) client.lightsailconn = lightsail.New(sess) client.opsworksconn = opsworks.New(sess) - client.orgsconn = organizations.New(sess) + client.organizationsconn = organizations.New(sess) client.r53conn = route53.New(r53Sess) client.rdsconn = rds.New(awsRdsSess) client.redshiftconn = redshift.New(sess) diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organization.go index 86d64d17499b..b43a60316894 100644 --- a/aws/resource_aws_organization.go +++ b/aws/resource_aws_organization.go @@ -21,19 +21,19 @@ func resourceAwsOrganization() *schema.Resource { }, Schema: map[string]*schema.Schema{ - "arn": &schema.Schema{ + "arn": { Type: schema.TypeString, Computed: true, }, - "master_account_arn": &schema.Schema{ + "master_account_arn": { Type: schema.TypeString, Computed: true, }, - "master_account_email": &schema.Schema{ + "master_account_email": { Type: schema.TypeString, Computed: true, }, - "master_account_id": &schema.Schema{ + "master_account_id": { Type: schema.TypeString, Computed: true, }, @@ -41,27 +41,25 @@ func resourceAwsOrganization() *schema.Resource { Type: schema.TypeString, Optional: true, Default: "ALL", - ValidateFunc: validation.StringInSlice([]string{"ALL", "CONSOLIDATED_BILLING"}, true), + ValidateFunc: validation.StringInSlice([]string{organizations.OrganizationFeatureSetAll, organizations.OrganizationFeatureSetConsolidatedBilling}, true), }, }, } } func resourceAwsOrganizationCreate(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*AWSClient).orgsconn + conn := meta.(*AWSClient).organizationsconn - // Create the organization createOpts := &organizations.CreateOrganizationInput{ FeatureSet: aws.String(d.Get("feature_set").(string)), } - log.Printf("[DEBUG] Organization create config: %#v", createOpts) + log.Printf("[DEBUG] Creating Organization: %#v", createOpts) resp, err := conn.CreateOrganization(createOpts) if err != nil { return fmt.Errorf("Error creating organization: %s", err) } - // Get the ID and store it org := resp.Organization d.SetId(*org.Id) log.Printf("[INFO] Organization ID: %s", d.Id()) @@ -70,10 +68,13 @@ func resourceAwsOrganizationCreate(d *schema.ResourceData, meta interface{}) err } func resourceAwsOrganizationRead(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*AWSClient).orgsconn + conn := meta.(*AWSClient).organizationsconn + + log.Printf("[INFO] Reading Organization: %s", d.Id()) org, err := conn.DescribeOrganization(&organizations.DescribeOrganizationInput{}) if err != nil { if orgerr, ok := err.(awserr.Error); ok && orgerr.Code() == "AWSOrganizationsNotInUseException" { + log.Printf("[WARN] Organization does not exist, removing from state: %s", d.Id()) d.SetId("") return nil } @@ -93,11 +94,16 @@ func resourceAwsOrganizationUpdate(d *schema.ResourceData, meta interface{}) err } func resourceAwsOrganizationDelete(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*AWSClient).orgsconn + conn := meta.(*AWSClient).organizationsconn + + log.Printf("[INFO] Deleting Organization: %s", d.Id()) + _, err := conn.DeleteOrganization(&organizations.DeleteOrganizationInput{}) if err != nil { - return err + return fmt.Errorf("Error deleting Organization: %s", err) } + d.SetId("") + return nil } diff --git a/aws/resource_aws_organization_test.go b/aws/resource_aws_organization_test.go index f57ea2f6f523..f8eb42846479 100644 --- a/aws/resource_aws_organization_test.go +++ b/aws/resource_aws_organization_test.go @@ -12,7 +12,30 @@ import ( func TestAccAWSOrganization_basic(t *testing.T) { var organization organizations.Organization - feature_set := "CONSOLIDATED_BILLING" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSOrganizationDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSOrganizationConfig(), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSOrganizationExists("aws_organization.test", &organization), + resource.TestCheckResourceAttr("aws_organization.test", "feature_set", organizations.OrganizationFeatureSetAll), + resource.TestCheckResourceAttrSet("aws_organization.test", "arn"), + resource.TestCheckResourceAttrSet("aws_organization.test", "master_account_arn"), + resource.TestCheckResourceAttrSet("aws_organization.test", "master_account_email"), + resource.TestCheckResourceAttrSet("aws_organization.test", "feature_set"), + ), + }, + }, + }) +} + +func TestAccAWSOrganization_consolidatedBilling(t *testing.T) { + var organization organizations.Organization + + feature_set := organizations.OrganizationFeatureSetConsolidatedBilling resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -20,9 +43,10 @@ func TestAccAWSOrganization_basic(t *testing.T) { CheckDestroy: testAccCheckAWSOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationConfig(feature_set), + Config: testAccAWSOrganizationConfigConsolidatedBilling(feature_set), Check: resource.ComposeTestCheckFunc( testAccCheckAWSOrganizationExists("aws_organization.test", &organization), + resource.TestCheckResourceAttr("aws_organization.test", "feature_set", feature_set), ), }, }, @@ -30,7 +54,7 @@ func TestAccAWSOrganization_basic(t *testing.T) { } func testAccCheckAWSOrganizationDestroy(s *terraform.State) error { - conn := testAccProvider.Meta().(*AWSClient).orgsconn + conn := testAccProvider.Meta().(*AWSClient).organizationsconn for _, rs := range s.RootModule().Resources { if rs.Type != "aws_organization" { @@ -60,7 +84,11 @@ func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) return fmt.Errorf("Not found: %s", n) } - conn := testAccProvider.Meta().(*AWSClient).orgsconn + if rs.Primary.ID == "" { + return fmt.Errorf("Organization ID not set") + } + + conn := testAccProvider.Meta().(*AWSClient).organizationsconn params := &organizations.DescribeOrganizationInput{} resp, err := conn.DescribeOrganization(params) @@ -70,7 +98,7 @@ func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) } if resp.Organization == nil { - return fmt.Errorf("Bad: Organization %q does not exist", rs.Primary.ID) + return fmt.Errorf("Organization %q does not exist", rs.Primary.ID) } a = resp.Organization @@ -79,7 +107,13 @@ func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) } } -func testAccAWSOrganizationConfig(feature_set string) string { +func testAccAWSOrganizationConfig() string { + return fmt.Sprintf(` +resource "aws_organization" "test" {} +`) +} + +func testAccAWSOrganizationConfigConsolidatedBilling(feature_set string) string { return fmt.Sprintf(` resource "aws_organization" "test" { feature_set = "%s" diff --git a/website/aws.erb b/website/aws.erb index 3b974d574fc6..18cd5e690df4 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -1036,6 +1036,16 @@ + > + Organization Resources + + + > RDS Resources
    From 9288b29c44a8b9609313fbabc194102f895bcc5a Mon Sep 17 00:00:00 2001 From: Ninir Date: Tue, 11 Jul 2017 20:24:25 +0000 Subject: [PATCH 04/16] Upgraded AWS organization vendor to last version --- .../aws-sdk-go/service/organizations/api.go | 444 ++++++++++++++++-- .../service/organizations/errors.go | 24 +- vendor/vendor.json | 10 +- 3 files changed, 423 insertions(+), 55 deletions(-) diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go index b732cc76d4da..dc6b91a53fdb 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go @@ -76,6 +76,9 @@ func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req // in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) // in the AWS Organizations User Guide. // +// After you accept a handshake, it continues to appear in the results of relevant +// APIs for only 30 days. After that it is deleted. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -157,6 +160,9 @@ func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -344,8 +350,14 @@ func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *requ // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -367,8 +379,15 @@ func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *requ // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -406,6 +425,9 @@ func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *requ // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -536,6 +558,9 @@ func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req // instead. After a handshake is canceled, the recipient can no longer respond // to that handshake. // +// After you cancel a handshake, it continues to appear in the results of relevant +// APIs for only 30 days. After that it is deleted. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -551,6 +576,10 @@ func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req // Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) // in the IAM User Guide. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" // We can't find a handshake with the HandshakeId that you specified. // @@ -578,6 +607,9 @@ func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -737,6 +769,10 @@ func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *re // Your account is not a member of an organization. To make this request, you // must use the credentials of an account that belongs to an organization. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeConstraintViolationException "ConstraintViolationException" // Performing this operation violates a minimum or maximum value limit. For // example, attempting to removing the last SCP from an OU or root, inviting @@ -745,8 +781,14 @@ func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *re // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -768,8 +810,15 @@ func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *re // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -804,6 +853,9 @@ func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *re // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -964,8 +1016,14 @@ func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -987,8 +1045,15 @@ func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -1023,6 +1088,9 @@ func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -1163,6 +1231,10 @@ func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizatio // Your account is not a member of an organization. To make this request, you // must use the credentials of an account that belongs to an organization. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeConstraintViolationException "ConstraintViolationException" // Performing this operation violates a minimum or maximum value limit. For // example, attempting to removing the last SCP from an OU or root, inviting @@ -1171,8 +1243,14 @@ func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizatio // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -1194,8 +1272,15 @@ func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizatio // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -1233,6 +1318,9 @@ func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizatio // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -1386,8 +1474,14 @@ func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *requ // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -1409,8 +1503,15 @@ func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *requ // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -1448,6 +1549,9 @@ func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *requ // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -1579,6 +1683,9 @@ func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (r // can't reactivate a declined request, but can re-initiate the process with // a new handshake request. // +// After you decline a handshake, it continues to appear in the results of relevant +// APIs for only 30 days. After that it is deleted. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1594,6 +1701,10 @@ func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (r // Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) // in the IAM User Guide. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" // We can't find a handshake with the HandshakeId that you specified. // @@ -1621,6 +1732,9 @@ func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (r // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -1779,6 +1893,9 @@ func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -1939,6 +2056,9 @@ func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizatio // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -2103,6 +2223,9 @@ func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *requ // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -2263,6 +2386,9 @@ func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -2415,6 +2541,9 @@ func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreate // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -2529,6 +2658,10 @@ func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) // ID comes from the response to the original InviteAccountToOrganization operation // that generated the handshake. // +// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only +// 30 days after they change to that state. They are then deleted and no longer +// accessible. +// // This operation can be called from any account in the organization. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2546,6 +2679,10 @@ func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) // Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) // in the IAM User Guide. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" // We can't find a handshake with the HandshakeId that you specified. // @@ -2564,6 +2701,9 @@ func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -2698,6 +2838,10 @@ func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationI // Your account is not a member of an organization. To make this request, you // must use the credentials of an account that belongs to an organization. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeServiceException "ServiceException" // AWS Organizations can't complete your request because of an internal service // error. Try again later. @@ -2811,6 +2955,9 @@ func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganiz // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -2963,6 +3110,9 @@ func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req * // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -3125,8 +3275,14 @@ func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *requ // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -3148,8 +3304,15 @@ func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *requ // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -3184,6 +3347,9 @@ func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *requ // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -3342,8 +3508,14 @@ func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -3365,8 +3537,15 @@ func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -3401,6 +3580,9 @@ func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -3568,6 +3750,10 @@ func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) // Your account is not a member of an organization. To make this request, you // must use the credentials of an account that belongs to an organization. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" // The requested operation would violate the constraint identified in the reason // code. @@ -3618,6 +3804,9 @@ func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -3765,8 +3954,14 @@ func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (r // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -3788,8 +3983,15 @@ func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (r // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -3824,6 +4026,9 @@ func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (r // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -3952,6 +4157,13 @@ func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountT // is associated with the other account's owner. The invitation is implemented // as a Handshake whose details are in the response. // +// You can invite AWS accounts only from the same reseller as the master account. +// For example, if your organization's master account was created by Amazon +// Internet Services Pvt. Ltd (AISPL), an AWS reseller in India, then you can +// only invite other AISPL accounts to your organization. You can't combine +// accounts from AISPL and AWS. For more information, see Consolidated Billing +// in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html). +// // This operation can be called only from the organization's master account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3973,6 +4185,10 @@ func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountT // Your account is not a member of an organization. To make this request, you // must use the credentials of an account that belongs to an organization. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" // The requested operation would violate the constraint identified in the reason // code. @@ -4030,6 +4246,9 @@ func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountT // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -4158,6 +4377,14 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // can do, including preventing them from successfully calling LeaveOrganization // and leaving the organization. // +// If you created the account using the AWS Organizations console, the Organizations +// API, or the Organizations CLI commands, then you cannot remove the account. +// +// You can leave an organization only after you enable IAM user access to billing +// in your account. For more information, see Activating Access to the Billing +// and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) +// in the AWS Billing and Cost Management User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4194,8 +4421,14 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -4217,8 +4450,15 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -4253,6 +4493,9 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -4413,6 +4656,9 @@ func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *requ // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -4620,6 +4866,9 @@ func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParen // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -4828,6 +5077,9 @@ func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *requ // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -5037,6 +5289,9 @@ func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountS // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -5206,6 +5461,10 @@ func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesFor // Lists the current handshakes that are associated with the account of the // requesting user. // +// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results +// of this API for only 30 days after changing to that state. After that they +// are deleted and no longer accessible. +// // This operation can be called from any account in the organization. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5223,6 +5482,10 @@ func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesFor // Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) // in the IAM User Guide. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeInvalidInputException "InvalidInputException" // The requested operation failed because you provided invalid values for one // or more of the request parameters. This exception includes a reason that @@ -5238,6 +5501,9 @@ func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesFor // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -5409,6 +5675,10 @@ func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshak // of handshake structures. Each structure contains details and status about // a handshake. // +// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results +// of this API for only 30 days after changing to that state. After that they +// are deleted and no longer accessible. +// // This operation can be called only from the organization's master account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5430,6 +5700,10 @@ func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshak // Your account is not a member of an organization. To make this request, you // must use the credentials of an account that belongs to an organization. // +// * ErrCodeConcurrentModificationException "ConcurrentModificationException" +// The target of the operation is currently being modified by a different request. +// Try again later. +// // * ErrCodeInvalidInputException "InvalidInputException" // The requested operation failed because you provided invalid values for one // or more of the request parameters. This exception includes a reason that @@ -5445,6 +5719,9 @@ func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshak // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -5649,6 +5926,9 @@ func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrgan // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -5865,6 +6145,9 @@ func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *reques // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -6069,6 +6352,9 @@ func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *requ // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -6275,6 +6561,9 @@ func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTarge // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -6482,6 +6771,9 @@ func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Re // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -6686,6 +6978,9 @@ func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyI // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -6886,6 +7181,9 @@ func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *reques // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -7032,8 +7330,15 @@ func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccoun // This operation can be called only from the organization's master account. // Member accounts can remove themselves with LeaveOrganization instead. // -// You can remove only existing accounts that were invited to join the organization. -// You cannot remove accounts that were created by AWS Organizations. +// You can remove only accounts that were created outside your organization +// and invited to join. If you created the account using the AWS Organizations +// console, the Organizations API, or the Organizations CLI commands, then you +// cannot remove the account. +// +// You can remove a member account only after you enable IAM user access to +// billing in the member account. For more information, see Activating Access +// to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) +// in the AWS Billing and Cost Management User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7071,8 +7376,14 @@ func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccoun // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -7094,8 +7405,15 @@ func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccoun // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -7130,6 +7448,9 @@ func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccoun // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -7292,6 +7613,9 @@ func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizatio // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -7443,8 +7767,14 @@ func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *requ // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number -// of accounts in an organization. Note: deleted and closed accounts still count -// toward your limit. +// of accounts in an organization. If you need more accounts, contact AWS Support +// to request an increase in your limit. +// +// Or, The number of invitations that you tried to send would cause you to exceed +// the limit of accounts in your organization. Send fewer invitations, or contact +// AWS Support to request an increase in the number of accounts. +// +// Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -7466,8 +7796,15 @@ func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *requ // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account -// from an organization that was created from within organizations. +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account +// from the organization that does not yet have enough information to exist +// as a stand-alone account. This account requires you to first agree to +// the End-User License Agreement (EULA). +// +// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove +// an account from the organization that does not yet have enough information +// to exist as a stand-alone account. This account requires you to first +// complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -7505,6 +7842,9 @@ func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *requ // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // +// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid +// characters. +// // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // @@ -9339,6 +9679,9 @@ func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput { // master account (the originator) invites another account (the recipient) to // join its organization, the two accounts exchange information as a series // of handshake requests and responses. +// +// Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists +// for only 30 days after entering that state After that they are deleted. // Please also see https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Handshake type Handshake struct { _ struct{} `type:"structure"` @@ -12016,6 +12359,12 @@ const ( // ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION" + // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA" + + // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION" + // ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" @@ -12196,6 +12545,9 @@ const ( // InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS" + + // InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value + InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET" ) const ( diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go index af7c2d646d64..3e96957c555d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go @@ -60,8 +60,14 @@ const ( // contains additional information about the violated limit: // // ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number - // of accounts in an organization. Note: deleted and closed accounts still count - // toward your limit. + // of accounts in an organization. If you need more accounts, contact AWS Support + // to request an increase in your limit. + // + // Or, The number of invitations that you tried to send would cause you to exceed + // the limit of accounts in your organization. Send fewer invitations, or contact + // AWS Support to request an increase in the number of accounts. + // + // Note: deleted and closed accounts still count toward your limit. // // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of // handshakes you can send in one day. @@ -83,8 +89,15 @@ const ( // policy from an entity that would cause the entity to have fewer than the // minimum number of policies of a certain type required. // - // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove an account - // from an organization that was created from within organizations. + // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account + // from the organization that does not yet have enough information to exist + // as a stand-alone account. This account requires you to first agree to + // the End-User License Agreement (EULA). + // + // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove + // an account from the organization that does not yet have enough information + // to exist as a stand-alone account. This account requires you to first + // complete phone verification. // // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization // with this account, you first must associate a payment instrument, such @@ -236,6 +249,9 @@ const ( // // * INVALID_ENUM: You specified a value that is not valid for that parameter. // + // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid + // characters. + // // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains // at least one invalid value. // diff --git a/vendor/vendor.json b/vendor/vendor.json index 8cb0168f3602..727d1ecc7a03 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -571,12 +571,12 @@ "versionExact": "v1.8.41" }, { - "checksumSHA1": "oj67eX/Zr0m9J4VEvm+oSGipqcc=", + "checksumSHA1": "6T1CMxJtRWzOw3rArSKnzlq4eZg=", "path": "github.com/aws/aws-sdk-go/service/organizations", - "revision": "47ba3b0518c83189f3a1c95d20fc22f267e02ed3", - "revisionTime": "2017-06-13T17:42:44Z", - "version": "v1.8.41", - "versionExact": "v1.8.41" + "revision": "b1a7b51924b90a6ecdbaeb17e96418740ff07a1e", + "revisionTime": "2017-07-06T22:38:36Z", + "version": "=v1.10.8", + "versionExact": "v1.10.8" }, { "checksumSHA1": "gCTZVPwRzFgt+Ve9KKtp7SAgzx4=", From 54f122bfb5a984805b2290e1199470fdaed91fb4 Mon Sep 17 00:00:00 2001 From: Ninir Date: Tue, 11 Jul 2017 22:05:49 +0200 Subject: [PATCH 05/16] Added Organization import test --- aws/import_aws_organization_test.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 aws/import_aws_organization_test.go diff --git a/aws/import_aws_organization_test.go b/aws/import_aws_organization_test.go new file mode 100644 index 000000000000..3b9499471882 --- /dev/null +++ b/aws/import_aws_organization_test.go @@ -0,0 +1,28 @@ +package aws + +import ( + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccAWSOrganizationImportBasic(t *testing.T) { + resourceName := "aws_organization.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSOrganizationDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSOrganizationConfig(), + }, + + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} From 5d70149366e0f19e095fba1a4f2750d5c9ec4232 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 19:40:59 -0500 Subject: [PATCH 06/16] Resource, as written, does not support updates so clean up. --- aws/resource_aws_organization.go | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organization.go index b43a60316894..c063f0f76665 100644 --- a/aws/resource_aws_organization.go +++ b/aws/resource_aws_organization.go @@ -14,7 +14,6 @@ func resourceAwsOrganization() *schema.Resource { return &schema.Resource{ Create: resourceAwsOrganizationCreate, Read: resourceAwsOrganizationRead, - Update: resourceAwsOrganizationUpdate, Delete: resourceAwsOrganizationDelete, Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, @@ -40,6 +39,7 @@ func resourceAwsOrganization() *schema.Resource { "feature_set": { Type: schema.TypeString, Optional: true, + ForceNew: true, Default: "ALL", ValidateFunc: validation.StringInSlice([]string{organizations.OrganizationFeatureSetAll, organizations.OrganizationFeatureSetConsolidatedBilling}, true), }, @@ -64,7 +64,7 @@ func resourceAwsOrganizationCreate(d *schema.ResourceData, meta interface{}) err d.SetId(*org.Id) log.Printf("[INFO] Organization ID: %s", d.Id()) - return resourceAwsOrganizationUpdate(d, meta) + return resourceAwsOrganizationRead(d, meta) } func resourceAwsOrganizationRead(d *schema.ResourceData, meta interface{}) error { @@ -89,10 +89,6 @@ func resourceAwsOrganizationRead(d *schema.ResourceData, meta interface{}) error return nil } -func resourceAwsOrganizationUpdate(d *schema.ResourceData, meta interface{}) error { - return resourceAwsOrganizationRead(d, meta) -} - func resourceAwsOrganizationDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).organizationsconn From b36c873aa6af6015b50f1919ea98e9541f60c904 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 19:47:16 -0500 Subject: [PATCH 07/16] Use constant from SDK rather than hard code the string. --- aws/resource_aws_organization.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organization.go index c063f0f76665..0199d5634410 100644 --- a/aws/resource_aws_organization.go +++ b/aws/resource_aws_organization.go @@ -40,7 +40,7 @@ func resourceAwsOrganization() *schema.Resource { Type: schema.TypeString, Optional: true, ForceNew: true, - Default: "ALL", + Default: organizations.OrganizationFeatureSetAll, ValidateFunc: validation.StringInSlice([]string{organizations.OrganizationFeatureSetAll, organizations.OrganizationFeatureSetConsolidatedBilling}, true), }, }, From 12c692dfd714b39ca6096818827fe6b76291bc52 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 19:51:10 -0500 Subject: [PATCH 08/16] Remove INFO log statement. --- aws/resource_aws_organization.go | 1 - 1 file changed, 1 deletion(-) diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organization.go index 0199d5634410..50e3a659b8a6 100644 --- a/aws/resource_aws_organization.go +++ b/aws/resource_aws_organization.go @@ -62,7 +62,6 @@ func resourceAwsOrganizationCreate(d *schema.ResourceData, meta interface{}) err org := resp.Organization d.SetId(*org.Id) - log.Printf("[INFO] Organization ID: %s", d.Id()) return resourceAwsOrganizationRead(d, meta) } From 1cb414ea48e3425942662a10399abb30313f22b3 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 19:59:47 -0500 Subject: [PATCH 09/16] Some small fixes based on review feedback. --- aws/resource_aws_organization.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organization.go index 50e3a659b8a6..81c69789a8da 100644 --- a/aws/resource_aws_organization.go +++ b/aws/resource_aws_organization.go @@ -3,7 +3,6 @@ package aws import ( "fmt" "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/organizations" "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/validation" @@ -72,7 +71,7 @@ func resourceAwsOrganizationRead(d *schema.ResourceData, meta interface{}) error log.Printf("[INFO] Reading Organization: %s", d.Id()) org, err := conn.DescribeOrganization(&organizations.DescribeOrganizationInput{}) if err != nil { - if orgerr, ok := err.(awserr.Error); ok && orgerr.Code() == "AWSOrganizationsNotInUseException" { + if isAWSErr(err, organizations.ErrCodeAWSOrganizationsNotInUseException, "") { log.Printf("[WARN] Organization does not exist, removing from state: %s", d.Id()) d.SetId("") return nil @@ -98,7 +97,5 @@ func resourceAwsOrganizationDelete(d *schema.ResourceData, meta interface{}) err return fmt.Errorf("Error deleting Organization: %s", err) } - d.SetId("") - return nil } From 306de02fabc86a35472a5c1d26d57357fa9510b7 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 20:07:50 -0500 Subject: [PATCH 10/16] Use goimports. --- aws/resource_aws_organization.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organization.go index 81c69789a8da..9b7838117c71 100644 --- a/aws/resource_aws_organization.go +++ b/aws/resource_aws_organization.go @@ -2,11 +2,12 @@ package aws import ( "fmt" + "log" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/organizations" "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/validation" - "log" ) func resourceAwsOrganization() *schema.Resource { From 31f379fafa9ba6517fde04c00e4a5f0a4182f8c8 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 20:08:41 -0500 Subject: [PATCH 11/16] Rename import test func. --- aws/import_aws_organization_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/import_aws_organization_test.go b/aws/import_aws_organization_test.go index 3b9499471882..2d456dcbadeb 100644 --- a/aws/import_aws_organization_test.go +++ b/aws/import_aws_organization_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform/helper/resource" ) -func TestAccAWSOrganizationImportBasic(t *testing.T) { +func TestAccAWSOrganization_importBasic(t *testing.T) { resourceName := "aws_organization.test" resource.Test(t, resource.TestCase{ From 153b7120edad0023111924616494b1b3b6c5d8b6 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 20:14:23 -0500 Subject: [PATCH 12/16] Enhance documentation. --- website/docs/r/organization.html.markdown | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/website/docs/r/organization.html.markdown b/website/docs/r/organization.html.markdown index 2094032262bb..ad848557abb5 100644 --- a/website/docs/r/organization.html.markdown +++ b/website/docs/r/organization.html.markdown @@ -6,7 +6,7 @@ description: |- Provides a resource to create an organization. --- -# aws\_organization +# aws_organization Provides a resource to create an organization. @@ -24,10 +24,20 @@ The following arguments are supported: * `feature_set` - (Optional) Specify "ALL" (default) or "CONSOLIDATED_BILLING". +## Attributes Reference + +The following additional attributes are exported: + +* `arn` - ARN of the organization +* `id` - Identifier of the organization +* `master_account_arn` - ARN of the master account +* `master_account_email` - Email address of the master account +* `master_account_id` - Identifier of the master account + ## Import The AWS organization can be imported by using the `account_id`, e.g. ``` -$ terraform import aws_organization.my_org 111111111111 +$ terraform import aws_organization.my_org o-1234567 ``` From 37d64f51db687bbf95496197e62547bdfbc913f5 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 20:27:35 -0500 Subject: [PATCH 13/16] Use a const instead of a func for test config. --- aws/import_aws_organization_test.go | 2 +- aws/resource_aws_organization_test.go | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/aws/import_aws_organization_test.go b/aws/import_aws_organization_test.go index 2d456dcbadeb..967e989b9bc3 100644 --- a/aws/import_aws_organization_test.go +++ b/aws/import_aws_organization_test.go @@ -15,7 +15,7 @@ func TestAccAWSOrganization_importBasic(t *testing.T) { CheckDestroy: testAccCheckAWSOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationConfig(), + Config: testAccAWSOrganizationConfig, }, { diff --git a/aws/resource_aws_organization_test.go b/aws/resource_aws_organization_test.go index f8eb42846479..750ed6cb4118 100644 --- a/aws/resource_aws_organization_test.go +++ b/aws/resource_aws_organization_test.go @@ -18,7 +18,7 @@ func TestAccAWSOrganization_basic(t *testing.T) { CheckDestroy: testAccCheckAWSOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationConfig(), + Config: testAccAWSOrganizationConfig, Check: resource.ComposeTestCheckFunc( testAccCheckAWSOrganizationExists("aws_organization.test", &organization), resource.TestCheckResourceAttr("aws_organization.test", "feature_set", organizations.OrganizationFeatureSetAll), @@ -107,11 +107,7 @@ func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) } } -func testAccAWSOrganizationConfig() string { - return fmt.Sprintf(` -resource "aws_organization" "test" {} -`) -} +const testAccAWSOrganizationConfig = "resource \"aws_organization\" \"test\" {}" func testAccAWSOrganizationConfigConsolidatedBilling(feature_set string) string { return fmt.Sprintf(` From c0a0c6121c34ee051a6f604723ba352452622fb8 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Tue, 20 Feb 2018 20:32:28 -0500 Subject: [PATCH 14/16] Fix error checking in tests. --- aws/resource_aws_organization_test.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/aws/resource_aws_organization_test.go b/aws/resource_aws_organization_test.go index 750ed6cb4118..5ae10a5ac97e 100644 --- a/aws/resource_aws_organization_test.go +++ b/aws/resource_aws_organization_test.go @@ -65,11 +65,14 @@ func testAccCheckAWSOrganizationDestroy(s *terraform.State) error { resp, err := conn.DescribeOrganization(params) - if err != nil || resp == nil { - return nil + if err != nil { + if isAWSErr(err, organizations.ErrCodeAWSOrganizationsNotInUseException, "") { + return nil + } + return err } - if resp.Organization != nil { + if resp != nil && resp.Organization != nil { return fmt.Errorf("Bad: Organization still exists: %q", rs.Primary.ID) } } @@ -93,11 +96,11 @@ func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) resp, err := conn.DescribeOrganization(params) - if err != nil || resp == nil { - return nil + if err != nil { + return err } - if resp.Organization == nil { + if resp == nil || resp.Organization == nil { return fmt.Errorf("Organization %q does not exist", rs.Primary.ID) } From a53e483708042075976c5484d95ca847b62faf99 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Thu, 22 Feb 2018 19:02:47 -0500 Subject: [PATCH 15/16] Rename resource from aws_organization to aws_organizations_organization and update all the other function names so they match. --- ...rt_aws_organizations_organization_test.go} | 8 ++-- aws/provider.go | 2 +- ...esource_aws_organizations_organization.go} | 16 ++++---- ...ce_aws_organizations_organization_test.go} | 40 +++++++++---------- website/aws.erb | 8 ++-- ... organizations_organization.html.markdown} | 12 +++--- 6 files changed, 43 insertions(+), 43 deletions(-) rename aws/{import_aws_organization_test.go => import_aws_organizations_organization_test.go} (59%) rename aws/{resource_aws_organization.go => resource_aws_organizations_organization.go} (80%) rename aws/{resource_aws_organization_test.go => resource_aws_organizations_organization_test.go} (52%) rename website/docs/r/{organization.html.markdown => organizations_organization.html.markdown} (67%) diff --git a/aws/import_aws_organization_test.go b/aws/import_aws_organizations_organization_test.go similarity index 59% rename from aws/import_aws_organization_test.go rename to aws/import_aws_organizations_organization_test.go index 967e989b9bc3..9590c0fc46be 100644 --- a/aws/import_aws_organization_test.go +++ b/aws/import_aws_organizations_organization_test.go @@ -6,16 +6,16 @@ import ( "github.com/hashicorp/terraform/helper/resource" ) -func TestAccAWSOrganization_importBasic(t *testing.T) { - resourceName := "aws_organization.test" +func TestAccAWSOrganizationsOrganization_importBasic(t *testing.T) { + resourceName := "aws_organizations_organization.test" resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSOrganizationDestroy, + CheckDestroy: testAccCheckAWSOrganizationsOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationConfig, + Config: testAccAWSOrganizationsOrganizationConfig, }, { diff --git a/aws/provider.go b/aws/provider.go index 8a57d3c30f12..fdb4481b5451 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -454,7 +454,7 @@ func Provider() terraform.ResourceProvider { "aws_opsworks_user_profile": resourceAwsOpsworksUserProfile(), "aws_opsworks_permission": resourceAwsOpsworksPermission(), "aws_opsworks_rds_db_instance": resourceAwsOpsworksRdsDbInstance(), - "aws_organization": resourceAwsOrganization(), + "aws_organizations_organization": resourceAwsOrganizationsOrganization(), "aws_placement_group": resourceAwsPlacementGroup(), "aws_proxy_protocol_policy": resourceAwsProxyProtocolPolicy(), "aws_rds_cluster": resourceAwsRDSCluster(), diff --git a/aws/resource_aws_organization.go b/aws/resource_aws_organizations_organization.go similarity index 80% rename from aws/resource_aws_organization.go rename to aws/resource_aws_organizations_organization.go index 9b7838117c71..c05c46d9f9ab 100644 --- a/aws/resource_aws_organization.go +++ b/aws/resource_aws_organizations_organization.go @@ -10,11 +10,11 @@ import ( "github.com/hashicorp/terraform/helper/validation" ) -func resourceAwsOrganization() *schema.Resource { +func resourceAwsOrganizationsOrganization() *schema.Resource { return &schema.Resource{ - Create: resourceAwsOrganizationCreate, - Read: resourceAwsOrganizationRead, - Delete: resourceAwsOrganizationDelete, + Create: resourceAwsOrganizationsOrganizationCreate, + Read: resourceAwsOrganizationsOrganizationRead, + Delete: resourceAwsOrganizationsOrganizationDelete, Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, }, @@ -47,7 +47,7 @@ func resourceAwsOrganization() *schema.Resource { } } -func resourceAwsOrganizationCreate(d *schema.ResourceData, meta interface{}) error { +func resourceAwsOrganizationsOrganizationCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).organizationsconn createOpts := &organizations.CreateOrganizationInput{ @@ -63,10 +63,10 @@ func resourceAwsOrganizationCreate(d *schema.ResourceData, meta interface{}) err org := resp.Organization d.SetId(*org.Id) - return resourceAwsOrganizationRead(d, meta) + return resourceAwsOrganizationsOrganizationRead(d, meta) } -func resourceAwsOrganizationRead(d *schema.ResourceData, meta interface{}) error { +func resourceAwsOrganizationsOrganizationRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).organizationsconn log.Printf("[INFO] Reading Organization: %s", d.Id()) @@ -88,7 +88,7 @@ func resourceAwsOrganizationRead(d *schema.ResourceData, meta interface{}) error return nil } -func resourceAwsOrganizationDelete(d *schema.ResourceData, meta interface{}) error { +func resourceAwsOrganizationsOrganizationDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).organizationsconn log.Printf("[INFO] Deleting Organization: %s", d.Id()) diff --git a/aws/resource_aws_organization_test.go b/aws/resource_aws_organizations_organization_test.go similarity index 52% rename from aws/resource_aws_organization_test.go rename to aws/resource_aws_organizations_organization_test.go index 5ae10a5ac97e..fc6855388f65 100644 --- a/aws/resource_aws_organization_test.go +++ b/aws/resource_aws_organizations_organization_test.go @@ -9,30 +9,30 @@ import ( "github.com/hashicorp/terraform/terraform" ) -func TestAccAWSOrganization_basic(t *testing.T) { +func TestAccAWSOrganizationsOrganization_basic(t *testing.T) { var organization organizations.Organization resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSOrganizationDestroy, + CheckDestroy: testAccCheckAWSOrganizationsOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationConfig, + Config: testAccAWSOrganizationsOrganizationConfig, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSOrganizationExists("aws_organization.test", &organization), - resource.TestCheckResourceAttr("aws_organization.test", "feature_set", organizations.OrganizationFeatureSetAll), - resource.TestCheckResourceAttrSet("aws_organization.test", "arn"), - resource.TestCheckResourceAttrSet("aws_organization.test", "master_account_arn"), - resource.TestCheckResourceAttrSet("aws_organization.test", "master_account_email"), - resource.TestCheckResourceAttrSet("aws_organization.test", "feature_set"), + testAccCheckAWSOrganizationsOrganizationExists("aws_organizations_organization.test", &organization), + resource.TestCheckResourceAttr("aws_organizations_organization.test", "feature_set", organizations.OrganizationFeatureSetAll), + resource.TestCheckResourceAttrSet("aws_organizations_organization.test", "arn"), + resource.TestCheckResourceAttrSet("aws_organizations_organization.test", "master_account_arn"), + resource.TestCheckResourceAttrSet("aws_organizations_organization.test", "master_account_email"), + resource.TestCheckResourceAttrSet("aws_organizations_organization.test", "feature_set"), ), }, }, }) } -func TestAccAWSOrganization_consolidatedBilling(t *testing.T) { +func TestAccAWSOrganizationsOrganization_consolidatedBilling(t *testing.T) { var organization organizations.Organization feature_set := organizations.OrganizationFeatureSetConsolidatedBilling @@ -40,24 +40,24 @@ func TestAccAWSOrganization_consolidatedBilling(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSOrganizationDestroy, + CheckDestroy: testAccCheckAWSOrganizationsOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationConfigConsolidatedBilling(feature_set), + Config: testAccAWSOrganizationsOrganizationConfigConsolidatedBilling(feature_set), Check: resource.ComposeTestCheckFunc( - testAccCheckAWSOrganizationExists("aws_organization.test", &organization), - resource.TestCheckResourceAttr("aws_organization.test", "feature_set", feature_set), + testAccCheckAWSOrganizationsOrganizationExists("aws_organizations_organization.test", &organization), + resource.TestCheckResourceAttr("aws_organizations_organization.test", "feature_set", feature_set), ), }, }, }) } -func testAccCheckAWSOrganizationDestroy(s *terraform.State) error { +func testAccCheckAWSOrganizationsOrganizationDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).organizationsconn for _, rs := range s.RootModule().Resources { - if rs.Type != "aws_organization" { + if rs.Type != "aws_organizations_organization" { continue } @@ -80,7 +80,7 @@ func testAccCheckAWSOrganizationDestroy(s *terraform.State) error { return nil } -func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) resource.TestCheckFunc { +func testAccCheckAWSOrganizationsOrganizationExists(n string, a *organizations.Organization) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { @@ -110,11 +110,11 @@ func testAccCheckAWSOrganizationExists(n string, a *organizations.Organization) } } -const testAccAWSOrganizationConfig = "resource \"aws_organization\" \"test\" {}" +const testAccAWSOrganizationsOrganizationConfig = "resource \"aws_organizations_organization\" \"test\" {}" -func testAccAWSOrganizationConfigConsolidatedBilling(feature_set string) string { +func testAccAWSOrganizationsOrganizationConfigConsolidatedBilling(feature_set string) string { return fmt.Sprintf(` -resource "aws_organization" "test" { +resource "aws_organizations_organization" "test" { feature_set = "%s" } `, feature_set) diff --git a/website/aws.erb b/website/aws.erb index 837a07e1efa2..f8a6d849a00c 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -1359,12 +1359,12 @@
- > - Organization Resources + > + Organizations Resources diff --git a/website/docs/r/organization.html.markdown b/website/docs/r/organizations_organization.html.markdown similarity index 67% rename from website/docs/r/organization.html.markdown rename to website/docs/r/organizations_organization.html.markdown index ad848557abb5..0aa12996076a 100644 --- a/website/docs/r/organization.html.markdown +++ b/website/docs/r/organizations_organization.html.markdown @@ -1,19 +1,19 @@ --- layout: "aws" -page_title: "AWS: aws_organization -sidebar_current: "docs-aws-resource-organization|" +page_title: "AWS: aws_organizations_organization +sidebar_current: "docs-aws-resource-organizations-organization|" description: |- Provides a resource to create an organization. --- -# aws_organization +# aws_organizations_organization Provides a resource to create an organization. ## Example Usage: ```hcl -resource "aws_organization" "org" { +resource "aws_organizations_organization" "org" { feature_set = "ALL" } ``` @@ -36,8 +36,8 @@ The following additional attributes are exported: ## Import -The AWS organization can be imported by using the `account_id`, e.g. +The AWS organization can be imported by using the `id`, e.g. ``` -$ terraform import aws_organization.my_org o-1234567 +$ terraform import aws_organizations_organization.my_org o-1234567 ``` From 754238ee2accd2c215b065a90862c44bea4f6b45 Mon Sep 17 00:00:00 2001 From: Sean Edge Date: Thu, 22 Feb 2018 19:27:05 -0500 Subject: [PATCH 16/16] Adjust the acceptance testing for parallelism. --- ...ort_aws_organizations_organization_test.go | 6 ++--- ...rce_aws_organizations_organization_test.go | 24 ++++++++--------- aws/resource_aws_organizations_test.go | 27 +++++++++++++++++++ 3 files changed, 42 insertions(+), 15 deletions(-) create mode 100644 aws/resource_aws_organizations_test.go diff --git a/aws/import_aws_organizations_organization_test.go b/aws/import_aws_organizations_organization_test.go index 9590c0fc46be..692118f224c0 100644 --- a/aws/import_aws_organizations_organization_test.go +++ b/aws/import_aws_organizations_organization_test.go @@ -6,16 +6,16 @@ import ( "github.com/hashicorp/terraform/helper/resource" ) -func TestAccAWSOrganizationsOrganization_importBasic(t *testing.T) { +func testAccAwsOrganizationsOrganization_importBasic(t *testing.T) { resourceName := "aws_organizations_organization.test" resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSOrganizationsOrganizationDestroy, + CheckDestroy: testAccCheckAwsOrganizationsOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationsOrganizationConfig, + Config: testAccAwsOrganizationsOrganizationConfig, }, { diff --git a/aws/resource_aws_organizations_organization_test.go b/aws/resource_aws_organizations_organization_test.go index fc6855388f65..dc951045e366 100644 --- a/aws/resource_aws_organizations_organization_test.go +++ b/aws/resource_aws_organizations_organization_test.go @@ -9,18 +9,18 @@ import ( "github.com/hashicorp/terraform/terraform" ) -func TestAccAWSOrganizationsOrganization_basic(t *testing.T) { +func testAccAwsOrganizationsOrganization_basic(t *testing.T) { var organization organizations.Organization resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSOrganizationsOrganizationDestroy, + CheckDestroy: testAccCheckAwsOrganizationsOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationsOrganizationConfig, + Config: testAccAwsOrganizationsOrganizationConfig, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSOrganizationsOrganizationExists("aws_organizations_organization.test", &organization), + testAccCheckAwsOrganizationsOrganizationExists("aws_organizations_organization.test", &organization), resource.TestCheckResourceAttr("aws_organizations_organization.test", "feature_set", organizations.OrganizationFeatureSetAll), resource.TestCheckResourceAttrSet("aws_organizations_organization.test", "arn"), resource.TestCheckResourceAttrSet("aws_organizations_organization.test", "master_account_arn"), @@ -32,7 +32,7 @@ func TestAccAWSOrganizationsOrganization_basic(t *testing.T) { }) } -func TestAccAWSOrganizationsOrganization_consolidatedBilling(t *testing.T) { +func testAccAwsOrganizationsOrganization_consolidatedBilling(t *testing.T) { var organization organizations.Organization feature_set := organizations.OrganizationFeatureSetConsolidatedBilling @@ -40,12 +40,12 @@ func TestAccAWSOrganizationsOrganization_consolidatedBilling(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSOrganizationsOrganizationDestroy, + CheckDestroy: testAccCheckAwsOrganizationsOrganizationDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSOrganizationsOrganizationConfigConsolidatedBilling(feature_set), + Config: testAccAwsOrganizationsOrganizationConfigConsolidatedBilling(feature_set), Check: resource.ComposeTestCheckFunc( - testAccCheckAWSOrganizationsOrganizationExists("aws_organizations_organization.test", &organization), + testAccCheckAwsOrganizationsOrganizationExists("aws_organizations_organization.test", &organization), resource.TestCheckResourceAttr("aws_organizations_organization.test", "feature_set", feature_set), ), }, @@ -53,7 +53,7 @@ func TestAccAWSOrganizationsOrganization_consolidatedBilling(t *testing.T) { }) } -func testAccCheckAWSOrganizationsOrganizationDestroy(s *terraform.State) error { +func testAccCheckAwsOrganizationsOrganizationDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).organizationsconn for _, rs := range s.RootModule().Resources { @@ -80,7 +80,7 @@ func testAccCheckAWSOrganizationsOrganizationDestroy(s *terraform.State) error { return nil } -func testAccCheckAWSOrganizationsOrganizationExists(n string, a *organizations.Organization) resource.TestCheckFunc { +func testAccCheckAwsOrganizationsOrganizationExists(n string, a *organizations.Organization) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { @@ -110,9 +110,9 @@ func testAccCheckAWSOrganizationsOrganizationExists(n string, a *organizations.O } } -const testAccAWSOrganizationsOrganizationConfig = "resource \"aws_organizations_organization\" \"test\" {}" +const testAccAwsOrganizationsOrganizationConfig = "resource \"aws_organizations_organization\" \"test\" {}" -func testAccAWSOrganizationsOrganizationConfigConsolidatedBilling(feature_set string) string { +func testAccAwsOrganizationsOrganizationConfigConsolidatedBilling(feature_set string) string { return fmt.Sprintf(` resource "aws_organizations_organization" "test" { feature_set = "%s" diff --git a/aws/resource_aws_organizations_test.go b/aws/resource_aws_organizations_test.go new file mode 100644 index 000000000000..33fef61b690f --- /dev/null +++ b/aws/resource_aws_organizations_test.go @@ -0,0 +1,27 @@ +package aws + +import ( + "testing" +) + +func TestAccAWSOrganizations(t *testing.T) { + testCases := map[string]map[string]func(t *testing.T){ + "Organization": { + "basic": testAccAwsOrganizationsOrganization_basic, + "importBasic": testAccAwsOrganizationsOrganization_importBasic, + "consolidatedBilling": testAccAwsOrganizationsOrganization_consolidatedBilling, + }, + } + + for group, m := range testCases { + m := m + t.Run(group, func(t *testing.T) { + for name, tc := range m { + tc := tc + t.Run(name, func(t *testing.T) { + tc(t) + }) + } + }) + } +}